[ { "File": "AccountNotifications.admx", "CategoryName": "AccountNotifications", "PolicyName": "DisableAccountNotifications", "Class": "User", "NameSpace": "Microsoft.Policies.AccountNotifications", "Supported": "Windows_10_0_20H1_NOSERVER - At least Windows 10 Version 2004", "DisplayName": "Turn off account notifications in Start", "ExplainText": "This policy allows you to prevent Windows from displaying notifications to Microsoft account (MSA) and local users in Start (user tile).\n\nNotifications include getting users to: reauthenticate; backup their device; manage cloud storage quotas as well as manage their Microsoft 365 or XBOX subscription.\n\nIf you enable this policy setting, Windows will not send account related notifications for local and MSA users to the user tile in Start.\n\nIf you disable or do not configure this policy setting, Windows will send account related notifications for local and MSA users to the user tile in Start.\n\nNo reboots or service restarts are required for this policy setting to take effect.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\AccountNotifications" ], "ValueName": "DisableAccountNotifications", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ActiveXInstallService.admx", "CategoryName": "AxInstSv", "PolicyName": "ApprovedActiveXInstallSites", "Class": "Machine", "NameSpace": "Microsoft.Policies.ActiveXInstallService", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Approved Installation Sites for ActiveX Controls", "ExplainText": "This policy setting determines which ActiveX installation sites standard users in your organization can use to install ActiveX controls on their computers. When this setting is enabled, the administrator can create a list of approved Activex Install sites specified by host URL.\n\nIf you enable this setting, the administrator can create a list of approved ActiveX Install sites specified by host URL.\n\nIf you disable or do not configure this policy setting, ActiveX controls prompt the user for administrative credentials before installation.\n\nNote: Wild card characters cannot be used when specifying the host URLs.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\AxInstaller" ], "ValueName": "ApprovedList", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\AxInstaller\\ApprovedActiveXInstallSites" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ActiveXInstallService.admx", "CategoryName": "AxInstSv", "PolicyName": "AxISURLZonePolicies", "Class": "Machine", "NameSpace": "Microsoft.Policies.ActiveXInstallService", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Establish ActiveX installation policy for sites in Trusted zones", "ExplainText": "This policy setting controls the installation of ActiveX controls for sites in Trusted zone.\n\nIf you enable this policy setting, ActiveX controls are installed according to the settings defined by this policy setting.\n\nIf you disable or do not configure this policy setting, ActiveX controls prompt the user before installation.\n\nIf the trusted site uses the HTTPS protocol, this policy setting can also control how ActiveX Installer Service responds to certificate errors. By default all HTTPS connections must supply a server certificate that passes all validation criteria. If you are aware that a trusted site has a certificate error but you want to trust it anyway you can select the certificate errors that you want to ignore.\n\nNote: This policy setting applies to all sites in Trusted zones.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\AxInstaller\\AxISURLZonePolicies" ], "Elements": [ { "Type": "Enum", "ValueName": "InstallTrustedOCX", "Items": [ { "DisplayName": "Don't install", "Data": "0" }, { "DisplayName": "Prompt the user", "Data": "1" }, { "DisplayName": "Silently install", "Data": "2" } ], "Required": true }, { "Type": "Enum", "ValueName": "InstallSignedOCX", "Items": [ { "DisplayName": "Don't install", "Data": "0" }, { "DisplayName": "Prompt the user", "Data": "1" }, { "DisplayName": "Silently install", "Data": "2" } ], "Required": true }, { "Type": "Enum", "ValueName": "InstallUnSignedOCX", "Items": [ { "DisplayName": "Don't install", "Data": "0" }, { "DisplayName": "Prompt the user", "Data": "1" } ], "Required": true }, { "Type": "Boolean", "ValueName": "IgnoreUnknownCA", "TrueValue": "1", "FalseValue": "0", "Required": false }, { "Type": "Boolean", "ValueName": "IgnoreInvalidCN", "TrueValue": "1", "FalseValue": "0", "Required": false }, { "Type": "Boolean", "ValueName": "IgnoreInvalidCertDate", "TrueValue": "1", "FalseValue": "0", "Required": false }, { "Type": "Boolean", "ValueName": "IgnoreWrongCertUsage", "TrueValue": "1", "FalseValue": "0", "Required": false } ] }, { "File": "AddRemovePrograms.admx", "CategoryName": "Arp", "PolicyName": "DefaultCategory", "Class": "User", "NameSpace": "Microsoft.Policies.AddRemovePrograms", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Specify default category for Add New Programs", "ExplainText": "Specifies the category of programs that appears when users open the \"Add New Programs\" page.\n\nIf you enable this setting, only the programs in the category you specify are displayed when the \"Add New Programs\" page opens. Users can use the Category box on the \"Add New Programs\" page to display programs in other categories.\n\nTo use this setting, type the name of a category in the Category box for this setting. You must enter a category that is already defined in Add or Remove Programs. To define a category, use Software Installation.\n\nIf you disable this setting or do not configure it, all programs (Category: All) are displayed when the \"Add New Programs\" page opens.\n\nYou can use this setting to direct users to the programs they are most likely to need.\n\nNote: This setting is ignored if either the \"Remove Add or Remove Programs\" setting or the \"Hide Add New Programs page\" setting is enabled.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Uninstall" ], "Elements": [ { "Type": "Text", "ValueName": "DefaultCategory", "Required": true } ] }, { "File": "AddRemovePrograms.admx", "CategoryName": "Arp", "PolicyName": "NoAddFromCDorFloppy", "Class": "User", "NameSpace": "Microsoft.Policies.AddRemovePrograms", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Hide the \"Add a program from CD-ROM or floppy disk\" option", "ExplainText": "Removes the \"Add a program from CD-ROM or floppy disk\" section from the Add New Programs page. This prevents users from using Add or Remove Programs to install programs from removable media.\n\nIf you disable this setting or do not configure it, the \"Add a program from CD-ROM or floppy disk\" option is available to all users.\n\nThis setting does not prevent users from using other tools and methods to add or remove program components.\n\nNote: If the \"Hide Add New Programs page\" setting is enabled, this setting is ignored. Also, if the \"Prevent removable media source for any install\" setting (located in User Configuration\\Administrative Templates\\Windows Components\\Windows Installer) is enabled, users cannot add programs from removable media, regardless of this setting.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Uninstall" ], "ValueName": "NoAddFromCDorFloppy", "Elements": [] }, { "File": "AddRemovePrograms.admx", "CategoryName": "Arp", "PolicyName": "NoAddFromInternet", "Class": "User", "NameSpace": "Microsoft.Policies.AddRemovePrograms", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Hide the \"Add programs from Microsoft\" option", "ExplainText": "Removes the \"Add programs from Microsoft\" section from the Add New Programs page. This setting prevents users from using Add or Remove Programs to connect to Windows Update.\n\nIf you disable this setting or do not configure it, \"Add programs from Microsoft\" is available to all users.\n\nThis setting does not prevent users from using other tools and methods to connect to Windows Update.\n\nNote: If the \"Hide Add New Programs page\" setting is enabled, this setting is ignored.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Uninstall" ], "ValueName": "NoAddFromInternet", "Elements": [] }, { "File": "AddRemovePrograms.admx", "CategoryName": "Arp", "PolicyName": "NoAddFromNetwork", "Class": "User", "NameSpace": "Microsoft.Policies.AddRemovePrograms", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Hide the \"Add programs from your network\" option", "ExplainText": "Prevents users from viewing or installing published programs.\n\nThis setting removes the \"Add programs from your network\" section from the Add New Programs page. The \"Add programs from your network\" section lists published programs and provides an easy way to install them.\n\nPublished programs are those programs that the system administrator has explicitly made available to the user with a tool such as Windows Installer. Typically, system administrators publish programs to notify users that the programs are available, to recommend their use, or to enable users to install them without having to search for installation files.\n\nIf you enable this setting, users cannot tell which programs have been published by the system administrator, and they cannot use Add or Remove Programs to install published programs. However, they can still install programs by using other methods, and they can view and install assigned (partially installed) programs that are offered on the desktop or on the Start menu.\n\nIf you disable this setting or do not configure it, \"Add programs from your network\" is available to all users.\n\nNote: If the \"Hide Add New Programs page\" setting is enabled, this setting is ignored.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Uninstall" ], "ValueName": "NoAddFromNetwork", "Elements": [] }, { "File": "AddRemovePrograms.admx", "CategoryName": "Arp", "PolicyName": "NoAddPage", "Class": "User", "NameSpace": "Microsoft.Policies.AddRemovePrograms", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Hide Add New Programs page", "ExplainText": "Removes the Add New Programs button from the Add or Remove Programs bar. As a result, users cannot view or change the attached page.\n\nThe Add New Programs button lets users install programs published or assigned by a system administrator.\n\nIf you disable this setting or do not configure it, the Add New Programs button is available to all users.\n\nThis setting does not prevent users from using other tools and methods to install programs.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Uninstall" ], "ValueName": "NoAddPage", "Elements": [] }, { "File": "AddRemovePrograms.admx", "CategoryName": "Arp", "PolicyName": "NoAddRemovePrograms", "Class": "User", "NameSpace": "Microsoft.Policies.AddRemovePrograms", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Remove Add or Remove Programs", "ExplainText": "Prevents users from using Add or Remove Programs.\n\nThis setting removes Add or Remove Programs from Control Panel and removes the Add or Remove Programs item from menus.\n\nAdd or Remove Programs lets users install, uninstall, repair, add, and remove features and components of Windows 2000 Professional and a wide variety of Windows programs. Programs published or assigned to the user appear in Add or Remove Programs.\n\nIf you disable this setting or do not configure it, Add or Remove Programs is available to all users.\n\nWhen enabled, this setting takes precedence over the other settings in this folder.\n\nThis setting does not prevent users from using other tools and methods to install or uninstall programs.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Uninstall" ], "ValueName": "NoAddRemovePrograms", "Elements": [] }, { "File": "AddRemovePrograms.admx", "CategoryName": "Arp", "PolicyName": "NoChooseProgramsPage", "Class": "User", "NameSpace": "Microsoft.Policies.AddRemovePrograms", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Hide the Set Program Access and Defaults page", "ExplainText": "Removes the Set Program Access and Defaults button from the Add or Remove Programs bar. As a result, users cannot view or change the associated page.\n\nThe Set Program Access and Defaults button lets administrators specify default programs for certain activities, such as Web browsing or sending e-mail, as well as which programs are accessible from the Start menu, desktop, and other locations.\n\nIf you disable this setting or do not configure it, the Set Program Access and Defaults button is available to all users.\n\nThis setting does not prevent users from using other tools and methods to change program access or defaults.\n\nThis setting does not prevent the Set Program Access and Defaults icon from appearing on the Start menu. See the \"Remove Set Program Access and Defaults from Start menu\" setting.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Uninstall" ], "ValueName": "NoChooseProgramsPage", "Elements": [] }, { "File": "AddRemovePrograms.admx", "CategoryName": "Arp", "PolicyName": "NoRemovePage", "Class": "User", "NameSpace": "Microsoft.Policies.AddRemovePrograms", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Hide Change or Remove Programs page", "ExplainText": "Removes the Change or Remove Programs button from the Add or Remove Programs bar. As a result, users cannot view or change the attached page.\n\nThe Change or Remove Programs button lets users uninstall, repair, add, or remove features of installed programs.\n\nIf you disable this setting or do not configure it, the Change or Remove Programs page is available to all users.\n\nThis setting does not prevent users from using other tools and methods to delete or uninstall programs.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Uninstall" ], "ValueName": "NoRemovePage", "Elements": [] }, { "File": "AddRemovePrograms.admx", "CategoryName": "Arp", "PolicyName": "NoServices", "Class": "User", "NameSpace": "Microsoft.Policies.AddRemovePrograms", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Go directly to Components Wizard", "ExplainText": "Prevents users from using Add or Remove Programs to configure installed services.\n\nThis setting removes the \"Set up services\" section of the Add/Remove Windows Components page. The \"Set up services\" section lists system services that have not been configured and offers users easy access to the configuration tools.\n\nIf you disable this setting or do not configure it, \"Set up services\" appears only when there are unconfigured system services. If you enable this setting, \"Set up services\" never appears.\n\nThis setting does not prevent users from using other methods to configure services.\n\nNote: When \"Set up services\" does not appear, clicking the Add/Remove Windows Components button starts the Windows Component Wizard immediately. Because the only remaining option on the Add/Remove Windows Components page starts the wizard, that option is selected automatically, and the page is bypassed.\n\nTo remove \"Set up services\" and prevent the Windows Component Wizard from starting, enable the \"Hide Add/Remove Windows Components page\" setting. If the \"Hide Add/Remove Windows Components page\" setting is enabled, this setting is ignored.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Uninstall" ], "ValueName": "NoServices", "Elements": [] }, { "File": "AddRemovePrograms.admx", "CategoryName": "Arp", "PolicyName": "NoSupportInfo", "Class": "User", "NameSpace": "Microsoft.Policies.AddRemovePrograms", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Remove Support Information", "ExplainText": "Removes links to the Support Info dialog box from programs on the Change or Remove Programs page.\n\nPrograms listed on the Change or Remove Programs page can include a \"Click here for support information\" hyperlink. When clicked, the hyperlink opens a dialog box that displays troubleshooting information, including a link to the installation files and data that users need to obtain product support, such as the Product ID and version number of the program. The dialog box also includes a hyperlink to support information on the Internet, such as the Microsoft Product Support Services Web page.\n\nIf you disable this setting or do not configure it, the Support Info hyperlink appears.\n\nNote: Not all programs provide a support information hyperlink.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Uninstall" ], "ValueName": "NoSupportInfo", "Elements": [] }, { "File": "AddRemovePrograms.admx", "CategoryName": "Arp", "PolicyName": "NoWindowsSetupPage", "Class": "User", "NameSpace": "Microsoft.Policies.AddRemovePrograms", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Hide Add/Remove Windows Components page", "ExplainText": "Removes the Add/Remove Windows Components button from the Add or Remove Programs bar. As a result, users cannot view or change the associated page.\n\nThe Add/Remove Windows Components button lets users configure installed services and use the Windows Component Wizard to add, remove, and configure components of Windows from the installation files.\n\nIf you disable this setting or do not configure it, the Add/Remove Windows Components button is available to all users.\n\nThis setting does not prevent users from using other tools and methods to configure services or add or remove program components. However, this setting blocks user access to the Windows Component Wizard.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Uninstall" ], "ValueName": "NoWindowsSetupPage", "Elements": [] }, { "File": "AllowBuildPreview.admx", "CategoryName": "DataCollectionAndPreviewBuilds", "PolicyName": "AllowBuildPreview", "Class": "Machine", "NameSpace": "Microsoft.Policies.AllowBuildPreview", "Supported": "Windows_10_0_UP_TO_RS2 - Windows Server 2016, Windows 10 up to Version 1703", "DisplayName": "Toggle user control over Insider builds", "ExplainText": "This policy setting determines whether users can get preview builds of Windows, by configuring controls in Settings > Update and security > Windows Insider Program.\n\nIf you enable or do not configure this policy setting, users can download and install preview builds of Windows by configuring Windows Insider Program settings.\n\nIf you disable this policy setting, Windows Insider Program settings will be unavailable to users through the Settings app.\n\nThis policy is only supported up to Windows 10, Version 1703. Please use 'Manage preview builds' under 'Windows Update for Business' for newer Windows 10 versions.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\PreviewBuilds" ], "ValueName": "AllowBuildPreview", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "AppCompat.admx", "CategoryName": "AppCompat", "PolicyName": "AppCompatPrevent16BitMach", "Class": "Machine", "NameSpace": "Microsoft.Policies.ApplicationCompatibility", "Supported": "WindowsNET - At least Windows Server 2003", "DisplayName": "Prevent access to 16-bit applications", "ExplainText": "Specifies whether to prevent the MS-DOS subsystem (ntvdm.exe) from running on this computer. This setting affects the launching of 16-bit applications in the operating system.\n\nYou can use this setting to turn off the MS-DOS subsystem, which will reduce resource usage and prevent users from running 16-bit applications. To run any 16-bit application or any application with 16-bit components, ntvdm.exe must be allowed to run. The MS-DOS subsystem starts when the first 16-bit application is launched. While the MS-DOS subsystem is running, any subsequent 16-bit applications launch faster, but overall resource usage on the system is increased.\n\nIf the status is set to Enabled, the MS-DOS subsystem is prevented from running, which then prevents any 16-bit applications from running. In addition, any 32-bit applications with 16-bit installers or other 16-bit components cannot run.\n\nIf the status is set to Disabled, the MS-DOS subsystem runs for all users on this computer.\n\nIf the status is set to Not Configured, the OS falls back on a local policy set by the registry DWORD value HKLM\\System\\CurrentControlSet\\Control\\WOW\\DisallowedPolicyDefault. If that value is non-0, this prevents all 16-bit applications from running. If that value is 0, 16-bit applications are allowed to run. If that value is also not present, on Windows 10 and above the OS will launch the 16-bit application support control panel to allow an elevated administrator to make the decision; on windows 7 and downlevel, the OS will allow 16-bit applications to run.\n\nNote: This setting appears in only Computer Configuration.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppCompat" ], "ValueName": "VDMDisallowed", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "AppCompat.admx", "CategoryName": "AppCompat", "PolicyName": "AppCompatRemoveProgramCompatPropPage", "Class": "Machine", "NameSpace": "Microsoft.Policies.ApplicationCompatibility", "Supported": "WindowsNET - At least Windows Server 2003", "DisplayName": "Remove Program Compatibility Property Page", "ExplainText": "This policy controls the visibility of the Program Compatibility property page shell extension. This shell extension is visible on the property context-menu of any program shortcut or executable file.\n\nThe compatibility property page displays a list of options that can be selected and applied to the application to resolve the most common issues affecting legacy applications. Enabling this policy setting removes the property page from the context-menus, but does not affect previous compatibility settings applied to application using this interface.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppCompat" ], "ValueName": "DisablePropPage", "Elements": [] }, { "File": "AppCompat.admx", "CategoryName": "AppCompat", "PolicyName": "AppCompatTurnOffApplicationImpactTelemetry", "Class": "Machine", "NameSpace": "Microsoft.Policies.ApplicationCompatibility", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Turn off Application Telemetry", "ExplainText": "The policy controls the state of the Application Telemetry engine in the system.\n\nApplication Telemetry is a mechanism that tracks anonymous usage of specific Windows system components by applications.\n\nTurning Application Telemetry off by selecting \"enable\" will stop the collection of usage data.\n\nIf the customer Experience Improvement program is turned off, Application Telemetry will be turned off regardless of how this policy is set.\n\nDisabling telemetry will take effect on any newly launched applications. To ensure that telemetry collection has stopped for all applications, please reboot your machine.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppCompat" ], "ValueName": "AITEnable", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "AppCompat.admx", "CategoryName": "AppCompat", "PolicyName": "AppCompatTurnOffSwitchBack", "Class": "Machine", "NameSpace": "Microsoft.Policies.ApplicationCompatibility", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Turn off SwitchBack Compatibility Engine", "ExplainText": "The policy controls the state of the Switchback compatibility engine in the system.\n\nSwitchback is a mechanism that provides generic compatibility mitigations to older applications by providing older behavior to old applications and new behavior to new applications.\n\nSwitchback is on by default.\n\nIf you enable this policy setting, Switchback will be turned off. Turning Switchback off may degrade the compatibility of older applications. This option is useful for server administrators who require performance and are aware of compatibility of the applications they are using.\n\nIf you disable or do not configure this policy setting, the Switchback will be turned on.\n\nPlease reboot the system after changing the setting to ensure that your system accurately reflects those changes.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppCompat" ], "ValueName": "SbEnable", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "AppCompat.admx", "CategoryName": "AppCompat", "PolicyName": "AppCompatTurnOffEngine", "Class": "Machine", "NameSpace": "Microsoft.Policies.ApplicationCompatibility", "Supported": "WindowsNET - At least Windows Server 2003", "DisplayName": "Turn off Application Compatibility Engine", "ExplainText": "This policy controls the state of the application compatibility engine in the system.\n\nThe engine is part of the loader and looks through a compatibility database every time an application is started on the system. If a match for the application is found it provides either run-time solutions or compatibility fixes, or displays an Application Help message if the application has a know problem.\n\nTurning off the application compatibility engine will boost system performance. However, this will degrade the compatibility of many popular legacy applications, and will not block known incompatible applications from installing. (For Instance: This may result in a blue screen if an old anti-virus application is installed.)\n\nThe Windows Resource Protection and User Account Control features of Windows use the application compatibility engine to provide mitigations for application problems. If the engine is turned off, these mitigations will not be applied to applications and their installers and these applications may fail to install or run properly.\n\nThis option is useful to server administrators who require faster performance and are aware of the compatibility of the applications they are using. It is particularly useful for a web server where applications may be launched several hundred times a second, and the performance of the loader is essential.\n\nNOTE: Many system processes cache the value of this setting for performance reasons. If you make changes to this setting, please reboot to ensure that your system accurately reflects those changes.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppCompat" ], "ValueName": "DisableEngine", "Elements": [] }, { "File": "AppCompat.admx", "CategoryName": "AppCompat", "PolicyName": "AppCompatTurnOffProgramCompatibilityAssistant_1", "Class": "User", "NameSpace": "Microsoft.Policies.ApplicationCompatibility", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn off Program Compatibility Assistant", "ExplainText": "This setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\\Administrative Templates\\Windows Components\\Application Compatibility.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\AppCompat" ], "ValueName": "DisablePCA", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "AppCompat.admx", "CategoryName": "AppCompat", "PolicyName": "AppCompatTurnOffProgramCompatibilityAssistant_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.ApplicationCompatibility", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn off Program Compatibility Assistant", "ExplainText": "This policy setting controls the state of the Program Compatibility Assistant (PCA).\n\nThe PCA monitors applications run by the user. When a potential compatibility issue with an application is detected, the PCA will prompt the user with recommended solutions. To configure the diagnostic settings for the PCA, go to System->Troubleshooting and Diagnostics->Application Compatibility Diagnostics.\n\nIf you enable this policy setting, the PCA will be turned off. The user will not be presented with solutions to known compatibility issues when running applications. Turning off the PCA can be useful for system administrators who require better performance and are already aware of application compatibility issues.\n\nIf you disable or do not configure this policy setting, the PCA will be turned on. To configure the diagnostic settings for the PCA, go to System->Troubleshooting and Diagnostics->Application Compatibility Diagnostics.\n\nNote: The Diagnostic Policy Service (DPS) and Program Compatibility Assistant Service must be running for the PCA to run. These services can be configured by using the Services snap-in to the Microsoft Management Console.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppCompat" ], "ValueName": "DisablePCA", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "AppCompat.admx", "CategoryName": "AppCompat", "PolicyName": "AppCompatTurnOffUserActionRecord", "Class": "Machine", "NameSpace": "Microsoft.Policies.ApplicationCompatibility", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Turn off Steps Recorder", "ExplainText": "This policy setting controls the state of Steps Recorder.\n\nSteps Recorder keeps a record of steps taken by the user. The data generated by Steps Recorder can be used in feedback systems such as Windows Error Reporting to help developers understand and fix problems. The data includes user actions such as keyboard input and mouse input, user interface data, and screen shots. Steps Recorder includes an option to turn on and off data collection.\n\nIf you enable this policy setting, Steps Recorder will be disabled.\n\nIf you disable or do not configure this policy setting, Steps Recorder will be enabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppCompat" ], "ValueName": "DisableUAR", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "AppCompat.admx", "CategoryName": "AppCompat", "PolicyName": "AppCompatTurnOffProgramInventory", "Class": "Machine", "NameSpace": "Microsoft.Policies.ApplicationCompatibility", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Turn off Inventory Collector", "ExplainText": "This policy setting controls the state of the Inventory Collector.\n\nThe Inventory Collector inventories applications, files, devices, and drivers on the system and sends the information to Microsoft. This information is used to help diagnose compatibility problems.\n\nIf you enable this policy setting, the Inventory Collector will be turned off and data will not be sent to Microsoft. Collection of installation data through the Program Compatibility Assistant is also disabled.\n\nIf you disable or do not configure this policy setting, the Inventory Collector will be turned on.\n\nNote: This policy setting has no effect if the Customer Experience Improvement Program is turned off. The Inventory Collector will be off.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppCompat" ], "ValueName": "DisableInventory", "Elements": [] }, { "File": "AppDeviceInventory.admx", "CategoryName": "AppDeviceInventory", "PolicyName": "TurnOffInstallTracing", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppDeviceInventory", "Supported": "Windows_11_0_24H2 - At least Windows 11 Version 24H2", "DisplayName": "Turn off Install Tracing", "ExplainText": "This policy controls the state of Install Tracing. Install Tracing is a mechanism that tracks application installs to help diagnose compatibility problems.\n\nIf you enable this policy, Install Tracing will not be run.\n\nIf you disable or do not configure this policy, Install Tracing will be turned on.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppCompat" ], "ValueName": "DisableInstallTracing", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "AppDeviceInventory.admx", "CategoryName": "AppDeviceInventory", "PolicyName": "TurnOffAPISamping", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppDeviceInventory", "Supported": "Windows_11_0_24H2 - At least Windows 11 Version 24H2", "DisplayName": "Turn off API Sampling", "ExplainText": "This policy controls the state of API Sampling. API Sampling monitors the sampled collection of application programming interfaces used during system runtime to help diagnose compatibility problems.\n\nIf you enable this policy, API Sampling will not be run.\n\nIf you disable or do not configure this policy, API Sampling will be turned on.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppCompat" ], "ValueName": "DisableAPISamping", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "AppDeviceInventory.admx", "CategoryName": "AppDeviceInventory", "PolicyName": "TurnOffApplicationFootprint", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppDeviceInventory", "Supported": "Windows_11_0_24H2 - At least Windows 11 Version 24H2", "DisplayName": "Turn off Application Footprint", "ExplainText": "This policy controls the state of Application Footprint. Application Footprint monitors the sampled collection of registry and file usage to help diagnose compatibility problems.\n\nIf you enable this policy, Application Footprint will not be run.\n\nIf you disable or do not configure this policy, Application Footprint will be turned on.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppCompat" ], "ValueName": "DisableApplicationFootprint", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "AppDeviceInventory.admx", "CategoryName": "AppDeviceInventory", "PolicyName": "TurnOffWin32AppBackup", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppDeviceInventory", "Supported": "Windows_11_0_24H2 - At least Windows 11 Version 24H2", "DisplayName": "Turn off compatibility scan for backed up applications", "ExplainText": "This policy controls the state of the compatibility scan for backed up applications. The compatibility scan for backed up applications evaluates for compatibility problems in installed applications.\n\nIf you enable this policy, the compatibility scan for backed up applications will not be run.\n\nIf you disable or do not configure this policy, the compatibility scan for backed up applications will be run.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppCompat" ], "ValueName": "DisableWin32AppBackup", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "AppPrivacy.admx", "CategoryName": "AppPrivacy", "PolicyName": "LetAppsAccessAccountInfo", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppPrivacy", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Let Windows apps access account information", "ExplainText": "This policy setting specifies whether Windows apps can access account information.\n\nYou can specify either a default setting for all apps or a per-app setting by specifying a Package Family Name. You can get the Package Family Name for an app by using the Get-AppPackage Windows PowerShell cmdlet. A per-app setting overrides the default setting.\n\nIf you choose the \"User is in control\" option, employees in your organization can decide whether Windows apps can access account information by using Settings > Privacy on the device.\n\nIf you choose the \"Force Allow\" option, Windows apps are allowed to access account information and employees in your organization cannot change it.\n\nIf you choose the \"Force Deny\" option, Windows apps are not allowed to access account information and employees in your organization cannot change it.\n\nIf you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access account information by using Settings > Privacy on the device.\n\nIf an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy" ], "Elements": [ { "Type": "Enum", "ValueName": "LetAppsAccessAccountInfo", "Items": [ { "DisplayName": "User is in control", "Data": "0" }, { "DisplayName": "Force Allow", "Data": "1" }, { "DisplayName": "Force Deny", "Data": "2" } ] }, { "Type": "MultiText", "ValueName": "LetAppsAccessAccountInfo_UserInControlOfTheseApps" }, { "Type": "MultiText", "ValueName": "LetAppsAccessAccountInfo_ForceAllowTheseApps" }, { "Type": "MultiText", "ValueName": "LetAppsAccessAccountInfo_ForceDenyTheseApps" } ] }, { "File": "AppPrivacy.admx", "CategoryName": "AppPrivacy", "PolicyName": "LetAppsAccessCalendar", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppPrivacy", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Let Windows apps access the calendar", "ExplainText": "This policy setting specifies whether Windows apps can access the calendar.\n\nYou can specify either a default setting for all apps or a per-app setting by specifying a Package Family Name. You can get the Package Family Name for an app by using the Get-AppPackage Windows PowerShell cmdlet. A per-app setting overrides the default setting.\n\nIf you choose the \"User is in control\" option, employees in your organization can decide whether Windows apps can access the calendar by using Settings > Privacy on the device.\n\nIf you choose the \"Force Allow\" option, Windows apps are allowed to access the calendar and employees in your organization cannot change it.\n\nIf you choose the \"Force Deny\" option, Windows apps are not allowed to access the calendar and employees in your organization cannot change it.\n\nIf you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access the calendar by using Settings > Privacy on the device.\n\nIf an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy" ], "Elements": [ { "Type": "Enum", "ValueName": "LetAppsAccessCalendar", "Items": [ { "DisplayName": "User is in control", "Data": "0" }, { "DisplayName": "Force Allow", "Data": "1" }, { "DisplayName": "Force Deny", "Data": "2" } ] }, { "Type": "MultiText", "ValueName": "LetAppsAccessCalendar_UserInControlOfTheseApps" }, { "Type": "MultiText", "ValueName": "LetAppsAccessCalendar_ForceAllowTheseApps" }, { "Type": "MultiText", "ValueName": "LetAppsAccessCalendar_ForceDenyTheseApps" } ] }, { "File": "AppPrivacy.admx", "CategoryName": "AppPrivacy", "PolicyName": "LetAppsAccessCallHistory", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppPrivacy", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Let Windows apps access call history", "ExplainText": "This policy setting specifies whether Windows apps can access call history.\n\nYou can specify either a default setting for all apps or a per-app setting by specifying a Package Family Name. You can get the Package Family Name for an app by using the Get-AppPackage Windows PowerShell cmdlet. A per-app setting overrides the default setting.\n\nIf you choose the \"User is in control\" option, employees in your organization can decide whether Windows apps can access call history by using Settings > Privacy on the device.\n\nIf you choose the \"Force Allow\" option, Windows apps are allowed to access the call history and employees in your organization cannot change it.\n\nIf you choose the \"Force Deny\" option, Windows apps are not allowed to access the call history and employees in your organization cannot change it.\n\nIf you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access the call history by using Settings > Privacy on the device.\n\nIf an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy" ], "Elements": [ { "Type": "Enum", "ValueName": "LetAppsAccessCallHistory", "Items": [ { "DisplayName": "User is in control", "Data": "0" }, { "DisplayName": "Force Allow", "Data": "1" }, { "DisplayName": "Force Deny", "Data": "2" } ] }, { "Type": "MultiText", "ValueName": "LetAppsAccessCallHistory_UserInControlOfTheseApps" }, { "Type": "MultiText", "ValueName": "LetAppsAccessCallHistory_ForceAllowTheseApps" }, { "Type": "MultiText", "ValueName": "LetAppsAccessCallHistory_ForceDenyTheseApps" } ] }, { "File": "AppPrivacy.admx", "CategoryName": "AppPrivacy", "PolicyName": "LetAppsAccessCamera", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppPrivacy", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Let Windows apps access the camera", "ExplainText": "This policy setting specifies whether Windows apps can access the camera.\n\nYou can specify either a default setting for all apps or a per-app setting by specifying a Package Family Name. You can get the Package Family Name for an app by using the Get-AppPackage Windows PowerShell cmdlet. A per-app setting overrides the default setting.\n\nIf you choose the \"User is in control\" option, employees in your organization can decide whether Windows apps can access the camera by using Settings > Privacy on the device.\n\nIf you choose the \"Force Allow\" option, Windows apps are allowed to access the camera and employees in your organization cannot change it.\n\nIf you choose the \"Force Deny\" option, Windows apps are not allowed to access the camera and employees in your organization cannot change it.\n\nIf you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access the camera by using Settings > Privacy on the device.\n\nIf an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy" ], "Elements": [ { "Type": "Enum", "ValueName": "LetAppsAccessCamera", "Items": [ { "DisplayName": "User is in control", "Data": "0" }, { "DisplayName": "Force Allow", "Data": "1" }, { "DisplayName": "Force Deny", "Data": "2" } ] }, { "Type": "MultiText", "ValueName": "LetAppsAccessCamera_UserInControlOfTheseApps" }, { "Type": "MultiText", "ValueName": "LetAppsAccessCamera_ForceAllowTheseApps" }, { "Type": "MultiText", "ValueName": "LetAppsAccessCamera_ForceDenyTheseApps" } ] }, { "File": "AppPrivacy.admx", "CategoryName": "AppPrivacy", "PolicyName": "LetAppsAccessContacts", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppPrivacy", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Let Windows apps access contacts", "ExplainText": "This policy setting specifies whether Windows apps can access contacts.\n\nYou can specify either a default setting for all apps or a per-app setting by specifying a Package Family Name. You can get the Package Family Name for an app by using the Get-AppPackage Windows PowerShell cmdlet. A per-app setting overrides the default setting.\n\nIf you choose the \"User is in control\" option, employees in your organization can decide whether Windows apps can access contacts by using Settings > Privacy on the device.\n\nIf you choose the \"Force Allow\" option, Windows apps are allowed to access contacts and employees in your organization cannot change it.\n\nIf you choose the \"Force Deny\" option, Windows apps are not allowed to access contacts and employees in your organization cannot change it.\n\nIf you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access contacts by using Settings > Privacy on the device.\n\nIf an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy" ], "Elements": [ { "Type": "Enum", "ValueName": "LetAppsAccessContacts", "Items": [ { "DisplayName": "User is in control", "Data": "0" }, { "DisplayName": "Force Allow", "Data": "1" }, { "DisplayName": "Force Deny", "Data": "2" } ] }, { "Type": "MultiText", "ValueName": "LetAppsAccessContacts_UserInControlOfTheseApps" }, { "Type": "MultiText", "ValueName": "LetAppsAccessContacts_ForceAllowTheseApps" }, { "Type": "MultiText", "ValueName": "LetAppsAccessContacts_ForceDenyTheseApps" } ] }, { "File": "AppPrivacy.admx", "CategoryName": "AppPrivacy", "PolicyName": "LetAppsAccessEmail", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppPrivacy", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Let Windows apps access email", "ExplainText": "This policy setting specifies whether Windows apps can access email.\n\nYou can specify either a default setting for all apps or a per-app setting by specifying a Package Family Name. You can get the Package Family Name for an app by using the Get-AppPackage Windows PowerShell cmdlet. A per-app setting overrides the default setting.\n\nIf you choose the \"User is in control\" option, employees in your organization can decide whether Windows apps can access email by using Settings > Privacy on the device.\n\nIf you choose the \"Force Allow\" option, Windows apps are allowed to access email and employees in your organization cannot change it.\n\nIf you choose the \"Force Deny\" option, Windows apps are not allowed to access email and employees in your organization cannot change it.\n\nIf you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access email by using Settings > Privacy on the device.\n\nIf an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy" ], "Elements": [ { "Type": "Enum", "ValueName": "LetAppsAccessEmail", "Items": [ { "DisplayName": "User is in control", "Data": "0" }, { "DisplayName": "Force Allow", "Data": "1" }, { "DisplayName": "Force Deny", "Data": "2" } ] }, { "Type": "MultiText", "ValueName": "LetAppsAccessEmail_UserInControlOfTheseApps" }, { "Type": "MultiText", "ValueName": "LetAppsAccessEmail_ForceAllowTheseApps" }, { "Type": "MultiText", "ValueName": "LetAppsAccessEmail_ForceDenyTheseApps" } ] }, { "File": "AppPrivacy.admx", "CategoryName": "AppPrivacy", "PolicyName": "LetAppsAccessSystemAIModels", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppPrivacy", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Let Windows apps make use of Text and image generation features of Windows", "ExplainText": "This policy setting specifies whether Windows apps can use Text and image generation features of Windows.\n\nYou can specify either a default setting for all apps or a per-app setting by specifying a Package Family Name. You can get the Package Family Name for an app by using the Get-AppPackage Windows PowerShell cmdlet. A per-app setting overrides the default setting.\n\nIf you choose the \"User is in control\" option, employees in your organization can decide whether Windows apps can use Text and image generation by using Settings > Privacy on the device.\n\nIf you choose the \"Force Allow\" option, Windows apps are allowed to use Text and image generation features of Windows and employees in your organization cannot change it.\n\nIf you choose the \"Force Deny\" option, Windows apps are not allowed to use Text and image generation features of Windows and employees in your organization cannot change it.\n\nIf you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can use Text and image generation features of Windows by using Settings > Privacy on the device.\n\nIf an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy" ], "Elements": [ { "Type": "Enum", "ValueName": "LetAppsAccessSystemAIModels", "Items": [ { "DisplayName": "User is in control", "Data": "0" }, { "DisplayName": "Force Allow", "Data": "1" }, { "DisplayName": "Force Deny", "Data": "2" } ] }, { "Type": "MultiText", "ValueName": "LetAppsAccessSystemAIModels_UserInControlOfTheseApps" }, { "Type": "MultiText", "ValueName": "LetAppsAccessSystemAIModels_ForceAllowTheseApps" }, { "Type": "MultiText", "ValueName": "LetAppsAccessSystemAIModels_ForceDenyTheseApps" } ] }, { "File": "AppPrivacy.admx", "CategoryName": "AppPrivacy", "PolicyName": "LetAppsAccessGraphicsCaptureProgrammatic", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppPrivacy", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Let Windows apps take screenshots of various windows or displays", "ExplainText": "This policy setting specifies whether Windows apps can take screenshots of various windows or displays.\n\nYou can specify either a default setting for all apps or a per-app setting by specifying a Package Family Name. You can get the Package Family Name for an app by using the Get-AppPackage Windows PowerShell cmdlet. A per-app setting overrides the default setting.\n\nIf you choose the \"User is in control\" option, employees in your organization can decide whether Windows apps can take screenshots of various windows or displays by using Settings > Privacy on the device.\n\nIf you choose the \"Force Allow\" option, Windows apps are allowed to take screenshots of various windows or displays and employees in your organization cannot change it.\n\nIf you choose the \"Force Deny\" option, Windows apps are not allowed to take screenshots of various windows or displays and employees in your organization cannot change it.\n\nIf you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can take screenshots of various windows or displays by using Settings > Privacy on the device.\n\nIf an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy" ], "Elements": [ { "Type": "Enum", "ValueName": "LetAppsAccessGraphicsCaptureProgrammatic", "Items": [ { "DisplayName": "User is in control", "Data": "0" }, { "DisplayName": "Force Allow", "Data": "1" }, { "DisplayName": "Force Deny", "Data": "2" } ] }, { "Type": "MultiText", "ValueName": "LetAppsAccessGraphicsCaptureProgrammatic_UserInControlOfTheseApps" }, { "Type": "MultiText", "ValueName": "LetAppsAccessGraphicsCaptureProgrammatic_ForceAllowTheseApps" }, { "Type": "MultiText", "ValueName": "LetAppsAccessGraphicsCaptureProgrammatic_ForceDenyTheseApps" } ] }, { "File": "AppPrivacy.admx", "CategoryName": "AppPrivacy", "PolicyName": "LetAppsAccessGraphicsCaptureWithoutBorder", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppPrivacy", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Let Windows apps turn off the screenshot border", "ExplainText": "This policy setting specifies whether Windows apps can turn off the screenshot border.\n\nYou can specify either a default setting for all apps or a per-app setting by specifying a Package Family Name. You can get the Package Family Name for an app by using the Get-AppPackage Windows PowerShell cmdlet. A per-app setting overrides the default setting.\n\nIf you choose the \"User is in control\" option, employees in your organization can decide whether Windows apps can turn off the screenshot border by using Settings > Privacy on the device.\n\nIf you choose the \"Force Allow\" option, Windows apps are allowed to turn off the screenshot border and employees in your organization cannot change it.\n\nIf you choose the \"Force Deny\" option, Windows apps are not allowed to turn off the screenshot border and employees in your organization cannot change it.\n\nIf you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can turn off the screenshot border by using Settings > Privacy on the device.\n\nIf an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy" ], "Elements": [ { "Type": "Enum", "ValueName": "LetAppsAccessGraphicsCaptureWithoutBorder", "Items": [ { "DisplayName": "User is in control", "Data": "0" }, { "DisplayName": "Force Allow", "Data": "1" }, { "DisplayName": "Force Deny", "Data": "2" } ] }, { "Type": "MultiText", "ValueName": "LetAppsAccessGraphicsCaptureWithoutBorder_UserInControlOfTheseApps" }, { "Type": "MultiText", "ValueName": "LetAppsAccessGraphicsCaptureWithoutBorder_ForceAllowTheseApps" }, { "Type": "MultiText", "ValueName": "LetAppsAccessGraphicsCaptureWithoutBorder_ForceDenyTheseApps" } ] }, { "File": "AppPrivacy.admx", "CategoryName": "AppPrivacy", "PolicyName": "LetAppsAccessHumanPresence", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppPrivacy", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Let Windows apps access presence sensing", "ExplainText": "This policy setting specifies whether Windows apps can access presence sensing.\n\nYou can specify either a default setting for all apps or a per-app setting by specifying a Package Family Name. You can get the Package Family Name for an app by using the Get-AppPackage Windows PowerShell cmdlet. A per-app setting overrides the default setting.\n\nIf you choose the \"User is in control\" option, employees in your organization can decide whether Windows apps can access presence sensing by using Settings > Privacy on the device.\n\nIf you choose the \"Force Allow\" option, Windows apps are allowed to access presence sensing and employees in your organization cannot change it.\n\nIf you choose the \"Force Deny\" option, Windows apps are not allowed to access presence sensing and employees in your organization cannot change it.\n\nIf you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access presence sensing by using Settings > Privacy on the device.\n\nIf an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy" ], "Elements": [ { "Type": "Enum", "ValueName": "LetAppsAccessHumanPresence", "Items": [ { "DisplayName": "User is in control", "Data": "0" }, { "DisplayName": "Force Allow", "Data": "1" }, { "DisplayName": "Force Deny", "Data": "2" } ] }, { "Type": "MultiText", "ValueName": "LetAppsAccessHumanPresence_UserInControlOfTheseApps" }, { "Type": "MultiText", "ValueName": "LetAppsAccessHumanPresence_ForceAllowTheseApps" }, { "Type": "MultiText", "ValueName": "LetAppsAccessHumanPresence_ForceDenyTheseApps" } ] }, { "File": "AppPrivacy.admx", "CategoryName": "AppPrivacy", "PolicyName": "LetAppsAccessLocation", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppPrivacy", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Let Windows apps access location", "ExplainText": "This policy setting specifies whether Windows apps can access location.\n\nYou can specify either a default setting for all apps or a per-app setting by specifying a Package Family Name. You can get the Package Family Name for an app by using the Get-AppPackage Windows PowerShell cmdlet. A per-app setting overrides the default setting.\n\nIf you choose the \"User is in control\" option, employees in your organization can decide whether Windows apps can access location by using Settings > Privacy on the device.\n\nIf you choose the \"Force Allow\" option, Windows apps are allowed to access location and employees in your organization cannot change it.\n\nIf you choose the \"Force Deny\" option, Windows apps are not allowed to access location and employees in your organization cannot change it.\n\nIf you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access location by using Settings > Privacy on the device.\n\nIf an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy" ], "Elements": [ { "Type": "Enum", "ValueName": "LetAppsAccessLocation", "Items": [ { "DisplayName": "User is in control", "Data": "0" }, { "DisplayName": "Force Allow", "Data": "1" }, { "DisplayName": "Force Deny", "Data": "2" } ] }, { "Type": "MultiText", "ValueName": "LetAppsAccessLocation_UserInControlOfTheseApps" }, { "Type": "MultiText", "ValueName": "LetAppsAccessLocation_ForceAllowTheseApps" }, { "Type": "MultiText", "ValueName": "LetAppsAccessLocation_ForceDenyTheseApps" } ] }, { "File": "AppPrivacy.admx", "CategoryName": "AppPrivacy", "PolicyName": "LetAppsAccessMessaging", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppPrivacy", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Let Windows apps access messaging", "ExplainText": "This policy setting specifies whether Windows apps can read or send messages (text or MMS).\n\nYou can specify either a default setting for all apps or a per-app setting by specifying a Package Family Name. You can get the Package Family Name for an app by using the Get-AppPackage Windows PowerShell cmdlet. A per-app setting overrides the default setting.\n\nIf you choose the \"User is in control\" option, employees in your organization can decide whether Windows apps can read or send messages by using Settings > Privacy on the device.\n\nIf you choose the \"Force Allow\" option, Windows apps can read or send messages and employees in your organization cannot change it.\n\nIf you choose the \"Force Deny\" option, Windows apps cannot read or send messages and employees in your organization cannot change it.\n\nIf you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can read or send messages by using Settings > Privacy on the device.\n\nIf an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy" ], "Elements": [ { "Type": "Enum", "ValueName": "LetAppsAccessMessaging", "Items": [ { "DisplayName": "User is in control", "Data": "0" }, { "DisplayName": "Force Allow", "Data": "1" }, { "DisplayName": "Force Deny", "Data": "2" } ] }, { "Type": "MultiText", "ValueName": "LetAppsAccessMessaging_UserInControlOfTheseApps" }, { "Type": "MultiText", "ValueName": "LetAppsAccessMessaging_ForceAllowTheseApps" }, { "Type": "MultiText", "ValueName": "LetAppsAccessMessaging_ForceDenyTheseApps" } ] }, { "File": "AppPrivacy.admx", "CategoryName": "AppPrivacy", "PolicyName": "LetAppsAccessMicrophone", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppPrivacy", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Let Windows apps access the microphone", "ExplainText": "This policy setting specifies whether Windows apps can access the microphone.\n\nYou can specify either a default setting for all apps or a per-app setting by specifying a Package Family Name. You can get the Package Family Name for an app by using the Get-AppPackage Windows PowerShell cmdlet. A per-app setting overrides the default setting.\n\nIf you choose the \"User is in control\" option, employees in your organization can decide whether Windows apps can access the microphone by using Settings > Privacy on the device.\n\nIf you choose the \"Force Allow\" option, Windows apps are allowed to access the microphone and employees in your organization cannot change it.\n\nIf you choose the \"Force Deny\" option, Windows apps are not allowed to access the microphone and employees in your organization cannot change it.\n\nIf you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access the microphone by using Settings > Privacy on the device.\n\nIf an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy" ], "Elements": [ { "Type": "Enum", "ValueName": "LetAppsAccessMicrophone", "Items": [ { "DisplayName": "User is in control", "Data": "0" }, { "DisplayName": "Force Allow", "Data": "1" }, { "DisplayName": "Force Deny", "Data": "2" } ] }, { "Type": "MultiText", "ValueName": "LetAppsAccessMicrophone_UserInControlOfTheseApps" }, { "Type": "MultiText", "ValueName": "LetAppsAccessMicrophone_ForceAllowTheseApps" }, { "Type": "MultiText", "ValueName": "LetAppsAccessMicrophone_ForceDenyTheseApps" } ] }, { "File": "AppPrivacy.admx", "CategoryName": "AppPrivacy", "PolicyName": "LetAppsAccessMotion", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppPrivacy", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Let Windows apps access motion", "ExplainText": "This policy setting specifies whether Windows apps can access motion data.\n\nYou can specify either a default setting for all apps or a per-app setting by specifying a Package Family Name. You can get the Package Family Name for an app by using the Get-AppPackage Windows PowerShell cmdlet. A per-app setting overrides the default setting.\n\nIf you choose the \"User is in control\" option, employees in your organization can decide whether Windows apps can access motion data by using Settings > Privacy on the device.\n\nIf you choose the \"Force Allow\" option, Windows apps are allowed to access motion data and employees in your organization cannot change it.\n\nIf you choose the \"Force Deny\" option, Windows apps are not allowed to access motion data and employees in your organization cannot change it.\n\nIf you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access motion data by using Settings > Privacy on the device.\n\nIf an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy" ], "Elements": [ { "Type": "Enum", "ValueName": "LetAppsAccessMotion", "Items": [ { "DisplayName": "User is in control", "Data": "0" }, { "DisplayName": "Force Allow", "Data": "1" }, { "DisplayName": "Force Deny", "Data": "2" } ] }, { "Type": "MultiText", "ValueName": "LetAppsAccessMotion_UserInControlOfTheseApps" }, { "Type": "MultiText", "ValueName": "LetAppsAccessMotion_ForceAllowTheseApps" }, { "Type": "MultiText", "ValueName": "LetAppsAccessMotion_ForceDenyTheseApps" } ] }, { "File": "AppPrivacy.admx", "CategoryName": "AppPrivacy", "PolicyName": "LetAppsAccessNotifications", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppPrivacy", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Let Windows apps access notifications", "ExplainText": "This policy setting specifies whether Windows apps can access notifications.\n\nYou can specify either a default setting for all apps or a per-app setting by specifying a Package Family Name. You can get the Package Family Name for an app by using the Get-AppPackage Windows PowerShell cmdlet. A per-app setting overrides the default setting.\n\nIf you choose the \"User is in control\" option, employees in your organization can decide whether Windows apps can access notifications by using Settings > Privacy on the device.\n\nIf you choose the \"Force Allow\" option, Windows apps are allowed to access notifications and employees in your organization cannot change it.\n\nIf you choose the \"Force Deny\" option, Windows apps are not allowed to access notifications and employees in your organization cannot change it.\n\nIf you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access notifications by using Settings > Privacy on the device.\n\nIf an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy" ], "Elements": [ { "Type": "Enum", "ValueName": "LetAppsAccessNotifications", "Items": [ { "DisplayName": "User is in control", "Data": "0" }, { "DisplayName": "Force Allow", "Data": "1" }, { "DisplayName": "Force Deny", "Data": "2" } ] }, { "Type": "MultiText", "ValueName": "LetAppsAccessNotifications_UserInControlOfTheseApps" }, { "Type": "MultiText", "ValueName": "LetAppsAccessNotifications_ForceAllowTheseApps" }, { "Type": "MultiText", "ValueName": "LetAppsAccessNotifications_ForceDenyTheseApps" } ] }, { "File": "AppPrivacy.admx", "CategoryName": "AppPrivacy", "PolicyName": "LetAppsAccessPhone", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppPrivacy", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Let Windows apps make phone calls", "ExplainText": "This policy setting specifies whether Windows apps can make phone calls.\n\nYou can specify either a default setting for all apps or a per-app setting by specifying a Package Family Name. You can get the Package Family Name for an app by using the Get-AppPackage Windows PowerShell cmdlet. A per-app setting overrides the default setting.\n\nIf you choose the \"User is in control\" option, employees in your organization can decide whether Windows apps can make phone calls by using Settings > Privacy on the device.\n\nIf you choose the \"Force Allow\" option, Windows apps are allowed to make phone calls and employees in your organization cannot change it.\n\nIf you choose the \"Force Deny\" option, Windows apps are not allowed to make phone calls and employees in your organization cannot change it.\n\nIf you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can make phone calls by using Settings > Privacy on the device.\n\nIf an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy" ], "Elements": [ { "Type": "Enum", "ValueName": "LetAppsAccessPhone", "Items": [ { "DisplayName": "User is in control", "Data": "0" }, { "DisplayName": "Force Allow", "Data": "1" }, { "DisplayName": "Force Deny", "Data": "2" } ] }, { "Type": "MultiText", "ValueName": "LetAppsAccessPhone_UserInControlOfTheseApps" }, { "Type": "MultiText", "ValueName": "LetAppsAccessPhone_ForceAllowTheseApps" }, { "Type": "MultiText", "ValueName": "LetAppsAccessPhone_ForceDenyTheseApps" } ] }, { "File": "AppPrivacy.admx", "CategoryName": "AppPrivacy", "PolicyName": "LetAppsAccessRadios", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppPrivacy", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Let Windows apps control radios", "ExplainText": "This policy setting specifies whether Windows apps have access to control radios.\n\nYou can specify either a default setting for all apps or a per-app setting by specifying a Package Family Name. You can get the Package Family Name for an app by using the Get-AppPackage Windows PowerShell cmdlet. A per-app setting overrides the default setting.\n\nIf you choose the \"User is in control\" option, employees in your organization can decide whether Windows apps have access to control radios by using Settings > Privacy on the device.\n\nIf you choose the \"Force Allow\" option, Windows apps will have access to control radios and employees in your organization cannot change it.\n\nIf you choose the \"Force Deny\" option, Windows apps will not have access to control radios and employees in your organization cannot change it.\n\nIf you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps have access to control radios by using Settings > Privacy on the device.\n\nIf an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy" ], "Elements": [ { "Type": "Enum", "ValueName": "LetAppsAccessRadios", "Items": [ { "DisplayName": "User is in control", "Data": "0" }, { "DisplayName": "Force Allow", "Data": "1" }, { "DisplayName": "Force Deny", "Data": "2" } ] }, { "Type": "MultiText", "ValueName": "LetAppsAccessRadios_UserInControlOfTheseApps" }, { "Type": "MultiText", "ValueName": "LetAppsAccessRadios_ForceAllowTheseApps" }, { "Type": "MultiText", "ValueName": "LetAppsAccessRadios_ForceDenyTheseApps" } ] }, { "File": "AppPrivacy.admx", "CategoryName": "AppPrivacy", "PolicyName": "LetAppsSyncWithDevices", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppPrivacy", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Let Windows apps communicate with unpaired devices", "ExplainText": "This policy setting specifies whether Windows apps can communicate with unpaired wireless devices.\n\nYou can specify either a default setting for all apps or a per-app setting by specifying a Package Family Name. You can get the Package Family Name for an app by using the Get-AppPackage Windows PowerShell cmdlet. A per-app setting overrides the default setting.\n\nIf you choose the \"User is in control\" option, employees in your organization can decide whether Windows apps can communicate with unpaired wireless devices by using Settings > Privacy on the device.\n\nIf you choose the \"Force Allow\" option, Windows apps are allowed to communicate with unpaired wireless devices and employees in your organization cannot change it.\n\nIf you choose the \"Force Deny\" option, Windows apps are not allowed to communicate with unpaired wireless devices and employees in your organization cannot change it.\n\nIf you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can communicate with unpaired wireless devices by using Settings > Privacy on the device.\n\nIf an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy" ], "Elements": [ { "Type": "Enum", "ValueName": "LetAppsSyncWithDevices", "Items": [ { "DisplayName": "User is in control", "Data": "0" }, { "DisplayName": "Force Allow", "Data": "1" }, { "DisplayName": "Force Deny", "Data": "2" } ] }, { "Type": "MultiText", "ValueName": "LetAppsSyncWithDevices_UserInControlOfTheseApps" }, { "Type": "MultiText", "ValueName": "LetAppsSyncWithDevices_ForceAllowTheseApps" }, { "Type": "MultiText", "ValueName": "LetAppsSyncWithDevices_ForceDenyTheseApps" } ] }, { "File": "AppPrivacy.admx", "CategoryName": "AppPrivacy", "PolicyName": "LetAppsAccessTasks", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppPrivacy", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Let Windows apps access Tasks", "ExplainText": "This policy setting specifies whether Windows apps can access tasks.\n\nYou can specify either a default setting for all apps or a per-app setting by specifying a Package Family Name. You can get the Package Family Name for an app by using the Get-AppPackage Windows PowerShell cmdlet. A per-app setting overrides the default setting.\n\nIf you choose the \"User is in control\" option, employees in your organization can decide whether Windows apps can access tasks by using Settings > Privacy on the device.\n\nIf you choose the \"Force Allow\" option, Windows apps are allowed to access tasks and employees in your organization cannot change it.\n\nIf you choose the \"Force Deny\" option, Windows apps are not allowed to access tasks and employees in your organization cannot change it.\n\nIf you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access tasks by using Settings > Privacy on the device.\n\nIf an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy" ], "Elements": [ { "Type": "Enum", "ValueName": "LetAppsAccessTasks", "Items": [ { "DisplayName": "User is in control", "Data": "0" }, { "DisplayName": "Force Allow", "Data": "1" }, { "DisplayName": "Force Deny", "Data": "2" } ] }, { "Type": "MultiText", "ValueName": "LetAppsAccessTasks_UserInControlOfTheseApps" }, { "Type": "MultiText", "ValueName": "LetAppsAccessTasks_ForceAllowTheseApps" }, { "Type": "MultiText", "ValueName": "LetAppsAccessTasks_ForceDenyTheseApps" } ] }, { "File": "AppPrivacy.admx", "CategoryName": "AppPrivacy", "PolicyName": "LetAppsAccessTrustedDevices", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppPrivacy", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Let Windows apps access trusted devices", "ExplainText": "This policy setting specifies whether Windows apps can access trusted devices.\n\nYou can specify either a default setting for all apps or a per-app setting by specifying a Package Family Name. You can get the Package Family Name for an app by using the Get-AppPackage Windows PowerShell cmdlet. A per-app setting overrides the default setting.\n\nIf you choose the \"User is in control\" option, employees in your organization can decide whether Windows apps can access trusted devices by using Settings > Privacy on the device.\n\nIf you choose the \"Force Allow\" option, Windows apps are allowed to access trusted devices and employees in your organization cannot change it.\n\nIf you choose the \"Force Deny\" option, Windows apps are not allowed to access trusted devices and employees in your organization cannot change it.\n\nIf you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access trusted devices by using Settings > Privacy on the device.\n\nIf an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy" ], "Elements": [ { "Type": "Enum", "ValueName": "LetAppsAccessTrustedDevices", "Items": [ { "DisplayName": "User is in control", "Data": "0" }, { "DisplayName": "Force Allow", "Data": "1" }, { "DisplayName": "Force Deny", "Data": "2" } ] }, { "Type": "MultiText", "ValueName": "LetAppsAccessTrustedDevices_UserInControlOfTheseApps" }, { "Type": "MultiText", "ValueName": "LetAppsAccessTrustedDevices_ForceAllowTheseApps" }, { "Type": "MultiText", "ValueName": "LetAppsAccessTrustedDevices_ForceDenyTheseApps" } ] }, { "File": "AppPrivacy.admx", "CategoryName": "AppPrivacy", "PolicyName": "LetAppsRunInBackground", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppPrivacy", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Let Windows apps run in the background", "ExplainText": "This policy setting specifies whether Windows apps can run in the background.\n\nYou can specify either a default setting for all apps or a per-app setting by specifying a Package Family Name. You can get the Package Family Name for an app by using the Get-AppPackage Windows PowerShell cmdlet. A per-app setting overrides the default setting.\n\nIf you choose the \"User is in control\" option, employees in your organization can decide whether Windows apps can run in the background by using Settings > Privacy on the device.\n\nIf you choose the \"Force Allow\" option, Windows apps are allowed to run in the background and employees in your organization cannot change it.\n\nIf you choose the \"Force Deny\" option, Windows apps are not allowed to run in the background and employees in your organization cannot change it.\n\nIf you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can run in the background by using Settings > Privacy on the device.\n\nIf an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy" ], "Elements": [ { "Type": "Enum", "ValueName": "LetAppsRunInBackground", "Items": [ { "DisplayName": "User is in control", "Data": "0" }, { "DisplayName": "Force Allow", "Data": "1" }, { "DisplayName": "Force Deny", "Data": "2" } ] }, { "Type": "MultiText", "ValueName": "LetAppsRunInBackground_UserInControlOfTheseApps" }, { "Type": "MultiText", "ValueName": "LetAppsRunInBackground_ForceAllowTheseApps" }, { "Type": "MultiText", "ValueName": "LetAppsRunInBackground_ForceDenyTheseApps" } ] }, { "File": "AppPrivacy.admx", "CategoryName": "AppPrivacy", "PolicyName": "LetAppsGetDiagnosticInfo", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppPrivacy", "Supported": "Windows_10_0_RS2 - At least Windows Server 2016, Windows 10 Version 1703", "DisplayName": "Let Windows apps access diagnostic information about other apps", "ExplainText": "This policy setting specifies whether Windows apps can get diagnostic information about other Windows apps, including user name.\n\nYou can specify either a default setting for all apps or a per-app setting by specifying a Package Family Name. You can get the Package Family Name for an app by using the Get-AppPackage Windows PowerShell cmdlet. A per-app setting overrides the default setting.\n\nIf you choose the \"User is in control\" option, employees in your organization can decide whether Windows apps can get diagnostic information about other apps using Settings > Privacy on the device.\n\nIf you choose the \"Force Allow\" option, Windows apps are allowed to get diagnostic information about other apps and employees in your organization cannot change it.\n\nIf you choose the \"Force Deny\" option, Windows apps are not allowed to get diagnostic information about other apps and employees in your organization cannot change it.\n\nIf you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can get diagnostic information about other apps by using Settings > Privacy on the device.\n\nIf an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy" ], "Elements": [ { "Type": "Enum", "ValueName": "LetAppsGetDiagnosticInfo", "Items": [ { "DisplayName": "User is in control", "Data": "0" }, { "DisplayName": "Force Allow", "Data": "1" }, { "DisplayName": "Force Deny", "Data": "2" } ] }, { "Type": "MultiText", "ValueName": "LetAppsGetDiagnosticInfo_UserInControlOfTheseApps" }, { "Type": "MultiText", "ValueName": "LetAppsGetDiagnosticInfo_ForceAllowTheseApps" }, { "Type": "MultiText", "ValueName": "LetAppsGetDiagnosticInfo_ForceDenyTheseApps" } ] }, { "File": "AppPrivacy.admx", "CategoryName": "AppPrivacy", "PolicyName": "LetAppsAccessGazeInput", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppPrivacy", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Let Windows apps access an eye tracker device", "ExplainText": "This policy setting specifies whether Windows apps can access the eye tracker.\n\nYou can specify either a default setting for all apps or a per-app setting by specifying a Package Family Name. You can get the Package Family Name for an app by using the Get-AppPackage Windows PowerShell cmdlet. A per-app setting overrides the default setting.\n\nIf you choose the \"User is in control\" option, employees in your organization can decide whether Windows apps can access the eye tracker by using Settings > Privacy on the device.\n\nIf you choose the \"Force Allow\" option, Windows apps are allowed to access the eye tracker and employees in your organization cannot change it.\n\nIf you choose the \"Force Deny\" option, Windows apps are not allowed to access the eye tracker and employees in your organization cannot change it.\n\nIf you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access the eye tracker by using Settings > Privacy on the device.\n\nIf an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy" ], "Elements": [ { "Type": "Enum", "ValueName": "LetAppsAccessGazeInput", "Items": [ { "DisplayName": "User is in control", "Data": "0" }, { "DisplayName": "Force Allow", "Data": "1" }, { "DisplayName": "Force Deny", "Data": "2" } ] }, { "Type": "MultiText", "ValueName": "LetAppsAccessGazeInput_UserInControlOfTheseApps" }, { "Type": "MultiText", "ValueName": "LetAppsAccessGazeInput_ForceAllowTheseApps" }, { "Type": "MultiText", "ValueName": "LetAppsAccessGazeInput_ForceDenyTheseApps" } ] }, { "File": "AppPrivacy.admx", "CategoryName": "AppPrivacy", "PolicyName": "LetAppsActivateWithVoice", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppPrivacy", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Let Windows apps activate with voice", "ExplainText": "This policy setting specifies whether Windows apps can be activated by voice.\n\nIf you choose the \"User is in control\" option, employees in your organization can decide whether Windows apps can be activated with a voice keyword by using Settings > Privacy on the device.\n\nIf you choose the \"Force Allow\" option, Windows apps are allowed to be activated with a voice keyword and employees in your organization cannot change it.\n\nIf you choose the \"Force Deny\" option, Windows apps are not allowed to be activated with a voice keyword and employees in your organization cannot change it.\n\nIf you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can be activated with a voice keyword by using Settings > Privacy on the device.\n\nThis policy is applied to Windows apps and Cortana.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy" ], "Elements": [ { "Type": "Enum", "ValueName": "LetAppsActivateWithVoice", "Items": [ { "DisplayName": "User is in control", "Data": "0" }, { "DisplayName": "Force Allow", "Data": "1" }, { "DisplayName": "Force Deny", "Data": "2" } ] } ] }, { "File": "AppPrivacy.admx", "CategoryName": "AppPrivacy", "PolicyName": "LetAppsActivateWithVoiceAboveLock", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppPrivacy", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Let Windows apps activate with voice while the system is locked", "ExplainText": "This policy setting specifies whether Windows apps can be activated by voice while the system is locked.\n\nIf you choose the \"User is in control\" option, employees in your organization can decide whether users can interact with applications using speech while the system is locked by using Settings > Privacy on the device.\n\nIf you choose the \"Force Allow\" option, users can interact with applications using speech while the system is locked and employees in your organization cannot change it.\n\nIf you choose the \"Force Deny\" option, users cannot interact with applications using speech while the system is locked and employees in your organization cannot change it.\n\nIf you disable or do not configure this policy setting, employees in your organization can decide whether users can interact with applications using speech while the system is locked by using Settings > Privacy on the device.\n\nThis policy is applied to Windows apps and Cortana. It takes precedence of the \"Allow Cortana above lock\" policy. This policy is applicable only when \"Allow voice activation\" policy is configured to allow applications to be activated with voice.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy" ], "Elements": [ { "Type": "Enum", "ValueName": "LetAppsActivateWithVoiceAboveLock", "Items": [ { "DisplayName": "User is in control", "Data": "0" }, { "DisplayName": "Force Allow", "Data": "1" }, { "DisplayName": "Force Deny", "Data": "2" } ] } ] }, { "File": "AppPrivacy.admx", "CategoryName": "AppPrivacy", "PolicyName": "LetAppsAccessBackgroundSpatialPerception", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppPrivacy", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Let Windows apps access user movements while running in the background", "ExplainText": "This policy setting specifies whether Windows apps can access the movement of the user's head, hands, motion controllers, and other tracked objects, while the apps are running in the background.\n\nYou can specify either a default setting for all apps or a per-app setting by specifying a Package Family Name. You can get the Package Family Name for an app by using the Get-AppPackage Windows PowerShell cmdlet. A per-app setting overrides the default setting.\n\nIf you choose the \"User is in control\" option, employees in your organization can decide whether Windows apps can access the user's movements while the apps are running in the background by using Settings > Privacy on the device.\n\nIf you choose the \"Force Allow\" option, Windows apps are allowed to access user movements while the apps are running in the background and employees in your organization cannot change it.\n\nIf you choose the \"Force Deny\" option, Windows apps are not allowed to access user movements while the apps are running in the background and employees in your organization cannot change it.\n\nIf you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access the user's movements while the apps are running in the background by using Settings > Privacy on the device.\n\nIf an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy" ], "Elements": [ { "Type": "Enum", "ValueName": "LetAppsAccessBackgroundSpatialPerception", "Items": [ { "DisplayName": "User is in control", "Data": "0" }, { "DisplayName": "Force Allow", "Data": "1" }, { "DisplayName": "Force Deny", "Data": "2" } ] }, { "Type": "MultiText", "ValueName": "LetAppsAccessBackgroundSpatialPerception_UserInControlOfTheseApps" }, { "Type": "MultiText", "ValueName": "LetAppsAccessBackgroundSpatialPerception_ForceAllowTheseApps" }, { "Type": "MultiText", "ValueName": "LetAppsAccessBackgroundSpatialPerception_ForceDenyTheseApps" } ] }, { "File": "appv.admx", "CategoryName": "CAT_AppV", "PolicyName": "EnableAppV", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppV", "Supported": "Windows_10_0_NOARM - At least Windows Server 2016 or Windows 10", "DisplayName": "Enable App-V Client", "ExplainText": "This policy setting allows you to enable or disable Microsoft Application Virtualization (App-V) feature. Reboot is needed for disable to take effect.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\AppV\\Client" ], "ClientExtension": "{2BFCC077-22D2-48DE-BDE1-2F618D9B476D}", "ValueName": "Enabled", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "appv.admx", "CategoryName": "CAT_Streaming", "PolicyName": "Streaming_Package_Installation_Root", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Package Installation Root", "ExplainText": "Specifies directory where all new applications and updates will be installed.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\AppV\\Client\\Streaming" ], "Elements": [ { "Type": "Text", "ValueName": "PackageInstallationRoot" } ] }, { "File": "appv.admx", "CategoryName": "CAT_Streaming", "PolicyName": "Steaming_Autoload", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Specify what to load in background (aka AutoLoad)", "ExplainText": "Specifies how new packages should be loaded automatically by App-V on a specific computer.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\AppV\\Client\\Streaming" ], "Elements": [ { "Type": "Enum", "ValueName": "Autoload", "Items": [ { "DisplayName": "None", "Data": "0" }, { "DisplayName": "Previously Used", "Data": "1" }, { "DisplayName": "All", "Data": "2" } ] } ] }, { "File": "appv.admx", "CategoryName": "CAT_Streaming", "PolicyName": "Streaming_Package_Source_Root", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Package Source Root", "ExplainText": "Overrides source location for downloading package content.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\AppV\\Client\\Streaming" ], "Elements": [ { "Type": "Text", "ValueName": "PackageSourceRoot" } ] }, { "File": "appv.admx", "CategoryName": "CAT_Streaming", "PolicyName": "Streaming_Reestablishment_Retries", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Reestablishment Retries", "ExplainText": "Specifies the number of times to retry a dropped session.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\AppV\\Client\\Streaming" ], "Elements": [ { "Type": "Decimal", "ValueName": "ReestablishmentRetries", "MinValue": "0", "MaxValue": "99" } ] }, { "File": "appv.admx", "CategoryName": "CAT_Streaming", "PolicyName": "Streaming_Reestablishment_Interval", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Reestablishment Interval", "ExplainText": "Specifies the number of seconds between attempts to reestablish a dropped session.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\AppV\\Client\\Streaming" ], "Elements": [ { "Type": "Decimal", "ValueName": "ReestablishmentInterval", "MinValue": "0", "MaxValue": "3600" } ] }, { "File": "appv.admx", "CategoryName": "CAT_Streaming", "PolicyName": "Streaming_Location_Provider", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Location Provider", "ExplainText": "Specifies the CLSID for a compatible implementation of the IAppvPackageLocationProvider interface.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\AppV\\Client\\Streaming" ], "Elements": [ { "Type": "Text", "ValueName": "LocationProvider" } ] }, { "File": "appv.admx", "CategoryName": "CAT_Streaming", "PolicyName": "Streaming_Certificate_Filter_For_Client_SSL", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Certificate Filter For Client SSL", "ExplainText": "Specifies the path to a valid certificate in the certificate store.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\AppV\\Client\\Streaming" ], "Elements": [ { "Type": "Text", "ValueName": "CertFilterForClientSsl" } ] }, { "File": "appv.admx", "CategoryName": "CAT_Streaming", "PolicyName": "Streaming_Verify_Certificate_Revocation_List", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Verify certificate revocation list", "ExplainText": "Verifies Server certificate revocation status before streaming using HTTPS.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\AppV\\Client\\Streaming" ], "ValueName": "VerifyCertificateRevocationList", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "appv.admx", "CategoryName": "CAT_Streaming", "PolicyName": "Streaming_Shared_Content_Store_Mode", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Shared Content Store (SCS) mode", "ExplainText": "Specifies that streamed package contents will be not be saved to the local hard disk.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\AppV\\Client\\Streaming" ], "ValueName": "SharedContentStoreMode", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "appv.admx", "CategoryName": "CAT_Streaming", "PolicyName": "Streaming_Allow_High_Cost_Launch", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Allow First Time Application Launches if on a High Cost Windows 8 Metered Connection", "ExplainText": "This setting controls whether virtualized applications are launched on Windows 8 machines connected via a metered network connection (e.g. 4G).", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\AppV\\Client\\Streaming" ], "ValueName": "AllowHighCostLaunch", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "appv.admx", "CategoryName": "CAT_Streaming", "PolicyName": "Streaming_Require_Publish_As_Admin", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Require Publish As Admin", "ExplainText": "Requires admin privileges to publish and unpublish packages and connection groups.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\AppV\\Client\\Streaming" ], "ValueName": "RequirePublishAsAdmin", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "appv.admx", "CategoryName": "CAT_Streaming", "PolicyName": "Streaming_Support_Branch_Cache", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Enable Support for BranchCache", "ExplainText": "If enabled, the App-V client will support BrancheCache compatible HTTP streaming. If BranchCache support is not desired, this should be disabled. The client can then apply HTTP optimizations which are incompatible with BranchCache", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\AppV\\Client\\Streaming" ], "ValueName": "SupportBranchCache", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "appv.admx", "CategoryName": "CAT_Reporting", "PolicyName": "Reporting_Server_Policy", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Reporting Server", "ExplainText": "Reporting Server URL: Displays the URL of reporting server.\n\nReporting Time: When the client data should be reported to the server. Acceptable range is 0~23, corresponding to the 24 hours in a day. A good practice is, don't set this time to a busy hour, e.g. 9AM.\n\nDelay reporting for the random minutes: The maximum minutes of random delay on top of the reporting time. For a busy system, the random delay will help reduce the server load.\n\nRepeat reporting for every (days): The periodical interval in days for sending the reporting data.\n\nData Cache Limit: This value specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The default value is 20 MB. The size applies to the cache in memory. When the limit is reached, the log file will roll over. When a new record is to be added (bottom of the list), one or more of the oldest records (top of the list) will be deleted to make room. A warning will be logged to the Client log and the event log the first time this occurs, and will not be logged again until after the cache has been successfully cleared on transmission and the log has filled up again.\n\nData Block Size: This value specifies the maximum size in bytes to transmit to the server at once on a reporting upload, to avoid permanent transmission failures when the log has reached a significant size. The default value is 65536. When transmitting report data to the server, one block at a time of application records that is less than or equal to the block size in bytes of XML data will be removed from the cache and sent to the server. Each block will have the general Client data and global package list data prepended, and these will not factor into the block size calculations; the potential exists for an extremely large package list to result in transmission failures over low bandwidth or unreliable connections.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\AppV\\Client\\Reporting" ], "ValueName": "ReportingEnabled", "Elements": [ { "Type": "Text", "ValueName": "ReportingServerURL" }, { "Type": "Decimal", "ValueName": "ReportingStartTime", "MinValue": "0", "MaxValue": "23" }, { "Type": "Decimal", "ValueName": "ReportingRandomDelay", "MinValue": "0", "MaxValue": "60" }, { "Type": "Decimal", "ValueName": "ReportingInterval", "MinValue": "1", "MaxValue": "30" }, { "Type": "Decimal", "ValueName": "ReportingDataCacheLimit", "MinValue": "1", "MaxValue": "1024" }, { "Type": "Decimal", "ValueName": "ReportingDataBlockSize", "MinValue": "1024", "MaxValue": "4294967295" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "appv.admx", "CategoryName": "CAT_Publishing", "PolicyName": "Publishing_Server1_Policy", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Publishing Server 1 Settings", "ExplainText": "Publishing Server Display Name: Displays the name of publishing server.\n\nPublishing Server URL: Displays the URL of publishing server.\n\nGlobal Publishing Refresh: Enables global publishing refresh (Boolean).\n\nGlobal Publishing Refresh On Logon: Triggers a global publishing refresh on logon (Boolean).\n\nGlobal Publishing Refresh Interval: Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh, select 0.\n\nGlobal Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31).\n\nUser Publishing Refresh: Enables user publishing refresh (Boolean).\n\nUser Publishing Refresh On Logon: Triggers a user publishing refresh on logon (Boolean).\n\nUser Publishing Refresh Interval: Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0.\n\nUser Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31).", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\AppV\\Client\\Publishing\\Servers\\1" ], "Elements": [ { "Type": "Text", "ValueName": "Name", "Required": true }, { "Type": "Text", "ValueName": "URL", "Required": true }, { "Type": "Enum", "ValueName": "GlobalEnabled", "Items": [ { "DisplayName": "False", "Data": "0" }, { "DisplayName": "True", "Data": "1" } ] }, { "Type": "Enum", "ValueName": "GlobalLogonRefresh", "Items": [ { "DisplayName": "False", "Data": "0" }, { "DisplayName": "True", "Data": "1" } ] }, { "Type": "Decimal", "ValueName": "GlobalPeriodicRefreshInterval", "MinValue": "0", "MaxValue": "31" }, { "Type": "Enum", "ValueName": "GlobalPeriodicRefreshIntervalUnit", "Items": [ { "DisplayName": "Hour", "Data": "0" }, { "DisplayName": "Day", "Data": "1" } ] }, { "Type": "Enum", "ValueName": "UserEnabled", "Items": [ { "DisplayName": "False", "Data": "0" }, { "DisplayName": "True", "Data": "1" } ] }, { "Type": "Enum", "ValueName": "UserLogonRefresh", "Items": [ { "DisplayName": "False", "Data": "0" }, { "DisplayName": "True", "Data": "1" } ] }, { "Type": "Decimal", "ValueName": "UserPeriodicRefreshInterval", "MinValue": "0", "MaxValue": "31" }, { "Type": "Enum", "ValueName": "UserPeriodicRefreshIntervalUnit", "Items": [ { "DisplayName": "Hour", "Data": "0" }, { "DisplayName": "Day", "Data": "1" } ] } ] }, { "File": "appv.admx", "CategoryName": "CAT_Publishing", "PolicyName": "Publishing_Server2_Policy", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Publishing Server 2 Settings", "ExplainText": "Publishing Server Display Name: Displays the name of publishing server.\n\nPublishing Server URL: Displays the URL of publishing server.\n\nGlobal Publishing Refresh: Enables global publishing refresh (Boolean).\n\nGlobal Publishing Refresh On Logon: Triggers a global publishing refresh on logon (Boolean).\n\nGlobal Publishing Refresh Interval: Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh, select 0.\n\nGlobal Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31).\n\nUser Publishing Refresh: Enables user publishing refresh (Boolean).\n\nUser Publishing Refresh On Logon: Triggers a user publishing refresh on logon (Boolean).\n\nUser Publishing Refresh Interval: Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0.\n\nUser Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31).", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\AppV\\Client\\Publishing\\Servers\\2" ], "Elements": [ { "Type": "Text", "ValueName": "Name", "Required": true }, { "Type": "Text", "ValueName": "URL", "Required": true }, { "Type": "Enum", "ValueName": "GlobalEnabled", "Items": [ { "DisplayName": "False", "Data": "0" }, { "DisplayName": "True", "Data": "1" } ] }, { "Type": "Enum", "ValueName": "GlobalLogonRefresh", "Items": [ { "DisplayName": "False", "Data": "0" }, { "DisplayName": "True", "Data": "1" } ] }, { "Type": "Decimal", "ValueName": "GlobalPeriodicRefreshInterval", "MinValue": "0", "MaxValue": "31" }, { "Type": "Enum", "ValueName": "GlobalPeriodicRefreshIntervalUnit", "Items": [ { "DisplayName": "Hour", "Data": "0" }, { "DisplayName": "Day", "Data": "1" } ] }, { "Type": "Enum", "ValueName": "UserEnabled", "Items": [ { "DisplayName": "False", "Data": "0" }, { "DisplayName": "True", "Data": "1" } ] }, { "Type": "Enum", "ValueName": "UserLogonRefresh", "Items": [ { "DisplayName": "False", "Data": "0" }, { "DisplayName": "True", "Data": "1" } ] }, { "Type": "Decimal", "ValueName": "UserPeriodicRefreshInterval", "MinValue": "0", "MaxValue": "31" }, { "Type": "Enum", "ValueName": "UserPeriodicRefreshIntervalUnit", "Items": [ { "DisplayName": "Hour", "Data": "0" }, { "DisplayName": "Day", "Data": "1" } ] } ] }, { "File": "appv.admx", "CategoryName": "CAT_Publishing", "PolicyName": "Publishing_Server3_Policy", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Publishing Server 3 Settings", "ExplainText": "Publishing Server Display Name: Displays the name of publishing server.\n\nPublishing Server URL: Displays the URL of publishing server.\n\nGlobal Publishing Refresh: Enables global publishing refresh (Boolean).\n\nGlobal Publishing Refresh On Logon: Triggers a global publishing refresh on logon (Boolean).\n\nGlobal Publishing Refresh Interval: Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh, select 0.\n\nGlobal Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31).\n\nUser Publishing Refresh: Enables user publishing refresh (Boolean).\n\nUser Publishing Refresh On Logon: Triggers a user publishing refresh on logon (Boolean).\n\nUser Publishing Refresh Interval: Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0.\n\nUser Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31).", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\AppV\\Client\\Publishing\\Servers\\3" ], "Elements": [ { "Type": "Text", "ValueName": "Name", "Required": true }, { "Type": "Text", "ValueName": "URL", "Required": true }, { "Type": "Enum", "ValueName": "GlobalEnabled", "Items": [ { "DisplayName": "False", "Data": "0" }, { "DisplayName": "True", "Data": "1" } ] }, { "Type": "Enum", "ValueName": "GlobalLogonRefresh", "Items": [ { "DisplayName": "False", "Data": "0" }, { "DisplayName": "True", "Data": "1" } ] }, { "Type": "Decimal", "ValueName": "GlobalPeriodicRefreshInterval", "MinValue": "0", "MaxValue": "31" }, { "Type": "Enum", "ValueName": "GlobalPeriodicRefreshIntervalUnit", "Items": [ { "DisplayName": "Hour", "Data": "0" }, { "DisplayName": "Day", "Data": "1" } ] }, { "Type": "Enum", "ValueName": "UserEnabled", "Items": [ { "DisplayName": "False", "Data": "0" }, { "DisplayName": "True", "Data": "1" } ] }, { "Type": "Enum", "ValueName": "UserLogonRefresh", "Items": [ { "DisplayName": "False", "Data": "0" }, { "DisplayName": "True", "Data": "1" } ] }, { "Type": "Decimal", "ValueName": "UserPeriodicRefreshInterval", "MinValue": "0", "MaxValue": "31" }, { "Type": "Enum", "ValueName": "UserPeriodicRefreshIntervalUnit", "Items": [ { "DisplayName": "Hour", "Data": "0" }, { "DisplayName": "Day", "Data": "1" } ] } ] }, { "File": "appv.admx", "CategoryName": "CAT_Publishing", "PolicyName": "Publishing_Server4_Policy", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Publishing Server 4 Settings", "ExplainText": "Publishing Server Display Name: Displays the name of publishing server.\n\nPublishing Server URL: Displays the URL of publishing server.\n\nGlobal Publishing Refresh: Enables global publishing refresh (Boolean).\n\nGlobal Publishing Refresh On Logon: Triggers a global publishing refresh on logon (Boolean).\n\nGlobal Publishing Refresh Interval: Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh, select 0.\n\nGlobal Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31).\n\nUser Publishing Refresh: Enables user publishing refresh (Boolean).\n\nUser Publishing Refresh On Logon: Triggers a user publishing refresh on logon (Boolean).\n\nUser Publishing Refresh Interval: Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0.\n\nUser Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31).", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\AppV\\Client\\Publishing\\Servers\\4" ], "Elements": [ { "Type": "Text", "ValueName": "Name", "Required": true }, { "Type": "Text", "ValueName": "URL", "Required": true }, { "Type": "Enum", "ValueName": "GlobalEnabled", "Items": [ { "DisplayName": "False", "Data": "0" }, { "DisplayName": "True", "Data": "1" } ] }, { "Type": "Enum", "ValueName": "GlobalLogonRefresh", "Items": [ { "DisplayName": "False", "Data": "0" }, { "DisplayName": "True", "Data": "1" } ] }, { "Type": "Decimal", "ValueName": "GlobalPeriodicRefreshInterval", "MinValue": "0", "MaxValue": "31" }, { "Type": "Enum", "ValueName": "GlobalPeriodicRefreshIntervalUnit", "Items": [ { "DisplayName": "Hour", "Data": "0" }, { "DisplayName": "Day", "Data": "1" } ] }, { "Type": "Enum", "ValueName": "UserEnabled", "Items": [ { "DisplayName": "False", "Data": "0" }, { "DisplayName": "True", "Data": "1" } ] }, { "Type": "Enum", "ValueName": "UserLogonRefresh", "Items": [ { "DisplayName": "False", "Data": "0" }, { "DisplayName": "True", "Data": "1" } ] }, { "Type": "Decimal", "ValueName": "UserPeriodicRefreshInterval", "MinValue": "0", "MaxValue": "31" }, { "Type": "Enum", "ValueName": "UserPeriodicRefreshIntervalUnit", "Items": [ { "DisplayName": "Hour", "Data": "0" }, { "DisplayName": "Day", "Data": "1" } ] } ] }, { "File": "appv.admx", "CategoryName": "CAT_Publishing", "PolicyName": "Publishing_Server5_Policy", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Publishing Server 5 Settings", "ExplainText": "Publishing Server Display Name: Displays the name of publishing server.\n\nPublishing Server URL: Displays the URL of publishing server.\n\nGlobal Publishing Refresh: Enables global publishing refresh (Boolean).\n\nGlobal Publishing Refresh On Logon: Triggers a global publishing refresh on logon (Boolean).\n\nGlobal Publishing Refresh Interval: Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh, select 0.\n\nGlobal Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31).\n\nUser Publishing Refresh: Enables user publishing refresh (Boolean).\n\nUser Publishing Refresh On Logon: Triggers a user publishing refresh on logon (Boolean).\n\nUser Publishing Refresh Interval: Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0.\n\nUser Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31).", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\AppV\\Client\\Publishing\\Servers\\5" ], "Elements": [ { "Type": "Text", "ValueName": "Name", "Required": true }, { "Type": "Text", "ValueName": "URL", "Required": true }, { "Type": "Enum", "ValueName": "GlobalEnabled", "Items": [ { "DisplayName": "False", "Data": "0" }, { "DisplayName": "True", "Data": "1" } ] }, { "Type": "Enum", "ValueName": "GlobalLogonRefresh", "Items": [ { "DisplayName": "False", "Data": "0" }, { "DisplayName": "True", "Data": "1" } ] }, { "Type": "Decimal", "ValueName": "GlobalPeriodicRefreshInterval", "MinValue": "0", "MaxValue": "31" }, { "Type": "Enum", "ValueName": "GlobalPeriodicRefreshIntervalUnit", "Items": [ { "DisplayName": "Hour", "Data": "0" }, { "DisplayName": "Day", "Data": "1" } ] }, { "Type": "Enum", "ValueName": "UserEnabled", "Items": [ { "DisplayName": "False", "Data": "0" }, { "DisplayName": "True", "Data": "1" } ] }, { "Type": "Enum", "ValueName": "UserLogonRefresh", "Items": [ { "DisplayName": "False", "Data": "0" }, { "DisplayName": "True", "Data": "1" } ] }, { "Type": "Decimal", "ValueName": "UserPeriodicRefreshInterval", "MinValue": "0", "MaxValue": "31" }, { "Type": "Enum", "ValueName": "UserPeriodicRefreshIntervalUnit", "Items": [ { "DisplayName": "Hour", "Data": "0" }, { "DisplayName": "Day", "Data": "1" } ] } ] }, { "File": "appv.admx", "CategoryName": "CAT_Publishing", "PolicyName": "Enable_Publishing_Refresh_UX", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Enable Publishing Refresh UX", "ExplainText": "Enables a UX to display to the user when a publishing refresh is performed on the client.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\AppV\\Client\\Publishing" ], "ValueName": "EnablePublishingRefreshUI", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "appv.admx", "CategoryName": "CAT_Client_Coexistence", "PolicyName": "Client_Coexistence_Enable_Migration_mode", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Enable Migration Mode", "ExplainText": "Migration mode allows the App-V client to modify shortcuts and FTA's for packages created using a previous version of App-V.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\AppV\\Client\\Coexistence" ], "ValueName": "MigrationMode", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "appv.admx", "CategoryName": "CAT_Scripting", "PolicyName": "Scripting_Enable_Package_Scripts", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Enable Package Scripts", "ExplainText": "Enables scripts defined in the package manifest of configuration files that should run.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\AppV\\Client\\Scripting" ], "ValueName": "EnablePackageScripts", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "appv.admx", "CategoryName": "CAT_Integration", "PolicyName": "Integration_Roaming_File_Exclusions", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Roaming File Exclusions", "ExplainText": "Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage: /FILEEXCLUSIONLIST='desktop;my pictures'.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\AppV\\Client\\Integration" ], "Elements": [ { "Type": "Text", "ValueName": "RoamingFileExclusions" } ] }, { "File": "appv.admx", "CategoryName": "CAT_Integration", "PolicyName": "Integration_Roaming_Registry_Exclusions", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Roaming Registry Exclusions", "ExplainText": "Specifies the registry paths that do not roam with a user profile. Example usage: /REGISTRYEXCLUSIONLIST=software\\classes;software\\clients.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\AppV\\Client\\Integration" ], "Elements": [ { "Type": "Text", "ValueName": "RoamingRegistryExclusions" } ] }, { "File": "appv.admx", "CategoryName": "CAT_Integration", "PolicyName": "Integration_Root_User", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Integration Root User", "ExplainText": "Specifies the location where symbolic links are created to the current version of a per-user published package. Shortcuts, file type associations, etc. are created pointing to this path. If empty, symbolic links are not used during publishing. Example: %localappdata%\\Microsoft\\AppV\\Client\\Integration.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\AppV\\Client\\Integration" ], "Elements": [ { "Type": "Text", "ValueName": "IntegrationRootUser" } ] }, { "File": "appv.admx", "CategoryName": "CAT_Integration", "PolicyName": "Integration_Root_Global", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Integration Root Global", "ExplainText": "Specifies the location where symbolic links are created to the current version of a globally published package. Shortcuts, file type associations, etc. are created pointing to this path. If empty, symbolic links are not used during publishing. Example: %allusersprofile%\\Microsoft\\AppV\\Client\\Integration.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\AppV\\Client\\Integration" ], "Elements": [ { "Type": "Text", "ValueName": "IntegrationRootGlobal" } ] }, { "File": "appv.admx", "CategoryName": "CAT_CEIP", "PolicyName": "CEIP_Enable", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Microsoft Customer Experience Improvement Program (CEIP)", "ExplainText": "The program collects information about computer hardware and how you use Microsoft Application Virtualization without interrupting you. This helps Microsoft identify which Microsoft Application Virtualization features to improve. No information collected is used to identify or contact you.\n\nFor more details, read about the program online at http://go.microsoft.com/fwlink/?LinkID=184686.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\AppV\\CEIP" ], "ValueName": "CEIPEnable", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "appv.admx", "CategoryName": "CAT_Virtualization", "PolicyName": "Virtualization_JITVAllowList", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Virtual Component Process Allow List", "ExplainText": "Specifies a list of process paths (may contain wildcards) which are candidates for using virtual components (shell extensions, browser helper objects, etc). Only processes whose full path matches one of these items can use virtual components.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\AppV\\Client\\Virtualization" ], "Elements": [ { "Type": "MultiText", "ValueName": "ProcessesUsingVirtualComponents" } ] }, { "File": "appv.admx", "CategoryName": "CAT_Virtualization", "PolicyName": "Virtualization_JITVEnable", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Enable Dynamic Virtualization", "ExplainText": "Enables Dynamic Virtualization of supported shell extensions, browser helper objects, and ActiveX controls.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\AppV\\Client\\Virtualization" ], "ValueName": "EnableDynamicVirtualization", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "appv.admx", "CategoryName": "CAT_PackageManagement", "PolicyName": "PackageManagement_AutoCleanupEnable", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppV", "Supported": "Windows_10_0_NOARM - At least Windows Server 2016 or Windows 10", "DisplayName": "Enable automatic cleanup of unused appv packages", "ExplainText": "Enables automatic cleanup of appv packages that were added after Windows10 anniversary release.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\AppV\\Client\\PackageManagement" ], "ValueName": "AutoCleanupEnabled", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "appv.admx", "CategoryName": "CAT_PowerManagement", "PolicyName": "PowerManagement_SyncOnBatteriesEnable", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppV", "Supported": "Windows_10_0_NOARM - At least Windows Server 2016 or Windows 10", "DisplayName": "Enable background sync to server when on battery power", "ExplainText": "Enables background sync to server when on battery power.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\AppV\\Client\\PowerManagement" ], "ValueName": "SyncOnBatteriesEnabled", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "AppxPackageManager.admx", "CategoryName": "AppxDeployment", "PolicyName": "AppxDeploymentAllowAllTrustedApps", "Class": "Machine", "NameSpace": "Microsoft.Policies.Appx", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Allow all trusted apps to install", "ExplainText": "This policy setting allows you to manage the installation of trusted line-of-business (LOB) or developer-signed packaged Microsoft Store apps.\n\nIf you enable this policy setting, you can install any LOB or developer-signed packaged Microsoft Store app (which must be signed with a certificate chain that can be successfully validated by the local computer).\n\nIf you disable or do not configure this policy setting, you cannot install LOB or developer-signed packaged Microsoft Store apps.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Appx" ], "ValueName": "AllowAllTrustedApps", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "AppxPackageManager.admx", "CategoryName": "AppxDeployment", "PolicyName": "AllowAutomaticAppArchiving", "Class": "Machine", "NameSpace": "Microsoft.Policies.Appx", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Archive infrequently used apps", "ExplainText": "This policy setting controls whether the system can archive infrequently used apps.\n\nIf you enable this policy setting, then the system will periodically check for and archive infrequently used apps.\n\nIf you disable this policy setting, then the system will not archive any apps.\n\nIf you do not configure this policy setting (default), then the system will follow default behavior, which is to periodically check for and archive infrequently used apps, and the user will be able to configure this setting themselves.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Appx" ], "ValueName": "AllowAutomaticAppArchiving", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "AppxPackageManager.admx", "CategoryName": "AppxDeployment", "PolicyName": "AllowDeploymentInSpecialProfiles", "Class": "Machine", "NameSpace": "Microsoft.Policies.Appx", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Allow deployment operations in special profiles", "ExplainText": "This policy setting allows you to manage the deployment of packaged Microsoft Store apps when the user is signed in using a special profile. Special profiles are the following user profiles, where changes are discarded after the user signs off:\n\nRoaming user profiles to which the \"Delete cached copies of roaming profiles\" Group Policy setting applies\n\nMandatory user profiles and super-mandatory profiles, which are created by an administrator\n\nTemporary user profiles, which are created when an error prevents the correct profile from loading\n\nUser profiles for the Guest account and members of the Guests group\n\nIf you enable this policy setting, Group Policy allows deployment operations (adding, registering, staging, updating, or removing an app package) of packaged Microsoft Store apps when using a special profile.\n\nIf you disable or do not configure this policy setting, Group Policy blocks deployment operations of packaged Microsoft Store apps when using a special profile.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Appx" ], "ValueName": "AllowDeploymentInSpecialProfiles", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "AppxPackageManager.admx", "CategoryName": "AppxDeployment", "PolicyName": "AllowDevelopmentWithoutDevLicense", "Class": "Machine", "NameSpace": "Microsoft.Policies.Appx", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Allows development of packaged Microsoft Store apps and installing them from an integrated development environment (IDE)", "ExplainText": "Allows or denies development of Microsoft Store applications and installing them directly from an IDE.\n\nIf you enable this setting and enable the \"Allow all trusted apps to install\" Group Policy, you can develop Microsoft Store apps and install them directly from an IDE.\n\nIf you disable or do not configure this setting, you cannot develop Microsoft Store apps or install them directly from an IDE.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Appx" ], "ValueName": "AllowDevelopmentWithoutDevLicense", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "AppxPackageManager.admx", "CategoryName": "AppxDeployment", "PolicyName": "DisableDeploymentToNonSystemVolumes", "Class": "Machine", "NameSpace": "Microsoft.Policies.Appx", "Supported": "Windows_6_3_Update2 - At least Windows 8.1 Update 2", "DisplayName": "Disable installing Windows apps on non-system volumes", "ExplainText": "This policy setting allows you to manage installing Windows apps on additional volumes such as secondary partitions, USB drives, or SD cards.\n\nIf you enable this setting, you can't move or install Windows apps on volumes that are not the system volume.\n\nIf you disable or do not configure this setting, you can move or install Windows apps on other volumes.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Appx" ], "ValueName": "RestrictAppToSystemVolume", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "AppxPackageManager.admx", "CategoryName": "AppxDeployment", "PolicyName": "RestrictAppDataToSystemVolume", "Class": "Machine", "NameSpace": "Microsoft.Policies.Appx", "Supported": "Windows_6_3_Update2 - At least Windows 8.1 Update 2", "DisplayName": "Prevent users' app data from being stored on non-system volumes", "ExplainText": "Prevent users' app data from moving to another location when an app is moved or installed on another location.\n\nIf you enable this setting, all users' app data will stay on the system volume, regardless of where the app is installed.\n\nIf you disable or do not configure this setting, then when an app is moved to a different volume, the users' app data will also move to this volume.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Appx" ], "ValueName": "RestrictAppDataToSystemVolume", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "AppxPackageManager.admx", "CategoryName": "AppxDeployment", "PolicyName": "AllowSharedLocalAppData", "Class": "Machine", "NameSpace": "Microsoft.Policies.Appx", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Allow a Windows app to share application data between users", "ExplainText": "Manages a Windows app's ability to share data between users who have installed the app.\n\nIf you enable this policy, a Windows app can share app data with other instances of that app. Data is shared through the SharedLocal folder. This folder is available through the Windows.Storage API.\n\nIf you disable this policy, a Windows app can't share app data with other instances of that app. If this policy was previously enabled, any previously shared app data will remain in the SharedLocal folder.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateManager" ], "ValueName": "AllowSharedLocalAppData", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "AppxPackageManager.admx", "CategoryName": "AppxDeployment", "PolicyName": "BlockNonAdminUserInstall", "Class": "Machine", "NameSpace": "Microsoft.Policies.Appx", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Prevent non-admin users from installing packaged Windows apps", "ExplainText": "Manages non-Administrator users' ability to install Windows app packages.\n\nIf you enable this policy, non-Administrators will be unable to initiate installation of Windows app packages. Administrators who wish to install an app will need to do so from an Administrator context (for example, an Administrator PowerShell window). All users will still be able to install Windows app packages via the Microsoft Store, if permitted by other policies.\n\nIf you disable or do not configure this policy, all users will be able to initiate installation of Windows app packages.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Appx" ], "ValueName": "BlockNonAdminUserInstall", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "AppxPackageManager.admx", "CategoryName": "AppxDeployment", "PolicyName": "ConfigureMSIXAuthenticationAuthorizedDomains", "Class": "Machine", "NameSpace": "Microsoft.Policies.Appx", "Supported": "Windows_11_0_22H2 - At least Windows 11 Version 22H2", "DisplayName": "Set authorized domains for HTTPS authentication in MSIX streaming install", "ExplainText": "This policy setting determines whether an EntraID OAuth token will be included in HTTPS communications to a specified fully qualified domain name for performing an MSIX streaming installation.\n\nIf you enable this policy setting, HTTPS communications to the predefined fully qualified domains will incorporate the user's EntraID OAuth token when performing a streaming MSIX install. The value provided is a regular expression (ECMA Script) that will be used to match against the uppercased, fully qualified domain of the URL.\n\nIf you disable or do not configure this policy setting, the user's EntraID OAuth token will only be shared with the default configured domains.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Appx" ], "Elements": [ { "Type": "Text", "ValueName": "MSIXAuthenticationAuthorizedDomains", "Required": true } ] }, { "File": "AppxPackageManager.admx", "CategoryName": "AppxDeployment", "PolicyName": "DisableBackgroundAutoUpdates", "Class": "Machine", "NameSpace": "Microsoft.Policies.Appx", "Supported": "Windows_10_0_21H2 - At least Windows Server 2016, Windows 10 Version 2106", "DisplayName": "Not allow sideloaded apps to auto-update in the background", "ExplainText": "Manages a sideloaded apps' ability to auto-update in the background.\n\nIf you enable this policy, sideloaded apps will not auto-update in the background.\n\nIf you disable this policy, sideloaded apps will auto-update in the background.\n\nDefault is 'disabled' (key not present).", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Appx" ], "ValueName": "DisableBackgroundAutoUpdates", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "AppxPackageManager.admx", "CategoryName": "AppxDeployment", "PolicyName": "DisableMeteredNetworkBackgroundAutoUpdates", "Class": "Machine", "NameSpace": "Microsoft.Policies.Appx", "Supported": "Windows_10_0_21H2 - At least Windows Server 2016, Windows 10 Version 2106", "DisplayName": "Not allow sideloaded apps to auto-update in the background on a metered network", "ExplainText": "Manages a sideloaded apps' ability to auto-update in the background on a metered network.\n\nIf you enable this policy, sideloaded apps will not auto-update in the background on a metered network.\n\nIf you disable this policy, sideloaded apps will auto-update in the background on a metered network.\n\nDefault is 'disabled' (key not present).", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Appx" ], "ValueName": "DisableMeteredNetworkBackgroundAutoUpdates", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "AppxPackageManager.admx", "CategoryName": "AppxDeployment", "PolicyName": "DisablePerUserUnsignedPackagesByDefault", "Class": "Machine", "NameSpace": "Microsoft.Policies.Appx", "Supported": "Windows_10_0_22H2", "DisplayName": "Not allow per-user unsigned packages to install by default (requires explicitly allow per install)", "ExplainText": "Not allow per-user unsigned packages to install by default (requires explicitly allow per install)\n\nIf you enable this policy, the AllowUnsigned option defaults to 'false'.\n\nIf you disable this policy, the AllowUnsigned option defaults to 'true'.\n\nDefault is 'disabled' (key not present).", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Appx" ], "ValueName": "DisablePerUserUnsignedPackagesByDefault", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "AppxPackageManager.admx", "CategoryName": "AppxDeployment", "PolicyName": "AllowedNonAdminPackageFamilyNameRules", "Class": "Machine", "NameSpace": "Microsoft.Policies.Appx", "Supported": "Windows_11_0_22H2 - At least Windows 11 Version 22H2", "DisplayName": "Allowed package family names for non-admin user install", "ExplainText": "Allowed package family names for non-Administrator user Windows app package installation.\n\nIf you enable this policy, you can enter a list of Windows app packages non-Administrators will be able to initiate installation of regardless of the configured \"Prevent non-admin users from installing packaged Windows apps\" policy.\n\nThe values provided will be treated as regular expressions (ECMA Script). A package family name like Contoso.ContosoApp_8wekyb3d8bbwe is itself a valid regular expression that will match all packages in that family. A regular expression like ^Contoso.*_8wekyb3d8bbwe$ will also match Contoso.ContosoApp_8wekyb3d8bbwe\n\nIf the package family name of an installing Windows app package matches any rule it will not be blocked by the \"Prevent non-admin users from installing packaged Windows apps\" policy. Installation may still be blocked by other policy or settings.\n\nIf you disable or do not configure this policy, all Windows app packages will be subject to the configured \"Prevent non-admin users from installing packaged Windows apps\" policy.\n\nDefault is 'disabled' (key not present).", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Appx" ], "ValueName": "AllowedNonAdminPackageFamilyNameRules", "Elements": [ { "Type": "List", "ValueName": null } ] }, { "File": "AppxPackageManager.admx", "CategoryName": "AppxDeployment", "PolicyName": "RemoveDefaultMicrosoftStorePackages", "Class": "Machine", "NameSpace": "Microsoft.Policies.Appx", "Supported": "Windows_11_0_25H2_NOSERVER_ENTERPRISE_EDUCATION - At least Windows 11 Version 25H2 Enterprise or Windows 11 Version 25H2 Education", "DisplayName": "Remove Default Microsoft Store packages from the system.", "ExplainText": "Removes Default Microsoft Store packages from the system.\n\nIf you enable this policy, the selected Microsoft Store apps in the provided list will be uninstalled from the system. You can make adjustments to the default settings.\n\nUnselected apps in the list will not be removed.\n\nDefault is 'disabled' (key not present).\n\nIf the policy is disabled or not configured, no Default Microsoft Store packages will be removed from the system.\n\n* This is a headless app (no UI)\n\n** This app is the default handler for a common file type or protocol. Removing this app might result in a degraded user experience. We do not recommend removing this app.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Appx\\RemoveDefaultMicrosoftStorePackages" ], "ValueName": "Enabled", "Elements": [ { "Type": "Boolean", "ValueName": "RemovePackage", "TrueValue": "1", "FalseValue": "0", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Appx\\RemoveDefaultMicrosoftStorePackages\\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe" ] }, { "Type": "Boolean", "ValueName": "RemovePackage", "TrueValue": "1", "FalseValue": "0", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Appx\\RemoveDefaultMicrosoftStorePackages\\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe" ] }, { "Type": "Boolean", "ValueName": "RemovePackage", "TrueValue": "1", "FalseValue": "0", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Appx\\RemoveDefaultMicrosoftStorePackages\\Clipchamp.Clipchamp_yxz26nhyzhsrt" ] }, { "Type": "Boolean", "ValueName": "RemovePackage", "TrueValue": "1", "FalseValue": "0", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Appx\\RemoveDefaultMicrosoftStorePackages\\Microsoft.Copilot_8wekyb3d8bbwe" ] }, { "Type": "Boolean", "ValueName": "RemovePackage", "TrueValue": "1", "FalseValue": "0", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Appx\\RemoveDefaultMicrosoftStorePackages\\Microsoft.BingNews_8wekyb3d8bbwe" ] }, { "Type": "Boolean", "ValueName": "RemovePackage", "TrueValue": "1", "FalseValue": "0", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Appx\\RemoveDefaultMicrosoftStorePackages\\Microsoft.Windows.Photos_8wekyb3d8bbwe" ] }, { "Type": "Boolean", "ValueName": "RemovePackage", "TrueValue": "1", "FalseValue": "0", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Appx\\RemoveDefaultMicrosoftStorePackages\\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe" ] }, { "Type": "Boolean", "ValueName": "RemovePackage", "TrueValue": "1", "FalseValue": "0", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Appx\\RemoveDefaultMicrosoftStorePackages\\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe" ] }, { "Type": "Boolean", "ValueName": "RemovePackage", "TrueValue": "1", "FalseValue": "0", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Appx\\RemoveDefaultMicrosoftStorePackages\\MSTeams_8wekyb3d8bbwe" ] }, { "Type": "Boolean", "ValueName": "RemovePackage", "TrueValue": "1", "FalseValue": "0", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Appx\\RemoveDefaultMicrosoftStorePackages\\Microsoft.Todos_8wekyb3d8bbwe" ] }, { "Type": "Boolean", "ValueName": "RemovePackage", "TrueValue": "1", "FalseValue": "0", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Appx\\RemoveDefaultMicrosoftStorePackages\\Microsoft.BingWeather_8wekyb3d8bbwe" ] }, { "Type": "Boolean", "ValueName": "RemovePackage", "TrueValue": "1", "FalseValue": "0", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Appx\\RemoveDefaultMicrosoftStorePackages\\Microsoft.OutlookForWindows_8wekyb3d8bbwe" ] }, { "Type": "Boolean", "ValueName": "RemovePackage", "TrueValue": "1", "FalseValue": "0", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Appx\\RemoveDefaultMicrosoftStorePackages\\Microsoft.Paint_8wekyb3d8bbwe" ] }, { "Type": "Boolean", "ValueName": "RemovePackage", "TrueValue": "1", "FalseValue": "0", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Appx\\RemoveDefaultMicrosoftStorePackages\\MicrosoftCorporationII.QuickAssist_8wekyb3d8bbwe" ] }, { "Type": "Boolean", "ValueName": "RemovePackage", "TrueValue": "1", "FalseValue": "0", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Appx\\RemoveDefaultMicrosoftStorePackages\\Microsoft.ScreenSketch_8wekyb3d8bbwe" ] }, { "Type": "Boolean", "ValueName": "RemovePackage", "TrueValue": "1", "FalseValue": "0", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Appx\\RemoveDefaultMicrosoftStorePackages\\Microsoft.WindowsCalculator_8wekyb3d8bbwe" ] }, { "Type": "Boolean", "ValueName": "RemovePackage", "TrueValue": "1", "FalseValue": "0", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Appx\\RemoveDefaultMicrosoftStorePackages\\Microsoft.WindowsCamera_8wekyb3d8bbwe" ] }, { "Type": "Boolean", "ValueName": "RemovePackage", "TrueValue": "1", "FalseValue": "0", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Appx\\RemoveDefaultMicrosoftStorePackages\\Microsoft.ZuneMusic_8wekyb3d8bbwe" ] }, { "Type": "Boolean", "ValueName": "RemovePackage", "TrueValue": "1", "FalseValue": "0", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Appx\\RemoveDefaultMicrosoftStorePackages\\Microsoft.WindowsNotepad_8wekyb3d8bbwe" ] }, { "Type": "Boolean", "ValueName": "RemovePackage", "TrueValue": "1", "FalseValue": "0", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Appx\\RemoveDefaultMicrosoftStorePackages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe" ] }, { "Type": "Boolean", "ValueName": "RemovePackage", "TrueValue": "1", "FalseValue": "0", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Appx\\RemoveDefaultMicrosoftStorePackages\\Microsoft.WindowsTerminal_8wekyb3d8bbwe" ] }, { "Type": "Boolean", "ValueName": "RemovePackage", "TrueValue": "1", "FalseValue": "0", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Appx\\RemoveDefaultMicrosoftStorePackages\\Microsoft.GamingApp_8wekyb3d8bbwe" ] }, { "Type": "Boolean", "ValueName": "RemovePackage", "TrueValue": "1", "FalseValue": "0", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Appx\\RemoveDefaultMicrosoftStorePackages\\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe" ] }, { "Type": "Boolean", "ValueName": "RemovePackage", "TrueValue": "1", "FalseValue": "0", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Appx\\RemoveDefaultMicrosoftStorePackages\\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe" ] }, { "Type": "Boolean", "ValueName": "RemovePackage", "TrueValue": "1", "FalseValue": "0", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Appx\\RemoveDefaultMicrosoftStorePackages\\Microsoft.Xbox.TCUI_8wekyb3d8bbwe" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "AppxPackageManager.admx", "CategoryName": "AppxDeployment", "PolicyName": "EnableMsixAllowedZones", "Class": "Machine", "NameSpace": "Microsoft.Policies.Appx", "Supported": "Windows_11_0_24H2 - At least Windows 11 Version 24H2", "DisplayName": "Enable Allowed Zones for MSIX Packages", "ExplainText": "This policy controls whether MSIX packages originating from specific URL Zones are allowed to install. A package's origin is determined by its URI and whether a Mart-of-the-Web (MotW) is present. If multiple URIs are involved, all of them are considered;\n\nIf you enable this policy, users will be able to install MSIX packages according to the configuration for each zone.\n\nIf you disable or do not configure this policy, users will be able to install MSIX packages from any zone except for Untrusted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Appx\\EnableMsixAllowedZones" ], "Elements": [ { "Type": "Enum", "ValueName": "LocalMachine", "Items": [ { "DisplayName": "Block", "Data": "0" }, { "DisplayName": "Allow", "Data": "1" } ], "Required": false, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Appx\\MsixAllowedZones" ] }, { "Type": "Enum", "ValueName": "Intranet", "Items": [ { "DisplayName": "Block", "Data": "0" }, { "DisplayName": "Allow", "Data": "1" } ], "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Appx\\MsixAllowedZones" ] }, { "Type": "Enum", "ValueName": "TrustedSites", "Items": [ { "DisplayName": "Block", "Data": "0" }, { "DisplayName": "Allow", "Data": "1" } ], "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Appx\\MsixAllowedZones" ] }, { "Type": "Enum", "ValueName": "Internet", "Items": [ { "DisplayName": "Block", "Data": "0" }, { "DisplayName": "Allow", "Data": "1" } ], "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Appx\\MsixAllowedZones" ] }, { "Type": "Enum", "ValueName": "UntrustedSites", "Items": [ { "DisplayName": "Block", "Data": "0" }, { "DisplayName": "Allow", "Data": "1" } ], "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Appx\\MsixAllowedZones" ] } ] }, { "File": "AppxPackageManager.admx", "CategoryName": "AppxDeployment", "PolicyName": "EnableMsixSmartScreenCheck", "Class": "Machine", "NameSpace": "Microsoft.Policies.Appx", "Supported": "Windows_11_0_24H2 - At least Windows 11 Version 24H2", "DisplayName": "Enable Microsoft SmartScreen checks for MSIX Packages", "ExplainText": "This policy controls whether Microsoft SmartScreen check is performed when installing MSIX packages from specific URL zones.\n\nIf you enable or do not configure this policy, the package URI will be evaluated with Microsoft SmartScreen before installation. This check is only done for packages that come from the internet.\n\nIf you disable, Microsoft SmartScreen will not be consulted before installing a package.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Appx\\" ], "ValueName": "EnableMsixSmartScreenCheck", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "AppXRuntime.admx", "CategoryName": "AppXRuntime", "PolicyName": "AppxRuntimeBlockFileElevation", "Class": "Both", "NameSpace": "Microsoft.Policies.AppxRuntime", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Block launching desktop apps associated with a file.", "ExplainText": "This policy setting lets you control whether packaged Microsoft Store apps can open files using the default desktop app for a file type. Because desktop apps run at a higher integrity level than packaged Microsoft Store apps, there is a risk that a packaged Microsoft Store app might compromise the system by opening a file in the default desktop app for a file type.\n\nIf you enable this policy setting, packaged Microsoft Store apps cannot open files in the default desktop app for a file type; they can open files only in other packaged Microsoft Store apps.\n\nIf you disable or do not configure this policy setting, packaged Microsoft Store apps can open files in the default desktop app for a file type.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Associations", "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Associations" ], "ValueName": "BlockFileElevation", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "AppXRuntime.admx", "CategoryName": "AppXRuntime", "PolicyName": "AppxRuntimeBlockProtocolElevation", "Class": "Both", "NameSpace": "Microsoft.Policies.AppxRuntime", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Block launching desktop apps associated with a URI scheme", "ExplainText": "This policy setting lets you control whether packaged Microsoft Store apps can open URIs using the default desktop app for a URI scheme. Because desktop apps run at a higher integrity level than packaged Microsoft Store apps, there is a risk that a URI scheme launched by a packaged Microsoft Store app might compromise the system by launching a desktop app.\n\nIf you enable this policy setting, packaged Microsoft Store apps cannot open URIs in the default desktop app for a URI scheme; they can open URIs only in other packaged Microsoft Store apps.\n\nIf you disable or do not configure this policy setting, packaged Microsoft Store apps can open URIs in the default desktop app for a URI scheme.\n\nNote: Enabling this policy setting does not block packaged Microsoft Store apps from opening the default desktop app for the http, https, and mailto URI schemes. The handlers for these URI schemes are hardened against URI-based vulnerabilities from untrusted sources, reducing the associated risk.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Associations", "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Associations" ], "ValueName": "BlockProtocolElevation", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "AppXRuntime.admx", "CategoryName": "AppXRuntime", "PolicyName": "AppxRuntimeMicrosoftAccountsOptional", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppxRuntime", "Supported": "Windows_6_3 - At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1", "DisplayName": "Allow Microsoft accounts to be optional", "ExplainText": "This policy setting lets you control whether Microsoft accounts are optional for packaged Microsoft Store apps that require an account to sign in. This policy only affects packaged Microsoft Store apps that support it.\n\nIf you enable this policy setting, packaged Microsoft Store apps that typically require a Microsoft account to sign in will allow users to sign in with an enterprise account instead.\n\nIf you disable or do not configure this policy setting, users will need to sign in with a Microsoft account.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "ValueName": "MSAOptional", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "AppXRuntime.admx", "CategoryName": "AppXRuntime", "PolicyName": "AppxRuntimeApplicationContentUriRules", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppxRuntime", "Supported": "Windows_6_3 - At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1", "DisplayName": "Turn on dynamic Content URI Rules for packaged Microsoft Store apps", "ExplainText": "This policy setting lets you turn on Content URI Rules to supplement the static Content URI Rules that were defined as part of the app manifest and apply to all packaged Microsoft Store apps that use the enterpriseAuthentication capability on a computer.\n\nIf you enable this policy setting, you can define additional Content URI Rules that all packaged Microsoft Store apps that use the enterpriseAuthentication capability on a computer can use.\n\nIf you disable or don't set this policy setting, packaged Microsoft Store apps will only use the static Content URI Rules.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Packages\\Applications" ], "ValueName": "EnableDynamicContentUriRules", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Packages\\Applications\\ContentUriRules" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "AppXRuntime.admx", "CategoryName": "AppXRuntime", "PolicyName": "AppxRuntimeBlockHostedAppAccessWinRT", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppxRuntime", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Block launching Universal Windows apps with Windows Runtime API access from hosted content.", "ExplainText": "This policy setting controls whether Universal Windows apps with Windows Runtime API access directly from web content can be launched.\n\nIf you enable this policy setting, Universal Windows apps which declare Windows Runtime API access in ApplicationContentUriRules section of the manifest cannot be launched; Universal Windows apps which have not declared Windows Runtime API access in the manifest are not affected.\n\nIf you disable or do not configure this policy setting, all Universal Windows apps can be launched.\n\nThis policy should not be enabled unless recommended by Microsoft as a security response because it can cause severe app compatibility issues.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "ValueName": "BlockHostedAppAccessWinRT", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "AttachmentManager.admx", "CategoryName": "AM_AM", "PolicyName": "AM_CallIOfficeAntiVirus", "Class": "User", "NameSpace": "Microsoft.Policies.AttachmentManager", "Supported": "WindowsXPSP2 - At least Windows XP Professional with SP2", "DisplayName": "Notify antivirus programs when opening attachments", "ExplainText": "This policy setting allows you to manage the behavior for notifying registered antivirus programs. If multiple programs are registered, they will all be notified. If the registered antivirus program already performs on-access checks or scans files as they arrive on the computer's email server, additional calls would be redundant.\n\nIf you enable this policy setting, Windows tells the registered antivirus program to scan the file when a user opens a file attachment. If the antivirus program fails, the attachment is blocked from being opened.\n\nIf you disable this policy setting, Windows does not call the registered antivirus programs when file attachments are opened.\n\nIf you do not configure this policy setting, Windows does not call the registered antivirus programs when file attachments are opened.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Attachments" ], "ValueName": "ScanWithAntiVirus", "Elements": [ { "Type": "EnabledValue", "Data": "3" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "AttachmentManager.admx", "CategoryName": "AM_AM", "PolicyName": "AM_EstimateFileHandlerRisk", "Class": "User", "NameSpace": "Microsoft.Policies.AttachmentManager", "Supported": "WindowsXPSP2 - At least Windows XP Professional with SP2", "DisplayName": "Trust logic for file attachments", "ExplainText": "This policy setting allows you to configure the logic that Windows uses to determine the risk for file attachments.\n\nPreferring the file handler instructs Windows to use the file handler data over the file type data. For example, trust notepad.exe, but don't trust .txt files.\n\nPreferring the file type instructs Windows to use the file type data over the file handler data. For example, trust .txt files, regardless of the file handler.\n\nUsing both the file handler and type data is the most restrictive option. Windows chooses the more restrictive recommendation which will cause users to see more trust prompts than choosing the other options.\n\nIf you enable this policy setting, you can choose the order in which Windows processes risk assessment data.\n\nIf you disable this policy setting, Windows uses its default trust logic, which prefers the file handler over the file type.\n\nIf you do not configure this policy setting, Windows uses its default trust logic, which prefers the file handler over the file type.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Attachments" ], "Elements": [ { "Type": "Enum", "ValueName": "UseTrustedHandlers", "Items": [ { "DisplayName": "Preferring the file handler", "Data": "2" }, { "DisplayName": "Looking at the file handler and type", "Data": "3" }, { "DisplayName": "Preferring the file type", "Data": "1" } ] } ] }, { "File": "AttachmentManager.admx", "CategoryName": "AM_AM", "PolicyName": "AM_MarkZoneOnSavedAtttachments", "Class": "User", "NameSpace": "Microsoft.Policies.AttachmentManager", "Supported": "WindowsXPSP2 - At least Windows XP Professional with SP2", "DisplayName": "Do not preserve zone information in file attachments", "ExplainText": "This policy setting allows you to manage whether Windows marks file attachments with information about their zone of origin (such as restricted, Internet, intranet, local). This requires NTFS in order to function correctly, and will fail without notice on FAT32. By not preserving the zone information, Windows cannot make proper risk assessments.\n\nIf you enable this policy setting, Windows does not mark file attachments with their zone information.\n\nIf you disable this policy setting, Windows marks file attachments with their zone information.\n\nIf you do not configure this policy setting, Windows marks file attachments with their zone information.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Attachments" ], "ValueName": "SaveZoneInformation", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "2" } ] }, { "File": "AttachmentManager.admx", "CategoryName": "AM_AM", "PolicyName": "AM_RemoveZoneInfo", "Class": "User", "NameSpace": "Microsoft.Policies.AttachmentManager", "Supported": "WindowsXPSP2 - At least Windows XP Professional with SP2", "DisplayName": "Hide mechanisms to remove zone information", "ExplainText": "This policy setting allows you to manage whether users can manually remove the zone information from saved file attachments by clicking the Unblock button in the file's property sheet or by using a check box in the security warning dialog. Removing the zone information allows users to open potentially dangerous file attachments that Windows has blocked users from opening.\n\nIf you enable this policy setting, Windows hides the check box and Unblock button.\n\nIf you disable this policy setting, Windows shows the check box and Unblock button.\n\nIf you do not configure this policy setting, Windows hides the check box and Unblock button.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Attachments" ], "ValueName": "HideZoneInfoOnProperties", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "AttachmentManager.admx", "CategoryName": "AM_AM", "PolicyName": "AM_SetFileRiskLevel", "Class": "User", "NameSpace": "Microsoft.Policies.AttachmentManager", "Supported": "WindowsXPSP2 - At least Windows XP Professional with SP2", "DisplayName": "Default risk level for file attachments", "ExplainText": "This policy setting allows you to manage the default risk level for file types. To fully customize the risk level for file attachments, you may also need to configure the trust logic for file attachments.\n\nHigh Risk: If the attachment is in the list of high-risk file types and is from the restricted zone, Windows blocks the user from accessing the file. If the file is from the Internet zone, Windows prompts the user before accessing the file.\n\nModerate Risk: If the attachment is in the list of moderate-risk file types and is from the restricted or Internet zone, Windows prompts the user before accessing the file.\n\nLow Risk: If the attachment is in the list of low-risk file types, Windows will not prompt the user before accessing the file, regardless of the file's zone information.\n\nIf you enable this policy setting, you can specify the default risk level for file types.\n\nIf you disable this policy setting, Windows sets the default risk level to moderate.\n\nIf you do not configure this policy setting, Windows sets the default risk level to moderate.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Associations" ], "Elements": [ { "Type": "Enum", "ValueName": "DefaultFileTypeRisk", "Items": [ { "DisplayName": "High Risk", "Data": "6150" }, { "DisplayName": "Moderate Risk", "Data": "6151" }, { "DisplayName": "Low Risk", "Data": "6152" } ] } ] }, { "File": "AttachmentManager.admx", "CategoryName": "AM_AM", "PolicyName": "AM_SetHighRiskInclusion", "Class": "User", "NameSpace": "Microsoft.Policies.AttachmentManager", "Supported": "WindowsXPSP2 - At least Windows XP Professional with SP2", "DisplayName": "Inclusion list for high risk file types", "ExplainText": "This policy setting allows you to configure the list of high-risk file types. If the file attachment is in the list of high-risk file types and is from the restricted zone, Windows blocks the user from accessing the file. If the file is from the Internet zone, Windows prompts the user before accessing the file. This inclusion list takes precedence over the medium-risk and low-risk inclusion lists (where an extension is listed in more than one inclusion list).\n\nIf you enable this policy setting, you can create a custom list of high-risk file types.\n\nIf you disable this policy setting, Windows uses its built-in list of file types that pose a high risk.\n\nIf you do not configure this policy setting, Windows uses its built-in list of high-risk file types.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Associations" ], "Elements": [ { "Type": "Text", "ValueName": "HighRiskFileTypes", "Required": true } ] }, { "File": "AttachmentManager.admx", "CategoryName": "AM_AM", "PolicyName": "AM_SetLowRiskInclusion", "Class": "User", "NameSpace": "Microsoft.Policies.AttachmentManager", "Supported": "WindowsXPSP2 - At least Windows XP Professional with SP2", "DisplayName": "Inclusion list for low file types", "ExplainText": "This policy setting allows you to configure the list of low-risk file types. If the attachment is in the list of low-risk file types, Windows will not prompt the user before accessing the file, regardless of the file's zone information. This inclusion list overrides the list of high-risk file types built into Windows and has a lower precedence than the high-risk or medium-risk inclusion lists (where an extension is listed in more than one inclusion list).\n\nIf you enable this policy setting, you can specify file types that pose a low risk.\n\nIf you disable this policy setting, Windows uses its default trust logic.\n\nIf you do not configure this policy setting, Windows uses its default trust logic.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Associations" ], "Elements": [ { "Type": "Text", "ValueName": "LowRiskFileTypes", "Required": true } ] }, { "File": "AttachmentManager.admx", "CategoryName": "AM_AM", "PolicyName": "AM_SetModRiskInclusion", "Class": "User", "NameSpace": "Microsoft.Policies.AttachmentManager", "Supported": "WindowsXPSP2 - At least Windows XP Professional with SP2", "DisplayName": "Inclusion list for moderate risk file types", "ExplainText": "This policy setting allows you to configure the list of moderate-risk file types. If the attachment is in the list of moderate-risk file types and is from the restricted or Internet zone, Windows prompts the user before accessing the file. This inclusion list overrides the list of potentially high-risk file types built into Windows and it takes precedence over the low-risk inclusion list but has a lower precedence than the high-risk inclusion list (where an extension is listed in more than one inclusion list).\n\nIf you enable this policy setting, you can specify file types which pose a moderate risk.\n\nIf you disable this policy setting, Windows uses its default trust logic.\n\nIf you do not configure this policy setting, Windows uses its default trust logic.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Associations" ], "Elements": [ { "Type": "Text", "ValueName": "ModRiskFileTypes", "Required": true } ] }, { "File": "AuditSettings.admx", "CategoryName": "auditing", "PolicyName": "IncludeCmdLine", "Class": "Machine", "NameSpace": "Microsoft.Policies.Auditing", "Supported": "Windows_6_3 - At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1", "DisplayName": "Include command line in process creation events", "ExplainText": "This policy setting determines what information is logged in security audit events when a new process has been created.\n\nThis setting only applies when the Audit Process Creation policy is enabled. If you enable this policy setting the command line information for every process will be logged in plain text in the security event log as part of the Audit Process Creation event 4688, \"a new process has been created,\" on the workstations and servers on which this policy setting is applied.\n\nIf you disable or do not configure this policy setting, the process's command line information will not be included in Audit Process Creation events.\n\nDefault: Not configured\n\nNote: When this policy setting is enabled, any user with access to read the security events will be able to read the command line arguments for any successfully created process. Command line arguments can contain sensitive or private information such as passwords or user data.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Audit" ], "ValueName": "ProcessCreationIncludeCmdLine_Enabled", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "AutoPlay.admx", "CategoryName": "AutoPlay", "PolicyName": "NoAutorun", "Class": "Both", "NameSpace": "Microsoft.Policies.AutoPlay", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Set the default behavior for AutoRun", "ExplainText": "This policy setting sets the default behavior for Autorun commands.\n\nAutorun commands are generally stored in autorun.inf files. They often launch the installation program or other routines.\n\nPrior to Windows Vista, when media containing an autorun command is inserted, the system will automatically execute the program without user intervention.\n\nThis creates a major security concern as code may be executed without user's knowledge. The default behavior starting with Windows Vista is to prompt the user whether autorun command is to be run. The autorun command is represented as a handler in the Autoplay dialog.\n\nIf you enable this policy setting, an Administrator can change the default Windows Vista or later behavior for autorun to:\n\na) Completely disable autorun commands, or\nb) Revert back to pre-Windows Vista behavior of automatically executing the autorun command.\n\nIf you disable or not configure this policy setting, Windows Vista or later will prompt the user whether autorun command is to be run.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "Elements": [ { "Type": "Enum", "ValueName": "NoAutorun", "Items": [ { "DisplayName": "Do not execute any autorun commands", "Data": "1" }, { "DisplayName": "Automatically execute autorun commands", "Data": "2" } ] } ] }, { "File": "AutoPlay.admx", "CategoryName": "AutoPlay", "PolicyName": "DontSetAutoplayCheckbox", "Class": "Both", "NameSpace": "Microsoft.Policies.AutoPlay", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Prevent AutoPlay from remembering user choices.", "ExplainText": "This policy setting allows you to prevent AutoPlay from remembering user's choice of what to do when a device is connected.\n\nIf you enable this policy setting, AutoPlay prompts the user to choose what to do when a device is connected.\n\nIf you disable or do not configure this policy setting, AutoPlay remembers user's choice of what to do when a device is connected.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "DontSetAutoplayCheckbox", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "AutoPlay.admx", "CategoryName": "AutoPlay", "PolicyName": "Autorun", "Class": "Both", "NameSpace": "Microsoft.Policies.AutoPlay", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Turn off Autoplay", "ExplainText": "This policy setting allows you to turn off the Autoplay feature.\n\nAutoplay begins reading from a drive as soon as you insert media in the drive. As a result, the setup file of programs and the music on audio media start immediately.\n\nPrior to Windows XP SP2, Autoplay is disabled by default on removable drives, such as the floppy disk drive (but not the CD-ROM drive), and on network drives.\n\nStarting with Windows XP SP2, Autoplay is enabled for removable drives as well, including Zip drives and some USB mass storage devices.\n\nIf you enable this policy setting, Autoplay is disabled on CD-ROM and removable media drives, or disabled on all drives.\n\nThis policy setting disables Autoplay on additional types of drives. You cannot use this setting to enable Autoplay on drives on which it is disabled by default.\n\nIf you disable or do not configure this policy setting, AutoPlay is enabled.\n\nNote: This policy setting appears in both the Computer Configuration and User Configuration folders. If the policy settings conflict, the policy setting in Computer Configuration takes precedence over the policy setting in User Configuration.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "Elements": [ { "Type": "Enum", "ValueName": "NoDriveTypeAutoRun", "Items": [ { "DisplayName": "CD-ROM and removable media drives", "Data": "181" }, { "DisplayName": "All drives", "Data": "255" } ], "Required": true } ] }, { "File": "AutoPlay.admx", "CategoryName": "AutoPlay", "PolicyName": "NoAutoplayfornonVolume", "Class": "Both", "NameSpace": "Microsoft.Policies.AutoPlay", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Disallow Autoplay for non-volume devices", "ExplainText": "This policy setting disallows AutoPlay for MTP devices like cameras or phones.\n\nIf you enable this policy setting, AutoPlay is not allowed for MTP devices like cameras or phones.\n\nIf you disable or do not configure this policy setting, AutoPlay is enabled for non-volume devices.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Explorer", "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "NoAutoplayfornonVolume", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "AVSValidationGP.admx", "CategoryName": "SoftwareProtectionPlatform", "PolicyName": "NoAcquireGT", "Class": "Machine", "NameSpace": "Microsoft.Policies.SoftwareProtectionPlatform", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Turn off KMS Client Online AVS Validation", "ExplainText": "This policy setting lets you opt-out of sending KMS client activation data to Microsoft automatically. Enabling this setting prevents this computer from sending data to Microsoft regarding its activation state.\nIf you disable or do not configure this policy setting, KMS client activation data will be sent to Microsoft services when this device activates.\nPolicy Options:\n- Not Configured (default -- data will be automatically sent to Microsoft)\n- Disabled (data will be automatically sent to Microsoft)\n- Enabled (data will not be sent to Microsoft)", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform" ], "ValueName": "NoGenTicket", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "AVSValidationGP.admx", "CategoryName": "SoftwareProtectionPlatform", "PolicyName": "AllowWindowsEntitlementReactivation", "Class": "Machine", "NameSpace": "Microsoft.Policies.SoftwareProtectionPlatform", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Control Device Reactivation for Retail devices", "ExplainText": "This policy setting controls whether OS Reactivation is blocked on a device.\nPolicy Options:\n- Not Configured (default -- Windows registration and reactivation is allowed)\n- Disabled (Windows registration and reactivation is not allowed)\n- Enabled (Windows registration is allowed)", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform" ], "ValueName": "AllowWindowsEntitlementReactivation", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Biometrics.admx", "CategoryName": "BiometricsConfiguration", "PolicyName": "Biometrics_EnableBio", "Class": "Machine", "NameSpace": "Microsoft.Policies.Biometrics", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Allow the use of biometrics", "ExplainText": "This policy setting allows or prevents the Windows Biometric Service to run on this computer.\n\nIf you enable or do not configure this policy setting, the Windows Biometric Service is available, and users can run applications that use biometrics on Windows. If you want to enable the ability to log on with biometrics, you must also configure the \"Allow users to log on using biometrics\" policy setting.\n\nIf you disable this policy setting, the Windows Biometric Service is unavailable, and users cannot use any biometric feature in Windows.\n\nNote: Users who log on using biometrics should create a password recovery disk; this will prevent data loss in the event that someone forgets their logon credentials.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Biometrics" ], "ValueName": "Enabled", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Biometrics.admx", "CategoryName": "BiometricsConfiguration", "PolicyName": "Biometrics_EnableCredProv", "Class": "Machine", "NameSpace": "Microsoft.Policies.Biometrics", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Allow users to log on using biometrics", "ExplainText": "This policy setting determines whether users can log on or elevate User Account Control (UAC) permissions using biometrics. By default, local users will be able to log on to the local computer, but the \"Allow domain users to log on using biometrics\" policy setting will need to be enabled for domain users to log on to the domain.\n\nIf you enable or do not configure this policy setting, all users can log on to a local Windows-based computer and can elevate permissions with UAC using biometrics.\n\nIf you disable this policy setting, biometrics cannot be used by any users to log on to a local Windows-based computer.\n\nNote: Users who log on using biometrics should create a password recovery disk; this will prevent data loss in the event that someone forgets their logon credentials.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Biometrics\\Credential Provider" ], "ValueName": "Enabled", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Biometrics.admx", "CategoryName": "BiometricsConfiguration", "PolicyName": "Biometrics_EnableDomainCredProv", "Class": "Machine", "NameSpace": "Microsoft.Policies.Biometrics", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Allow domain users to log on using biometrics", "ExplainText": "This policy setting determines whether users with a domain account can log on or elevate User Account Control (UAC) permissions using biometrics.\n\nIf you enable or do not configure this policy setting, Windows allows domain users to log on to a domain-joined computer using biometrics.\n\nIf you disable this policy setting, Windows prevents domain users from logging on to a domain-joined computer using biometrics.\n\nNote: Prior to Windows 10, not configuring this policy setting would have prevented domain users from using biometrics to log on.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Biometrics\\Credential Provider" ], "ValueName": "Domain Accounts", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Biometrics.admx", "CategoryName": "BiometricsConfiguration", "PolicyName": "Biometrics_FUSTimeout", "Class": "Machine", "NameSpace": "Microsoft.Policies.Biometrics", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Specify timeout for fast user switching events", "ExplainText": "This policy setting specifies the number of seconds a pending fast user switch event will remain active before the switch is initiated. By default, a fast user switch event is active for 10 seconds before becoming inactive.\n\nIf you enable this policy setting, you can configure the fast user switch event timeout to specify the number of seconds the event remains active. This value cannot exceed 60 seconds.\n\nIf you disable or do not configure this policy setting, a default value of 10 seconds is used for fast-user switch event timeouts.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Biometrics\\Credential Provider" ], "Elements": [ { "Type": "Decimal", "ValueName": "SwitchTimeoutInSeconds", "MinValue": "5", "MaxValue": "60" } ] }, { "File": "Biometrics.admx", "CategoryName": "FaceConfiguration", "PolicyName": "Face_EnhancedAntiSpoofing", "Class": "Machine", "NameSpace": "Microsoft.Policies.Biometrics", "Supported": "Windows_10_0_NOARM - At least Windows Server 2016 or Windows 10", "DisplayName": "Configure enhanced anti-spoofing", "ExplainText": "This policy setting determines whether enhanced anti-spoofing is required for Windows Hello face authentication.\n\nIf you enable this setting, Windows requires all users on managed devices to use enhanced anti-spoofing for Windows Hello face authentication. This disables Windows Hello face authentication on devices that do not support enhanced anti-spoofing.\n\nIf you disable or don't configure this setting, Windows doesn't require enhanced anti-spoofing for Windows Hello face authentication.\n\nNote that enhanced anti-spoofing for Windows Hello face authentication is not required on unmanaged devices.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Biometrics\\FacialFeatures" ], "ValueName": "EnhancedAntiSpoofing", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Bits.admx", "CategoryName": "BITS", "PolicyName": "BITS_Job_Timeout", "Class": "Machine", "NameSpace": "Microsoft.Policies.BITS", "Supported": "WindowsXPWindowsNETorBITS15 - Windows XP or Windows Server 2003, or computers with BITS 1.5 installed.", "DisplayName": "Timeout for inactive BITS jobs", "ExplainText": "This policy setting specifies the number of days a pending BITS job can remain inactive before the job is considered abandoned. By default BITS will wait 90 days before considering an inactive job abandoned. After a job is determined to be abandoned, the job is deleted from BITS and any downloaded files for the job are deleted from the disk.\nNote: Any property changes to the job or any successful download action will reset this timeout.\n\nConsider increasing the timeout value if computers tend to stay offline for a long period of time and still have pending jobs.\nConsider decreasing this value if you are concerned about orphaned jobs occupying disk space.\n\nIf you enable this policy setting, you can configure the inactive job timeout to specified number of days.\n\nIf you disable or do not configure this policy setting, the default value of 90 (days) will be used for the inactive job timeout.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS" ], "Elements": [ { "Type": "Decimal", "ValueName": "JobInactivityTimeout", "MinValue": "1", "MaxValue": "999" } ] }, { "File": "Bits.admx", "CategoryName": "BITS", "PolicyName": "BITS_MaxDownloadTime", "Class": "Machine", "NameSpace": "Microsoft.Policies.BITS", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Limit the maximum BITS job download time", "ExplainText": "This policy setting limits the amount of time that Background Intelligent Transfer Service (BITS) will take to download the files in a BITS job.\n\nThe time limit applies only to the time that BITS is actively downloading files. When the cumulative download time exceeds this limit, the job is placed in the error state.\n\nBy default BITS uses a maximum download time of 90 days (7,776,000 seconds).\n\nIf you enable this policy setting, you can set the maximum job download time to a specified number of seconds.\n\nIf you disable or do not configure this policy setting, the default value of 90 days (7,776,000 seconds) will be used.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS" ], "Elements": [ { "Type": "Decimal", "ValueName": "MaxDownloadTime", "MinValue": "1", "MaxValue": "2147483648" } ] }, { "File": "Bits.admx", "CategoryName": "BITS", "PolicyName": "BITS_MaxBandwidth", "Class": "Machine", "NameSpace": "Microsoft.Policies.BITS", "Supported": "WindowsXPSP2WindowsNETSP1orBITS20 - Windows XP SP2 or Windows Server 2003 SP1, or computers with BITS 2.0 installed.", "DisplayName": "Limit the maximum network bandwidth for BITS background transfers", "ExplainText": "This policy setting limits the network bandwidth that Background Intelligent Transfer Service (BITS) uses for background transfers. (This policy setting does not affect foreground transfers.)\n\nYou can specify a limit to use during a specific time interval and at all other times. For example, limit the use of network bandwidth to 10 Kbps from 8:00 A.M. to 5:00 P.M., and use all available unused bandwidth the rest of the day's hours.\n\nIf you enable this policy setting, BITS will limit its bandwidth usage to the specified values. You can specify the limit in kilobits per second (Kbps). If you specify a value less than 2 kilobits, BITS will continue to use approximately 2 kilobits. To prevent BITS transfers from occurring, specify a limit of 0.\n\nIf you disable or do not configure this policy setting, BITS uses all available unused bandwidth.\n\nNote: You should base the limit on the speed of the network link, not the computer's network interface card (NIC). This policy setting does not affect Peercaching transfers between peer computers (it does affect transfers from the origin server); the \"Limit the maximum network bandwidth used for Peercaching\" policy setting should be used for that purpose.\n\nConsider using this setting to prevent BITS transfers from competing for network bandwidth when the client computer has a fast network card (10Mbs), but is connected to the network via a slow link (56Kbs).", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS\\EnableBITSMaxBandwidth" ], "Elements": [ { "Type": "Decimal", "ValueName": "MaxTransferRateOnSchedule", "MinValue": "0", "MaxValue": "4294967200" }, { "Type": "Enum", "ValueName": "MaxBandwidthValidFrom", "Items": [ { "DisplayName": "12 AM", "Data": "0" }, { "DisplayName": "1 AM", "Data": "1" }, { "DisplayName": "2 AM", "Data": "2" }, { "DisplayName": "3 AM", "Data": "3" }, { "DisplayName": "4 AM", "Data": "4" }, { "DisplayName": "5 AM", "Data": "5" }, { "DisplayName": "6 AM", "Data": "6" }, { "DisplayName": "7 AM", "Data": "7" }, { "DisplayName": "8 AM", "Data": "8" }, { "DisplayName": "9 AM", "Data": "9" }, { "DisplayName": "10 AM", "Data": "10" }, { "DisplayName": "11 AM", "Data": "11" }, { "DisplayName": "12 PM", "Data": "12" }, { "DisplayName": "1 PM", "Data": "13" }, { "DisplayName": "2 PM", "Data": "14" }, { "DisplayName": "3 PM", "Data": "15" }, { "DisplayName": "4 PM", "Data": "16" }, { "DisplayName": "5 PM", "Data": "17" }, { "DisplayName": "6 PM", "Data": "18" }, { "DisplayName": "7 PM", "Data": "19" }, { "DisplayName": "8 PM", "Data": "20" }, { "DisplayName": "9 PM", "Data": "21" }, { "DisplayName": "10 PM", "Data": "22" }, { "DisplayName": "11 PM", "Data": "23" } ], "Required": true }, { "Type": "Enum", "ValueName": "MaxBandwidthValidTo", "Items": [ { "DisplayName": "12 AM", "Data": "0" }, { "DisplayName": "1 AM", "Data": "1" }, { "DisplayName": "2 AM", "Data": "2" }, { "DisplayName": "3 AM", "Data": "3" }, { "DisplayName": "4 AM", "Data": "4" }, { "DisplayName": "5 AM", "Data": "5" }, { "DisplayName": "6 AM", "Data": "6" }, { "DisplayName": "7 AM", "Data": "7" }, { "DisplayName": "8 AM", "Data": "8" }, { "DisplayName": "9 AM", "Data": "9" }, { "DisplayName": "10 AM", "Data": "10" }, { "DisplayName": "11 AM", "Data": "11" }, { "DisplayName": "12 PM", "Data": "12" }, { "DisplayName": "1 PM", "Data": "13" }, { "DisplayName": "2 PM", "Data": "14" }, { "DisplayName": "3 PM", "Data": "15" }, { "DisplayName": "4 PM", "Data": "16" }, { "DisplayName": "5 PM", "Data": "17" }, { "DisplayName": "6 PM", "Data": "18" }, { "DisplayName": "7 PM", "Data": "19" }, { "DisplayName": "8 PM", "Data": "20" }, { "DisplayName": "9 PM", "Data": "21" }, { "DisplayName": "10 PM", "Data": "22" }, { "DisplayName": "11 PM", "Data": "23" } ], "Required": true }, { "Type": "Boolean", "ValueName": "UseSystemMaximum", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Decimal", "ValueName": "MaxTransferRateOffSchedule", "MinValue": "0", "MaxValue": "4294967200" } ] }, { "File": "Bits.admx", "CategoryName": "BITS", "PolicyName": "BITS_MaxBandwidthV2_Work", "Class": "Machine", "NameSpace": "Microsoft.Policies.BITS", "Supported": "Windows7OrBITS35 - Windows 7 or computers with BITS 3.5 installed.", "DisplayName": "Set up a work schedule to limit the maximum network bandwidth used for BITS background transfers", "ExplainText": "This policy setting limits the network bandwidth that Background Intelligent Transfer Service (BITS) uses for background transfers during the work and nonwork days and hours. The work schedule is defined using a weekly calendar, which consists of days of the week and hours of the day. All hours and days that are not defined in a work schedule are considered non-work hours.\n\nIf you enable this policy setting, you can set up a schedule for limiting network bandwidth during both work and nonwork hours. After the work schedule is defined, you can set the bandwidth usage limits for each of the three BITS background priority levels: high, normal, and low.\n\nYou can specify a limit to use for background jobs during a work schedule. For example, you can limit the network bandwidth of low priority jobs to 128 Kbps from 8:00 A.M. to 5:00 P.M. on Monday through Friday, and then set the limit to 512 Kbps for nonwork hours.\n\nIf you disable or do not configure this policy setting, BITS uses all available unused bandwidth for background job transfers.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS\\Throttling\\EnableBandwidthLimits" ], "Elements": [ { "Type": "Boolean", "ValueName": "IgnoreBandwidthLimitsOnLan", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Enum", "ValueName": "StartDay", "Items": [ { "DisplayName": "Sunday", "Data": "0" }, { "DisplayName": "Monday", "Data": "1" }, { "DisplayName": "Tuesday", "Data": "2" }, { "DisplayName": "Wednesday", "Data": "3" }, { "DisplayName": "Thursday", "Data": "4" }, { "DisplayName": "Friday", "Data": "5" }, { "DisplayName": "Saturday", "Data": "6" } ], "Required": true, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS\\Throttling\\WorkSchedule" ] }, { "Type": "Enum", "ValueName": "EndDay", "Items": [ { "DisplayName": "Sunday", "Data": "0" }, { "DisplayName": "Monday", "Data": "1" }, { "DisplayName": "Tuesday", "Data": "2" }, { "DisplayName": "Wednesday", "Data": "3" }, { "DisplayName": "Thursday", "Data": "4" }, { "DisplayName": "Friday", "Data": "5" }, { "DisplayName": "Saturday", "Data": "6" } ], "Required": true, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS\\Throttling\\WorkSchedule" ] }, { "Type": "Enum", "ValueName": "StartHour", "Items": [ { "DisplayName": "12 AM", "Data": "0" }, { "DisplayName": "1 AM", "Data": "1" }, { "DisplayName": "2 AM", "Data": "2" }, { "DisplayName": "3 AM", "Data": "3" }, { "DisplayName": "4 AM", "Data": "4" }, { "DisplayName": "5 AM", "Data": "5" }, { "DisplayName": "6 AM", "Data": "6" }, { "DisplayName": "7 AM", "Data": "7" }, { "DisplayName": "8 AM", "Data": "8" }, { "DisplayName": "9 AM", "Data": "9" }, { "DisplayName": "10 AM", "Data": "10" }, { "DisplayName": "11 AM", "Data": "11" }, { "DisplayName": "12 PM", "Data": "12" }, { "DisplayName": "1 PM", "Data": "13" }, { "DisplayName": "2 PM", "Data": "14" }, { "DisplayName": "3 PM", "Data": "15" }, { "DisplayName": "4 PM", "Data": "16" }, { "DisplayName": "5 PM", "Data": "17" }, { "DisplayName": "6 PM", "Data": "18" }, { "DisplayName": "7 PM", "Data": "19" }, { "DisplayName": "8 PM", "Data": "20" }, { "DisplayName": "9 PM", "Data": "21" }, { "DisplayName": "10 PM", "Data": "22" }, { "DisplayName": "11 PM", "Data": "23" } ], "Required": true, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS\\Throttling\\WorkSchedule" ] }, { "Type": "Enum", "ValueName": "EndHour", "Items": [ { "DisplayName": "12 AM", "Data": "0" }, { "DisplayName": "1 AM", "Data": "1" }, { "DisplayName": "2 AM", "Data": "2" }, { "DisplayName": "3 AM", "Data": "3" }, { "DisplayName": "4 AM", "Data": "4" }, { "DisplayName": "5 AM", "Data": "5" }, { "DisplayName": "6 AM", "Data": "6" }, { "DisplayName": "7 AM", "Data": "7" }, { "DisplayName": "8 AM", "Data": "8" }, { "DisplayName": "9 AM", "Data": "9" }, { "DisplayName": "10 AM", "Data": "10" }, { "DisplayName": "11 AM", "Data": "11" }, { "DisplayName": "12 PM", "Data": "12" }, { "DisplayName": "1 PM", "Data": "13" }, { "DisplayName": "2 PM", "Data": "14" }, { "DisplayName": "3 PM", "Data": "15" }, { "DisplayName": "4 PM", "Data": "16" }, { "DisplayName": "5 PM", "Data": "17" }, { "DisplayName": "6 PM", "Data": "18" }, { "DisplayName": "7 PM", "Data": "19" }, { "DisplayName": "8 PM", "Data": "20" }, { "DisplayName": "9 PM", "Data": "21" }, { "DisplayName": "10 PM", "Data": "22" }, { "DisplayName": "11 PM", "Data": "23" } ], "Required": true, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS\\Throttling\\WorkSchedule" ] }, { "Type": "Decimal", "ValueName": "HighBandwidthLimit", "MinValue": "0", "MaxValue": "4294967200", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS\\Throttling\\WorkSchedule" ] }, { "Type": "Enum", "ValueName": "HighBandwidthType", "Items": [ { "DisplayName": "Kbps", "Data": "1" }, { "DisplayName": "Mbps", "Data": "2" }, { "DisplayName": "Unlimited", "Data": "3" } ], "Required": true, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS\\Throttling\\WorkSchedule" ] }, { "Type": "Decimal", "ValueName": "NormalBandwidthLimit", "MinValue": "0", "MaxValue": "4294967200", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS\\Throttling\\WorkSchedule" ] }, { "Type": "Enum", "ValueName": "NormalBandwidthType", "Items": [ { "DisplayName": "Kbps", "Data": "1" }, { "DisplayName": "Mbps", "Data": "2" }, { "DisplayName": "Unlimited", "Data": "3" } ], "Required": true, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS\\Throttling\\WorkSchedule" ] }, { "Type": "Decimal", "ValueName": "LowBandwidthLimit", "MinValue": "0", "MaxValue": "4294967200", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS\\Throttling\\WorkSchedule" ] }, { "Type": "Enum", "ValueName": "LowBandwidthType", "Items": [ { "DisplayName": "Kbps", "Data": "1" }, { "DisplayName": "Mbps", "Data": "2" }, { "DisplayName": "Unlimited", "Data": "3" } ], "Required": true, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS\\Throttling\\WorkSchedule" ] }, { "Type": "Decimal", "ValueName": "HighBandwidthLimit", "MinValue": "0", "MaxValue": "4294967200", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS\\Throttling\\NonWorkSchedule" ] }, { "Type": "Enum", "ValueName": "HighBandwidthType", "Items": [ { "DisplayName": "Kbps", "Data": "1" }, { "DisplayName": "Mbps", "Data": "2" }, { "DisplayName": "Unlimited", "Data": "3" } ], "Required": true, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS\\Throttling\\NonWorkSchedule" ] }, { "Type": "Decimal", "ValueName": "NormalBandwidthLimit", "MinValue": "0", "MaxValue": "4294967200", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS\\Throttling\\NonWorkSchedule" ] }, { "Type": "Enum", "ValueName": "NormalBandwidthType", "Items": [ { "DisplayName": "Kbps", "Data": "1" }, { "DisplayName": "Mbps", "Data": "2" }, { "DisplayName": "Unlimited", "Data": "3" } ], "Required": true, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS\\Throttling\\NonWorkSchedule" ] }, { "Type": "Decimal", "ValueName": "LowBandwidthLimit", "MinValue": "0", "MaxValue": "4294967200", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS\\Throttling\\NonWorkSchedule" ] }, { "Type": "Enum", "ValueName": "LowBandwidthType", "Items": [ { "DisplayName": "Kbps", "Data": "1" }, { "DisplayName": "Mbps", "Data": "2" }, { "DisplayName": "Unlimited", "Data": "3" } ], "Required": true, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS\\Throttling\\NonWorkSchedule" ] } ] }, { "File": "Bits.admx", "CategoryName": "BITS", "PolicyName": "BITS_MaxBandwidthV2_Maintenance", "Class": "Machine", "NameSpace": "Microsoft.Policies.BITS", "Supported": "Windows7OrBITS35 - Windows 7 or computers with BITS 3.5 installed.", "DisplayName": "Set up a maintenance schedule to limit the maximum network bandwidth used for BITS background transfers", "ExplainText": "This policy setting limits the network bandwidth that Background Intelligent Transfer Service (BITS) uses for background transfers during the maintenance days and hours. Maintenance schedules further limit the network bandwidth that is used for background transfers.\n\nIf you enable this policy setting, you can define a separate set of network bandwidth limits and set up a schedule for the maintenance period.\n\nYou can specify a limit to use for background jobs during a maintenance schedule. For example, if normal priority jobs are currently limited to 256 Kbps on a work schedule, you can further limit the network bandwidth of normal priority jobs to 0 Kbps from 8:00 A.M. to 10:00 A.M. on a maintenance schedule.\n\nIf you disable or do not configure this policy setting, the limits defined for work or nonwork schedules will be used.\n\nNote: The bandwidth limits that are set for the maintenance period supersede any limits defined for work and other schedules.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS\\Throttling\\EnableMaintenanceLimits" ], "Elements": [ { "Type": "Enum", "ValueName": "StartDay", "Items": [ { "DisplayName": "Sunday", "Data": "0" }, { "DisplayName": "Monday", "Data": "1" }, { "DisplayName": "Tuesday", "Data": "2" }, { "DisplayName": "Wednesday", "Data": "3" }, { "DisplayName": "Thursday", "Data": "4" }, { "DisplayName": "Friday", "Data": "5" }, { "DisplayName": "Saturday", "Data": "6" } ], "Required": true, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS\\Throttling\\MaintenanceSchedule" ] }, { "Type": "Enum", "ValueName": "EndDay", "Items": [ { "DisplayName": "Sunday", "Data": "0" }, { "DisplayName": "Monday", "Data": "1" }, { "DisplayName": "Tuesday", "Data": "2" }, { "DisplayName": "Wednesday", "Data": "3" }, { "DisplayName": "Thursday", "Data": "4" }, { "DisplayName": "Friday", "Data": "5" }, { "DisplayName": "Saturday", "Data": "6" } ], "Required": true, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS\\Throttling\\MaintenanceSchedule" ] }, { "Type": "Enum", "ValueName": "StartHour", "Items": [ { "DisplayName": "12 AM", "Data": "0" }, { "DisplayName": "1 AM", "Data": "1" }, { "DisplayName": "2 AM", "Data": "2" }, { "DisplayName": "3 AM", "Data": "3" }, { "DisplayName": "4 AM", "Data": "4" }, { "DisplayName": "5 AM", "Data": "5" }, { "DisplayName": "6 AM", "Data": "6" }, { "DisplayName": "7 AM", "Data": "7" }, { "DisplayName": "8 AM", "Data": "8" }, { "DisplayName": "9 AM", "Data": "9" }, { "DisplayName": "10 AM", "Data": "10" }, { "DisplayName": "11 AM", "Data": "11" }, { "DisplayName": "12 PM", "Data": "12" }, { "DisplayName": "1 PM", "Data": "13" }, { "DisplayName": "2 PM", "Data": "14" }, { "DisplayName": "3 PM", "Data": "15" }, { "DisplayName": "4 PM", "Data": "16" }, { "DisplayName": "5 PM", "Data": "17" }, { "DisplayName": "6 PM", "Data": "18" }, { "DisplayName": "7 PM", "Data": "19" }, { "DisplayName": "8 PM", "Data": "20" }, { "DisplayName": "9 PM", "Data": "21" }, { "DisplayName": "10 PM", "Data": "22" }, { "DisplayName": "11 PM", "Data": "23" } ], "Required": true, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS\\Throttling\\MaintenanceSchedule" ] }, { "Type": "Enum", "ValueName": "EndHour", "Items": [ { "DisplayName": "12 AM", "Data": "0" }, { "DisplayName": "1 AM", "Data": "1" }, { "DisplayName": "2 AM", "Data": "2" }, { "DisplayName": "3 AM", "Data": "3" }, { "DisplayName": "4 AM", "Data": "4" }, { "DisplayName": "5 AM", "Data": "5" }, { "DisplayName": "6 AM", "Data": "6" }, { "DisplayName": "7 AM", "Data": "7" }, { "DisplayName": "8 AM", "Data": "8" }, { "DisplayName": "9 AM", "Data": "9" }, { "DisplayName": "10 AM", "Data": "10" }, { "DisplayName": "11 AM", "Data": "11" }, { "DisplayName": "12 PM", "Data": "12" }, { "DisplayName": "1 PM", "Data": "13" }, { "DisplayName": "2 PM", "Data": "14" }, { "DisplayName": "3 PM", "Data": "15" }, { "DisplayName": "4 PM", "Data": "16" }, { "DisplayName": "5 PM", "Data": "17" }, { "DisplayName": "6 PM", "Data": "18" }, { "DisplayName": "7 PM", "Data": "19" }, { "DisplayName": "8 PM", "Data": "20" }, { "DisplayName": "9 PM", "Data": "21" }, { "DisplayName": "10 PM", "Data": "22" }, { "DisplayName": "11 PM", "Data": "23" } ], "Required": true, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS\\Throttling\\MaintenanceSchedule" ] }, { "Type": "Decimal", "ValueName": "HighBandwidthLimit", "MinValue": "0", "MaxValue": "4294967200", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS\\Throttling\\MaintenanceSchedule" ] }, { "Type": "Enum", "ValueName": "HighBandwidthType", "Items": [ { "DisplayName": "Kbps", "Data": "1" }, { "DisplayName": "Mbps", "Data": "2" }, { "DisplayName": "Unlimited", "Data": "3" } ], "Required": true, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS\\Throttling\\MaintenanceSchedule" ] }, { "Type": "Decimal", "ValueName": "NormalBandwidthLimit", "MinValue": "0", "MaxValue": "4294967200", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS\\Throttling\\MaintenanceSchedule" ] }, { "Type": "Enum", "ValueName": "NormalBandwidthType", "Items": [ { "DisplayName": "Kbps", "Data": "1" }, { "DisplayName": "Mbps", "Data": "2" }, { "DisplayName": "Unlimited", "Data": "3" } ], "Required": true, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS\\Throttling\\MaintenanceSchedule" ] }, { "Type": "Decimal", "ValueName": "LowBandwidthLimit", "MinValue": "0", "MaxValue": "4294967200", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS\\Throttling\\MaintenanceSchedule" ] }, { "Type": "Enum", "ValueName": "LowBandwidthType", "Items": [ { "DisplayName": "Kbps", "Data": "1" }, { "DisplayName": "Mbps", "Data": "2" }, { "DisplayName": "Unlimited", "Data": "3" } ], "Required": true, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS\\Throttling\\MaintenanceSchedule" ] } ] }, { "File": "Bits.admx", "CategoryName": "BITS", "PolicyName": "BITS_EnablePeercaching", "Class": "Machine", "NameSpace": "Microsoft.Policies.BITS", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Allow BITS Peercaching", "ExplainText": "This policy setting determines if the Background Intelligent Transfer Service (BITS) peer caching feature is enabled on a specific computer. By default, the files in a BITS job are downloaded only from the origin server specified by the job's owner.\n\nIf BITS peer caching is enabled, BITS caches downloaded files and makes them available to other BITS peers. When transferring a download job, BITS first requests the files for the job from its peers in the same IP subnet. If none of the peers in the subnet have the requested files, BITS downloads them from the origin server.\n\nIf you enable this policy setting, BITS downloads files from peers, caches the files, and responds to content requests from peers. Using the \"Do not allow the computer to act as a BITS peer caching server\" and \"Do not allow the computer to act as a BITS peer caching client\" policy settings, it is possible to control BITS peer caching functionality at a more detailed level. However, it should be noted that the \"Allow BITS peer caching\" policy setting must be enabled for the other two policy settings to have any effect.\n\nIf you disable or do not configure this policy setting, the BITS peer caching feature will be disabled, and BITS will download files directly from the origin server.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS" ], "ValueName": "EnablePeercaching", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Bits.admx", "CategoryName": "BITS", "PolicyName": "BITS_MaxContentAge", "Class": "Machine", "NameSpace": "Microsoft.Policies.BITS", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Limit the age of files in the BITS Peercache", "ExplainText": "This policy setting limits the maximum age of files in the Background Intelligent Transfer Service (BITS) peer cache. In order to make the most efficient use of disk space, by default BITS removes any files in the peer cache that have not been accessed in the past 90 days.\n\nIf you enable this policy setting, you can specify in days the maximum age of files in the cache. You can enter a value between 1 and 120 days.\n\nIf you disable or do not configure this policy setting, files that have not been accessed for the past 90 days will be removed from the peer cache.\n\nNote: This policy setting has no effect if the \"Allow BITS Peercaching\" policy setting is disabled or not configured.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS" ], "Elements": [ { "Type": "Decimal", "ValueName": "MaxContentAge", "MinValue": "1", "MaxValue": "120", "Required": true } ] }, { "File": "Bits.admx", "CategoryName": "BITS", "PolicyName": "BITS_MaxCacheSize", "Class": "Machine", "NameSpace": "Microsoft.Policies.BITS", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Limit the BITS Peercache size", "ExplainText": "This policy setting limits the maximum amount of disk space that can be used for the BITS peer cache, as a percentage of the total system disk size. BITS will add files to the peer cache and make those files available to peers until the cache content reaches the specified cache size. By default, BITS will use 1 percent of the total system disk for the peercache.\n\nIf you enable this policy setting, you can enter the percentage of disk space to be used for the BITS peer cache. You can enter a value between 1 percent and 80 percent.\n\nIf you disable or do not configure this policy setting, the default size of the BITS peer cache is 1 percent of the total system disk size.\n\nNote: This policy setting has no effect if the \"Allow BITS peer caching\" setting is disabled or not configured.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS" ], "Elements": [ { "Type": "Decimal", "ValueName": "MaxCacheSize", "MinValue": "1", "MaxValue": "80", "Required": true } ] }, { "File": "Bits.admx", "CategoryName": "BITS", "PolicyName": "BITS_DisablePeercachingClient", "Class": "Machine", "NameSpace": "Microsoft.Policies.BITS", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Do not allow the computer to act as a BITS Peercaching client", "ExplainText": "This policy setting specifies whether the computer will act as a BITS peer caching client. By default, when BITS peer caching is enabled, the computer acts as both a peer caching server (offering files to its peers) and a peer caching client (downloading files from its peers).\n\nIf you enable this policy setting, the computer will no longer use the BITS peer caching feature to download files; files will be downloaded only from the origin server. However, the computer will still make files available to its peers.\n\nIf you disable or do not configure this policy setting, the computer attempts to download peer-enabled BITS jobs from peer computers before reverting to the origin server.\n\nNote: This policy setting has no effect if the \"Allow BITS peer caching\" policy setting is disabled or not configured.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS" ], "ValueName": "DisablePeerCachingClient", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Bits.admx", "CategoryName": "BITS", "PolicyName": "BITS_DisablePeercachingServer", "Class": "Machine", "NameSpace": "Microsoft.Policies.BITS", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Do not allow the computer to act as a BITS Peercaching server", "ExplainText": "This policy setting specifies whether the computer will act as a BITS peer caching server. By default, when BITS peer caching is enabled, the computer acts as both a peer caching server (offering files to its peers) and a peer caching client (downloading files from its peers).\n\nIf you enable this policy setting, the computer will no longer cache downloaded files and offer them to its peers. However, the computer will still download files from peers.\n\nIf you disable or do not configure this policy setting, the computer will offer downloaded and cached files to its peers.\n\nNote: This setting has no effect if the \"Allow BITS peer caching\" setting is disabled or not configured.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS" ], "ValueName": "DisablePeerCachingServer", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Bits.admx", "CategoryName": "BITS", "PolicyName": "BITS_MaxBandwidthServedForPeers", "Class": "Machine", "NameSpace": "Microsoft.Policies.BITS", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Limit the maximum network bandwidth used for Peercaching", "ExplainText": "This policy setting limits the network bandwidth that BITS uses for peer cache transfers (this setting does not affect transfers from the origin server).\nTo prevent any negative impact to a computer caused by serving other peers, by default BITS will use up to 30 percent of the bandwidth of the slowest active network interface. For example, if a computer has both a 100 Mbps network card and a 56 Kbps modem, and both are active, BITS will use a maximum of 30 percent of 56 Kbps.\nYou can change the default behavior of BITS, and specify a fixed maximum bandwidth that BITS will use for peer caching.\n\nIf you enable this policy setting, you can enter a value in bits per second (bps) between 1048576 and 4294967200 to use as the maximum network bandwidth used for peer caching.\n\nIf you disable this policy setting or do not configure it, the default value of 30 percent of the slowest active network interface will be used.\n\nNote: This setting has no effect if the \"Allow BITS peer caching\" policy setting is disabled or not configured.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS" ], "Elements": [ { "Type": "Decimal", "ValueName": "MaxBandwidthServed", "MinValue": "1048576", "MaxValue": "4294967200", "Required": true } ] }, { "File": "Bits.admx", "CategoryName": "BITS", "PolicyName": "BITS_SetTransferPolicyOnCostedNetwork", "Class": "Machine", "NameSpace": "Microsoft.Policies.BITS", "Supported": "Windows8OrBITS5 - Windows 8 or Windows Server 2012 or Windows RT or computers with BITS 5 installed.", "DisplayName": "Set default download behavior for BITS jobs on costed networks", "ExplainText": "This policy setting defines the default behavior that the Background Intelligent Transfer Service (BITS) uses for background transfers when the system is connected to a costed network (3G, etc.). Download behavior policies further limit the network usage of background transfers.\n\nIf you enable this policy setting, you can define a default download policy for each BITS job priority. This setting does not override a download policy explicitly configured by the application that created the BITS job, but does apply to jobs that are created by specifying only a priority.\n\nFor example, you can specify that background jobs are by default to transfer only when on uncosted network connections, but foreground jobs should proceed only when not roaming. The values that can be assigned are:\n- Always transfer\n- Transfer unless roaming\n- Transfer unless surcharge applies (when not roaming or overcap)\n- Transfer unless nearing limit (when not roaming or nearing cap)\n- Transfer only if unconstrained\n- Custom--allows you to specify a bitmask, in which the bits describe cost states allowed or disallowed for this priority: (bits described here)\n0x1 - The cost is unknown or the connection is unlimited and is considered to be unrestricted of usage charges and capacity constraints.\n0x2 - The usage of this connection is unrestricted up to a certain data limit\n0x4 - The usage of this connection is unrestricted up to a certain data limit and plan usage is less than 80 percent of the limit.\n0x8 - Usage of this connection is unrestricted up to a certain data limit and plan usage is between 80 percent and 100 percent of the limit.\n0x10 - Usage of this connection is unrestricted up to a certain data limit, which has been exceeded. Surcharge applied or unknown.\n0x20 - Usage of this connection is unrestricted up to a certain data limit, which has been exceeded. No surcharge applies, but speeds are likely reduced.\n0x40 - The connection is costed on a per-byte basis.\n0x80 - The connection is roaming.\n0x80000000 - Ignore congestion.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS\\TransferPolicy" ], "Elements": [ { "Type": "Enum", "ValueName": "ForegroundTransferPolicy", "Items": [ { "DisplayName": "Always transfer", "Data": "2147483903" }, { "DisplayName": "Transfer unless roaming", "Data": "2147483775" }, { "DisplayName": "Transfer unless surcharge applies (when not roaming or overcap)", "Data": "2147483759" }, { "DisplayName": "Transfer unless nearing limit (when not roaming or nearing cap)", "Data": "2147483751" }, { "DisplayName": "Transfer only if unconstrained", "Data": "2147483681" }, { "DisplayName": "Custom", "Data": "255", "ValueList": [{"ValueName": "ForegroundTransferPolicy", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS\\TransferPolicy" ], "Action": "Delete"}] } ], "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS\\TransferPolicy"] }, { "Type": "Decimal", "ValueName": "ForegroundTransferPolicyCustom", "MinValue": "0", "MaxValue": "2147483647", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS\\TransferPolicy" ] }, { "Type": "Enum", "ValueName": "HighTransferPolicy", "Items": [ { "DisplayName": "Always transfer", "Data": "255" }, { "DisplayName": "Transfer unless roaming", "Data": "127" }, { "DisplayName": "Transfer unless surcharge applies (when not roaming or overcap)", "Data": "111" }, { "DisplayName": "Transfer unless nearing limit (when not roaming or nearing cap)", "Data": "103" }, { "DisplayName": "Transfer only if unconstrained", "Data": "33" }, { "DisplayName": "Custom", "Data": "255", "ValueList": [{"ValueName": "HighTransferPolicy", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS\\TransferPolicy" ], "Action": "Delete"}] } ], "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS\\TransferPolicy"] }, { "Type": "Decimal", "ValueName": "HighTransferPolicyCustom", "MinValue": "0", "MaxValue": "2147483647", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS\\TransferPolicy" ] }, { "Type": "Enum", "ValueName": "NormalTransferPolicy", "Items": [ { "DisplayName": "Always transfer", "Data": "255" }, { "DisplayName": "Transfer unless roaming", "Data": "127" }, { "DisplayName": "Transfer unless surcharge applies (when not roaming or overcap)", "Data": "111" }, { "DisplayName": "Transfer unless nearing limit (when not roaming or nearing cap)", "Data": "103" }, { "DisplayName": "Transfer only if unconstrained", "Data": "33" }, { "DisplayName": "Custom", "Data": "255", "ValueList": [{"ValueName": "NormalTransferPolicy", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS\\TransferPolicy" ], "Action": "Delete"}] } ], "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS\\TransferPolicy"] }, { "Type": "Decimal", "ValueName": "NormalTransferPolicyCustom", "MinValue": "0", "MaxValue": "2147483647", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS\\TransferPolicy" ] }, { "Type": "Enum", "ValueName": "LowTransferPolicy", "Items": [ { "DisplayName": "Always transfer", "Data": "255" }, { "DisplayName": "Transfer unless roaming", "Data": "127" }, { "DisplayName": "Transfer unless surcharge applies (when not roaming or overcap)", "Data": "111" }, { "DisplayName": "Transfer unless nearing limit (when not roaming or nearing cap)", "Data": "103" }, { "DisplayName": "Transfer only if unconstrained", "Data": "33" }, { "DisplayName": "Custom", "Data": "255", "ValueList": [{"ValueName": "LowTransferPolicy", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS\\TransferPolicy" ], "Action": "Delete"}] } ], "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS\\TransferPolicy"] }, { "Type": "Decimal", "ValueName": "LowTransferPolicyCustom", "MinValue": "0", "MaxValue": "2147483647", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS\\TransferPolicy" ] } ] }, { "File": "Bits.admx", "CategoryName": "BITS", "PolicyName": "BITS_MaxJobsPerMachine", "Class": "Machine", "NameSpace": "Microsoft.Policies.BITS", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Limit the maximum number of BITS jobs for this computer", "ExplainText": "This policy setting limits the number of BITS jobs that can be created for all users of the computer. By default, BITS limits the total number of jobs that can be created on the computer to 300 jobs. You can use this policy setting to raise or lower the maximum number of user BITS jobs.\n\nIf you enable this policy setting, BITS will limit the maximum number of BITS jobs to the specified number.\n\nIf you disable or do not configure this policy setting, BITS will use the default BITS job limit of 300 jobs.\n\nNote: BITS jobs created by services and the local administrator account do not count toward this limit.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS" ], "Elements": [ { "Type": "Decimal", "ValueName": "MaxJobsPerMachine", "MinValue": "0", "MaxValue": "4294967200", "Required": true } ] }, { "File": "Bits.admx", "CategoryName": "BITS", "PolicyName": "BITS_MaxJobsPerUser", "Class": "Machine", "NameSpace": "Microsoft.Policies.BITS", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Limit the maximum number of BITS jobs for each user", "ExplainText": "This policy setting limits the number of BITS jobs that can be created by a user. By default, BITS limits the total number of jobs that can be created by a user to 60 jobs. You can use this setting to raise or lower the maximum number of BITS jobs a user can create.\n\nIf you enable this policy setting, BITS will limit the maximum number of BITS jobs a user can create to the specified number.\n\nIf you disable or do not configure this policy setting, BITS will use the default user BITS job limit of 300 jobs.\n\nNote: This limit must be lower than the setting specified in the \"Maximum number of BITS jobs for this computer\" policy setting, or 300 if the \"Maximum number of BITS jobs for this computer\" policy setting is not configured. BITS jobs created by services and the local administrator account do not count toward this limit.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS" ], "Elements": [ { "Type": "Decimal", "ValueName": "MaxJobsPerUser", "MinValue": "0", "MaxValue": "4294967200", "Required": true } ] }, { "File": "Bits.admx", "CategoryName": "BITS", "PolicyName": "BITS_MaxFilesPerJob", "Class": "Machine", "NameSpace": "Microsoft.Policies.BITS", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Limit the maximum number of files allowed in a BITS job", "ExplainText": "This policy setting limits the number of files that a BITS job can contain. By default, a BITS job is limited to 200 files. You can use this setting to raise or lower the maximum number of files a BITS jobs can contain.\n\nIf you enable this policy setting, BITS will limit the maximum number of files a job can contain to the specified number.\n\nIf you disable or do not configure this policy setting, BITS will use the default value of 200 for the maximum number of files a job can contain.\n\nNote: BITS Jobs created by services and the local administrator account do not count toward this limit.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS" ], "Elements": [ { "Type": "Decimal", "ValueName": "MaxFilesPerJob", "MinValue": "0", "MaxValue": "4294967200", "Required": true } ] }, { "File": "Bits.admx", "CategoryName": "BITS", "PolicyName": "BITS_MaxRangesPerFile", "Class": "Machine", "NameSpace": "Microsoft.Policies.BITS", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Limit the maximum number of ranges that can be added to the file in a BITS job", "ExplainText": "This policy setting limits the number of ranges that can be added to a file in a BITS job. By default, files in a BITS job are limited to 500 ranges per file. You can use this setting to raise or lower the maximum number ranges per file.\n\nIf you enable this policy setting, BITS will limit the maximum number of ranges that can be added to a file to the specified number.\n\nIf you disable or do not configure this policy setting, BITS will limit ranges to 500 ranges per file.\n\nNote: BITS Jobs created by services and the local administrator account do not count toward this limit.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS" ], "Elements": [ { "Type": "Decimal", "ValueName": "MaxRangesPerFile", "MinValue": "0", "MaxValue": "4294967200", "Required": true } ] }, { "File": "Bits.admx", "CategoryName": "BITS", "PolicyName": "BITS_DisableBranchCache", "Class": "Machine", "NameSpace": "Microsoft.Policies.BITS", "Supported": "Windows7OrBITS35 - Windows 7 or computers with BITS 3.5 installed.", "DisplayName": "Do not allow the BITS client to use Windows Branch Cache", "ExplainText": "This setting affects whether the BITS client is allowed to use Windows Branch Cache. If the Windows Branch Cache component is installed and enabled on a computer, BITS jobs on that computer can use Windows Branch Cache by default.\n\nIf you enable this policy setting, the BITS client does not use Windows Branch Cache.\n\nIf you disable or do not configure this policy setting, the BITS client uses Windows Branch Cache.\n\nNote: This policy setting does not affect the use of Windows Branch Cache by applications other than BITS. This policy setting does not apply to BITS transfers over SMB. This setting has no effect if the computer's administrative settings for Windows Branch Cache disable its use entirely.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\BITS" ], "ValueName": "DisableBranchCache", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Camera.admx", "CategoryName": "L_Camera_GroupPolicyCategory", "PolicyName": "L_AllowCamera", "Class": "Machine", "NameSpace": "Microsoft.Policies.Camera", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Allow Use of Camera", "ExplainText": "This policy setting allow the use of Camera devices on the machine.\n\nIf you enable or do not configure this policy setting, Camera devices will be enabled.\n\nIf you disable this property setting, Camera devices will be disabled.", "KeyPath": [ "HKLM\\software\\Policies\\Microsoft\\Camera" ], "ValueName": "AllowCamera", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "CEIPEnable.admx", "CategoryName": "WindowsCEIPCat", "PolicyName": "CorporateSQM", "Class": "Machine", "NameSpace": "Microsoft.Policies.CustomerExperienceProgram", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Allow Corporate redirection of Customer Experience Improvement uploads", "ExplainText": "If you enable this setting all Customer Experience Improvement Program uploads are redirected to Microsoft Operations Manager server.\n\nIf you disable this setting uploads are not redirected to a Microsoft Operations Manager server.\n\nIf you do not configure this setting uploads are not redirected to a Microsoft Operations Manager server.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\SQMClient" ], "Elements": [ { "Type": "Text", "ValueName": "CorporateSQMURL", "Required": true, "MaxLength": "256" } ] }, { "File": "CEIPEnable.admx", "CategoryName": "WindowsCEIPCat", "PolicyName": "StudyId", "Class": "Machine", "NameSpace": "Microsoft.Policies.CustomerExperienceProgram", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Tag Windows Customer Experience Improvement data with Study Identifier", "ExplainText": "This policy setting will enable tagging of Windows Customer Experience Improvement data when a study is being conducted.\n\nIf you enable this setting then Windows CEIP data uploaded will be tagged.\n\nIf you do not configure this setting or disable it, then CEIP data will not be tagged with the Study Identifier.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\SQMClient\\Windows" ], "Elements": [ { "Type": "Decimal", "ValueName": "StudyId", "MinValue": "0", "MaxValue": "65535", "Required": true } ] }, { "File": "CipherSuiteOrder.admx", "CategoryName": "SSLConfiguration", "PolicyName": "SSLCipherSuiteOrder", "Class": "Machine", "NameSpace": "Microsoft.Policies.CypherStrength", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "SSL Cipher Suite Order", "ExplainText": "This policy setting determines the cipher suites used by the Secure Socket Layer (SSL).\n\nIf you enable this policy setting, SSL cipher suites are prioritized in the order specified.\n\nIf you disable or do not configure this policy setting, default cipher suite order is used.\n\nLink for all the cipherSuites: http://go.microsoft.com/fwlink/?LinkId=517265", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Cryptography\\Configuration\\SSL\\00010002" ], "Elements": [ { "Type": "Text", "ValueName": "Functions" } ] }, { "File": "CipherSuiteOrder.admx", "CategoryName": "SSLConfiguration", "PolicyName": "SSLCurveOrder", "Class": "Machine", "NameSpace": "Microsoft.Policies.CypherStrength", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "ECC Curve Order", "ExplainText": "This policy setting determines the priority order of ECC curves used with ECDHE cipher suites.\n\nIf you enable this policy setting, ECC curves are prioritized in the order specified.(Enter one Curve name per line)\n\nIf you disable or do not configure this policy setting, the default ECC curve order is used.\n\nDefault Curve Order\n============\ncurve25519\nNistP256\nNistP384\n\nTo See all the curves supported on the system, Use the following command:\n\nCertUtil.exe -DisplayEccCurve", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Cryptography\\Configuration\\SSL\\00010002" ], "Elements": [ { "Type": "MultiText", "ValueName": "EccCurves" } ] }, { "File": "CloudContent.admx", "CategoryName": "CloudContent", "PolicyName": "ConfigureWindowsSpotlight", "Class": "User", "NameSpace": "Microsoft.Policies.CloudContent", "Supported": "Windows_10_0_NOSERVER - At least Windows 10", "DisplayName": "Configure Windows spotlight on lock screen", "ExplainText": "This policy setting lets you configure Windows spotlight on the lock screen.\n\nIf you enable this policy setting, \"Windows spotlight\" will be set as the lock screen provider and users will not be able to modify their lock screen. \"Windows spotlight\" will display daily images from Microsoft on the lock screen.\n\nAdditionally, if you check the \"Include content from Enterprise spotlight\" checkbox and your organization has setup an Enterprise spotlight content service in Azure, the lock screen will display internal messages and communications configured in that service, when available. If your organization does not have an Enterprise spotlight content service, the checkbox will have no effect.\n\nIf you disable this policy setting, Windows spotlight will be turned off and users will no longer be able to select it as their lock screen. Users will see the default lock screen image and will be able to select another image, unless you have enabled the \"Prevent changing lock screen image\" policy.\n\nIf you do not configure this policy, Windows spotlight will be available on the lock screen and will be selected by default, unless you have configured another default lock screen image using the \"Force a specific default lock screen and logon image\" policy.\n\nNote: This policy is only available for Enterprise SKUs", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\CloudContent" ], "ValueName": "ConfigureWindowsSpotlight", "Elements": [ { "Type": "Boolean", "ValueName": "IncludeEnterpriseSpotlight", "TrueValue": "1", "FalseValue": "0" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "2" } ] }, { "File": "CloudContent.admx", "CategoryName": "CloudContent", "PolicyName": "DisableWindowsSpotlightFeatures", "Class": "User", "NameSpace": "Microsoft.Policies.CloudContent", "Supported": "Windows_10_0_NOSERVER - At least Windows 10", "DisplayName": "Turn off all Windows spotlight features", "ExplainText": "This policy setting lets you turn off all Windows Spotlight features at once.\n\nIf you enable this policy setting, Windows spotlight on lock screen, Windows tips, Microsoft consumer features and other related features will be turned off. You should enable this policy setting if your goal is to minimize network traffic from target devices.\n\nIf you disable or do not configure this policy setting, Windows spotlight features are allowed and may be controlled individually using their corresponding policy settings.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\CloudContent" ], "ValueName": "DisableWindowsSpotlightFeatures", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "CloudContent.admx", "CategoryName": "CloudContent", "PolicyName": "DisableTailoredExperiencesWithDiagnosticData", "Class": "User", "NameSpace": "Microsoft.Policies.CloudContent", "Supported": "Windows_10_0_RS2 - At least Windows Server 2016, Windows 10 Version 1703", "DisplayName": "Do not use diagnostic data for tailored experiences", "ExplainText": "This policy setting lets you prevent Windows from using diagnostic data to provide tailored experiences to the user.\n\nIf you enable this policy setting, Windows will not use diagnostic data from this device (this data may include browser, app and feature usage, depending on the \"diagnostic data\" setting value) to customize content shown on lock screen, Windows tips, Microsoft consumer features and other related features. If these features are enabled, users will still see recommendations, tips and offers, but they may be less relevant.\n\nIf you disable or do not configure this policy setting, Microsoft will use diagnostic data to provide personalized recommendations, tips and offers to tailor Windows for the user's needs, and make it work better for them.\n\nNote: this setting does not control Cortana tailored experiences, since there are separate policies to configure it.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\CloudContent" ], "ValueName": "DisableTailoredExperiencesWithDiagnosticData", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "CloudContent.admx", "CategoryName": "CloudContent", "PolicyName": "DisableWindowsConsumerFeatures", "Class": "Machine", "NameSpace": "Microsoft.Policies.CloudContent", "Supported": "Windows_10_0_NOSERVER - At least Windows 10", "DisplayName": "Turn off Microsoft consumer experiences", "ExplainText": "This policy setting turns off experiences that help consumers make the most of their devices and Microsoft account.\n\nIf you enable this policy setting, users will no longer see personalized recommendations from Microsoft and notifications about their Microsoft account.\n\nIf you disable or do not configure this policy setting, users may see suggestions from Microsoft and notifications about their Microsoft account.\n\nNote: This setting only applies to Enterprise and Education SKUs.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CloudContent" ], "ValueName": "DisableWindowsConsumerFeatures", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "CloudContent.admx", "CategoryName": "CloudContent", "PolicyName": "DisableSoftLanding", "Class": "Machine", "NameSpace": "Microsoft.Policies.CloudContent", "Supported": "Windows_10_0_NOSERVER - At least Windows 10", "DisplayName": "Do not show Windows tips", "ExplainText": "This policy setting prevents Windows tips from being shown to users.\n\nIf you enable this policy setting, users will no longer see Windows tips.\n\nIf you disable or do not configure this policy setting, users may see contextual popups explaining how to use Windows. Microsoft uses diagnostic data to determine which tips to show.\n\nNote: If you disable or do not configure this policy setting, but enable the \"Computer Configuration\\Administrative Templates\\Windows Components\\Data Collection and Preview Builds\\Allow Telemetry\" policy setting with a level of \"Basic\" or below, users may see a limited set of tips.\nAlso, this setting only applies to Enterprise and Education SKUs.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CloudContent" ], "ValueName": "DisableSoftLanding", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "CloudContent.admx", "CategoryName": "CloudContent", "PolicyName": "DisableSpotlightCollectionOnDesktop", "Class": "User", "NameSpace": "Microsoft.Policies.CloudContent", "Supported": "Windows_10_0_NOSERVER - At least Windows 10", "DisplayName": "Turn off Spotlight collection on Desktop", "ExplainText": "This policy setting removes the Spotlight collection setting in Personalization, rendering the user unable to select and subsequentyly download daily images from Microsoft to desktop.\n\nIf you enable this policy, \"Spotlight collection\" will not be available as an option in Personalization settings.\n\nIf you disable or do not configure this policy, \"Spotlight collection\" will appear as an option in Personalization settings, allowing the user to select \"Spotlight collection\" as the Desktop provider and display daily images from Microsoft on the desktop.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\CloudContent" ], "ValueName": "DisableSpotlightCollectionOnDesktop", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "CloudContent.admx", "CategoryName": "CloudContent", "PolicyName": "DisableThirdPartySuggestions", "Class": "User", "NameSpace": "Microsoft.Policies.CloudContent", "Supported": "Windows_10_0_NOSERVER - At least Windows 10", "DisplayName": "Do not suggest third-party content in Windows spotlight", "ExplainText": "If you enable this policy, Windows spotlight features like lock screen spotlight, suggested apps in Start menu or Windows tips will no longer suggest apps and content from third-party software publishers. Users may still see suggestions and tips to make them more productive with Microsoft features and apps.\n\nIf you disable or do not configure this policy, Windows spotlight features may suggest apps and content from third-party software publishers in addition to Microsoft apps and content.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\CloudContent" ], "ValueName": "DisableThirdPartySuggestions", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "CloudContent.admx", "CategoryName": "CloudContent", "PolicyName": "DisableWindowsSpotlightOnActionCenter", "Class": "User", "NameSpace": "Microsoft.Policies.CloudContent", "Supported": "Windows_10_0_RS2 - At least Windows Server 2016, Windows 10 Version 1703", "DisplayName": "Turn off Windows Spotlight on Action Center", "ExplainText": "If you enable this policy, Windows Spotlight notifications will no longer be shown on Action Center.\n\nIf you disable or do not configure this policy, Microsoft may display notifications in Action Center that will suggest apps or features to help users be more productive on Windows.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\CloudContent" ], "ValueName": "DisableWindowsSpotlightOnActionCenter", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "CloudContent.admx", "CategoryName": "CloudContent", "PolicyName": "DisableWindowsSpotlightOnSettings", "Class": "User", "NameSpace": "Microsoft.Policies.CloudContent", "Supported": "Windows_10_0_RS4 - At least Windows Server 2016, Windows 10 Version 1803", "DisplayName": "Turn off Windows Spotlight on Settings", "ExplainText": "If you enable this policy, Windows Spotlight suggestions will no longer be shown in Settings app.\n\nIf you disable or do not configure this policy, Microsoft may suggest apps or features in Settings app to help users be productive on Windows or their linked phone.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\CloudContent" ], "ValueName": "DisableWindowsSpotlightOnSettings", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "CloudContent.admx", "CategoryName": "CloudContent", "PolicyName": "DisableWindowsSpotlightWindowsWelcomeExperience", "Class": "User", "NameSpace": "Microsoft.Policies.CloudContent", "Supported": "Windows_10_0_RS2 - At least Windows Server 2016, Windows 10 Version 1703", "DisplayName": "Turn off the Windows Welcome Experience", "ExplainText": "This policy setting lets you turn off the Windows Spotlight Windows Welcome experience. This feature helps onboard users to Windows, for instance launching Microsoft Edge with a web page highlighting new features.\n\nIf you enable this policy, the Windows Welcome Experience will no longer display when there are updates and changes to Windows and its apps.\n\nIf you disable or do not configure this policy, the Windows Welcome Experience will be launched to help onboard users to Windows telling them about what's new, changed, and suggested.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\CloudContent" ], "ValueName": "DisableWindowsSpotlightWindowsWelcomeExperience", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "CloudContent.admx", "CategoryName": "CloudContent", "PolicyName": "DisableCloudOptimizedContent", "Class": "Machine", "NameSpace": "Microsoft.Policies.CloudContent", "Supported": "Windows_10_0_RS7 - At least Windows Server 2016, Windows 10 Version 1909", "DisplayName": "Turn off cloud optimized content", "ExplainText": "This policy setting lets you turn off cloud optimized content in all Windows experiences.\n\nIf you enable this policy, Windows experiences that use the cloud optimized content client component, will instead present the default fallback content.\n\nIf you disable or do not configure this policy, Windows experiences will be able to use cloud optimized content.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CloudContent" ], "ValueName": "DisableCloudOptimizedContent", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "CloudContent.admx", "CategoryName": "CloudContent", "PolicyName": "DisableConsumerAccountStateContent", "Class": "Machine", "NameSpace": "Microsoft.Policies.CloudContent", "Supported": "Windows_10_0_RS7 - At least Windows Server 2016, Windows 10 Version 1909", "DisplayName": "Turn off cloud consumer account state content", "ExplainText": "This policy setting lets you turn off cloud consumer account state content in all Windows experiences.\n\nIf you enable this policy, Windows experiences that use the cloud consumer account state content client component, will instead present the default fallback content.\n\nIf you disable or do not configure this policy, Windows experiences will be able to use cloud consumer account state content.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CloudContent" ], "ValueName": "DisableConsumerAccountStateContent", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "CloudContent.admx", "CategoryName": "CloudContent", "PolicyName": "EnableOrganizationalMessages", "Class": "User", "NameSpace": "Microsoft.Policies.CloudContent", "Supported": "Windows_11_0_NOSERVER - At least Windows 11", "DisplayName": "Enable Organizational Messages", "ExplainText": "Organizational messages allow Administrators to deliver messages to their end users on selected Windows 11 experiences. Organizational messages are available to Administrators via services like Microsoft Endpoint Manager.\n\nBy default, this policy is disabled. If you enable this policy, these experiences will show content booked by Administrators.\n\nEnabling this policy will have no impact on existing MDM policy settings governing delivery of content from Microsoft on Windows experiences.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\CloudContent" ], "ValueName": "EnableOrganizationalMessages", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "COM.admx", "CategoryName": "System", "PolicyName": "AppMgmt_COM_SearchForCLSID_1", "Class": "User", "NameSpace": "Microsoft.Policies.COM", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Download missing COM components", "ExplainText": "This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires.\n\nMany Windows programs, such as the MMC snap-ins, use the interfaces provided by the COM components. These programs cannot perform all their functions unless Windows has internally registered the required components.\n\nIf you enable this policy setting and a component registration is missing, the system searches for it in Active Directory and, if it is found, downloads it. The resulting searches might make some programs start or run slowly.\n\nIf you disable or do not configure this policy setting, the program continues without the registration. As a result, the program might not perform all its functions, or it might stop.\n\nThis setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\App Management" ], "ValueName": "COMClassStore", "Elements": [] }, { "File": "COM.admx", "CategoryName": "System", "PolicyName": "AppMgmt_COM_SearchForCLSID_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.COM", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Download missing COM components", "ExplainText": "This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires.\n\nMany Windows programs, such as the MMC snap-ins, use the interfaces provided by the COM components. These programs cannot perform all their functions unless Windows has internally registered the required components.\n\nIf you enable this policy setting and a component registration is missing, the system searches for it in Active Directory and, if it is found, downloads it. The resulting searches might make some programs start or run slowly.\n\nIf you disable or do not configure this policy setting, the program continues without the registration. As a result, the program might not perform all its functions, or it might stop.\n\nThis setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\App Management" ], "ValueName": "COMClassStore", "Elements": [] }, { "File": "Conf.admx", "CategoryName": "AppSharing", "PolicyName": "DisableAppSharing", "Class": "User", "NameSpace": "Microsoft.Policies.NetMeeting", "Supported": "NetMeeting3 - at least Windows NetMeeting v3.0", "DisplayName": "Disable application Sharing", "ExplainText": "Disables the application sharing feature of NetMeeting completely. Users will not be able to host or view shared applications.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Conferencing" ], "ValueName": "NoAppSharing", "Elements": [] }, { "File": "Conf.admx", "CategoryName": "AppSharing", "PolicyName": "PreventGrantingControl", "Class": "User", "NameSpace": "Microsoft.Policies.NetMeeting", "Supported": "NetMeeting3 - at least Windows NetMeeting v3.0", "DisplayName": "Prevent Control", "ExplainText": "Prevents users from allowing others in a conference to control what they have shared. This enforces a read-only mode; the other participants cannot change the data in the shared application.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Conferencing" ], "ValueName": "NoAllowControl", "Elements": [] }, { "File": "Conf.admx", "CategoryName": "AppSharing", "PolicyName": "PreventSharing", "Class": "User", "NameSpace": "Microsoft.Policies.NetMeeting", "Supported": "NetMeeting3 - at least Windows NetMeeting v3.0", "DisplayName": "Prevent Sharing", "ExplainText": "Prevents users from sharing anything themselves. They will still be able to view shared applications/desktops from others.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Conferencing" ], "ValueName": "NoSharing", "Elements": [] }, { "File": "Conf.admx", "CategoryName": "AppSharing", "PolicyName": "PreventSharingCMDPrompt", "Class": "User", "NameSpace": "Microsoft.Policies.NetMeeting", "Supported": "NetMeeting3 - at least Windows NetMeeting v3.0", "DisplayName": "Prevent Sharing Command Prompts", "ExplainText": "Prevents users from sharing command prompts. This prevents users from inadvertently sharing out applications, since command prompts can be used to launch other applications.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Conferencing" ], "ValueName": "NoSharingDosWindows", "Elements": [] }, { "File": "Conf.admx", "CategoryName": "AppSharing", "PolicyName": "PreventSharingDesktop", "Class": "User", "NameSpace": "Microsoft.Policies.NetMeeting", "Supported": "NetMeeting3 - at least Windows NetMeeting v3.0", "DisplayName": "Prevent Desktop Sharing", "ExplainText": "Prevents users from sharing the whole desktop. They will still be able to share individual applications.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Conferencing" ], "ValueName": "NoSharingDesktop", "Elements": [] }, { "File": "Conf.admx", "CategoryName": "AppSharing", "PolicyName": "PreventSharingExplorer", "Class": "User", "NameSpace": "Microsoft.Policies.NetMeeting", "Supported": "NetMeeting3 - at least Windows NetMeeting v3.0", "DisplayName": "Prevent Sharing Explorer windows", "ExplainText": "Prevents users from sharing Explorer windows. This prevents users from inadvertently sharing out applications, since Explorer windows can be used to launch other applications.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Conferencing" ], "ValueName": "NoSharingExplorer", "Elements": [] }, { "File": "Conf.admx", "CategoryName": "AppSharing", "PolicyName": "PreventSharingTrueColor", "Class": "User", "NameSpace": "Microsoft.Policies.NetMeeting", "Supported": "NetMeeting3 - at least Windows NetMeeting v3.0", "DisplayName": "Prevent Application Sharing in true color", "ExplainText": "Prevents users from sharing applications in true color. True color sharing uses more bandwidth in a conference.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Conferencing" ], "ValueName": "NoTrueColorSharing", "Elements": [] }, { "File": "Conf.admx", "CategoryName": "AudioVideo", "PolicyName": "PreventAudio", "Class": "User", "NameSpace": "Microsoft.Policies.NetMeeting", "Supported": "NetMeeting3 - at least Windows NetMeeting v3.0", "DisplayName": "Disable Audio", "ExplainText": "Disables the audio feature of NetMeeting. Users will not be able to send or receive audio.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Conferencing" ], "ValueName": "NoAudio", "Elements": [] }, { "File": "Conf.admx", "CategoryName": "AudioVideo", "PolicyName": "PreventChangeDirectSound", "Class": "User", "NameSpace": "Microsoft.Policies.NetMeeting", "Supported": "NetMeeting3 - at least Windows NetMeeting v3.0", "DisplayName": "Prevent changing DirectSound Audio setting", "ExplainText": "Prevents user from changing the DirectSound audio setting. DirectSound provides much better audio quality, but older audio hardware may not support it.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Conferencing" ], "ValueName": "NoChangeDirectSound", "Elements": [] }, { "File": "Conf.admx", "CategoryName": "AudioVideo", "PolicyName": "PreventFullDuplex", "Class": "User", "NameSpace": "Microsoft.Policies.NetMeeting", "Supported": "NetMeeting3 - at least Windows NetMeeting v3.0", "DisplayName": "Disable full duplex Audio", "ExplainText": "Disables full duplex mode audio. Users will not be able to listen to incoming audio while speaking into the microphone. Older audio hardware does not perform well when in full duplex mode.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Conferencing" ], "ValueName": "NoFullDuplex", "Elements": [] }, { "File": "Conf.admx", "CategoryName": "AudioVideo", "PolicyName": "PreventReceivingVideo", "Class": "User", "NameSpace": "Microsoft.Policies.NetMeeting", "Supported": "NetMeeting3 - at least Windows NetMeeting v3.0", "DisplayName": "Prevent receiving Video", "ExplainText": "Prevents users from receiving video. Users will still be able to send video provided they have the hardware.\"", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Conferencing" ], "ValueName": "NoReceivingVideo", "Elements": [] }, { "File": "Conf.admx", "CategoryName": "AudioVideo", "PolicyName": "PreventSendingVideo", "Class": "User", "NameSpace": "Microsoft.Policies.NetMeeting", "Supported": "NetMeeting3 - at least Windows NetMeeting v3.0", "DisplayName": "Prevent sending Video", "ExplainText": "Prevents users from sending video if they have the hardware. Users will still be able to receive video from others.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Conferencing" ], "ValueName": "NoSendingVideo", "Elements": [] }, { "File": "Conf.admx", "CategoryName": "AudioVideo", "PolicyName": "SetAVThroughput", "Class": "User", "NameSpace": "Microsoft.Policies.NetMeeting", "Supported": "NetMeeting3 - at least Windows NetMeeting v3.0", "DisplayName": "Limit the bandwidth of Audio and Video", "ExplainText": "Limits the bandwidth audio and video will consume when in a conference. This setting will guide NetMeeting to choose the right formats and send rate so that the bandwidth is limited.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Conferencing" ], "Elements": [ { "Type": "Decimal", "ValueName": "MaximumBandwidth", "MinValue": "85000", "MaxValue": "621700" } ] }, { "File": "Conf.admx", "CategoryName": "NetMeeting", "PolicyName": "AllowPersistAutoAcceptCalls", "Class": "User", "NameSpace": "Microsoft.Policies.NetMeeting", "Supported": "NetMeeting3 - at least Windows NetMeeting v3.0", "DisplayName": "Allow persisting automatic acceptance of Calls", "ExplainText": "Make the automatic acceptance of incoming calls persistent.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Conferencing" ], "ValueName": "PersistAutoAcceptCalls", "Elements": [] }, { "File": "Conf.admx", "CategoryName": "NetMeeting", "PolicyName": "DisableChat", "Class": "User", "NameSpace": "Microsoft.Policies.NetMeeting", "Supported": "NetMeeting3 - at least Windows NetMeeting v3.0", "DisplayName": "Disable Chat", "ExplainText": "Disables the Chat feature of NetMeeting.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Conferencing" ], "ValueName": "NoChat", "Elements": [] }, { "File": "Conf.admx", "CategoryName": "NetMeeting", "PolicyName": "DisableNewWhiteboard", "Class": "User", "NameSpace": "Microsoft.Policies.NetMeeting", "Supported": "NetMeeting3 - at least Windows NetMeeting v3.0", "DisplayName": "Disable Whiteboard", "ExplainText": "Disables the T.126 whiteboard feature of NetMeeting.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Conferencing" ], "ValueName": "NoNewWhiteBoard", "Elements": [] }, { "File": "Conf.admx", "CategoryName": "NetMeeting", "PolicyName": "DisableOldWhiteboard", "Class": "User", "NameSpace": "Microsoft.Policies.NetMeeting", "Supported": "NetMeeting3 - at least Windows NetMeeting v3.0", "DisplayName": "Disable NetMeeting 2.x Whiteboard", "ExplainText": "Disables the 2.x whiteboard feature of NetMeeting.\n\nThe 2.x whiteboard is available for compatibility with older versions of NetMeeting only.\n\nDeployers who do not need it can save bandwidth by disabling it.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Conferencing" ], "ValueName": "NoOldWhiteBoard", "Elements": [] }, { "File": "Conf.admx", "CategoryName": "NetMeeting", "PolicyName": "DisableRDS", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetMeeting", "Supported": "NetMeeting3 - at least Windows NetMeeting v3.0", "DisplayName": "Disable remote Desktop Sharing", "ExplainText": "Disables the remote desktop sharing feature of NetMeeting. Users will not be able to set it up or use it for controlling their computers remotely.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Conferencing" ], "ValueName": "NoRDS", "Elements": [] }, { "File": "Conf.admx", "CategoryName": "NetMeeting", "PolicyName": "EnableAutoConfiguration", "Class": "User", "NameSpace": "Microsoft.Policies.NetMeeting", "Supported": "NetMeeting3 - at least Windows NetMeeting v3.0", "DisplayName": "Enable Automatic Configuration", "ExplainText": "Configures NetMeeting to download settings for users each time it starts.\n\nThe settings are downloaded from the URL listed in the \"Configuration URL:\" text box.\n\nGroup Policy based settings have precedence over any conflicting settings set by downloading them from this URL.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Conferencing\\Use AutoConfig" ], "Elements": [ { "Type": "Text", "ValueName": "ConfigFile" } ] }, { "File": "Conf.admx", "CategoryName": "NetMeeting", "PolicyName": "PreventAddingNewILS", "Class": "User", "NameSpace": "Microsoft.Policies.NetMeeting", "Supported": "NetMeeting3 - at least Windows NetMeeting v3.0", "DisplayName": "Prevent adding Directory servers", "ExplainText": "Prevents users from adding directory (ILS) servers to the list of those they can use for placing calls.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Conferencing" ], "ValueName": "NoAddingDirectoryServers", "Elements": [] }, { "File": "Conf.admx", "CategoryName": "NetMeeting", "PolicyName": "PreventAutoAccept", "Class": "User", "NameSpace": "Microsoft.Policies.NetMeeting", "Supported": "NetMeeting3 - at least Windows NetMeeting v3.0", "DisplayName": "Prevent automatic acceptance of Calls", "ExplainText": "Prevents users from turning on automatic acceptance of incoming calls.\n\nThis ensures that others cannot call and connect to NetMeeting when the user is not present.\n\nThis policy is recommended when deploying NetMeeting to run always.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Conferencing" ], "ValueName": "NoAutoAcceptCalls", "Elements": [] }, { "File": "Conf.admx", "CategoryName": "NetMeeting", "PolicyName": "PreventChangingCallMode", "Class": "User", "NameSpace": "Microsoft.Policies.NetMeeting", "Supported": "NetMeeting3 - at least Windows NetMeeting v3.0", "DisplayName": "Prevent changing Call placement method", "ExplainText": "Prevents users from changing the way calls are placed, either directly or via a gatekeeper server.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Conferencing" ], "ValueName": "NoChangingCallMode", "Elements": [] }, { "File": "Conf.admx", "CategoryName": "NetMeeting", "PolicyName": "PreventDirectoryServices", "Class": "User", "NameSpace": "Microsoft.Policies.NetMeeting", "Supported": "NetMeeting3 - at least Windows NetMeeting v3.0", "DisplayName": "Disable Directory services", "ExplainText": "Disables the directory feature of NetMeeting.\n\nUsers will not logon to a directory (ILS) server when NetMeeting starts. Users will also not be able to view or place calls via a NetMeeting directory.\n\nThis policy is for deployers who have their own location or calling schemes such as a Web site or an address book.\"", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Conferencing" ], "ValueName": "NoDirectoryServices", "Elements": [] }, { "File": "Conf.admx", "CategoryName": "NetMeeting", "PolicyName": "PreventReceivingFiles", "Class": "User", "NameSpace": "Microsoft.Policies.NetMeeting", "Supported": "NetMeeting3 - at least Windows NetMeeting v3.0", "DisplayName": "Prevent receiving files", "ExplainText": "Prevents users from receiving files from others in a conference.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Conferencing" ], "ValueName": "NoReceivingFiles", "Elements": [] }, { "File": "Conf.admx", "CategoryName": "NetMeeting", "PolicyName": "PreventSendingFiles", "Class": "User", "NameSpace": "Microsoft.Policies.NetMeeting", "Supported": "NetMeeting3 - at least Windows NetMeeting v3.0", "DisplayName": "Prevent sending files", "ExplainText": "Prevents users from sending files to others in a conference.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Conferencing" ], "ValueName": "NoSendingFiles", "Elements": [] }, { "File": "Conf.admx", "CategoryName": "NetMeeting", "PolicyName": "PreventWebDirectory", "Class": "User", "NameSpace": "Microsoft.Policies.NetMeeting", "Supported": "NetMeeting3 - at least Windows NetMeeting v3.0", "DisplayName": "Prevent viewing Web directory", "ExplainText": "Prevents users from viewing directories as Web pages in a browser.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Conferencing" ], "ValueName": "NoWebDirectory", "Elements": [] }, { "File": "Conf.admx", "CategoryName": "NetMeeting", "PolicyName": "RestrictFTSendSize", "Class": "User", "NameSpace": "Microsoft.Policies.NetMeeting", "Supported": "NetMeeting3 - at least Windows NetMeeting v3.0", "DisplayName": "Limit the size of sent files", "ExplainText": "Limits the size of files users can send to others in a conference.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Conferencing" ], "Elements": [ { "Type": "Decimal", "ValueName": "MaxFileSendSize", "MinValue": "0", "MaxValue": "999999999" } ] }, { "File": "Conf.admx", "CategoryName": "NetMeeting", "PolicyName": "SetIntranetSupport", "Class": "User", "NameSpace": "Microsoft.Policies.NetMeeting", "Supported": "NetMeeting3 - at least Windows NetMeeting v3.0", "DisplayName": "Set the intranet support Web page", "ExplainText": "Sets the URL NetMeeting will display when the user chooses the Help Online Support command.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Conferencing" ], "Elements": [ { "Type": "Text", "ValueName": "IntranetSupportURL" } ] }, { "File": "Conf.admx", "CategoryName": "NetMeeting", "PolicyName": "SetSecurityOptions", "Class": "User", "NameSpace": "Microsoft.Policies.NetMeeting", "Supported": "NetMeeting3 - at least Windows NetMeeting v3.0", "DisplayName": "Set Call Security options", "ExplainText": "Sets the level of security for both outgoing and incoming NetMeeting calls.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Conferencing" ], "Elements": [ { "Type": "Enum", "ValueName": "CallSecurity", "Items": [ { "DisplayName": "Required", "Data": "1" }, { "DisplayName": "Disabled", "Data": "2" } ] } ] }, { "File": "Conf.admx", "CategoryName": "OptionDialog", "PolicyName": "DisableAdvCallingButton", "Class": "User", "NameSpace": "Microsoft.Policies.NetMeeting", "Supported": "NetMeeting3 - at least Windows NetMeeting v3.0", "DisplayName": "Disable the Advanced Calling button", "ExplainText": "Disables the Advanced Calling button on the General Options page. Users will not then be able to change the call placement method and the servers used.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Conferencing" ], "ValueName": "NoAdvancedCalling", "Elements": [] }, { "File": "Conf.admx", "CategoryName": "OptionDialog", "PolicyName": "DisableAudioPage", "Class": "User", "NameSpace": "Microsoft.Policies.NetMeeting", "Supported": "NetMeeting3 - at least Windows NetMeeting v3.0", "DisplayName": "Hide the Audio page", "ExplainText": "Hides the Audio page of the Tools Options dialog. Users will not then be able to change audio settings.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Conferencing" ], "ValueName": "NoAudioPage", "Elements": [] }, { "File": "Conf.admx", "CategoryName": "OptionDialog", "PolicyName": "DisableGeneralPage", "Class": "User", "NameSpace": "Microsoft.Policies.NetMeeting", "Supported": "NetMeeting3 - at least Windows NetMeeting v3.0", "DisplayName": "Hide the General page", "ExplainText": "Hides the General page of the Tools Options dialog. Users will not then be able to change personal identification and bandwidth settings.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Conferencing" ], "ValueName": "NoGeneralPage", "Elements": [] }, { "File": "Conf.admx", "CategoryName": "OptionDialog", "PolicyName": "DisableSecurityPage", "Class": "User", "NameSpace": "Microsoft.Policies.NetMeeting", "Supported": "NetMeeting3 - at least Windows NetMeeting v3.0", "DisplayName": "Hide the Security page", "ExplainText": "Hides the Security page of the Tools Options dialog. Users will not then be able to change call security and authentication settings.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Conferencing" ], "ValueName": "NoSecurityPage", "Elements": [] }, { "File": "Conf.admx", "CategoryName": "OptionDialog", "PolicyName": "DisableVideoPage", "Class": "User", "NameSpace": "Microsoft.Policies.NetMeeting", "Supported": "NetMeeting3 - at least Windows NetMeeting v3.0", "DisplayName": "Hide the Video page", "ExplainText": "Hides the Video page of the Tools Options dialog. Users will not then be able to change video settings.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Conferencing" ], "ValueName": "NoVideoPage", "Elements": [] }, { "File": "ControlPanel.admx", "CategoryName": "ControlPanel", "PolicyName": "DisallowCpls", "Class": "User", "NameSpace": "Microsoft.Policies.ControlPanel", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Hide specified Control Panel items", "ExplainText": "This setting allows you to display or hide specified Control Panel items, such as Mouse, System, or Personalization, from the Control Panel window and the Start screen. The setting affects the Start screen and Control Panel window, as well as other ways to access Control Panel items, such as shortcuts in Help and Support or command lines that use control.exe. This policy has no effect on items displayed in PC settings.\n\nIf you enable this setting, you can select specific items not to display on the Control Panel window and the Start screen.\n\nTo hide a Control Panel item, enable this policy setting and click Show to access the list of disallowed Control Panel items. In the Show Contents dialog box in the Value column, enter the Control Panel item's canonical name. For example, enter Microsoft.Mouse, Microsoft.System, or Microsoft.Personalization.\n\nNote: For Windows Vista, Windows Server 2008, and earlier versions of Windows, the module name should be entered, for example timedate.cpl or inetcpl.cpl. If a Control Panel item does not have a CPL file, or the CPL file contains multiple applets, then its module name and string resource identification number should be entered, for example @systemcpl.dll,-1 for System, or @themecpl.dll,-1 for Personalization. A complete list of canonical and module names can be found in MSDN by searching \"Control Panel items\".\n\nIf both the \"Hide specified Control Panel items\" setting and the \"Show only specified Control Panel items\" setting are enabled, the \"Show only specified Control Panel items\" setting is ignored.\n\nNote: The Display Control Panel item cannot be hidden in the Desktop context menu by using this setting. To hide the Display Control Panel item and prevent users from modifying the computer's display settings use the \"Disable Display Control Panel\" setting instead.\n\nNote: To hide pages in the System Settings app, use the \"Settings Page Visibility\" setting under Computer Configuration.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "DisallowCpl", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisallowCpl" ] } ] }, { "File": "ControlPanel.admx", "CategoryName": "ControlPanel", "PolicyName": "ForceClassicControlPanel", "Class": "User", "NameSpace": "Microsoft.Policies.ControlPanel", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Always open All Control Panel Items when opening Control Panel", "ExplainText": "This policy setting controls the default Control Panel view, whether by category or icons.\n\nIf this policy setting is enabled, the Control Panel opens to the icon view.\n\nIf this policy setting is disabled, the Control Panel opens to the category view.\n\nIf this policy setting is not configured, the Control Panel opens to the view used in the last Control Panel session.\nNote: Icon size is dependent upon what the user has set it to in the previous session.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "ForceClassicControlPanel", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ControlPanel.admx", "CategoryName": "ControlPanel", "PolicyName": "NoControlPanel", "Class": "User", "NameSpace": "Microsoft.Policies.ControlPanel", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Prohibit access to Control Panel and PC settings", "ExplainText": "Disables all Control Panel programs and the PC settings app.\n\nThis setting prevents Control.exe and SystemSettings.exe, the program files for Control Panel and PC settings, from starting. As a result, users cannot start Control Panel or PC settings, or run any of their items.\n\nThis setting removes Control Panel from:\nThe Start screen\nFile Explorer\n\nThis setting removes PC settings from:\nThe Start screen\nSettings charm\nAccount picture\nSearch results\n\nIf users try to select a Control Panel item from the Properties item on a context menu, a message appears explaining that a setting prevents the action.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoControlPanel", "Elements": [] }, { "File": "ControlPanel.admx", "CategoryName": "ControlPanel", "PolicyName": "RestrictCpls", "Class": "User", "NameSpace": "Microsoft.Policies.ControlPanel", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Show only specified Control Panel items", "ExplainText": "This policy setting controls which Control Panel items such as Mouse, System, or Personalization, are displayed on the Control Panel window and the Start screen. The only items displayed in Control Panel are those you specify in this setting. This setting affects the Start screen and Control Panel, as well as other ways to access Control Panel items such as shortcuts in Help and Support or command lines that use control.exe. This policy has no effect on items displayed in PC settings.\n\nTo display a Control Panel item, enable this policy setting and click Show to access the list of allowed Control Panel items. In the Show Contents dialog box in the Value column, enter the Control Panel item's canonical name. For example, enter Microsoft.Mouse, Microsoft.System, or Microsoft.Personalization.\n\nNote: For Windows Vista, Windows Server 2008, and earlier versions of Windows, the module name, for example timedate.cpl or inetcpl.cpl, should be entered. If a Control Panel item does not have a CPL file, or the CPL file contains multiple applets, then its module name and string resource identification number should be entered. For example, enter @systemcpl.dll,-1 for System or @themecpl.dll,-1 for Personalization. A complete list of canonical and module names of Control Panel items can be found in MSDN by searching \"Control Panel items\".\n\nIf both the \"Hide specified Control Panel items\" setting and the \"Show only specified Control Panel items\" setting are enabled, the \"Show only specified Control Panel items\" setting is ignored.\n\nNote: The Display Control Panel item cannot be hidden in the Desktop context menu by using this setting. To hide the Display Control Panel item and prevent users from modifying the computer's display settings use the \"Disable Display Control Panel\" setting instead.\n\nNote: To hide pages in the System Settings app, use the \"Settings Page Visibility\" setting under Computer Configuration.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "RestrictCpl", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\RestrictCpl" ] } ] }, { "File": "ControlPanel.admx", "CategoryName": "ControlPanel", "PolicyName": "SettingsPageVisibility", "Class": "Both", "NameSpace": "Microsoft.Policies.ControlPanel", "Supported": "Windows_10_0_RS2 - At least Windows Server 2016, Windows 10 Version 1703", "DisplayName": "Settings Page Visibility", "ExplainText": "Specifies the list of pages to show or hide from the System Settings app.\n\nThis policy allows an administrator to block a given set of pages from the System Settings app. Blocked pages will not be visible in the app, and if all pages in a category are blocked the category will be hidden as well. Direct navigation to a blocked page via URI, context menu in Explorer or other means will result in the front page of Settings being shown instead.\n\nThis policy has two modes: it can either specify a list of settings pages to show or a list of pages to hide. To specify a list of pages to show, the policy string must begin with \"showonly:\" (without quotes), and to specify a list of pages to hide, it must begin with \"hide:\". If a page in a showonly list would normally be hidden for other reasons (such as a missing hardware device), this policy will not force that page to appear. After this, the policy string must contain a semicolon-delimited list of settings page identifiers. The identifier for any given settings page is the published URI for that page, minus the \"ms-settings:\" protocol part.\n\nExample: to specify that only the About and Bluetooth pages should be shown (their respective URIs are ms-settings:about and ms-settings:bluetooth) and all other pages hidden:\n\nshowonly:about;bluetooth\n\nExample: to specify that only the Bluetooth page (which has URI ms-settings:bluetooth) should be hidden:\n\nhide:bluetooth\n\nThe availability of per-user support is documented here: https://go.microsoft.com/fwlink/?linkid=2102995", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "Elements": [ { "Type": "Text", "ValueName": "SettingsPageVisibility", "Required": true } ] }, { "File": "ControlPanel.admx", "CategoryName": "ControlPanel", "PolicyName": "AllowOnlineTips", "Class": "Machine", "NameSpace": "Microsoft.Policies.ControlPanel", "Supported": "Windows_10_0_RS3 - At least Windows Server 2016, Windows 10 Version 1709", "DisplayName": "Allow Online Tips", "ExplainText": "Enables or disables the retrieval of online tips and help for the Settings app.\n\nIf disabled, Settings will not contact Microsoft content services to retrieve tips and help content.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "Elements": [ { "Type": "Boolean", "ValueName": "AllowOnlineTips", "TrueValue": "1", "FalseValue": "0" } ] }, { "File": "ControlPanel.admx", "CategoryName": "System", "PolicyName": "HideUnsupportedHardwareNotifications", "Class": "Machine", "NameSpace": "Microsoft.Policies.ControlPanel", "Supported": "Windows_11_0_NOSERVER - At least Windows 11", "DisplayName": "Hide messages when Windows system requirements are not met", "ExplainText": "This policy controls messages which are shown when Windows is running on a device that does not meet the minimum system requirements for this OS version.\n\nIf you enable this policy setting, these messages will never appear on desktop or in the Settings app.\n\nIf you disable or do not configure this policy setting, these messages will appear on desktop and in the Settings app when Windows is running on a device that does not meet the minimum system requirements for this OS version.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "ValueName": "HideUnsupportedHardwareNotifications", "Elements": [] }, { "File": "ControlPanelDisplay.admx", "CategoryName": "Display", "PolicyName": "CPL_Display_Disable", "Class": "User", "NameSpace": "Microsoft.Policies.ControlPanelDisplay", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Disable the Display Control Panel", "ExplainText": "Disables the Display Control Panel.\n\nIf you enable this setting, the Display Control Panel does not run. When users try to start Display, a message appears explaining that a setting prevents the action.\n\nAlso, see the \"Prohibit access to the Control Panel\" (User Configuration\\Administrative Templates\\Control Panel) and \"Remove programs on Settings menu\" (User Configuration\\Administrative Templates\\Start Menu & Taskbar) settings.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "ValueName": "NoDispCPL", "Elements": [] }, { "File": "ControlPanelDisplay.admx", "CategoryName": "Display", "PolicyName": "CPL_Display_HideSettings", "Class": "User", "NameSpace": "Microsoft.Policies.ControlPanelDisplay", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Hide Settings tab", "ExplainText": "Removes the Settings tab from Display in Control Panel.\n\nThis setting prevents users from using Control Panel to add, configure, or change the display settings on the computer.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "ValueName": "NoDispSettingsPage", "Elements": [] }, { "File": "ControlPanelDisplay.admx", "CategoryName": "Personalization", "PolicyName": "CPL_Personalization_NoColorAppearanceUI", "Class": "User", "NameSpace": "Microsoft.Policies.ControlPanelDisplay", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Prevent changing color and appearance", "ExplainText": "Disables the Color (or Window Color) page in the Personalization Control Panel, or the Color Scheme dialog in the Display Control Panel on systems where the Personalization feature is not available.\n\nThis setting prevents users from using Control Panel to change the window border and taskbar color (on Windows 8), glass color (on Windows Vista and Windows 7), system colors, or color scheme of the desktop and windows.\n\nIf this setting is disabled or not configured, the Color (or Window Color) page or Color Scheme dialog is available in the Personalization or Display Control Panel.\n\nFor systems prior to Windows Vista, this setting hides the Appearance and Themes tabs in the in Display in Control Panel.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "ValueName": "NoDispAppearancePage", "Elements": [] }, { "File": "ControlPanelDisplay.admx", "CategoryName": "Personalization", "PolicyName": "CPL_Personalization_NoScreenSaverUI", "Class": "User", "NameSpace": "Microsoft.Policies.ControlPanelDisplay", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Prevent changing screen saver", "ExplainText": "Prevents the Screen Saver dialog from opening in the Personalization or Display Control Panel.\n\nThis setting prevents users from using Control Panel to add, configure, or change the screen saver on the computer. It does not prevent a screen saver from running.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "ValueName": "NoDispScrSavPage", "Elements": [] }, { "File": "ControlPanelDisplay.admx", "CategoryName": "Personalization", "PolicyName": "CPL_Personalization_EnableScreenSaver", "Class": "User", "NameSpace": "Microsoft.Policies.ControlPanelDisplay", "Supported": "Win2kSP1 - At least Windows 2000 Service Pack 1", "DisplayName": "Enable screen saver", "ExplainText": "Enables desktop screen savers.\n\nIf you disable this setting, screen savers do not run. Also, this setting disables the Screen Saver section of the Screen Saver dialog in the Personalization or Display Control Panel. As a result, users cannot change the screen saver options.\n\nIf you do not configure it, this setting has no effect on the system.\n\nIf you enable it, a screen saver runs, provided the following two conditions hold: First, a valid screen saver on the client is specified through the \"Screen Saver executable name\" setting or through Control Panel on the client computer. Second, the screen saver timeout is set to a nonzero value through the setting or Control Panel.\n\nAlso, see the \"Prevent changing Screen Saver\" setting.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Control Panel\\Desktop" ], "ValueName": "ScreenSaveActive", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ControlPanelDisplay.admx", "CategoryName": "Personalization", "PolicyName": "CPL_Personalization_SetScreenSaver", "Class": "User", "NameSpace": "Microsoft.Policies.ControlPanelDisplay", "Supported": "Win2kSP1 - At least Windows 2000 Service Pack 1", "DisplayName": "Force specific screen saver", "ExplainText": "Specifies the screen saver for the user's desktop.\n\nIf you enable this setting, the system displays the specified screen saver on the user's desktop. Also, this setting disables the drop-down list of screen savers in the Screen Saver dialog in the Personalization or Display Control Panel, which prevents users from changing the screen saver.\n\nIf you disable this setting or do not configure it, users can select any screen saver.\n\nIf you enable this setting, type the name of the file that contains the screen saver, including the .scr file name extension. If the screen saver file is not in the %Systemroot%\\System32 directory, type the fully qualified path to the file.\n\nIf the specified screen saver is not installed on a computer to which this setting applies, the setting is ignored.\n\nNote: This setting can be superseded by the \"Enable Screen Saver\" setting. If the \"Enable Screen Saver\" setting is disabled, this setting is ignored, and screen savers do not run.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Control Panel\\Desktop" ], "Elements": [ { "Type": "Text", "ValueName": "SCRNSAVE.EXE" } ] }, { "File": "ControlPanelDisplay.admx", "CategoryName": "Personalization", "PolicyName": "CPL_Personalization_ScreenSaverIsSecure", "Class": "User", "NameSpace": "Microsoft.Policies.ControlPanelDisplay", "Supported": "Win2kSP1 - At least Windows 2000 Service Pack 1", "DisplayName": "Password protect the screen saver", "ExplainText": "Determines whether screen savers used on the computer are password protected.\n\nIf you enable this setting, all screen savers are password protected. If you disable this setting, password protection cannot be set on any screen saver.\n\nThis setting also disables the \"Password protected\" checkbox on the Screen Saver dialog in the Personalization or Display Control Panel, preventing users from changing the password protection setting.\n\nIf you do not configure this setting, users can choose whether or not to set password protection on each screen saver.\n\nTo ensure that a computer will be password protected, enable the \"Enable Screen Saver\" setting and specify a timeout via the \"Screen Saver timeout\" setting.\n\nNote: To remove the Screen Saver dialog, use the \"Prevent changing Screen Saver\" setting.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Control Panel\\Desktop" ], "ValueName": "ScreenSaverIsSecure", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ControlPanelDisplay.admx", "CategoryName": "Personalization", "PolicyName": "CPL_Personalization_ScreenSaverTimeOut", "Class": "User", "NameSpace": "Microsoft.Policies.ControlPanelDisplay", "Supported": "Win2kSP1 - At least Windows 2000 Service Pack 1", "DisplayName": "Screen saver timeout", "ExplainText": "Specifies how much user idle time must elapse before the screen saver is launched.\n\nWhen configured, this idle time can be set from a minimum of 1 second to a maximum of 86,400 seconds, or 24 hours. If set to zero, the screen saver will not be started.\n\nThis setting has no effect under any of the following circumstances:\n\n- The setting is disabled or not configured.\n\n- The wait time is set to zero.\n\n- The \"Enable Screen Saver\" setting is disabled.\n\n- Neither the \"Screen saver executable name\" setting nor the Screen Saver dialog of the client computer's Personalization or Display Control Panel specifies a valid existing screen saver program on the client.\n\nWhen not configured, whatever wait time is set on the client through the Screen Saver dialog in the Personalization or Display Control Panel is used. The default is 15 minutes.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Control Panel\\Desktop" ], "Elements": [ { "Type": "Decimal", "ValueName": "ScreenSaveTimeOut", "MinValue": "0", "MaxValue": "599940", "StoreAsText": true } ] }, { "File": "ControlPanelDisplay.admx", "CategoryName": "Personalization", "PolicyName": "CPL_Personalization_NoDesktopBackgroundUI", "Class": "User", "NameSpace": "Microsoft.Policies.ControlPanelDisplay", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Prevent changing desktop background", "ExplainText": "Prevents users from adding or changing the background design of the desktop.\n\nBy default, users can use the Desktop Background page in the Personalization or Display Control Panel to add a background design (wallpaper) to their desktop.\n\nIf you enable this setting, none of the Desktop Background settings can be changed by the user.\n\nTo specify wallpaper for a group, use the \"Desktop Wallpaper\" setting.\n\nNote: You must also enable the \"Desktop Wallpaper\" setting to prevent users from changing the desktop wallpaper. Refer to KB article: Q327998 for more information.\n\nAlso, see the \"Allow only bitmapped wallpaper\" setting.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\ActiveDesktop" ], "ValueName": "NoChangingWallPaper", "Elements": [] }, { "File": "ControlPanelDisplay.admx", "CategoryName": "Personalization", "PolicyName": "CPL_Personalization_NoSoundSchemeUI", "Class": "User", "NameSpace": "Microsoft.Policies.ControlPanelDisplay", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Prevent changing sounds", "ExplainText": "Prevents users from changing the sound scheme.\n\nBy default, users can use the Sounds tab in the Sound Control Panel to add, remove, or change the system Sound Scheme.\n\nIf you enable this setting, none of the Sound Scheme settings can be changed by the user.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Personalization" ], "ValueName": "NoChangingSoundScheme", "Elements": [] }, { "File": "ControlPanelDisplay.admx", "CategoryName": "Personalization", "PolicyName": "CPL_Personalization_NoMousePointersUI", "Class": "User", "NameSpace": "Microsoft.Policies.ControlPanelDisplay", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Prevent changing mouse pointers", "ExplainText": "Prevents users from changing the mouse pointers.\n\nBy default, users can use the Pointers tab in the Mouse Control Panel to add, remove, or change the mouse pointers.\n\nIf you enable this setting, none of the mouse pointer scheme settings can be changed by the user.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Personalization" ], "ValueName": "NoChangingMousePointers", "Elements": [] }, { "File": "ControlPanelDisplay.admx", "CategoryName": "Personalization", "PolicyName": "CPL_Personalization_NoDesktopIconsUI", "Class": "User", "NameSpace": "Microsoft.Policies.ControlPanelDisplay", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Prevent changing desktop icons", "ExplainText": "Prevents users from changing the desktop icons.\n\nBy default, users can use the Desktop Icon Settings dialog in the Personalization or Display Control Panel to show, hide, or change the desktop icons.\n\nIf you enable this setting, none of the desktop icons can be changed by the user.\n\nFor systems prior to Windows Vista, this setting also hides the Desktop tab in the Display Control Panel.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "ValueName": "NoDispBackgroundPage", "Elements": [] }, { "File": "ControlPanelDisplay.admx", "CategoryName": "Personalization", "PolicyName": "CPL_Personalization_DisableColorSchemeChoice", "Class": "User", "NameSpace": "Microsoft.Policies.ControlPanelDisplay", "Supported": "WindowsVistaToXP - Windows Server 2008, Windows Server 2003, Windows Vista, and Windows XP", "DisplayName": "Prevent changing color scheme", "ExplainText": "This setting forces the theme color scheme to be the default color scheme.\n\nIf you enable this setting, a user cannot change the color scheme of the current desktop theme.\n\nIf you disable or do not configure this setting, a user may change the color scheme of the current desktop theme.\n\nFor Windows 7 and later, use the \"Prevent changing color and appearance\" setting.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "ValueName": "NoColorChoice", "Elements": [] }, { "File": "ControlPanelDisplay.admx", "CategoryName": "Personalization", "PolicyName": "CPL_Personalization_DisableThemeChange", "Class": "User", "NameSpace": "Microsoft.Policies.ControlPanelDisplay", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Prevent changing theme", "ExplainText": "This setting disables the theme gallery in the Personalization Control Panel.\n\nIf you enable this setting, users cannot change or save a theme. Elements of a theme such as the desktop background, color, sounds, and screen saver can still be changed (unless policies are set to turn them off).\n\nIf you disable or do not configure this setting, there is no effect.\n\nNote: If you enable this setting but do not specify a theme using the \"load a specific theme\" setting, the theme defaults to whatever the user previously set or the system default.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoThemesTab", "Elements": [] }, { "File": "ControlPanelDisplay.admx", "CategoryName": "Personalization", "PolicyName": "CPL_Personalization_SetTheme", "Class": "Both", "NameSpace": "Microsoft.Policies.ControlPanelDisplay", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Load a specific theme", "ExplainText": "Specifies which theme file is applied to the computer the first time a user logs on.\n\nIf you enable this setting, the theme that you specify will be applied when a new user logs on for the first time. This policy does not prevent the user from changing the theme or any of the theme elements such as the desktop background, color, sounds, or screen saver after the first logon.\n\nIf you disable or do not configure this setting, the default theme will be applied at the first logon.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Personalization", "HKCU\\Software\\Policies\\Microsoft\\Windows\\Personalization" ], "Elements": [ { "Type": "Text", "ValueName": "ThemeFile" } ] }, { "File": "ControlPanelDisplay.admx", "CategoryName": "Personalization", "PolicyName": "CPL_Personalization_DisableVisualStyle", "Class": "User", "NameSpace": "Microsoft.Policies.ControlPanelDisplay", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Prevent changing visual style for windows and buttons", "ExplainText": "Prevents users or applications from changing the visual style of the windows and buttons displayed on their screens.\n\nWhen enabled on Windows XP, this setting disables the \"Windows and buttons\" drop-down list on the Appearance tab in Display Properties.\n\nWhen enabled on Windows XP and later systems, this setting prevents users and applications from changing the visual style through the command line. Also, a user may not apply a different visual style when changing themes.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "ValueName": "NoVisualStyleChoice", "Elements": [] }, { "File": "ControlPanelDisplay.admx", "CategoryName": "Personalization", "PolicyName": "CPL_Personalization_SetVisualStyle", "Class": "User", "NameSpace": "Microsoft.Policies.ControlPanelDisplay", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Force a specific visual style file or force Windows Classic", "ExplainText": "This setting allows you to force a specific visual style file by entering the path (location) of the visual style file.\n\nThis can be a local computer visual style (aero.msstyles), or a file located on a remote server using a UNC path (\\\\Server\\Share\\aero.msstyles).\n\nIf you enable this setting, the visual style file that you specify will be used. Also, a user may not apply a different visual style when changing themes.\n\nIf you disable or do not configure this setting, the users can select the visual style that they want to use by changing themes (if the Personalization Control Panel is available).\n\nNote: If this setting is enabled and the file is not available at user logon, the default visual style is loaded.\n\nNote: When running Windows XP, you can select the Luna visual style by typing %windir%\\resources\\Themes\\Luna\\Luna.msstyles\n\nNote: To select the Windows Classic visual style, leave the box blank beside \"Path to Visual Style:\" and enable this setting. When running Windows 8 or Windows RT, you cannot apply the Windows Classic visual style.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "Elements": [ { "Type": "Text", "ValueName": "SetVisualStyle" } ] }, { "File": "ControlPanelDisplay.admx", "CategoryName": "Personalization", "PolicyName": "CPL_Personalization_LockFontSize", "Class": "User", "NameSpace": "Microsoft.Policies.ControlPanelDisplay", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Prohibit selection of visual style font size", "ExplainText": "Prevents users from changing the size of the font in the windows and buttons displayed on their screens.\n\nIf this setting is enabled, the \"Font size\" drop-down list on the Appearance tab in Display Properties is disabled.\n\nIf you disable or do not configure this setting, a user may change the font size using the \"Font size\" drop-down list on the Appearance tab.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "ValueName": "NoSizeChoice", "Elements": [] }, { "File": "ControlPanelDisplay.admx", "CategoryName": "Personalization", "PolicyName": "CPL_Personalization_NoLockScreen", "Class": "Machine", "NameSpace": "Microsoft.Policies.ControlPanelDisplay", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Do not display the lock screen", "ExplainText": "This policy setting controls whether the lock screen appears for users.\n\nIf you enable this policy setting, users that are not required to press CTRL + ALT + DEL before signing in will see their selected tile after locking their PC.\n\nIf you disable or do not configure this policy setting, users that are not required to press CTRL + ALT + DEL before signing in will see a lock screen after locking their PC. They must dismiss the lock screen using touch, the keyboard, or by dragging it with the mouse.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Personalization" ], "ValueName": "NoLockScreen", "Elements": [] }, { "File": "ControlPanelDisplay.admx", "CategoryName": "Personalization", "PolicyName": "CPL_Personalization_NoChangingLockScreen", "Class": "Machine", "NameSpace": "Microsoft.Policies.ControlPanelDisplay", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Prevent changing lock screen and logon image", "ExplainText": "Prevents users from changing the background image shown when the machine is locked or when on the logon screen.\n\nBy default, users can change the background image shown when the machine is locked or displaying the logon screen.\n\nIf you enable this setting, the user will not be able to change their lock screen and logon image, and they will instead see the default image.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Personalization" ], "ValueName": "NoChangingLockScreen", "Elements": [] }, { "File": "ControlPanelDisplay.admx", "CategoryName": "Personalization", "PolicyName": "CPL_Personalization_AnimateLockScreenBackground", "Class": "Machine", "NameSpace": "Microsoft.Policies.ControlPanelDisplay", "Supported": "Windows_10_0_NOSERVER - At least Windows 10", "DisplayName": "Prevent lock screen background motion", "ExplainText": "This policy setting controls whether the lock screen image is static or has a subtle panning effect driven by the device's accelerometer output.\n\nIf you enable this setting, motion will be prevented and the user will see the traditional static lock screen background image.\n\nIf you disable this setting (and the device has an accelerometer), the user will see the lock screen background pan around a still image as they physically move their device.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Personalization" ], "ValueName": "AnimateLockScreenBackground", "Elements": [] }, { "File": "ControlPanelDisplay.admx", "CategoryName": "Personalization", "PolicyName": "CPL_Personalization_NoLockScreenSlideshow", "Class": "Machine", "NameSpace": "Microsoft.Policies.ControlPanelDisplay", "Supported": "Windows_6_3 - At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1", "DisplayName": "Prevent enabling lock screen slide show", "ExplainText": "Disables the lock screen slide show settings in PC Settings and prevents a slide show from playing on the lock screen.\n\nBy default, users can enable a slide show that will run after they lock the machine.\n\nIf you enable this setting, users will no longer be able to modify slide show settings in PC Settings, and no slide show will ever start.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Personalization" ], "ValueName": "NoLockScreenSlideshow", "Elements": [] }, { "File": "ControlPanelDisplay.admx", "CategoryName": "Personalization", "PolicyName": "CPL_Personalization_NoLockScreenCamera", "Class": "Machine", "NameSpace": "Microsoft.Policies.ControlPanelDisplay", "Supported": "Windows_6_3 - At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1", "DisplayName": "Prevent enabling lock screen camera", "ExplainText": "Disables the lock screen camera toggle switch in PC Settings and prevents a camera from being invoked on the lock screen.\n\nBy default, users can enable invocation of an available camera on the lock screen.\n\nIf you enable this setting, users will no longer be able to enable or disable lock screen camera access in PC Settings, and the camera cannot be invoked on the lock screen.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Personalization" ], "ValueName": "NoLockScreenCamera", "Elements": [] }, { "File": "ControlPanelDisplay.admx", "CategoryName": "Personalization", "PolicyName": "CPL_Personalization_PersonalColors", "Class": "Machine", "NameSpace": "Microsoft.Policies.ControlPanelDisplay", "Supported": "Windows_6_3only - Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1 only", "DisplayName": "Force a specific background and accent color", "ExplainText": "Forces Windows to use the specified colors for the background and accent. The color values are specified in hex as #RGB.\n\nBy default, users can change the background and accent colors.\n\nIf this setting is enabled, the background and accent colors of Windows will be set to the specified colors and users cannot change those colors. This setting will not be applied if the specified colors do not meet a contrast ratio of 2:1 with white text.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Personalization" ], "Elements": [ { "Type": "Text", "ValueName": "PersonalColors_Background", "Required": true }, { "Type": "Text", "ValueName": "PersonalColors_Accent", "Required": true } ] }, { "File": "ControlPanelDisplay.admx", "CategoryName": "Personalization", "PolicyName": "CPL_Personalization_StartBackground", "Class": "Machine", "NameSpace": "Microsoft.Policies.ControlPanelDisplay", "Supported": "Windows_6_3 - At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1", "DisplayName": "Force a specific Start background", "ExplainText": "Forces the Start screen to use one of the available backgrounds, 1 through 20, and prevents the user from changing it.\n\nIf this setting is set to zero or not configured, then Start uses the default background, and users can change it.\n\nIf this setting is set to a nonzero value, then Start uses the specified background, and users cannot change it. If the specified background is not supported, the default background is used.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Personalization" ], "Elements": [ { "Type": "Decimal", "ValueName": "ForceStartBackground", "MinValue": "0", "MaxValue": "20", "StoreAsText": false } ] }, { "File": "ControlPanelDisplay.admx", "CategoryName": "Personalization", "PolicyName": "CPL_Personalization_NoChangingStartMenuBackground", "Class": "Machine", "NameSpace": "Microsoft.Policies.ControlPanelDisplay", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Prevent changing start menu background", "ExplainText": "Prevents users from changing the look of their start menu background, such as its color or accent.\n\nBy default, users can change the look of their start menu background, such as its color or accent.\n\nIf you enable this setting, the user will be assigned the default start menu background and colors and will not be allowed to change them.\n\nIf the \"Force a specific background and accent color\" policy is also set on a supported version of Windows, then those colors take precedence over this policy.\n\nIf the \"Force a specific Start background\" policy is also set on a supported version of Windows, then that background takes precedence over this policy.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Personalization" ], "ValueName": "NoChangingStartMenuBackground", "Elements": [] }, { "File": "ControlPanelDisplay.admx", "CategoryName": "Personalization", "PolicyName": "CPL_Personalization_ForceDefaultLockScreen", "Class": "Machine", "NameSpace": "Microsoft.Policies.ControlPanelDisplay", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Force a specific default lock screen and logon image", "ExplainText": "This setting allows you to force a specific default lock screen and logon image by entering the path (location) of the image file. The same image will be used for both the lock and logon screens.\n\nThis setting lets you specify the default lock screen and logon image shown when no user is signed in, and also sets the specified image as the default for all users (it replaces the inbox default image).\n\nTo use this setting, type the fully qualified path and name of the file that stores the default lock screen and logon image. You can type a local path, such as C:\\Windows\\Web\\Screen\\img104.jpg or a UNC path, such as \\\\Server\\Share\\Corp.jpg.\n\nThis can be used in conjunction with the \"Prevent changing lock screen and logon image\" setting to always force the specified lock screen and logon image to be shown.\n\nNote: This setting only applies to Enterprise, Education, and Server SKUs.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Personalization" ], "Elements": [ { "Type": "Text", "ValueName": "LockScreenImage", "Required": true }, { "Type": "Boolean", "ValueName": "LockScreenOverlaysDisabled", "TrueValue": "1", "FalseValue": "0" } ] }, { "File": "Cpls.admx", "CategoryName": "Users", "PolicyName": "UseDefaultTile", "Class": "Machine", "NameSpace": "Microsoft.Policies.ControlPanel2", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Apply the default account picture to all users", "ExplainText": "This policy setting allows an administrator to standardize the account pictures for all users on a system to the default account picture. One application for this policy setting is to standardize the account pictures to a company logo.\n\nNote: The default account picture is stored at %PROGRAMDATA%\\Microsoft\\User Account Pictures\\user.jpg. The default guest picture is stored at %PROGRAMDATA%\\Microsoft\\User Account Pictures\\guest.jpg. If the default pictures do not exist, an empty frame is displayed.\n\nIf you enable this policy setting, the default user account picture will display for all users on the system with no customization allowed.\n\nIf you disable or do not configure this policy setting, users will be able to customize their account pictures.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "UseDefaultTile", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "CredentialProviders.admx", "CategoryName": "Logon", "PolicyName": "DefaultLogonDomain", "Class": "Machine", "NameSpace": "Microsoft.Policies.CredentialProviders", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Assign a default domain for logon", "ExplainText": "This policy setting specifies a default logon domain, which might be a different domain than the domain to which the computer is joined. Without this policy setting, at logon, if a user does not specify a domain for logon, the domain to which the computer belongs is assumed as the default domain. For example if the computer belongs to the Fabrikam domain, the default domain for user logon is Fabrikam.\n\nIf you enable this policy setting, the default logon domain is set to the specified domain, which might be different than the domain to which the computer is joined.\n\nIf you disable or do not configure this policy setting, the default logon domain is always set to the domain to which the computer is joined.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "Elements": [ { "Type": "Text", "ValueName": "DefaultLogonDomain", "MaxLength": "4096" } ] }, { "File": "CredentialProviders.admx", "CategoryName": "Logon", "PolicyName": "ExcludedCredentialProviders", "Class": "Machine", "NameSpace": "Microsoft.Policies.CredentialProviders", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Exclude credential providers", "ExplainText": "This policy setting allows the administrator to exclude the specified\ncredential providers from use during authentication.\n\nNote: credential providers are used to process and validate user\ncredentials during logon or when authentication is required.\nWindows Vista provides two default credential providers:\nPassword and Smart Card. An administrator can install additional\ncredential providers for different sets of credentials\n(for example, to support biometric authentication).\n\nIf you enable this policy, an administrator can specify the CLSIDs\nof the credential providers to exclude from the set of installed\ncredential providers available for authentication purposes.\n\nIf you disable or do not configure this policy, all installed and otherwise enabled credential providers are available for authentication purposes.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "Elements": [ { "Type": "Text", "ValueName": "ExcludedCredentialProviders", "MaxLength": "4096" } ] }, { "File": "CredentialProviders.admx", "CategoryName": "Logon", "PolicyName": "AllowDomainPINLogon", "Class": "Machine", "NameSpace": "Microsoft.Policies.CredentialProviders", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Turn on convenience PIN sign-in", "ExplainText": "This policy setting allows you to control whether a domain user can sign in using a convenience PIN.\n\nIf you enable this policy setting, a domain user can set up and sign in with a convenience PIN.\n\nIf you disable or don't configure this policy setting, a domain user can't set up and use a convenience PIN.\n\nNote: The user's domain password will be cached in the system vault when using this feature.\n\nTo configure Windows Hello for Business, use the Administrative Template policies under Windows Hello for Business.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "AllowDomainPINLogon", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "CredentialProviders.admx", "CategoryName": "Logon", "PolicyName": "BlockDomainPicturePassword", "Class": "Machine", "NameSpace": "Microsoft.Policies.CredentialProviders", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Turn off picture password sign-in", "ExplainText": "This policy setting allows you to control whether a domain user can sign in using a picture password.\n\nIf you enable this policy setting, a domain user can't set up or sign in with a picture password.\n\nIf you disable or don't configure this policy setting, a domain user can set up and use a picture password.\n\nNote that the user's domain password will be cached in the system vault when using this feature.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "BlockDomainPicturePassword", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "CredentialProviders.admx", "CategoryName": "Logon", "PolicyName": "AllowDomainDelayLock", "Class": "Machine", "NameSpace": "Microsoft.Policies.CredentialProviders", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Allow users to select when a password is required when resuming from connected standby", "ExplainText": "This policy setting allows you to control whether a user can change the time before a password is required when a Connected Standby device screen turns off.\n\nIf you enable this policy setting, a user on a Connected Standby device can change the amount of time after the device's screen turns off before a password is required when waking the device. The time is limited by any EAS settings or Group Policies that affect the maximum idle time before a device locks. Additionally, if a password is required when a screensaver turns on, the screensaver timeout will limit the options the user may choose.\n\nIf you disable this policy setting, a user cannot change the amount of time after the device's screen turns off before a password is required when waking the device. Instead, a password is required immediately after the screen turns off.\n\nIf you don't configure this policy setting on a domain-joined device, a user cannot change the amount of time after the device's screen turns off before a password is required when waking the device. Instead, a password is required immediately after the screen turns off.\n\nIf you don't configure this policy setting on a workgroup device, a user on a Connected Standby device can change the amount of time after the device's screen turns off before a password is required when waking the device. The time is limited by any EAS settings or Group Policies that affect the maximum idle time before a device locks. Additionally, if a password is required when a screensaver turns on, the screensaver timeout will limit the options the user may choose.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "AllowDomainDelayLock", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "CredentialProviders.admx", "CategoryName": "Logon", "PolicyName": "DefaultCredentialProvider", "Class": "Machine", "NameSpace": "Microsoft.Policies.CredentialProviders", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Assign a default credential provider", "ExplainText": "This policy setting allows the administrator to assign a specified credential provider as the default credential provider.\n\nIf you enable this policy setting, the specified credential provider is selected on other user tile.\n\nIf you disable or do not configure this policy setting, the system picks the default credential provider on other user tile.\n\nNote: A list of registered credential providers and their GUIDs can be found in the registry at HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Authentication\\Credential Providers.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "Elements": [ { "Type": "Text", "ValueName": "DefaultCredentialProvider", "MaxLength": "48" } ] }, { "File": "CredentialProviders.admx", "CategoryName": "Logon", "PolicyName": "AllowSecurityKeySignIn", "Class": "Machine", "NameSpace": "Microsoft.Policies.CredentialProviders", "Supported": "Windows_10_0_NOSERVER - At least Windows 10", "DisplayName": "Turn on security key sign-in", "ExplainText": "This policy setting allows you to control whether users can sign in using external security keys.\n\nIf you enable this policy setting, users can sign in with external security keys.\n\nIf you disable or don't configure this policy setting, users can't sign in with external security keys.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\FIDO" ], "ValueName": "EnableFIDODeviceLogon", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "CredSsp.admx", "CategoryName": "CredentialsDelegation", "PolicyName": "AllowDefaultCredentials", "Class": "Machine", "NameSpace": "Microsoft.Policies.CredentialsSSP", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Allow delegating default credentials", "ExplainText": "This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).\n\nThis policy setting applies when server authentication was achieved by using a trusted X509 certificate or Kerberos.\n\nIf you enable this policy setting, you can specify the servers to which the user's default credentials can be delegated (default credentials are those that you use when first logging on to Windows).\n\nThe policy becomes effective the next time the user signs on to a computer running Windows.\n\nIf you disable or do not configure (by default) this policy setting, delegation of default credentials is not permitted to any computer. Applications depending upon this delegation behavior might fail authentication. For more information, see KB.\n\nFWlink for KB:\nhttp://go.microsoft.com/fwlink/?LinkId=301508\n\nNote: The \"Allow delegating default credentials\" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard character is permitted when specifying the SPN.\n\nFor Example:\nTERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine\nTERMSRV/* Remote Desktop Session Host running on all machines.\nTERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CredentialsDelegation" ], "ValueName": "AllowDefaultCredentials", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CredentialsDelegation\\AllowDefaultCredentials" ] }, { "Type": "Boolean", "ValueName": "ConcatenateDefaults_AllowDefault", "TrueValue": "1", "FalseValue": "0" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "CredSsp.admx", "CategoryName": "CredentialsDelegation", "PolicyName": "AllowDefCredentialsWhenNTLMOnly", "Class": "Machine", "NameSpace": "Microsoft.Policies.CredentialsSSP", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Allow delegating default credentials with NTLM-only server authentication", "ExplainText": "This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).\n\nThis policy setting applies when server authentication was achieved via NTLM.\n\nIf you enable this policy setting, you can specify the servers to which the user's default credentials can be delegated (default credentials are those that you use when first logging on to Windows).\n\nIf you disable or do not configure (by default) this policy setting, delegation of default credentials is not permitted to any machine.\n\nNote: The \"Allow delegating default credentials with NTLM-only server authentication\" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard character is permitted when specifying the SPN.\n\nFor Example:\nTERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine\nTERMSRV/* Remote Desktop Session Host running on all machines.\nTERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CredentialsDelegation" ], "ValueName": "AllowDefCredentialsWhenNTLMOnly", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CredentialsDelegation\\AllowDefCredentialsWhenNTLMOnly" ] }, { "Type": "Boolean", "ValueName": "ConcatenateDefaults_AllowDefNTLMOnly", "TrueValue": "1", "FalseValue": "0" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "CredSsp.admx", "CategoryName": "CredentialsDelegation", "PolicyName": "AllowFreshCredentials", "Class": "Machine", "NameSpace": "Microsoft.Policies.CredentialsSSP", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Allow delegating fresh credentials", "ExplainText": "This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).\n\nThis policy setting applies when server authentication was achieved via a trusted X509 certificate or Kerberos.\n\nIf you enable this policy setting, you can specify the servers to which the user's fresh credentials can be delegated (fresh credentials are those that you are prompted for when executing the application).\n\nIf you do not configure (by default) this policy setting, after proper mutual authentication, delegation of fresh credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*).\n\nIf you disable this policy setting, delegation of fresh credentials is not permitted to any machine.\n\nNote: The \"Allow delegating fresh credentials\" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard is permitted when specifying the SPN.\n\nFor Example:\nTERMSRV/host.humanresources.fabrikam.com\nRemote Desktop Session Host running on host.humanresources.fabrikam.com machine\nTERMSRV/* Remote Desktop Session Host running on all machines.\nTERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CredentialsDelegation" ], "ValueName": "AllowFreshCredentials", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CredentialsDelegation\\AllowFreshCredentials" ] }, { "Type": "Boolean", "ValueName": "ConcatenateDefaults_AllowFresh", "TrueValue": "1", "FalseValue": "0" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "CredSsp.admx", "CategoryName": "CredentialsDelegation", "PolicyName": "AllowFreshCredentialsWhenNTLMOnly", "Class": "Machine", "NameSpace": "Microsoft.Policies.CredentialsSSP", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Allow delegating fresh credentials with NTLM-only server authentication", "ExplainText": "This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).\n\nThis policy setting applies when server authentication was achieved via NTLM.\n\nIf you enable this policy setting, you can specify the servers to which the user's fresh credentials can be delegated (fresh credentials are those that you are prompted for when executing the application).\n\nIf you do not configure (by default) this policy setting, after proper mutual authentication, delegation of fresh credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*).\n\nIf you disable this policy setting, delegation of fresh credentials is not permitted to any machine.\n\nNote: The \"Allow delegating fresh credentials with NTLM-only server authentication\" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard character is permitted when specifying the SPN.\n\nFor Example:\nTERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine\nTERMSRV/* Remote Desktop Session Host running on all machines.\nTERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in humanresources.fabrikam.com", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CredentialsDelegation" ], "ValueName": "AllowFreshCredentialsWhenNTLMOnly", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CredentialsDelegation\\AllowFreshCredentialsWhenNTLMOnly" ] }, { "Type": "Boolean", "ValueName": "ConcatenateDefaults_AllowFreshNTLMOnly", "TrueValue": "1", "FalseValue": "0" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "CredSsp.admx", "CategoryName": "CredentialsDelegation", "PolicyName": "AllowSavedCredentials", "Class": "Machine", "NameSpace": "Microsoft.Policies.CredentialsSSP", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Allow delegating saved credentials", "ExplainText": "This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).\n\nThis policy setting applies when server authentication was achieved via a trusted X509 certificate or Kerberos.\n\nIf you enable this policy setting, you can specify the servers to which the user's saved credentials can be delegated (saved credentials are those that you elect to save/remember using the Windows credential manager).\n\nIf you do not configure (by default) this policy setting, after proper mutual authentication, delegation of saved credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*).\n\nIf you disable this policy setting, delegation of saved credentials is not permitted to any machine.\n\nNote: The \"Allow delegating saved credentials\" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard character is permitted when specifying the SPN.\n\nFor Example:\nTERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine\nTERMSRV/* Remote Desktop Session Host running on all machines.\nTERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in humanresources.fabrikam.com", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CredentialsDelegation" ], "ValueName": "AllowSavedCredentials", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CredentialsDelegation\\AllowSavedCredentials" ] }, { "Type": "Boolean", "ValueName": "ConcatenateDefaults_AllowSaved", "TrueValue": "1", "FalseValue": "0" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "CredSsp.admx", "CategoryName": "CredentialsDelegation", "PolicyName": "AllowSavedCredentialsWhenNTLMOnly", "Class": "Machine", "NameSpace": "Microsoft.Policies.CredentialsSSP", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Allow delegating saved credentials with NTLM-only server authentication", "ExplainText": "This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).\n\nThis policy setting applies when server authentication was achieved via NTLM.\n\nIf you enable this policy setting, you can specify the servers to which the user's saved credentials can be delegated (saved credentials are those that you elect to save/remember using the Windows credential manager).\n\nIf you do not configure (by default) this policy setting, after proper mutual authentication, delegation of saved credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*) if the client machine is not a member of any domain. If the client is domain-joined, by default the delegation of saved credentials is not permitted to any machine.\n\nIf you disable this policy setting, delegation of saved credentials is not permitted to any machine.\n\nNote: The \"Allow delegating saved credentials with NTLM-only server authentication\" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard character is permitted when specifying the SPN.\n\nFor Example:\nTERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine\nTERMSRV/* Remote Desktop Session Host running on all machines.\nTERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in humanresources.fabrikam.com", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CredentialsDelegation" ], "ValueName": "AllowSavedCredentialsWhenNTLMOnly", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CredentialsDelegation\\AllowSavedCredentialsWhenNTLMOnly" ] }, { "Type": "Boolean", "ValueName": "ConcatenateDefaults_AllowSavedNTLMOnly", "TrueValue": "1", "FalseValue": "0" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "CredSsp.admx", "CategoryName": "CredentialsDelegation", "PolicyName": "DenyDefaultCredentials", "Class": "Machine", "NameSpace": "Microsoft.Policies.CredentialsSSP", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Deny delegating default credentials", "ExplainText": "This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).\n\nIf you enable this policy setting, you can specify the servers to which the user's default credentials cannot be delegated (default credentials are those that you use when first logging on to Windows).\n\nIf you disable or do not configure (by default) this policy setting, this policy setting does not specify any server.\n\nNote: The \"Deny delegating default credentials\" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials cannot be delegated. The use of a single wildcard character is permitted when specifying the SPN.\n\nFor Example:\nTERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine\nTERMSRV/* Remote Desktop Session Host running on all machines.\nTERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com\n\nThis policy setting can be used in combination with the \"Allow delegating default credentials\" policy setting to define exceptions for specific servers that are otherwise permitted when using wildcard characters in the \"Allow delegating default credentials\" server list.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CredentialsDelegation" ], "ValueName": "DenyDefaultCredentials", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CredentialsDelegation\\DenyDefaultCredentials" ] }, { "Type": "Boolean", "ValueName": "ConcatenateDefaults_DenyDefault", "TrueValue": "1", "FalseValue": "0" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "CredSsp.admx", "CategoryName": "CredentialsDelegation", "PolicyName": "DenyFreshCredentials", "Class": "Machine", "NameSpace": "Microsoft.Policies.CredentialsSSP", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Deny delegating fresh credentials", "ExplainText": "This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).\n\nIf you enable this policy setting, you can specify the servers to which the user's fresh credentials cannot be delegated (fresh credentials are those that you are prompted for when executing the application).\n\nIf you disable or do not configure (by default) this policy setting, this policy setting does not specify any server.\n\nNote: The \"Deny delegating fresh credentials\" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials cannot be delegated. The use of a single wildcard character is permitted when specifying the SPN.\n\nFor Example:\nTERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine\nTERMSRV/* Remote Desktop Session Host running on all machines.\nTERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com\n\nThis policy setting can be used in combination with the \"Allow delegating fresh credentials\" policy setting to define exceptions for specific servers that are otherwise permitted when using wildcard characters in the \"Allow delegating fresh credentials\" server list.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CredentialsDelegation" ], "ValueName": "DenyFreshCredentials", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CredentialsDelegation\\DenyFreshCredentials" ] }, { "Type": "Boolean", "ValueName": "ConcatenateDefaults_DenyFresh", "TrueValue": "1", "FalseValue": "0" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "CredSsp.admx", "CategoryName": "CredentialsDelegation", "PolicyName": "DenySavedCredentials", "Class": "Machine", "NameSpace": "Microsoft.Policies.CredentialsSSP", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Deny delegating saved credentials", "ExplainText": "This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).\n\nIf you enable this policy setting, you can specify the servers to which the user's saved credentials cannot be delegated (saved credentials are those that you elect to save/remember using the Windows credential manager).\n\nIf you disable or do not configure (by default) this policy setting, this policy setting does not specify any server.\n\nNote: The \"Deny delegating saved credentials\" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials cannot be delegated. The use of a single wildcard character is permitted when specifying the SPN.\n\nFor Example:\nTERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine\nTERMSRV/* Remote Desktop Session Host running on all machines.\nTERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com\n\nThis policy setting can be used in combination with the \"Allow delegating saved credentials\" policy setting to define exceptions for specific servers that are otherwise permitted when using wildcard characters in the \"Allow delegating saved credentials\" server list.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CredentialsDelegation" ], "ValueName": "DenySavedCredentials", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CredentialsDelegation\\DenySavedCredentials" ] }, { "Type": "Boolean", "ValueName": "ConcatenateDefaults_DenySaved", "TrueValue": "1", "FalseValue": "0" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "CredSsp.admx", "CategoryName": "CredentialsDelegation", "PolicyName": "RestrictedRemoteAdministration", "Class": "Machine", "NameSpace": "Microsoft.Policies.CredentialsSSP", "Supported": "Windows_6_3 - At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1", "DisplayName": "Restrict delegation of credentials to remote servers", "ExplainText": "When running in Restricted Admin or Remote Credential Guard mode, participating apps do not expose signed in or supplied credentials to a remote host. Restricted Admin limits access to resources located on other servers or networks from the remote host because credentials are not delegated. Remote Credential Guard does not limit access to resources because it redirects all requests back to the client device.\n\nParticipating apps:\nRemote Desktop Client\n\nIf you enable this policy setting, the following options are supported:\n\nRestrict credential delegation: Participating applications must use Restricted Admin or Remote Credential Guard to connect to remote hosts.\n\nRequire Remote Credential Guard: Participating applications must use Remote Credential Guard to connect to remote hosts.\n\nRequire Restricted Admin: Participating applications must use Restricted Admin to connect to remote hosts.\n\nIf you disable or do not configure this policy setting, Restricted Admin and Remote Credential Guard mode are not enforced and participating apps can delegate credentials to remote devices.\n\nNote: To disable most credential delegation, it may be sufficient to deny delegation in Credential Security Support Provider (CredSSP) by modifying Administrative template settings (located at Computer Configuration\\Administrative Templates\\System\\Credentials Delegation).\n\nNote: On Windows 8.1 and Windows Server 2012 R2, enabling this policy will enforce Restricted Administration mode, regardless of the mode chosen. These versions do not support Remote Credential Guard.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CredentialsDelegation" ], "ValueName": "RestrictedRemoteAdministration", "Elements": [ { "Type": "Enum", "ValueName": "RestrictedRemoteAdministrationType", "Items": [ { "DisplayName": "Restrict Credential Delegation", "Data": "3" }, { "DisplayName": "Require Remote Credential Guard", "Data": "2" }, { "DisplayName": "Require Restricted Admin", "Data": "1" } ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "CredSsp.admx", "CategoryName": "CredentialsDelegation", "PolicyName": "AllowProtectedCreds", "Class": "Machine", "NameSpace": "Microsoft.Policies.CredentialsSSP", "Supported": "Windows_10_0_RS2 - At least Windows Server 2016, Windows 10 Version 1703", "DisplayName": "Remote host allows delegation of non-exportable credentials", "ExplainText": "Remote host allows delegation of non-exportable credentials\n\nWhen using credential delegation, devices provide an exportable version of credentials to the remote host. This exposes users to the risk of credential theft from attackers on the remote host.\n\nIf you enable this policy setting, the host supports Restricted Admin or Remote Credential Guard mode.\n\nIf you disable or do not configure this policy setting, Restricted Administration and Remote Credential Guard mode are not supported. User will always need to pass their credentials to the host.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CredentialsDelegation" ], "ValueName": "AllowProtectedCreds", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "CredSsp.admx", "CategoryName": "CredentialsDelegation", "PolicyName": "AllowEncryptionOracle", "Class": "Machine", "NameSpace": "Microsoft.Policies.CredentialsSSP", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Encryption Oracle Remediation", "ExplainText": "Encryption Oracle Remediation\n\nThis policy setting applies to applications using the CredSSP component (for example: Remote Desktop Connection).\n\nSome versions of the CredSSP protocol are vulnerable to an encryption oracle attack against the client. This policy controls compatibility with vulnerable clients and servers. This policy allows you to set the level of protection desired for the encryption oracle vulnerability.\n\nIf you enable this policy setting, CredSSP version support will be selected based on the following options:\n\nForce Updated Clients: Client applications which use CredSSP will not be able to fall back to the insecure versions and services using CredSSP will not accept unpatched clients. Note: this setting should not be deployed until all remote hosts support the newest version.\n\nMitigated: Client applications which use CredSSP will not be able to fall back to the insecure version but services using CredSSP will accept unpatched clients. See the link below for important information about the risk posed by remaining unpatched clients.\n\nVulnerable: Client applications which use CredSSP will expose the remote servers to attacks by supporting fall back to the insecure versions and services using CredSSP will accept unpatched clients.\n\nFor more information about the vulnerability and servicing requirements for protection, see https://go.microsoft.com/fwlink/?linkid=866660", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\CredSSP\\Parameters" ], "Elements": [ { "Type": "Enum", "ValueName": "AllowEncryptionOracle", "Items": [ { "DisplayName": "Force Updated Clients", "Data": "0" }, { "DisplayName": "Mitigated", "Data": "1" }, { "DisplayName": "Vulnerable", "Data": "2" } ] } ] }, { "File": "CredUI.admx", "CategoryName": "CredUI", "PolicyName": "EnumerateAdministrators", "Class": "Machine", "NameSpace": "Microsoft.Policies.CredentialsUI", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Enumerate administrator accounts on elevation", "ExplainText": "This policy setting controls whether administrator accounts are displayed when a user attempts to elevate a running application. By default, administrator accounts are not displayed when the user attempts to elevate a running application.\n\nIf you enable this policy setting, all local administrator accounts on the PC will be displayed so the user can choose one and enter the correct password.\n\nIf you disable this policy setting, users will always be required to type a user name and password to elevate.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\CredUI" ], "ValueName": "EnumerateAdministrators", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "CredUI.admx", "CategoryName": "CredUI", "PolicyName": "EnableSecureCredentialPrompting", "Class": "Machine", "NameSpace": "Microsoft.Policies.CredentialsUI", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Require trusted path for credential entry", "ExplainText": "This policy setting requires the user to enter Microsoft Windows credentials using a trusted path, to prevent a Trojan horse or other types of malicious code from stealing the user\u2019s Windows credentials.\n\nNote: This policy affects nonlogon authentication tasks only. As a security best practice, this policy should be enabled.\n\nIf you enable this policy setting, users will be required to enter Windows credentials on the Secure Desktop by means of the trusted path mechanism.\n\nIf you disable or do not configure this policy setting, users will enter Windows credentials within the user\u2019s desktop session, potentially allowing malicious code access to the user\u2019s Windows credentials.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\CredUI" ], "ValueName": "EnableSecureCredentialPrompting", "Elements": [] }, { "File": "CredUI.admx", "CategoryName": "CredUI", "PolicyName": "DisablePasswordReveal", "Class": "Both", "NameSpace": "Microsoft.Policies.CredentialsUI", "Supported": "Windows8_Or_IE10 - At least Windows Server 2012, Windows 8 or Windows RT or at least Internet Explorer 10", "DisplayName": "Do not display the password reveal button", "ExplainText": "This policy setting allows you to configure the display of the password reveal button in password entry user experiences.\n\nIf you enable this policy setting, the password reveal button will not be displayed after a user types a password in the password entry text box.\n\nIf you disable or do not configure this policy setting, the password reveal button will be displayed after a user types a password in the password entry text box.\n\nBy default, the password reveal button is displayed after a user types a password in the password entry text box. To display the password, click the password reveal button.\n\nThe policy applies to all Windows components and applications that use the Windows system controls, including Internet Explorer.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CredUI", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CredUI" ], "ValueName": "DisablePasswordReveal", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "CredUI.admx", "CategoryName": "CredUI", "PolicyName": "NoLocalPasswordResetQuestions", "Class": "Machine", "NameSpace": "Microsoft.Policies.CredentialsUI", "Supported": "Windows_10_0_RS6 - At least Windows Server 2016, Windows 10 Version 1903", "DisplayName": "Prevent the use of security questions for local accounts", "ExplainText": "If you turn this policy setting on, local users won\u2019t be able to set up and use security questions to reset their passwords.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "NoLocalPasswordResetQuestions", "Elements": [] }, { "File": "CtrlAltDel.admx", "CategoryName": "CADOptions", "PolicyName": "DisableChangePassword", "Class": "User", "NameSpace": "Microsoft.Policies.ControlAltDelete", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Remove Change Password", "ExplainText": "This policy setting prevents users from changing their Windows password on demand.\n\nIf you enable this policy setting, the 'Change Password' button on the Windows Security dialog box will not appear when you press Ctrl+Alt+Del.\n\nHowever, users are still able to change their password when prompted by the system. The system prompts users for a new password when an administrator requires a new password or their password is expiring.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "ValueName": "DisableChangePassword", "Elements": [] }, { "File": "CtrlAltDel.admx", "CategoryName": "CADOptions", "PolicyName": "DisableLockComputer", "Class": "User", "NameSpace": "Microsoft.Policies.ControlAltDelete", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Remove Lock Computer", "ExplainText": "This policy setting prevents users from locking the system.\n\nWhile locked, the desktop is hidden and the system cannot be used. Only the user who locked the system or the system administrator can unlock it.\n\nIf you enable this policy setting, users cannot lock the computer from the keyboard using Ctrl+Alt+Del.\n\nIf you disable or do not configure this policy setting, users will be able to lock the computer from the keyboard using Ctrl+Alt+Del.\n\nTip:To lock a computer without configuring a setting, press Ctrl+Alt+Delete, and then click Lock this computer.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "ValueName": "DisableLockWorkstation", "Elements": [] }, { "File": "CtrlAltDel.admx", "CategoryName": "CADOptions", "PolicyName": "DisableTaskMgr", "Class": "User", "NameSpace": "Microsoft.Policies.ControlAltDelete", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Remove Task Manager", "ExplainText": "This policy setting prevents users from starting Task Manager.\n\nTask Manager (taskmgr.exe) lets users start and stop programs; monitor the performance of their computers; view and monitor all programs running on their computers, including system services; find the executable names of programs; and change the priority of the process in which programs run.\n\nIf you enable this policy setting, users will not be able to access Task Manager. If users try to start Task Manager, a message appears explaining that a policy prevents the action.\n\nIf you disable or do not configure this policy setting, users can access Task Manager to start and stop programs, monitor the performance of their computers, view and monitor all programs running on their computers, including system services, find the executable names of programs, and change the priority of the process in which programs run.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "ValueName": "DisableTaskMgr", "Elements": [] }, { "File": "CtrlAltDel.admx", "CategoryName": "CADOptions", "PolicyName": "NoLogoff", "Class": "User", "NameSpace": "Microsoft.Policies.ControlAltDelete", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Remove Logoff", "ExplainText": "This policy setting disables or removes all menu items and buttons that log the user off the system.\n\nIf you enable this policy setting, users will not see the Log off menu item when they press Ctrl+Alt+Del. This will prevent them from logging off unless they restart or shutdown the computer, or clicking Log off from the Start menu.\n\nAlso, see the 'Remove Logoff on the Start Menu' policy setting.\n\nIf you disable or do not configure this policy setting, users can see and select the Log off menu item when they press Ctrl+Alt+Del.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoLogoff", "Elements": [] }, { "File": "DataCollection.admx", "CategoryName": "DataCollectionAndPreviewBuilds", "PolicyName": "AllowTelemetry", "Class": "Both", "NameSpace": "Microsoft.Policies.DataCollection", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Allow Diagnostic Data", "ExplainText": "By configuring this policy setting you can adjust what diagnostic data is collected from Windows. This policy setting also restricts the user from increasing the amount of diagnostic data collection via the Settings app. The diagnostic data collected under this policy impacts the operating system and apps that are considered part of Windows and does not apply to any additional apps installed by your organization.\n\n- Diagnostic data off (not recommended). Using this value, no diagnostic data is sent from the device. This value is only supported on Enterprise, Education, and Server editions.\n- Send required diagnostic data. This is the minimum diagnostic data necessary to keep Windows secure, up to date, and performing as expected. Using this value disables the \"Optional diagnostic data\" control in the Settings app.\n- Send optional diagnostic data. Additional diagnostic data is collected that helps us to detect, diagnose and fix issues, as well as make product improvements. Required diagnostic data will always be included when you choose to send optional diagnostic data. Optional diagnostic data can also include diagnostic log files and crash dumps. Use the \"Limit Dump Collection\" and the \"Limit Diagnostic Log Collection\" policies for more granular control of what optional diagnostic data is sent.\n\nIf you disable or do not configure this policy setting, the device will send required diagnostic data and the end user can choose whether to send optional diagnostic data from the Settings app.\n\nNote:\nThe \"Configure diagnostic data opt-in settings user interface\" group policy can be used to prevent end users from changing their data collection settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DataCollection", "HKCU\\Software\\Policies\\Microsoft\\Windows\\DataCollection" ], "Elements": [ { "Type": "Enum", "ValueName": "AllowTelemetry", "Items": [ { "DisplayName": "Diagnostic data off (not recommended)", "Data": "0" }, { "DisplayName": "Send required diagnostic data", "Data": "1" }, { "DisplayName": "Send optional diagnostic data", "Data": "3" } ], "Required": true } ] }, { "File": "DataCollection.admx", "CategoryName": "DataCollectionAndPreviewBuilds", "PolicyName": "TelemetryProxy", "Class": "Machine", "NameSpace": "Microsoft.Policies.DataCollection", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Configure Connected User Experiences and Telemetry", "ExplainText": "With this policy setting, you can forward Connected User Experience and Telemetry requests to a proxy server.\n\nIf you enable this policy setting, you can specify the FQDN or IP address of the destination device within your organization's network (and optionally a port number, if desired). The connection will be made over a Secure Sockets Layer (SSL) connection. If the named proxy fails, or if you disable or do not configure this policy setting, Connected User Experience and Telemetry data will be sent to Microsoft using the default proxy configuration.\n\nThe format for this setting is :", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DataCollection" ], "Elements": [ { "Type": "Text", "ValueName": "TelemetryProxyServer", "Required": true } ] }, { "File": "DataCollection.admx", "CategoryName": "DataCollectionAndPreviewBuilds", "PolicyName": "CommercialIdPolicy", "Class": "Machine", "NameSpace": "Microsoft.Policies.DataCollection", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Configure the Commercial ID", "ExplainText": "This policy setting defines the identifier used to uniquely associate this device\u2019s diagnostic data data as belonging to a given organization. If your organization is participating in a program that requires this device to be identified as belonging to your organization then use this setting to provide that identification. The value for this setting will be provided by Microsoft as part of the onboarding process for the program.\n\nIf you disable or do not configure this policy setting, then Microsoft will not be able to use this identifier to associate this machine and its diagnostic data data with your organization.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DataCollection" ], "Elements": [ { "Type": "Text", "ValueName": "CommercialId", "Required": true } ] }, { "File": "DataCollection.admx", "CategoryName": "DataCollectionAndPreviewBuilds", "PolicyName": "DisableEnterpriseAuthProxy", "Class": "Machine", "NameSpace": "Microsoft.Policies.DataCollection", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Configure Authenticated Proxy usage for the Connected User Experience and Telemetry service", "ExplainText": "This policy setting blocks the Connected User Experience and Telemetry service from automatically using an authenticated proxy to send data back to Microsoft on Windows 10. If you disable or do not configure this policy setting, the Connected User Experience and Telemetry service will automatically use an authenticated proxy to send data back to Microsoft. Enabling this policy will block the Connected User Experience and Telemetry service from automatically using an authenticated proxy.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DataCollection" ], "Elements": [ { "Type": "Enum", "ValueName": "DisableEnterpriseAuthProxy", "Items": [ { "DisplayName": "Enable Authenticated Proxy usage", "Data": "0" }, { "DisplayName": "Disable Authenticated Proxy usage", "Data": "1" } ], "Required": true } ] }, { "File": "DataCollection.admx", "CategoryName": "DataCollectionAndPreviewBuilds", "PolicyName": "LimitEnhancedDiagnosticDataWindowsAnalytics", "Class": "Machine", "NameSpace": "Microsoft.Policies.DataCollection", "Supported": "Windows_10_0_RS3 - At least Windows Server 2016, Windows 10 Version 1709", "DisplayName": "Limit optional diagnostic data for Desktop Analytics", "ExplainText": "This policy setting, in combination with the \"Allow Diagnostic Data\" policy setting, enables organizations to send the minimum data required by Desktop Analytics.\n\nTo enable the behavior described above, complete the following steps:\n1. Enable this policy setting\n2. Set the \"Allow Diagnostic Data\" policy to \"Send optional diagnostic data\"\n3. Enable the \"Limit Dump Collection\" policy\n4. Enable the \"Limit Diagnostic Log Collection\" policy\n\nWhen these policies are configured, Microsoft will collect only required diagnostic data and the events required by Desktop Analytics, which can be viewed at https://go.microsoft.com/fwlink/?linkid=2116020.\n\nIf you disable or do not configure this policy setting, diagnostic data collection is determined by the \"Allow Diagnostic Data\" policy setting or by the end user from the Settings app.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DataCollection" ], "ValueName": "LimitEnhancedDiagnosticDataWindowsAnalytics", "Elements": [ { "Type": "Enum", "ValueName": "LimitEnhancedDiagnosticDataWindowsAnalytics", "Items": [ { "DisplayName": "Enable Desktop Analytics collection", "Data": "1" }, { "DisplayName": "Disable Desktop Analytics collection", "Data": "0" } ], "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DataCollection.admx", "CategoryName": "DataCollectionAndPreviewBuilds", "PolicyName": "AllowDeviceNameInDiagnosticData", "Class": "Machine", "NameSpace": "Microsoft.Policies.DataCollection", "Supported": "Windows_10_0_RS4 - At least Windows Server 2016, Windows 10 Version 1803", "DisplayName": "Allow device name to be sent in Windows diagnostic data", "ExplainText": "This policy allows the device name to be sent to Microsoft as part of Windows diagnostic data.\n\nIf you disable or do not configure this policy setting, then device name will not be sent to Microsoft as part of Windows diagnostic data.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DataCollection" ], "ValueName": "AllowDeviceNameInTelemetry", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DataCollection.admx", "CategoryName": "DataCollectionAndPreviewBuilds", "PolicyName": "ConfigureTelemetryOptInSettingsUx", "Class": "Machine", "NameSpace": "Microsoft.Policies.DataCollection", "Supported": "Windows_10_0_RS4 - At least Windows Server 2016, Windows 10 Version 1803", "DisplayName": "Configure diagnostic data opt-in settings user interface", "ExplainText": "This policy setting determines whether an end user can change diagnostic data settings in the Settings app.\n\nIf you set this policy setting to \"Disable diagnostic data opt-in settings\", diagnostic data settings are disabled in the Settings app.\n\nIf you don't configure this policy setting, or you set it to \"Enable diagnostic data opt-in settings\", end users can change the device diagnostic settings in the Settings app.\n\nNote:\nTo set a limit on the amount of diagnostic data that is sent to Microsoft by your organization, use the \"Allow Diagnostic Data\" policy setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DataCollection" ], "ValueName": "DisableTelemetryOptInSettingsUx", "Elements": [ { "Type": "Enum", "ValueName": "DisableTelemetryOptInSettingsUx", "Items": [ { "DisplayName": "Disable diagnostic data opt-in settings", "Data": "1" }, { "DisplayName": "Enable diagnostic data opt-in setings", "Data": "0" } ], "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DataCollection.admx", "CategoryName": "DataCollectionAndPreviewBuilds", "PolicyName": "ConfigureTelemetryOptInChangeNotification", "Class": "Machine", "NameSpace": "Microsoft.Policies.DataCollection", "Supported": "Windows_10_0_RS4 - At least Windows Server 2016, Windows 10 Version 1803", "DisplayName": "Configure diagnostic data opt-in change notifications", "ExplainText": "This policy setting controls whether notifications are shown, following a change to diagnostic data opt-in settings, on first logon and when the changes occur in settings.\n\nIf you set this policy setting to \"Disable diagnostic data change notifications\", diagnostic data opt-in change notifications will not appear.\n\nIf you set this policy setting to \"Enable diagnostic data change notifications\" or don't configure this policy setting, diagnostic data opt-in change notifications appear at first logon and when the changes occur in Settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DataCollection" ], "ValueName": "DisableTelemetryOptInChangeNotification", "Elements": [ { "Type": "Enum", "ValueName": "DisableTelemetryOptInChangeNotification", "Items": [ { "DisplayName": "Disable diagnostic data change notifications", "Data": "1" }, { "DisplayName": "Enable diagnostic data change notifications", "Data": "0" } ], "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DataCollection.admx", "CategoryName": "DataCollectionAndPreviewBuilds", "PolicyName": "DisableDeviceDelete", "Class": "Machine", "NameSpace": "Microsoft.Policies.DataCollection", "Supported": "Windows_10_0_RS5 - At least Windows Server 2016, Windows 10 Version 1809", "DisplayName": "Disable deleting diagnostic data", "ExplainText": "This policy setting controls whether the Delete diagnostic data button is enabled in Diagnostic & feedback Settings page.\n\nIf you enable this policy setting, the Delete diagnostic data button will be disabled in Settings page, preventing the deletion of diagnostic data collected by Microsoft from the device.\n\nIf you disable or don't configure this policy setting, the Delete diagnostic data button will be enabled in Settings page, which allows people to erase all diagnostic data collected by Microsoft from that device.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DataCollection" ], "ValueName": "DisableDeviceDelete", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DataCollection.admx", "CategoryName": "DataCollectionAndPreviewBuilds", "PolicyName": "DisableDiagnosticDataViewer", "Class": "Machine", "NameSpace": "Microsoft.Policies.DataCollection", "Supported": "Windows_10_0_RS5 - At least Windows Server 2016, Windows 10 Version 1809", "DisplayName": "Disable diagnostic data viewer", "ExplainText": "This policy setting controls whether users can enable and launch the Diagnostic Data Viewer from the Diagnostic & feedback Settings page.\n\nIf you enable this policy setting, the Diagnostic Data Viewer will not be enabled in Settings page, and it will prevent the viewer from showing diagnostic data collected by Microsoft from the device.\n\nIf you disable or don't configure this policy setting, the Diagnostic Data Viewer will be enabled in Settings page.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DataCollection" ], "ValueName": "DisableDiagnosticDataViewer", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DataCollection.admx", "CategoryName": "DataCollectionAndPreviewBuilds", "PolicyName": "ConfigureMicrosoft365UploadEndpoint", "Class": "Machine", "NameSpace": "Microsoft.Policies.DataCollection", "Supported": "Windows_10_0_RS5 - At least Windows Server 2016, Windows 10 Version 1809", "DisplayName": "Configure diagnostic data upload endpoint for Desktop Analytics", "ExplainText": "This policy sets the upload endpoint for this device\u2019s diagnostic data as part of the Desktop Analytics program.\n\nIf your organization is participating in the program and has been instructed to configure a custom upload endpoint, then use this setting to define that endpoint.\nThe value for this setting will be provided by Microsoft as part of the onboarding process for the program.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DataCollection" ], "Elements": [ { "Type": "Text", "ValueName": "ConfigureMicrosoft365UploadEndpoint", "Required": true } ] }, { "File": "DataCollection.admx", "CategoryName": "DataCollectionAndPreviewBuilds", "PolicyName": "AllowUpdateComplianceProcessing", "Class": "Machine", "NameSpace": "Microsoft.Policies.DataCollection", "Supported": "Windows_10_0_RS5 - At least Windows Server 2016, Windows 10 Version 1809", "DisplayName": "Allow Update Compliance Processing", "ExplainText": "This policy is deprecated and will only work on Windows 10 version 1809. Setting this policy will have no effect for other supported versions of Windows.\n\nThis policy setting, in combination with the Allow Telemetry and Configure the Commercial ID, enables organizations to configure the device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the Product Terms at https://go.microsoft.com/fwlink/?linkid=2185086.\nTo enable this behavior:\n1. Enable this policy setting\n2. Join an Azure Active Directory account to the device\n3. Set Allow Telemetry to value 1 - Required, or higher\n4. Set the Configure the Commercial ID setting for your Update Compliance workspace\n\nWhen these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.\nIf you disable or do not configure this policy setting, devices will not appear in Update Compliance.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DataCollection" ], "ValueName": "AllowUpdateComplianceProcessing", "Elements": [ { "Type": "EnabledValue", "Data": "16" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DataCollection.admx", "CategoryName": "DataCollectionAndPreviewBuilds", "PolicyName": "AllowDesktopAnalyticsProcessing", "Class": "Machine", "NameSpace": "Microsoft.Policies.DataCollection", "Supported": "Windows_10_0_RS5 - At least Windows Server 2016, Windows 10 Version 1809", "DisplayName": "Allow Desktop Analytics Processing", "ExplainText": "This policy is deprecated and will only work on Windows 10 version 1809. Setting this policy will have no effect for other supported versions of Windows.\n\nThis policy setting, in combination with the Allow Telemetry and Configure the Commercial ID, enables organizations to configure the device so that Microsoft is the processor for Windows diagnostic data collected from the device, subject to the Product Terms at https://go.microsoft.com/fwlink/?linkid=2185086.\nTo enable this behavior:\n1. Enable this policy setting\n2. Join an Azure Active Directory account to the device\n3. Set Allow Telemetry to value 1 - Required, or higher\n4. Set the Configure the Commercial ID setting for your Desktop Analytics workspace\n\nWhen these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.\nThis setting has no effect on devices unless they are properly enrolled in Desktop Analytics. If you disable this policy setting, devices will not appear in Desktop Analytics.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DataCollection" ], "ValueName": "AllowDesktopAnalyticsProcessing", "Elements": [ { "Type": "EnabledValue", "Data": "2" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DataCollection.admx", "CategoryName": "DataCollectionAndPreviewBuilds", "PolicyName": "AllowWUfBCloudProcessing", "Class": "Machine", "NameSpace": "Microsoft.Policies.DataCollection", "Supported": "Windows_10_0_RS5 - At least Windows Server 2016, Windows 10 Version 1809", "DisplayName": "Allow WUfB Cloud Processing", "ExplainText": "This policy is deprecated and will only work on Windows 10 version 1809. Setting this policy will have no effect for other supported versions of Windows.\n\nThis policy setting configures an Azure Active Directory joined device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the Product Terms at https://go.microsoft.com/fwlink/?linkid=2185086.\nTo enable this behavior:\n1. Enable this policy setting\n2. Join an Azure Active Directory account to the device\n3. Set Allow Telemetry to value 1 - Required, or higher\n\nWhen these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.\nIf you disable or do not configure this policy setting, devices enrolled to the Windows Update for Business deployment service will not be able to take advantage of some deployment service features.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DataCollection" ], "ValueName": "AllowWUfBCloudProcessing", "Elements": [ { "Type": "EnabledValue", "Data": "8" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DataCollection.admx", "CategoryName": "DataCollectionAndPreviewBuilds", "PolicyName": "AllowCommercialDataPipeline", "Class": "Machine", "NameSpace": "Microsoft.Policies.DataCollection", "Supported": "Windows_10_0_RS5 - At least Windows Server 2016, Windows 10 Version 1809", "DisplayName": "Allow commercial data pipeline", "ExplainText": "This policy is deprecated and will only work on Windows 10 version 1809. Setting this policy will have no effect for other supported versions of Windows.\n\nAllowCommercialDataPipeline configures an Azure Active Directory joined device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the Product Terms at https://go.microsoft.com/fwlink/?linkid=2185086.\nTo enable this behavior:\n1. Enable this policy setting\n2. Join an Azure Active Directory account to the device\n\nWindows diagnostic data is collected when the Allow Telemetry policy setting is set to value 1 - Required or above. Configuring this setting does not change the Windows diagnostic data collection level set for the device.\nIf you disable or do not configure this setting, Microsoft will be the controller of the Windows diagnostic data collected from the device and processed in accordance with Microsoft's privacy statement at https://go.microsoft.com/fwlink/?LinkId=521839 unless you have enabled policies like 'Allow Update Compliance Processing' or 'Allow Desktop Analytics Processing'.\nSee the documentation at https://go.microsoft.com/fwlink/?linkid=2011107 for information on this and other policies that will result in Microsoft being the processor of Windows diagnostic data.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DataCollection" ], "ValueName": "AllowCommercialDataPipeline", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DataCollection.admx", "CategoryName": "DataCollectionAndPreviewBuilds", "PolicyName": "LimitDiagnosticLogCollection", "Class": "Machine", "NameSpace": "Microsoft.Policies.DataCollection", "Supported": "Windows_10_0_RS7 - At least Windows Server 2016, Windows 10 Version 1909", "DisplayName": "Limit Diagnostic Log Collection", "ExplainText": "This policy setting controls whether additional diagnostic logs are collected when more information is needed to troubleshoot a problem on the device. Diagnostic logs are only sent when the device has been configured to send optional diagnostic data.\n\nBy enabling this policy setting, diagnostic logs will not be collected.\n\nIf you disable or do not configure this policy setting, we may occasionally collect diagnostic logs if the device has been configured to send optional diagnostic data.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DataCollection" ], "ValueName": "LimitDiagnosticLogCollection", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DataCollection.admx", "CategoryName": "DataCollectionAndPreviewBuilds", "PolicyName": "LimitDumpCollection", "Class": "Machine", "NameSpace": "Microsoft.Policies.DataCollection", "Supported": "Windows_10_0_RS7 - At least Windows Server 2016, Windows 10 Version 1909", "DisplayName": "Limit Dump Collection", "ExplainText": "This policy setting limits the type of dumps that can be collected when more information is needed to troubleshoot a problem. Dumps are only sent when the device has been configured to send optional diagnostic data.\n\nBy enabling this setting, Windows Error Reporting is limited to sending kernel mini dumps and user mode triage dumps.\n\nIf you disable or do not configure this policy setting, we may occasionally collect full or heap dumps if the user has opted to send optional diagnostic data.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DataCollection" ], "ValueName": "LimitDumpCollection", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DataCollection.admx", "CategoryName": "DataCollectionAndPreviewBuilds", "PolicyName": "EnableOneSettingsAuditing", "Class": "Machine", "NameSpace": "Microsoft.Policies.DataCollection", "Supported": "Windows_10_0_RS7 - At least Windows Server 2016, Windows 10 Version 1909", "DisplayName": "Enable OneSettings Auditing", "ExplainText": "This policy setting controls whether Windows records attempts to connect with the OneSettings service to the EventLog.\n\nIf you enable this policy, Windows will record attempts to connect with the OneSettings service to the Microsoft\\Windows\\Privacy-Auditing\\Operational EventLog channel.\n\nIf you disable or don't configure this policy setting, Windows will not record attempts to connect with the OneSettings service to the EventLog.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DataCollection" ], "ValueName": "EnableOneSettingsAuditing", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DataCollection.admx", "CategoryName": "DataCollectionAndPreviewBuilds", "PolicyName": "DisableOneSettingsDownloads", "Class": "Machine", "NameSpace": "Microsoft.Policies.DataCollection", "Supported": "Windows_10_0_RS7 - At least Windows Server 2016, Windows 10 Version 1909", "DisplayName": "Disable OneSettings Downloads", "ExplainText": "This policy setting controls whether Windows attempts to connect with the OneSettings service.\n\nIf you enable this policy, Windows will not attempt to connect with the OneSettings Service.\n\nIf you disable or don't configure this policy setting, Windows will periodically attempt to connect with the OneSettings service to download configuration settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DataCollection" ], "ValueName": "DisableOneSettingsDownloads", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DCOM.admx", "CategoryName": "DCOMAppCompatPolicies", "PolicyName": "DCOMActivationSecurityCheckAllowLocalList", "Class": "Machine", "NameSpace": "Microsoft.Policies.DECOM", "Supported": "WindowsXPSP2 - At least Windows XP Professional with SP2", "DisplayName": "Allow local activation security check exemptions", "ExplainText": "Allows you to specify that local computer administrators can supplement the \"Define Activation Security Check exemptions\" list.\n\nIf you enable this policy setting, and DCOM does not find an explicit entry for a DCOM server application id (appid) in the \"Define Activation Security Check exemptions\" policy (if enabled), DCOM will look for an entry in the locally configured list.\n\nIf you disable this policy setting, DCOM will not look in the locally configured DCOM activation security check exemption list.\n\nIf you do not configure this policy setting, DCOM will only look in the locally configured exemption list if the \"Define Activation Security Check exemptions\" policy is not configured.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\DCOM\\AppCompat" ], "ValueName": "AllowLocalActivationSecurityCheckExemptionList", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DCOM.admx", "CategoryName": "DCOMAppCompatPolicies", "PolicyName": "DCOMActivationSecurityCheckExemptionList", "Class": "Machine", "NameSpace": "Microsoft.Policies.DECOM", "Supported": "WindowsXPSP2 - At least Windows XP Professional with SP2", "DisplayName": "Define Activation Security Check exemptions", "ExplainText": "Allows you to view and change a list of DCOM server application ids (appids) which are exempted from the DCOM Activation security check. DCOM uses two such lists, one configured via Group Policy through this policy setting, and the other via the actions of local computer administrators. DCOM ignores the second list when this policy setting is configured, unless the \"Allow local activation security check exemptions\" policy is enabled.\n\nDCOM server appids added to this policy must be listed in curly-brace format. For example: {b5dcb061-cefb-42e0-a1be-e6a6438133fe}. If you enter a non-existent or improperly formatted appid DCOM will add it to the list without checking for errors.\n\nIf you enable this policy setting, you can view and change the list of DCOM activation security check exemptions defined by Group Policy settings. If you add an appid to this list and set its value to 1, DCOM will not enforce the Activation security check for that DCOM server. If you add an appid to this list and set its value to 0 DCOM will always enforce the Activation security check for that DCOM server regardless of local settings.\n\nIf you disable this policy setting, the appid exemption list defined by Group Policy is deleted, and the one defined by local computer administrators is used.\n\nIf you do not configure this policy setting, the appid exemption list defined by local computer administrators is used.\n\nNotes:\n\nThe DCOM Activation security check is done after a DCOM server process is started, but before an object activation request is dispatched to the server process. This access check is done against the DCOM server's custom launch permission security descriptor if it exists, or otherwise against the configured defaults.\n\nIf the DCOM server's custom launch permission contains explicit DENY entries this may mean that object activations that would have previously succeeded for such specified users, once the DCOM server process was up and running, might now fail instead. The proper action in this situation is to re-configure the DCOM server's custom launch permission settings for correct security settings, but this policy setting may be used in the short-term as an application compatibility deployment aid.\n\nDCOM servers added to this exemption list are only exempted if their custom launch permissions do not contain specific LocalLaunch, RemoteLaunch, LocalActivate, or RemoteActivate grant or deny entries for any users or groups. Also note, exemptions for DCOM Server Appids added to this list will apply to both 32-bit and 64-bit versions of the server if present.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\DCOM\\AppCompat" ], "ValueName": "ListBox_Support_ActivationSecurityCheckExemptionList", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\DCOM\\AppCompat\\ActivationSecurityCheckExemptionList" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DeliveryOptimization.admx", "CategoryName": "DeliveryOptimizationCat", "PolicyName": "DownloadMode", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeliveryOptimization", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Download Mode", "ExplainText": "Specifies the method that Delivery Optimization can use to download content on behalf of various Microsoft products.\n\n0 = HTTP only, no peering\n1 = HTTP blended with peering behind the same NAT\n2 = HTTP blended with peering across a private group\n3 = HTTP blended with Internet peering\n99 = HTTP only, no peering, no use of DO cloud service\n100 = Bypass mode, deprecated in Windows 11", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization" ], "Elements": [ { "Type": "Enum", "ValueName": "DODownloadMode", "Items": [ { "DisplayName": "HTTP only (0)", "Data": "0" }, { "DisplayName": "LAN (1)", "Data": "1" }, { "DisplayName": "Group (2)", "Data": "2" }, { "DisplayName": "Internet (3)", "Data": "3" }, { "DisplayName": "Simple (99)", "Data": "99" }, { "DisplayName": "Bypass (100)", "Data": "100" } ] } ] }, { "File": "DeliveryOptimization.admx", "CategoryName": "DeliveryOptimizationCat", "PolicyName": "GroupId", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeliveryOptimization", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Group ID", "ExplainText": "Specifies an arbitrary group ID that the device belongs to. A GUID must be used.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization" ], "Elements": [ { "Type": "Text", "ValueName": "DOGroupId" } ] }, { "File": "DeliveryOptimization.admx", "CategoryName": "DeliveryOptimizationCat", "PolicyName": "MaxCacheSize", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeliveryOptimization", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Max Cache Size (percentage)", "ExplainText": "Specifies the maximum cache size that Delivery Optimization can utilize, as a percentage of the available drive space.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization" ], "Elements": [ { "Type": "Decimal", "ValueName": "DOMaxCacheSize", "MinValue": "1", "MaxValue": "100" } ] }, { "File": "DeliveryOptimization.admx", "CategoryName": "DeliveryOptimizationCat", "PolicyName": "AbsoluteMaxCacheSize", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeliveryOptimization", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Absolute Max Cache Size (in GB)", "ExplainText": "Specifies the maximum size in GB of Delivery Optimization cache. This policy overrides the MaxCacheSize policy.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization" ], "Elements": [ { "Type": "Decimal", "ValueName": "DOAbsoluteMaxCacheSize", "MinValue": "0", "MaxValue": "4294967295" } ] }, { "File": "DeliveryOptimization.admx", "CategoryName": "DeliveryOptimizationCat", "PolicyName": "MaxCacheAge", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeliveryOptimization", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Max Cache Age (in seconds)", "ExplainText": "Specifies the maximum time in seconds that each file is held in the Delivery Optimization cache after downloading successfully.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization" ], "Elements": [ { "Type": "Decimal", "ValueName": "DOMaxCacheAge", "MinValue": "0", "MaxValue": "4294967295" } ] }, { "File": "DeliveryOptimization.admx", "CategoryName": "DeliveryOptimizationCat", "PolicyName": "MonthlyUploadDataCap", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeliveryOptimization", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Monthly Upload Data Cap (in GB)", "ExplainText": "Specifies the maximum bytes in GB that Delivery Optimization is allowed to upload to Internet peers in each calendar month.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization" ], "Elements": [ { "Type": "Decimal", "ValueName": "DOMonthlyUploadDataCap", "MinValue": "0", "MaxValue": "4294967295" } ] }, { "File": "DeliveryOptimization.admx", "CategoryName": "DeliveryOptimizationCat", "PolicyName": "MinBackgroundQos", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeliveryOptimization", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Minimum Background QoS (in KB/s)", "ExplainText": "Specifies the minimum download QoS (Quality of Service) in KiloBytes/sec for background downloads.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization" ], "Elements": [ { "Type": "Decimal", "ValueName": "DOMinBackgroundQos", "MinValue": "1", "MaxValue": "4294967295" } ] }, { "File": "DeliveryOptimization.admx", "CategoryName": "DeliveryOptimizationCat", "PolicyName": "ModifyCacheDrive", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeliveryOptimization", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Modify Cache Drive", "ExplainText": "Specifies the drive that Delivery Optimization should use for its cache. The drive location can be specified using environment variables, drive letter or using a full path.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization" ], "Elements": [ { "Type": "Text", "ValueName": "DOModifyCacheDrive" } ] }, { "File": "DeliveryOptimization.admx", "CategoryName": "DeliveryOptimizationCat", "PolicyName": "MaxBackgroundDownloadBandwidth", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeliveryOptimization", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Maximum Background Download Bandwidth (in KB/s)", "ExplainText": "Specifies the maximum background download bandwidth in KiloBytes/second that the device can use across all concurrent download activities using Delivery Optimization.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization" ], "Elements": [ { "Type": "Decimal", "ValueName": "DOMaxBackgroundDownloadBandwidth", "MinValue": "0", "MaxValue": "4294967295" } ] }, { "File": "DeliveryOptimization.admx", "CategoryName": "DeliveryOptimizationCat", "PolicyName": "MaxForegroundDownloadBandwidth", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeliveryOptimization", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Maximum Foreground Download Bandwidth (in KB/s)", "ExplainText": "Specifies the maximum foreground download bandwidth in KiloBytes/second that the device can use across all concurrent download activities using Delivery Optimization.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization" ], "Elements": [ { "Type": "Decimal", "ValueName": "DOMaxForegroundDownloadBandwidth", "MinValue": "0", "MaxValue": "4294967295" } ] }, { "File": "DeliveryOptimization.admx", "CategoryName": "DeliveryOptimizationCat", "PolicyName": "PercentageMaxBackgroundBandwidth", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeliveryOptimization", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Maximum Background Download Bandwidth (percentage)", "ExplainText": "Specifies the maximum background download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization" ], "Elements": [ { "Type": "Decimal", "ValueName": "DOPercentageMaxBackgroundBandwidth", "MinValue": "0", "MaxValue": "100" } ] }, { "File": "DeliveryOptimization.admx", "CategoryName": "DeliveryOptimizationCat", "PolicyName": "PercentageMaxForegroundBandwidth", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeliveryOptimization", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Maximum Foreground Download Bandwidth (percentage)", "ExplainText": "Specifies the maximum foreground download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization" ], "Elements": [ { "Type": "Decimal", "ValueName": "DOPercentageMaxForegroundBandwidth", "MinValue": "0", "MaxValue": "100" } ] }, { "File": "DeliveryOptimization.admx", "CategoryName": "DeliveryOptimizationCat", "PolicyName": "MinFileSizeToCache", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeliveryOptimization", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Minimum P2P Content File Size (in MB)", "ExplainText": "Specifies the minimum content file size in MB eligible to use P2P.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization" ], "Elements": [ { "Type": "Decimal", "ValueName": "DOMinFileSizeToCache", "MinValue": "1", "MaxValue": "100000" } ] }, { "File": "DeliveryOptimization.admx", "CategoryName": "DeliveryOptimizationCat", "PolicyName": "AllowVPNPeerCaching", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeliveryOptimization", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Enable P2P while the device connects via VPN", "ExplainText": "Specifies whether the device, with an active VPN connection, is allowed to participate in P2P or not.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization" ], "Elements": [ { "Type": "Boolean", "ValueName": "DOAllowVPNPeerCaching", "TrueValue": "1", "FalseValue": "0" } ] }, { "File": "DeliveryOptimization.admx", "CategoryName": "DeliveryOptimizationCat", "PolicyName": "MinRAMAllowedToPeer", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeliveryOptimization", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Minimum RAM capacity (inclusive) required to enable use of P2P (in GB)", "ExplainText": "Specifies the minimum total RAM size in GB required to use P2P.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization" ], "Elements": [ { "Type": "Decimal", "ValueName": "DOMinRAMAllowedToPeer", "MinValue": "1", "MaxValue": "100000" } ] }, { "File": "DeliveryOptimization.admx", "CategoryName": "DeliveryOptimizationCat", "PolicyName": "MinDiskSizeAllowedToPeer", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeliveryOptimization", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Minimum disk size allowed to use P2P (in GB)", "ExplainText": "Specifies the required minimum total disk size in GB for the device to use P2P.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization" ], "Elements": [ { "Type": "Decimal", "ValueName": "DOMinDiskSizeAllowedToPeer", "MinValue": "1", "MaxValue": "100000" } ] }, { "File": "DeliveryOptimization.admx", "CategoryName": "DeliveryOptimizationCat", "PolicyName": "MinBatteryPercentageAllowedToUpload", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeliveryOptimization", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Allow uploads while the device is on battery while under set Battery level (percentage)", "ExplainText": "Specifies the minimum battery level required for uploading to peers, while on battery power.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization" ], "Elements": [ { "Type": "Decimal", "ValueName": "DOMinBatteryPercentageAllowedToUpload", "MinValue": "0", "MaxValue": "100" } ] }, { "File": "DeliveryOptimization.admx", "CategoryName": "DeliveryOptimizationCat", "PolicyName": "CacheHost", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeliveryOptimization", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Cache Server Hostname", "ExplainText": "Specifies one or more Microsoft Connected Cache servers that will be used by your client(s). One or more values can be added as either fully qualified domain names (FQDN) or IP addresses. To add multiple values, separate each FQDN or IP address by commas.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization" ], "Elements": [ { "Type": "Text", "ValueName": "DOCacheHost" } ] }, { "File": "DeliveryOptimization.admx", "CategoryName": "DeliveryOptimizationCat", "PolicyName": "CacheHostSource", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeliveryOptimization", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Cache Server Hostname Source", "ExplainText": "Specifies how your client(s) can discover Microsoft Connected Cache servers dynamically.\n\n1 = DHCP Option 235\n2 = DHCP Option 235 Force", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization" ], "Elements": [ { "Type": "Enum", "ValueName": "DOCacheHostSource", "Items": [ { "DisplayName": "DHCP Option 235", "Data": "1" }, { "DisplayName": "DHCP Option 235 Force", "Data": "2" } ] } ] }, { "File": "DeliveryOptimization.admx", "CategoryName": "DeliveryOptimizationCat", "PolicyName": "DisallowCacheServerDownloadsOnVPN", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeliveryOptimization", "Supported": "Windows_11_0_22H2 - At least Windows 11 Version 22H2", "DisplayName": "Disallow downloads from Microsoft Connected Cache servers when the device connects via VPN", "ExplainText": "Specify to disallow downloads from Microsoft Connected Cache servers when the device connects via VPN. When unchecked the device is allowed to download from Microsoft Connected Cache when connected via VPN. Check the box to block these downloads.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization" ], "Elements": [ { "Type": "Boolean", "ValueName": "DODisallowCacheServerDownloadsOnVPN", "TrueValue": "1", "FalseValue": "0" } ] }, { "File": "DeliveryOptimization.admx", "CategoryName": "DeliveryOptimizationCat", "PolicyName": "GroupIdSource", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeliveryOptimization", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Select the source of Group IDs", "ExplainText": "Specifies the source of group ID used for peer selection.\n\n0 = Not Set\n1 = AD Site\n2 = Authenticated domain SID\n3 = DHCP Option ID\n4 = DNS Suffix\n5 = Entra ID Tenant ID", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization" ], "Elements": [ { "Type": "Enum", "ValueName": "DOGroupIdSource", "Items": [ { "DisplayName": "Not Set (0)", "Data": "0" }, { "DisplayName": "AD Site (1)", "Data": "1" }, { "DisplayName": "Authenticated domain SID (2)", "Data": "2" }, { "DisplayName": "DHCP Option ID (3)", "Data": "3" }, { "DisplayName": "DNS Suffix (4)", "Data": "4" }, { "DisplayName": "AAD Tenant ID (5)", "Data": "5" } ] } ] }, { "File": "DeliveryOptimization.admx", "CategoryName": "DeliveryOptimizationCat", "PolicyName": "DelayBackgroundDownloadFromHttp", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeliveryOptimization", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Delay background download from http (in seconds)", "ExplainText": "For background downloads that use P2P, specifies the time to wait before starting to download from the HTTP source.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization" ], "Elements": [ { "Type": "Decimal", "ValueName": "DODelayBackgroundDownloadFromHttp", "MinValue": "0", "MaxValue": "4294967295" } ] }, { "File": "DeliveryOptimization.admx", "CategoryName": "DeliveryOptimizationCat", "PolicyName": "DelayForegroundDownloadFromHttp", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeliveryOptimization", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Delay Foreground download from http (in seconds)", "ExplainText": "For foreground downloads that use P2P, specifies the time to wait before starting to download from the HTTP source.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization" ], "Elements": [ { "Type": "Decimal", "ValueName": "DODelayForegroundDownloadFromHttp", "MinValue": "0", "MaxValue": "4294967295" } ] }, { "File": "DeliveryOptimization.admx", "CategoryName": "DeliveryOptimizationCat", "PolicyName": "DelayCacheServerFallbackBackground", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeliveryOptimization", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Delay Background download Cache Server fallback (in seconds)", "ExplainText": "For background downloads that use a cache server, specifies the time to wait before falling back to download from the original HTTP source.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization" ], "Elements": [ { "Type": "Decimal", "ValueName": "DODelayCacheServerFallbackBackground", "MinValue": "0", "MaxValue": "2592000" } ] }, { "File": "DeliveryOptimization.admx", "CategoryName": "DeliveryOptimizationCat", "PolicyName": "DelayCacheServerFallbackForeground", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeliveryOptimization", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Delay Foreground download Cache Server fallback (in seconds)", "ExplainText": "For foreground downloads that use a cache server, specifies the time to wait before falling back to download from the original HTTP source.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization" ], "Elements": [ { "Type": "Decimal", "ValueName": "DODelayCacheServerFallbackForeground", "MinValue": "0", "MaxValue": "2592000" } ] }, { "File": "DeliveryOptimization.admx", "CategoryName": "DeliveryOptimizationCat", "PolicyName": "RestrictPeerSelectionBy", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeliveryOptimization", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Select a method to restrict Peer Selection", "ExplainText": "Specifies to restrict peer selection using the selected method, in addition to the DownloadMode policy.\n\n0 = None\n1 = Subnet mask\n2 = Local discovery (DNS-SD)", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization" ], "Elements": [ { "Type": "Enum", "ValueName": "DORestrictPeerSelectionBy", "Items": [ { "DisplayName": "None", "Data": "0" }, { "DisplayName": "Subnet mask", "Data": "1" }, { "DisplayName": "Local discovery (DNS-SD)", "Data": "2" } ] } ] }, { "File": "DeliveryOptimization.admx", "CategoryName": "DeliveryOptimizationCat", "PolicyName": "VpnKeywords", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeliveryOptimization", "Supported": "Windows_11_0_22H2 - At least Windows 11 Version 22H2", "DisplayName": "VPN Keywords", "ExplainText": "Specifies one or more keywords used to recognize VPN connections. To add multiple keywords, separate each by a comma.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization" ], "Elements": [ { "Type": "Text", "ValueName": "DOVpnKeywords" } ] }, { "File": "DeliveryOptimization.admx", "CategoryName": "DeliveryOptimizationCat", "PolicyName": "SetHoursToLimitBackgroundDownloadBandwidth", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeliveryOptimization", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Set Business Hours to Limit Background Download Bandwidth", "ExplainText": "Specifies the maximum background download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization" ], "ClientExtension": "{CFF649BD-601D-4361-AD3D-0FC365DB4DB7}", "Elements": [ { "Type": "Enum", "ValueName": "DOSetHoursToLimitBackgroundDownloadBandwidth_From", "Items": [ { "DisplayName": "12 AM", "Data": "0" }, { "DisplayName": "1 AM", "Data": "1" }, { "DisplayName": "2 AM", "Data": "2" }, { "DisplayName": "3 AM", "Data": "3" }, { "DisplayName": "4 AM", "Data": "4" }, { "DisplayName": "5 AM", "Data": "5" }, { "DisplayName": "6 AM", "Data": "6" }, { "DisplayName": "7 AM", "Data": "7" }, { "DisplayName": "8 AM", "Data": "8" }, { "DisplayName": "9 AM", "Data": "9" }, { "DisplayName": "10 AM", "Data": "10" }, { "DisplayName": "11 AM", "Data": "11" }, { "DisplayName": "12 PM", "Data": "12" }, { "DisplayName": "1 PM", "Data": "13" }, { "DisplayName": "2 PM", "Data": "14" }, { "DisplayName": "3 PM", "Data": "15" }, { "DisplayName": "4 PM", "Data": "16" }, { "DisplayName": "5 PM", "Data": "17" }, { "DisplayName": "6 PM", "Data": "18" }, { "DisplayName": "7 PM", "Data": "19" }, { "DisplayName": "8 PM", "Data": "20" }, { "DisplayName": "9 PM", "Data": "21" }, { "DisplayName": "10 PM", "Data": "22" }, { "DisplayName": "11 PM", "Data": "23" } ], "Required": true }, { "Type": "Enum", "ValueName": "DOSetHoursToLimitBackgroundDownloadBandwidth_To", "Items": [ { "DisplayName": "12 AM", "Data": "0" }, { "DisplayName": "1 AM", "Data": "1" }, { "DisplayName": "2 AM", "Data": "2" }, { "DisplayName": "3 AM", "Data": "3" }, { "DisplayName": "4 AM", "Data": "4" }, { "DisplayName": "5 AM", "Data": "5" }, { "DisplayName": "6 AM", "Data": "6" }, { "DisplayName": "7 AM", "Data": "7" }, { "DisplayName": "8 AM", "Data": "8" }, { "DisplayName": "9 AM", "Data": "9" }, { "DisplayName": "10 AM", "Data": "10" }, { "DisplayName": "11 AM", "Data": "11" }, { "DisplayName": "12 PM", "Data": "12" }, { "DisplayName": "1 PM", "Data": "13" }, { "DisplayName": "2 PM", "Data": "14" }, { "DisplayName": "3 PM", "Data": "15" }, { "DisplayName": "4 PM", "Data": "16" }, { "DisplayName": "5 PM", "Data": "17" }, { "DisplayName": "6 PM", "Data": "18" }, { "DisplayName": "7 PM", "Data": "19" }, { "DisplayName": "8 PM", "Data": "20" }, { "DisplayName": "9 PM", "Data": "21" }, { "DisplayName": "10 PM", "Data": "22" }, { "DisplayName": "11 PM", "Data": "23" } ], "Required": true }, { "Type": "Decimal", "ValueName": "DOSetHoursToLimitBackgroundDownloadBandwidth_In", "MinValue": "0", "MaxValue": "100" }, { "Type": "Decimal", "ValueName": "DOSetHoursToLimitBackgroundDownloadBandwidth_Out", "MinValue": "0", "MaxValue": "100" } ] }, { "File": "DeliveryOptimization.admx", "CategoryName": "DeliveryOptimizationCat", "PolicyName": "SetHoursToLimitForegroundDownloadBandwidth", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeliveryOptimization", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Set Business Hours to Limit Foreground Download Bandwidth", "ExplainText": "Specifies the maximum foreground download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization" ], "ClientExtension": "{CFF649BD-601D-4361-AD3D-0FC365DB4DB7}", "Elements": [ { "Type": "Enum", "ValueName": "DOSetHoursToLimitForegroundDownloadBandwidth_From", "Items": [ { "DisplayName": "12 AM", "Data": "0" }, { "DisplayName": "1 AM", "Data": "1" }, { "DisplayName": "2 AM", "Data": "2" }, { "DisplayName": "3 AM", "Data": "3" }, { "DisplayName": "4 AM", "Data": "4" }, { "DisplayName": "5 AM", "Data": "5" }, { "DisplayName": "6 AM", "Data": "6" }, { "DisplayName": "7 AM", "Data": "7" }, { "DisplayName": "8 AM", "Data": "8" }, { "DisplayName": "9 AM", "Data": "9" }, { "DisplayName": "10 AM", "Data": "10" }, { "DisplayName": "11 AM", "Data": "11" }, { "DisplayName": "12 PM", "Data": "12" }, { "DisplayName": "1 PM", "Data": "13" }, { "DisplayName": "2 PM", "Data": "14" }, { "DisplayName": "3 PM", "Data": "15" }, { "DisplayName": "4 PM", "Data": "16" }, { "DisplayName": "5 PM", "Data": "17" }, { "DisplayName": "6 PM", "Data": "18" }, { "DisplayName": "7 PM", "Data": "19" }, { "DisplayName": "8 PM", "Data": "20" }, { "DisplayName": "9 PM", "Data": "21" }, { "DisplayName": "10 PM", "Data": "22" }, { "DisplayName": "11 PM", "Data": "23" } ], "Required": true }, { "Type": "Enum", "ValueName": "DOSetHoursToLimitForegroundDownloadBandwidth_To", "Items": [ { "DisplayName": "12 AM", "Data": "0" }, { "DisplayName": "1 AM", "Data": "1" }, { "DisplayName": "2 AM", "Data": "2" }, { "DisplayName": "3 AM", "Data": "3" }, { "DisplayName": "4 AM", "Data": "4" }, { "DisplayName": "5 AM", "Data": "5" }, { "DisplayName": "6 AM", "Data": "6" }, { "DisplayName": "7 AM", "Data": "7" }, { "DisplayName": "8 AM", "Data": "8" }, { "DisplayName": "9 AM", "Data": "9" }, { "DisplayName": "10 AM", "Data": "10" }, { "DisplayName": "11 AM", "Data": "11" }, { "DisplayName": "12 PM", "Data": "12" }, { "DisplayName": "1 PM", "Data": "13" }, { "DisplayName": "2 PM", "Data": "14" }, { "DisplayName": "3 PM", "Data": "15" }, { "DisplayName": "4 PM", "Data": "16" }, { "DisplayName": "5 PM", "Data": "17" }, { "DisplayName": "6 PM", "Data": "18" }, { "DisplayName": "7 PM", "Data": "19" }, { "DisplayName": "8 PM", "Data": "20" }, { "DisplayName": "9 PM", "Data": "21" }, { "DisplayName": "10 PM", "Data": "22" }, { "DisplayName": "11 PM", "Data": "23" } ], "Required": true }, { "Type": "Decimal", "ValueName": "DOSetHoursToLimitForegroundDownloadBandwidth_In", "MinValue": "0", "MaxValue": "100" }, { "Type": "Decimal", "ValueName": "DOSetHoursToLimitForegroundDownloadBandwidth_Out", "MinValue": "0", "MaxValue": "100" } ] }, { "File": "Desktop.admx", "CategoryName": "ActiveDesktop", "PolicyName": "ForceActiveDesktopOn", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsDesktop", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Enable Active Desktop", "ExplainText": "Enables Active Desktop and prevents users from disabling it.\n\nThis setting prevents users from trying to enable or disable Active Desktop while a policy controls it.\n\nIf you disable this setting or do not configure it, Active Desktop is disabled by default, but users can enable it.\n\nNote: If both the \"Enable Active Desktop\" setting and the \"Disable Active Desktop\" setting are enabled, the \"Disable Active Desktop\" setting is ignored. If the \"Turn on Classic Shell\" setting ( in User Configuration\\Administrative Templates\\Windows Components\\Windows Explorer) is enabled, Active Desktop is disabled, and both of these policies are ignored.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "ForceActiveDesktopOn", "Elements": [] }, { "File": "Desktop.admx", "CategoryName": "ActiveDesktop", "PolicyName": "NoActiveDesktop", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsDesktop", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Disable Active Desktop", "ExplainText": "Disables Active Desktop and prevents users from enabling it.\n\nThis setting prevents users from trying to enable or disable Active Desktop while a policy controls it.\n\nIf you disable this setting or do not configure it, Active Desktop is disabled by default, but users can enable it.\n\nNote: If both the \"Enable Active Desktop\" setting and the \"Disable Active Desktop\" setting are enabled, the \"Disable Active Desktop\" setting is ignored. If the \"Turn on Classic Shell\" setting (in User Configuration\\Administrative Templates\\Windows Components\\Windows Explorer) is enabled, Active Desktop is disabled, and both these policies are ignored.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoActiveDesktop", "Elements": [] }, { "File": "Desktop.admx", "CategoryName": "ActiveDesktop", "PolicyName": "NoActiveDesktopChanges", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsDesktop", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Prohibit changes", "ExplainText": "Prevents the user from enabling or disabling Active Desktop or changing the Active Desktop configuration.\n\nThis is a comprehensive setting that locks down the configuration you establish by using other policies in this folder. This setting removes the Web tab from Display in Control Panel. As a result, users cannot enable or disable Active Desktop. If Active Desktop is already enabled, users cannot add, remove, or edit Web content or disable, lock, or synchronize Active Desktop components.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoActiveDesktopChanges", "Elements": [] }, { "File": "Desktop.admx", "CategoryName": "ActiveDesktop", "PolicyName": "sz_AdminComponents_Title", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsDesktop", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Add/Delete items", "ExplainText": "Adds and deletes specified Web content items.\n\nYou can use the \"Add\" box in this setting to add particular Web-based items or shortcuts to users' desktops. Users can close or delete the items (if settings allow), but the items are added again each time the setting is refreshed.\n\nYou can also use this setting to delete particular Web-based items from users' desktops. Users can add the item again (if settings allow), but the item is deleted each time the setting is refreshed.\n\nNote: Removing an item from the \"Add\" list for this setting is not the same as deleting it. Items that are removed from the \"Add\" list are not removed from the desktop. They are simply not added again.\n\nNote: For this setting to take affect, you must log off and log on to the system.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\ActiveDesktop\\AdminComponent" ], "Elements": [ { "Type": "Text", "ValueName": "Add" }, { "Type": "Text", "ValueName": "Delete" } ] }, { "File": "Desktop.admx", "CategoryName": "ActiveDesktop", "PolicyName": "sz_ATC_DisableAdd", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsDesktop", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Prohibit adding items", "ExplainText": "Prevents users from adding Web content to their Active Desktop.\n\nThis setting removes the \"New\" button from Web tab in Display in Control Panel. As a result, users cannot add Web pages or pictures from the Internet or an intranet to the desktop. This setting does not remove existing Web content from their Active Desktop, or prevent users from removing existing Web content.\n\nAlso, see the \"Disable all items\" setting.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\ActiveDesktop" ], "ValueName": "NoAddingComponents", "Elements": [] }, { "File": "Desktop.admx", "CategoryName": "ActiveDesktop", "PolicyName": "sz_ATC_DisableClose", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsDesktop", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Prohibit closing items", "ExplainText": "Prevents users from removing Web content from their Active Desktop.\n\nIn Active Desktop, you can add items to the desktop but close them so they are not displayed.\n\nIf you enable this setting, items added to the desktop cannot be closed; they always appear on the desktop. This setting removes the check boxes from items on the Web tab in Display in Control Panel.\n\nNote: This setting does not prevent users from deleting items from their Active Desktop.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\ActiveDesktop" ], "ValueName": "NoClosingComponents", "Elements": [] }, { "File": "Desktop.admx", "CategoryName": "ActiveDesktop", "PolicyName": "sz_ATC_DisableDel", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsDesktop", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Prohibit deleting items", "ExplainText": "Prevents users from deleting Web content from their Active Desktop.\n\nThis setting removes the Delete button from the Web tab in Display in Control Panel. As a result, users can temporarily remove, but not delete, Web content from their Active Desktop.\n\nThis setting does not prevent users from adding Web content to their Active Desktop.\n\nAlso, see the \"Prohibit closing items\" and \"Disable all items\" settings.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\ActiveDesktop" ], "ValueName": "NoDeletingComponents", "Elements": [] }, { "File": "Desktop.admx", "CategoryName": "ActiveDesktop", "PolicyName": "sz_ATC_DisableEdit", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsDesktop", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Prohibit editing items", "ExplainText": "Prevents users from changing the properties of Web content items on their Active Desktop.\n\nThis setting disables the Properties button on the Web tab in Display in Control Panel. Also, it removes the Properties item from the menu for each item on the Active Desktop. As a result, users cannot change the properties of an item, such as its synchronization schedule, password, or display characteristics.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\ActiveDesktop" ], "ValueName": "NoEditingComponents", "Elements": [] }, { "File": "Desktop.admx", "CategoryName": "ActiveDesktop", "PolicyName": "sz_ATC_NoComponents", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsDesktop", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Disable all items", "ExplainText": "Removes Active Desktop content and prevents users from adding Active Desktop content.\n\nThis setting removes all Active Desktop items from the desktop. It also removes the Web tab from Display in Control Panel. As a result, users cannot add Web pages or pictures from the Internet or an intranet to the desktop.\n\nNote: This setting does not disable Active Desktop. Users can still use image formats, such as JPEG and GIF, for their desktop wallpaper.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\ActiveDesktop" ], "ValueName": "NoComponents", "Elements": [] }, { "File": "Desktop.admx", "CategoryName": "ActiveDesktop", "PolicyName": "sz_DWP_NoHTMLPaper", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsDesktop", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Allow only bitmapped wallpaper", "ExplainText": "Permits only bitmap images for wallpaper. This setting limits the desktop background (\"wallpaper\") to bitmap (.bmp) files. If users select files with other image formats, such as JPEG, GIF, PNG, or HTML, through the Browse button on the Desktop tab, the wallpaper does not load. Files that are autoconverted to a .bmp format, such as JPEG, GIF, and PNG, can be set as Wallpaper by right-clicking the image and selecting \"Set as Wallpaper\".\n\nAlso, see the \"Desktop Wallpaper\" and the \"Prevent changing wallpaper\" (in User Configuration\\Administrative Templates\\Control Panel\\Display) settings.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\ActiveDesktop" ], "ValueName": "NoHTMLWallPaper", "Elements": [] }, { "File": "Desktop.admx", "CategoryName": "ActiveDesktop", "PolicyName": "Wallpaper", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsDesktop", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Desktop Wallpaper", "ExplainText": "Specifies the desktop background (\"wallpaper\") displayed on all users' desktops.\n\nThis setting lets you specify the wallpaper on users' desktops and prevents users from changing the image or its presentation. The wallpaper you specify can be stored in a bitmap (*.bmp) or JPEG (*.jpg) file.\n\nTo use this setting, type the fully qualified path and name of the file that stores the wallpaper image. You can type a local path, such as C:\\Windows\\web\\wallpaper\\home.jpg or a UNC path, such as \\\\Server\\Share\\Corp.jpg. If the specified file is not available when the user logs on, no wallpaper is displayed. Users cannot specify alternative wallpaper. You can also use this setting to specify that the wallpaper image be centered, tiled, or stretched. Users cannot change this specification.\n\nIf you disable this setting or do not configure it, no wallpaper is displayed. However, users can select the wallpaper of their choice.\n\nAlso, see the \"Allow only bitmapped wallpaper\" in the same location, and the \"Prevent changing wallpaper\" setting in User Configuration\\Administrative Templates\\Control Panel.\n\nNote: This setting does not apply to remote desktop server sessions.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "Elements": [ { "Type": "Text", "ValueName": "Wallpaper", "Required": true }, { "Type": "Enum", "ValueName": "WallpaperStyle", "Items": [ { "DisplayName": "Center", "Data": "0" }, { "DisplayName": "Tile", "Data": "1" }, { "DisplayName": "Stretch", "Data": "2" }, { "DisplayName": "Fit", "Data": "3" }, { "DisplayName": "Fill", "Data": "4" }, { "DisplayName": "Span", "Data": "5" } ], "Required": true } ] }, { "File": "Desktop.admx", "CategoryName": "ActiveDirectory", "PolicyName": "AD_EnableFilter", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsDesktop", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Enable filter in Find dialog box", "ExplainText": "Displays the filter bar above the results of an Active Directory search. The filter bar consists of buttons for applying additional filters to search results.\n\nIf you enable this setting, the filter bar appears when the Active Directory Find dialog box opens, but users can hide it.\n\nIf you disable this setting or do not configure it, the filter bar does not appear, but users can display it by selecting \"Filter\" on the \"View\" menu.\n\nTo see the filter bar, open Network Locations, click Entire Network, and then click Directory. Right-click the name of a Windows domain, and click Find. Type the name of an object in the directory, such as \"Administrator.\" If the filter bar does not appear above the resulting display, on the View menu, click Filter.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Directory UI" ], "ValueName": "EnableFilter", "Elements": [] }, { "File": "Desktop.admx", "CategoryName": "ActiveDirectory", "PolicyName": "AD_HideDirectoryFolder", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsDesktop", "Supported": "Win2kOnly - Windows 2000 only", "DisplayName": "Hide Active Directory folder", "ExplainText": "Hides the Active Directory folder in Network Locations.\n\nThe Active Directory folder displays Active Directory objects in a browse window.\n\nIf you enable this setting, the Active Directory folder does not appear in the Network Locations folder.\n\nIf you disable this setting or do not configure it, the Active Directory folder appears in the Network Locations folder.\n\nThis setting is designed to let users search Active Directory but not tempt them to casually browse Active Directory.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Directory UI" ], "ValueName": "HideDirectoryFolder", "Elements": [] }, { "File": "Desktop.admx", "CategoryName": "ActiveDirectory", "PolicyName": "AD_QueryLimit", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsDesktop", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Maximum size of Active Directory searches", "ExplainText": "Specifies the maximum number of objects the system displays in response to a command to browse or search Active Directory. This setting affects all browse displays associated with Active Directory, such as those in Local Users and Groups, Active Directory Users and Computers, and dialog boxes used to set permissions for user or group objects in Active Directory.\n\nIf you enable this setting, you can use the \"Number of objects returned\" box to limit returns from an Active Directory search.\n\nIf you disable this setting or do not configure it, the system displays up to 10,000 objects. This consumes approximately 2 MB of memory or disk space.\n\nThis setting is designed to protect the network and the domain controller from the effect of expansive searches.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Directory UI" ], "Elements": [ { "Type": "Decimal", "ValueName": "QueryLimit", "MinValue": "0", "MaxValue": "4000000000", "Required": true } ] }, { "File": "Desktop.admx", "CategoryName": "Desktop", "PolicyName": "DisablePersonalDirChange", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsDesktop", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Prohibit User from manually redirecting Profile Folders", "ExplainText": "Prevents users from changing the path to their profile folders.\n\nBy default, a user can change the location of their individual profile folders like Documents, Music etc. by typing a new path in the Locations tab of the folder's Properties dialog box.\n\nIf you enable this setting, users are unable to type a new location in the Target box.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "DisablePersonalDirChange", "Elements": [] }, { "File": "Desktop.admx", "CategoryName": "Desktop", "PolicyName": "NoDesktop", "Class": "Both", "NameSpace": "Microsoft.Policies.WindowsDesktop", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Hide and disable all items on the desktop", "ExplainText": "Removes icons, shortcuts, and other default and user-defined items from the desktop, including Briefcase, Recycle Bin, Computer, and Network Locations.\n\nRemoving icons and shortcuts does not prevent the user from using another method to start the programs or opening the items they represent.\n\nAlso, see \"Items displayed in Places Bar\" in User Configuration\\Administrative Templates\\Windows Components\\Common Open File Dialog to remove the Desktop icon from the Places Bar. This will help prevent users from saving data to the Desktop.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoDesktop", "Elements": [] }, { "File": "Desktop.admx", "CategoryName": "Desktop", "PolicyName": "NoDesktopCleanupWizard", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsDesktop", "Supported": "WindowsXPOrServerOnly - Windows Server 2003 and Windows XP only", "DisplayName": "Remove the Desktop Cleanup Wizard", "ExplainText": "Prevents users from using the Desktop Cleanup Wizard.\n\nIf you enable this setting, the Desktop Cleanup wizard does not automatically run on a users workstation every 60 days. The user will also not be able to access the Desktop Cleanup Wizard.\n\nIf you disable this setting or do not configure it, the default behavior of the Desktop Clean Wizard running every 60 days occurs.\n\nNote: When this setting is not enabled, users can run the Desktop Cleanup Wizard, or have it run automatically every 60 days from Display, by clicking the Desktop tab and then clicking the Customize Desktop button.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoDesktopCleanupWizard", "Elements": [] }, { "File": "Desktop.admx", "CategoryName": "Desktop", "PolicyName": "NoInternetIcon", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsDesktop", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Hide Internet Explorer icon on desktop", "ExplainText": "Removes the Internet Explorer icon from the desktop and from the Quick Launch bar on the taskbar.\n\nThis setting does not prevent the user from starting Internet Explorer by using other methods.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoInternetIcon", "Elements": [] }, { "File": "Desktop.admx", "CategoryName": "Desktop", "PolicyName": "NoMyComputerIcon", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsDesktop", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Remove Computer icon on the desktop", "ExplainText": "This setting hides Computer from the desktop and from the new Start menu. It also hides links to Computer in the Web view of all Explorer windows, and it hides Computer in the Explorer folder tree pane. If the user navigates into Computer via the \"Up\" button while this setting is enabled, they view an empty Computer folder. This setting allows administrators to restrict their users from seeing Computer in the shell namespace, allowing them to present their users with a simpler desktop environment.\n\nIf you enable this setting, Computer is hidden on the desktop, the new Start menu, the Explorer folder tree pane, and the Explorer Web views. If the user manages to navigate to Computer, the folder will be empty.\n\nIf you disable this setting, Computer is displayed as usual, appearing as normal on the desktop, Start menu, folder tree pane, and Web views, unless restricted by another setting.\n\nIf you do not configure this setting, the default is to display Computer as usual.\n\nNote: In operating systems earlier than Microsoft Windows Vista, this policy applies to the My Computer icon. Hiding Computer and its contents does not hide the contents of the child folders of Computer. For example, if the users navigate into one of their hard drives, they see all of their folders and files there, even if this setting is enabled.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum" ], "ValueName": "{20D04FE0-3AEA-1069-A2D8-08002B30309D}", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Desktop.admx", "CategoryName": "Desktop", "PolicyName": "NoMyDocumentsIcon", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsDesktop", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Remove My Documents icon on the desktop", "ExplainText": "Removes most occurrences of the My Documents icon.\n\nThis setting removes the My Documents icon from the desktop, from File Explorer, from programs that use the File Explorer windows, and from the standard Open dialog box.\n\nThis setting does not prevent the user from using other methods to gain access to the contents of the My Documents folder.\n\nThis setting does not remove the My Documents icon from the Start menu. To do so, use the \"Remove My Documents icon from Start Menu\" setting.\n\nNote: To make changes to this setting effective, you must log off from and log back on to Windows 2000 Professional.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum" ], "ValueName": "{450D8FBA-AD25-11D0-98A8-0800361B1103}", "Elements": [] }, { "File": "Desktop.admx", "CategoryName": "Desktop", "PolicyName": "NoNetHood", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsDesktop", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Hide Network Locations icon on desktop", "ExplainText": "Removes the Network Locations icon from the desktop.\n\nThis setting only affects the desktop icon. It does not prevent users from connecting to the network or browsing for shared computers on the network.\n\nNote: In operating systems earlier than Microsoft Windows Vista, this policy applies to the My Network Places icon.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoNetHood", "Elements": [] }, { "File": "Desktop.admx", "CategoryName": "Desktop", "PolicyName": "NoPropertiesMyComputer", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsDesktop", "Supported": "Win2kSP3 - At least Windows 2000 Service Pack 3", "DisplayName": "Remove Properties from the Computer icon context menu", "ExplainText": "This setting hides Properties on the context menu for Computer.\n\nIf you enable this setting, the Properties option will not be present when the user right-clicks My Computer or clicks Computer and then goes to the File menu. Likewise, Alt-Enter does nothing when Computer is selected.\n\nIf you disable or do not configure this setting, the Properties option is displayed as usual.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoPropertiesMyComputer", "Elements": [] }, { "File": "Desktop.admx", "CategoryName": "Desktop", "PolicyName": "NoPropertiesMyDocuments", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsDesktop", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Remove Properties from the Documents icon context menu", "ExplainText": "This policy setting hides the Properties menu command on the shortcut menu for the My Documents icon.\n\nIf you enable this policy setting, the Properties menu command will not be displayed when the user does any of the following:\n\nRight-clicks the My Documents icon.\nClicks the My Documents icon, and then opens the File menu.\nClicks the My Documents icon, and then presses ALT+ENTER.\n\nIf you disable or do not configure this policy setting, the Properties menu command is displayed.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoPropertiesMyDocuments", "Elements": [] }, { "File": "Desktop.admx", "CategoryName": "Desktop", "PolicyName": "NoRecentDocsNetHood", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsDesktop", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Do not add shares of recently opened documents to Network Locations", "ExplainText": "Remote shared folders are not added to Network Locations whenever you open a document in the shared folder.\n\nIf you disable this setting or do not configure it, when you open a document in a remote shared folder, the system adds a connection to the shared folder to Network Locations.\n\nIf you enable this setting, shared folders are not added to Network Locations automatically when you open a document in the shared folder.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoRecentDocsNetHood", "Elements": [] }, { "File": "Desktop.admx", "CategoryName": "Desktop", "PolicyName": "NoRecycleBinIcon", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsDesktop", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Remove Recycle Bin icon from desktop", "ExplainText": "Removes most occurrences of the Recycle Bin icon.\n\nThis setting removes the Recycle Bin icon from the desktop, from File Explorer, from programs that use the File Explorer windows, and from the standard Open dialog box.\n\nThis setting does not prevent the user from using other methods to gain access to the contents of the Recycle Bin folder.\n\nNote: To make changes to this setting effective, you must log off and then log back on.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum" ], "ValueName": "{645FF040-5081-101B-9F08-00AA002F954E}", "Elements": [] }, { "File": "Desktop.admx", "CategoryName": "Desktop", "PolicyName": "NoRecycleBinProperties", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsDesktop", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Remove Properties from the Recycle Bin context menu", "ExplainText": "Removes the Properties option from the Recycle Bin context menu.\n\nIf you enable this setting, the Properties option will not be present when the user right-clicks on Recycle Bin or opens Recycle Bin and then clicks File. Likewise, Alt-Enter does nothing when Recycle Bin is selected.\n\nIf you disable or do not configure this setting, the Properties option is displayed as usual.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoPropertiesRecycleBin", "Elements": [] }, { "File": "Desktop.admx", "CategoryName": "Desktop", "PolicyName": "NoSaveSettings", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsDesktop", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Don't save settings at exit", "ExplainText": "Prevents users from saving certain changes to the desktop.\n\nIf you enable this setting, users can change the desktop, but some changes, such as the position of open windows or the size and position of the taskbar, are not saved when users log off. However, shortcuts placed on the desktop are always saved.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoSaveSettings", "Elements": [] }, { "File": "Desktop.admx", "CategoryName": "Desktop", "PolicyName": "sz_DB_DragDropClose", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsDesktop", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Prevent adding, dragging, dropping and closing the Taskbar's toolbars", "ExplainText": "Prevents users from manipulating desktop toolbars.\n\nIf you enable this setting, users cannot add or remove toolbars from the desktop. Also, users cannot drag toolbars on to or off of docked toolbars.\n\nNote: If users have added or removed toolbars, this setting prevents them from restoring the default configuration.\n\nTip: To view the toolbars that can be added to the desktop, right-click a docked toolbar (such as the taskbar beside the Start button), and point to \"Toolbars.\"\n\nAlso, see the \"Prohibit adjusting desktop toolbars\" setting.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoCloseDragDropBands", "Elements": [] }, { "File": "Desktop.admx", "CategoryName": "Desktop", "PolicyName": "sz_DB_Moving", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsDesktop", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Prohibit adjusting desktop toolbars", "ExplainText": "Prevents users from adjusting the length of desktop toolbars. Also, users cannot reposition items or toolbars on docked toolbars.\n\nThis setting does not prevent users from adding or removing toolbars on the desktop.\n\nNote: If users have adjusted their toolbars, this setting prevents them from restoring the default configuration.\n\nAlso, see the \"Prevent adding, dragging, dropping and closing the Taskbar's toolbars\" setting.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoMovingBands", "Elements": [] }, { "File": "Desktop.admx", "CategoryName": "Desktop", "PolicyName": "NoWindowMinimizingShortcuts", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsDesktop", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Turn off Aero Shake window minimizing mouse gesture", "ExplainText": "Prevents windows from being minimized or restored when the active window is shaken back and forth with the mouse.\n\nIf you enable this policy, application windows will not be minimized or restored when the active window is shaken back and forth with the mouse.\n\nIf you disable or do not configure this policy, this window minimizing and restoring gesture will apply.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "NoWindowMinimizingShortcuts", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Desktop.admx", "CategoryName": "Desktop", "PolicyName": "EnableThemeFileRemoteResource", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDesktop", "Supported": "Windows_11_0_22H2 - At least Windows 11 Version 22H2", "DisplayName": "Allow theme files from network locations", "ExplainText": "This policy setting determines whether remote paths can be used for resources inside of a Windows desktop theme (.theme/.themepack) file.\n\nIf you enable this policy setting, theme files can reference resources (such as images, sounds, and icons) located on network shares or other remote locations. Users will be able to apply themes that contain remote resources.\n\nIf you disable this policy setting, theme files cannot use remote resources. Any theme file that references remote resources will fail to load those resources, and only local resources will be displayed.\n\nIf you do not configure this policy setting, the default behavior is to block remote resources in theme files for security reasons.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Themes" ], "ValueName": "EnableThemeFileRemoteResource", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DesktopAppInstaller.admx", "CategoryName": "AppInstaller", "PolicyName": "EnableAppInstaller", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppInstaller", "Supported": "Windows_10_0_RS5 - At least Windows Server 2016, Windows 10 Version 1809", "DisplayName": "Enable App Installer", "ExplainText": "This policy controls whether the Windows Package Manager can be used by users.\n\nIf you enable or do not configure this setting, users will be able to use the Windows Package Manager.\n\nIf you disable this setting, users will not be able to use the Windows Package Manager.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppInstaller" ], "ValueName": "EnableAppInstaller", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DesktopAppInstaller.admx", "CategoryName": "AppInstaller", "PolicyName": "EnableSettings", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppInstaller", "Supported": "Windows_10_0_RS5 - At least Windows Server 2016, Windows 10 Version 1809", "DisplayName": "Enable App Installer Settings", "ExplainText": "This policy controls whether users can change their settings.\n\nIf you enable or do not configure this setting, users will be able to change settings for the Windows Package Manager.\n\nIf you disable this setting, users will not be able to change settings for the Windows Package Manager.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppInstaller" ], "ValueName": "EnableSettings", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DesktopAppInstaller.admx", "CategoryName": "AppInstaller", "PolicyName": "EnableExperimentalFeatures", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppInstaller", "Supported": "Windows_10_0_RS5 - At least Windows Server 2016, Windows 10 Version 1809", "DisplayName": "Enable App Installer Experimental Features", "ExplainText": "This policy controls whether users can enable experimental features in the Windows Package Manager.\n\nIf you enable or do not configure this setting, users will be able to enable experimental features for the Windows Package Manager.\n\nIf you disable this setting, users will not be able to enable experimental features for the Windows Package Manager.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppInstaller" ], "ValueName": "EnableExperimentalFeatures", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DesktopAppInstaller.admx", "CategoryName": "AppInstaller", "PolicyName": "EnableLocalManifestFiles", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppInstaller", "Supported": "Windows_10_0_RS5 - At least Windows Server 2016, Windows 10 Version 1809", "DisplayName": "Enable App Installer Local Manifest Files", "ExplainText": "This policy controls whether users can install packages with local manifest files.\n\nIf you enable or do not configure this setting, users will be able to install packages with local manifests using the Windows Package Manager.\n\nIf you disable this setting, users will not be able to install packages with local manifests using the Windows Package Manager.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppInstaller" ], "ValueName": "EnableLocalManifestFiles", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DesktopAppInstaller.admx", "CategoryName": "AppInstaller", "PolicyName": "EnableBypassCertificatePinningForMicrosoftStore", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppInstaller", "Supported": "Windows_10_0_RS5 - At least Windows Server 2016, Windows 10 Version 1809", "DisplayName": "Enable App Installer Microsoft Store Source Certificate Validation Bypass", "ExplainText": "This policy controls whether the Windows Package Manager will validate the Microsoft Store certificate hash matches to a known Microsoft Store certificate when initiating a connection to the Microsoft Store Source.\n\nIf you enable this policy, the Windows Package Manager will bypass the Microsoft Store certificate validation.\n\nIf you disable this policy, the Windows Package Manager will validate the Microsoft Store certificate used is valid and belongs to the Microsoft Store before communicating with the Microsoft Store source.\n\nIf you do not configure this policy, the Windows Package Manager administrator settings will be adhered to.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppInstaller" ], "ValueName": "EnableBypassCertificatePinningForMicrosoftStore", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DesktopAppInstaller.admx", "CategoryName": "AppInstaller", "PolicyName": "EnableHashOverride", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppInstaller", "Supported": "Windows_10_0_RS5 - At least Windows Server 2016, Windows 10 Version 1809", "DisplayName": "Enable App Installer Hash Override", "ExplainText": "This policy controls whether or not the Windows Package Manager can be configured to enable the ability override the SHA256 security validation in settings.\n\nIf you enable or do not configure this policy, users will be able to enable the ability override the SHA256 security validation in the Windows Package Manager settings.\n\nIf you disable this policy, users will not be able to enable the ability override the SHA256 security validation in the Windows Package Manager settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppInstaller" ], "ValueName": "EnableHashOverride", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DesktopAppInstaller.admx", "CategoryName": "AppInstaller", "PolicyName": "EnableLocalArchiveMalwareScanOverride", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppInstaller", "Supported": "Windows_10_0_RS5 - At least Windows Server 2016, Windows 10 Version 1809", "DisplayName": "Enable App Installer Local Archive Malware Scan Override", "ExplainText": "This policy controls the ability to override malware vulnerability scans when installing an archive file using a local manifest using the command line arguments.\n\nIf you enable this policy, users can override the malware scan when performing a local manifest install of an archive file.\n\nIf you disable this policy, users will be unable to override the malware scan of an archive file when installing using a local manifest.\n\nIf you do not configure this policy, the Windows Package Manager administrator settings will be adhered to.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppInstaller" ], "ValueName": "EnableLocalArchiveMalwareScanOverride", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DesktopAppInstaller.admx", "CategoryName": "AppInstaller", "PolicyName": "EnableDefaultSource", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppInstaller", "Supported": "Windows_10_0_RS5 - At least Windows Server 2016, Windows 10 Version 1809", "DisplayName": "Enable App Installer Default Source", "ExplainText": "This policy controls the default source included with the Windows Package Manager.\n\nIf you do not configure this setting, the default source for the Windows Package Manager will be available and can be removed.\n\nIf you enable this setting, the default source for the Windows Package Manager will be available and cannot be removed.\n\nIf you disable this setting the default source for the Windows Package Manager will not be available.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppInstaller" ], "ValueName": "EnableDefaultSource", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DesktopAppInstaller.admx", "CategoryName": "AppInstaller", "PolicyName": "EnableMicrosoftStoreSource", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppInstaller", "Supported": "Windows_10_0_RS5 - At least Windows Server 2016, Windows 10 Version 1809", "DisplayName": "Enable App Installer Microsoft Store Source", "ExplainText": "This policy controls the Microsoft Store source included with the Windows Package Manager.\n\nIf you do not configure this setting, the Microsoft Store source for the Windows Package manager will be available and can be removed.\n\nIf you enable this setting, the Microsoft Store source for the Windows Package Manager will be available and cannot be removed.\n\nIf you disable this setting the Microsoft Store source for the Windows Package Manager will not be available.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppInstaller" ], "ValueName": "EnableMicrosoftStoreSource", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DesktopAppInstaller.admx", "CategoryName": "AppInstaller", "PolicyName": "SourceAutoUpdateInterval", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppInstaller", "Supported": "Windows_10_0_RS5 - At least Windows Server 2016, Windows 10 Version 1809", "DisplayName": "Set App Installer Source Auto Update Interval In Minutes", "ExplainText": "This policy controls the auto-update interval for package-based sources. The default source for Windows Package Manager is configured such that an index of the packages is cached on the local machine. The index is downloaded when a user invokes a command, and the interval has passed.\n\nIf you disable or do not configure this setting, the default interval or the value specified in the Windows Package Manager settings will be used.\n\nIf you enable this setting, the number of minutes specified will be used by the Windows Package Manager.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppInstaller" ], "Elements": [ { "Type": "Decimal", "ValueName": "SourceAutoUpdateInterval", "MinValue": "0", "MaxValue": "43200" } ] }, { "File": "DesktopAppInstaller.admx", "CategoryName": "AppInstaller", "PolicyName": "EnableAdditionalSources", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppInstaller", "Supported": "Windows_10_0_RS5 - At least Windows Server 2016, Windows 10 Version 1809", "DisplayName": "Enable App Installer Additional Sources", "ExplainText": "This policy controls additional sources provided by the enterprise IT administrator.\n\nIf you do not configure this policy, no additional sources will be configured for the Windows Package Manager.\n\nIf you enable this policy, the additional sources will be added to the Windows Package Manager and cannot be removed. The representation for each additional source can be obtained from installed sources using 'winget source export'.\n\nIf you disable this policy, no additional sources can be configured for the Windows Package Manager.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppInstaller" ], "ValueName": "EnableAdditionalSources", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppInstaller\\AdditionalSources" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DesktopAppInstaller.admx", "CategoryName": "AppInstaller", "PolicyName": "EnableAllowedSources", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppInstaller", "Supported": "Windows_10_0_RS5 - At least Windows Server 2016, Windows 10 Version 1809", "DisplayName": "Enable App Installer Allowed Sources", "ExplainText": "This policy controls additional sources allowed by the enterprise IT administrator.\n\nIf you do not configure this policy, users will be able to add or remove additional sources other than those configured by policy.\n\nIf you enable this policy, only the sources specified can be added or removed from the Windows Package Manager. The representation for each allowed source can be obtained from installed sources using 'winget source export'.\n\nIf you disable this policy, no additional sources can be configured for the Windows Package Manager.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppInstaller" ], "ValueName": "EnableAllowedSources", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppInstaller\\AllowedSources" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DesktopAppInstaller.admx", "CategoryName": "AppInstaller", "PolicyName": "EnableMSAppInstallerProtocol", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppInstaller", "Supported": "Windows_10_0_RS5 - At least Windows Server 2016, Windows 10 Version 1809", "DisplayName": "Enable App Installer ms-appinstaller protocol", "ExplainText": "This policy controls whether users can install packages from a website that is using the ms-appinstaller protocol.\n\nIf you enable this setting, users will be able to install packages from websites that use this protocol.\n\nIf you disable or do not configure this setting, users will not be able to install packages from websites that use this protocol.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppInstaller" ], "ValueName": "EnableMSAppInstallerProtocol", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DesktopAppInstaller.admx", "CategoryName": "AppInstaller", "PolicyName": "EnableWindowsPackageManagerCommandLineInterfaces", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppInstaller", "Supported": "Windows_10_0_RS5 - At least Windows Server 2016, Windows 10 Version 1809", "DisplayName": "Enable Windows Package Manager command line interfaces", "ExplainText": "This policy determines if a user can perform an action using the Windows Package Manager through a command line interface (WinGet CLI, or WinGet PowerShell).\n\nIf you disable this policy, users will not be able execute the Windows Package Manager CLI, and PowerShell cmdlets.\n\nIf you enable, or do not configuring this policy, users will be able to execute the Windows Package Manager CLI commands, and PowerShell cmdlets. (Provided \"Enable App Installer\" policy is not disabled).\n\nThis policy does not override the \"Enable App Installer\" policy.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppInstaller" ], "ValueName": "EnableWindowsPackageManagerCommandLineInterfaces", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DesktopAppInstaller.admx", "CategoryName": "AppInstaller", "PolicyName": "EnableWindowsPackageManagerConfiguration", "Class": "Machine", "NameSpace": "Microsoft.Policies.AppInstaller", "Supported": "Windows_10_0_RS5 - At least Windows Server 2016, Windows 10 Version 1809", "DisplayName": "Enable Windows Package Manager Configuration", "ExplainText": "This policy controls whether the Windows Package Manager configuration feature can be used by users.\n\nIf you enable or do not configure this setting, users will be able to use the Windows Package Manager configuration feature.\n\nIf you disable this setting, users will not be able to use the Windows Package Manager configuration feature.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppInstaller" ], "ValueName": "EnableWindowsPackageManagerConfiguration", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DeviceCompat.admx", "CategoryName": "DeviceCompat", "PolicyName": "DeviceFlags", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeviceCompatibility", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Device compatibility settings", "ExplainText": "Changes behavior of Microsoft bus drivers to work with specific devices.", "KeyPath": [ "HKLM\\System\\CurrentControlSet\\Policies\\Microsoft\\Compatibility" ], "ValueName": "DisableDeviceFlags", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "DeviceCompat.admx", "CategoryName": "DeviceCompat", "PolicyName": "DriverShims", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeviceCompatibility", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Driver compatibility settings", "ExplainText": "Changes behavior of 3rd-party drivers to work around incompatibilities introduced between OS versions.", "KeyPath": [ "HKLM\\System\\CurrentControlSet\\Policies\\Microsoft\\Compatibility" ], "ValueName": "DisableDriverShims", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "DeviceCredential.admx", "CategoryName": "MSSecondaryAuthFactorCategory", "PolicyName": "MSSecondaryAuthFactor_AllowSecondaryAuthenticationDevice", "Class": "Machine", "NameSpace": "Microsoft.Policies.SecondaryAuthenticationFactor", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Allow companion device for secondary authentication", "ExplainText": "This policy allows users to use a companion device, such as a phone, fitness band, or IoT device, to sign on to a desktop computer running Windows 10. The companion device provides a second factor of authentication with Windows Hello.\n\nIf you enable or do not configure this policy setting, users can authenticate to Windows Hello using a companion device.\n\nIf you disable this policy, users cannot use a companion device to authenticate with Windows Hello.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\SecondaryAuthenticationFactor" ], "ValueName": "AllowSecondaryAuthenticationDevice", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DeviceGuard.admx", "CategoryName": "DeviceGuardCategory", "PolicyName": "VirtualizationBasedSecurity", "Class": "Machine", "NameSpace": "Microsoft.Windows.DeviceGuard", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Turn On Virtualization Based Security", "ExplainText": "Specifies whether Virtualization Based Security is enabled.\n\nVirtualization Based Security uses the Windows Hypervisor to provide support for security services. Virtualization Based Security requires Secure Boot, and can optionally be enabled with the use of DMA Protections. DMA protections require hardware support and will only be enabled on correctly configured devices.\n\nVirtualization Based Protection of Code Integrity\n\nThis setting enables virtualization based protection of Kernel Mode Code Integrity. When this is enabled, kernel mode memory protections are enforced and the Code Integrity validation path is protected by the Virtualization Based Security feature.\n\nThe \"Disabled\" option turns off Virtualization Based Protection of Code Integrity remotely if it was previously turned on with the \"Enabled without lock\" option.\n\nThe \"Enabled with UEFI lock\" option ensures that Virtualization Based Protection of Code Integrity cannot be disabled remotely. In order to disable the feature, you must set the Group Policy to \"Disabled\" as well as remove the security functionality from each computer, with a physically present user, in order to clear configuration persisted in UEFI.\n\nThe \"Enabled without lock\" option allows Virtualization Based Protection of Code Integrity to be disabled remotely by using Group Policy.\n\nThe \"Not Configured\" option leaves the policy setting undefined. Group Policy does not write the policy setting to the registry, and so it has no impact on computers or users. If there is a current setting in the registry it will not be modified.\n\nThe \"Require UEFI Memory Attributes Table\" option will only enable Virtualization Based Protection of Code Integrity on devices with UEFI firmware support for the Memory Attributes Table. Devices without the UEFI Memory Attributes Table may have firmware that is incompatible with Virtualization Based Protection of Code Integrity which in some cases can lead to crashes or data loss or incompatibility with certain plug-in cards. If not setting this option the targeted devices should be tested to ensure compatibility.\n\nWarning: All drivers on the system must be compatible with this feature or the system may crash. Ensure that this policy setting is only deployed to computers which are known to be compatible.\n\nCredential Guard\n\nThis setting lets users turn on Credential Guard with virtualization-based security to help protect credentials.\n\nFor Windows 11 21H2 and earlier, the \"Disabled\" option turns off Credential Guard remotely if it was previously turned on with the \"Enabled without lock\" option. For later versions, the \"Disabled\" option turns off Credential Guard remotely if it was previously turned on with the \"Enabled without lock\" option or was \"Not Configured\".\n\nThe \"Enabled with UEFI lock\" option ensures that Credential Guard cannot be disabled remotely. In order to disable the feature, you must set the Group Policy to \"Disabled\" as well as remove the security functionality from each computer, with a physically present user, in order to clear configuration persisted in UEFI.\n\nThe \"Enabled without lock\" option allows Credential Guard to be disabled remotely by using Group Policy. The devices that use this setting must be running at least Windows 10 (Version 1511).\n\nFor Windows 11 21H2 and earlier, the \"Not Configured\" option leaves the policy setting undefined. Group Policy does not write the policy setting to the registry, and so it has no impact on computers or users. If there is a current setting in the registry it will not be modified. For later versions, if there is no current setting in the registry, the \"Not Configured\" option will enable Credential Guard without UEFI lock.\n\nMachine Identity Isolation\n\nThis setting controls Credential Guard protection of Active Directory machine accounts. Enabling this policy has certain prerequisites. The prerequisites and more information about this policy can be found at https://go.microsoft.com/fwlink/?linkid=2251066.\n\nThe \"Not Configured\" option leaves the policy setting undefined. Group Policy does not write the policy setting to the registry, and so it has no impact on computers or users. If there is a current setting in the registry it will not be modified.\n\nThe \"Disabled\" option turns off Machine Identity Isolation. If this policy was previously set to \"Enabled in audit mode\", no further action is needed. If this policy was previously set to \"Enabled in enforcement mode\", the device must be unjoined and rejoined to the domain. More details can be found at the link above.\n\nThe \"Enabled in audit mode\" option copies the machine identity into Credential Guard. Both LSA and Credential Guard will have access to the machine identity. This allows users to validate that \"Enabled in enforcement mode\" will work in their Active Directory Domain.\n\nThe \"Enabled in enforcement mode\" option moves the machine identity into Credential Guard. This makes the machine identity only accessible to Credential Guard.\n\nSecure Launch\n\nThis setting sets the configuration of Secure Launch to secure the boot chain.\n\nThe \"Not Configured\" setting is the default, and allows configuration of the feature by Administrative users.\n\nThe \"Enabled\" option turns on Secure Launch on supported hardware.\n\nThe \"Disabled\" option turns off Secure Launch, regardless of hardware support.\n\nKernel-mode Hardware-enforced Stack Protection\n\nThis setting enables Hardware-enforced Stack Protection for kernel-mode code. When this security feature is enabled, kernel-mode data stacks are hardened with hardware-based shadow stacks, which store intended return address targets to ensure that program control flow is not tampered.\n\nThis security feature has the following prerequisites:\n1) The CPU hardware supports hardware-based shadow stacks.\n2) Virtualization Based Protection of Code Integrity is enabled.\n\nIf either prerequisite is not met, this feature will not be enabled, even if an \"Enabled\" option is selected for this feature. Note that selecting an \"Enabled\" option for this feature will not automatically enable Virtualization Based Protection of Code Integrity, that needs to be done separately.\n\nDevices that enable this security feature must be running at least Windows 11 (Version 22H2).\n\nThe \"Disabled\" option turns off kernel-mode Hardware-enforced Stack Protection.\n\nThe \"Enabled in audit mode\" option enables kernel-mode Hardware-enforced Stack Protection in audit mode, where shadow stack violations are not fatal and will be logged to the system event log.\n\nThe \"Enabled in enforcement mode\" option enables kernel-mode Hardware-enforced Stack Protection in enforcement mode, where shadow stack violations are fatal.\n\nThe \"Not Configured\" option leaves the policy setting undefined. Group Policy does not write the policy setting to the registry, and so it has no impact on computers or users. If there is a current setting in the registry it will not be modified.\n\nWarning: All drivers on the system must be compatible with this security feature or the system may crash in enforcement mode. Audit mode can be used to discover incompatible drivers. For more information, refer to https://go.microsoft.com/fwlink/?LinkId=2162953.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeviceGuard" ], "ClientExtension": "{F312195E-3D9D-447A-A3F5-08DFFA24735E}", "ValueName": "EnableVirtualizationBasedSecurity", "Elements": [ { "Type": "Enum", "ValueName": "RequirePlatformSecurityFeatures", "Items": [ { "DisplayName": "Secure Boot", "Data": "1" }, { "DisplayName": "Secure Boot and DMA Protection", "Data": "3" } ] }, { "Type": "Enum", "ValueName": "HypervisorEnforcedCodeIntegrity", "Items": [ { "DisplayName": "Disabled", "Data": "0" }, { "DisplayName": "Enabled with UEFI lock", "Data": "1" }, { "DisplayName": "Enabled without lock", "Data": "2" }, { "DisplayName": "Not Configured", "Data": "3" } ] }, { "Type": "Boolean", "ValueName": "HVCIMATRequired", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Enum", "ValueName": "LsaCfgFlags", "Items": [ { "DisplayName": "Disabled", "Data": "0" }, { "DisplayName": "Enabled with UEFI lock", "Data": "1" }, { "DisplayName": "Enabled without lock", "Data": "2" }, { "DisplayName": "Not Configured", "Data": "3" } ] }, { "Type": "Enum", "ValueName": "MachineIdentityIsolation", "Items": [ { "DisplayName": "Disabled", "Data": "0" }, { "DisplayName": "Enabled in audit mode", "Data": "1" }, { "DisplayName": "Enabled in enforcement mode", "Data": "2" }, { "DisplayName": "Not Configured", "Data": "3" } ] }, { "Type": "Enum", "ValueName": "ConfigureSystemGuardLaunch", "Items": [ { "DisplayName": "Not Configured", "Data": "0" }, { "DisplayName": "Enabled", "Data": "1" }, { "DisplayName": "Disabled", "Data": "2" } ] }, { "Type": "Enum", "ValueName": "ConfigureKernelShadowStacksLaunch", "Items": [ { "DisplayName": "Not Configured", "Data": "0" }, { "DisplayName": "Enabled in enforcement mode", "Data": "1" }, { "DisplayName": "Enabled in audit mode", "Data": "2" }, { "DisplayName": "Disabled", "Data": "3" } ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DeviceGuard.admx", "CategoryName": "DeviceGuardCategory", "PolicyName": "ConfigCIPolicy", "Class": "Machine", "NameSpace": "Microsoft.Windows.DeviceGuard", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Deploy App Control for Business", "ExplainText": "Deploy App Control for Business\n\nThis policy setting lets you deploy a Code Integrity Policy to a machine to control what is allowed to run on that machine.\n\nIf you deploy a Code Integrity Policy, Windows will restrict what can run in both kernel mode and on the Windows Desktop based on the policy. To enable this policy the machine must be rebooted.\n\nThe file path must be either a UNC path (for example, \\\\ServerName\\ShareName\\SIPolicy.p7b), or a locally valid path (for example, C:\\FolderName\\SIPolicy.p7b). The local machine account (LOCAL SYSTEM) must have access permission to the policy file.\n\nIf using a signed and protected policy then disabling this policy setting doesn't remove the feature from the computer. Instead, you must either:\n\n1) first update the policy to a non-protected policy and then disable the setting, or\n2) disable the setting and then remove the policy from each computer, with a physically present user.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeviceGuard" ], "ClientExtension": "{FC491EF1-C4AA-4CE1-B329-414B101DB823}", "ValueName": "DeployConfigCIPolicy", "Elements": [ { "Type": "Text", "ValueName": "ConfigCIPolicyFilePath", "Required": true, "MaxLength": "255" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DeviceInstallation.admx", "CategoryName": "DeviceInstall_Category", "PolicyName": "DeviceInstall_AllSigningEqual", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeviceInstallation", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Prioritize all digitally signed drivers equally during the driver ranking and selection process", "ExplainText": "This policy setting allows you to determine how drivers signed by a Microsoft Windows Publisher certificate are ranked with drivers signed by other valid Authenticode signatures during the driver selection and installation process. Regardless of this policy setting, a signed driver is still preferred over a driver that is not signed at all.\n\nIf you enable or do not configure this policy setting, drivers that are signed by a Microsoft Windows Publisher certificate and drivers that are signed by other Authenticode certificates are prioritized equally during the driver selection process. Selection is based on other criteria, such as version number or when the driver was created.\n\nIf you disable this policy setting, drivers that are signed by a Microsoft Windows Publisher certificate are selected for installation over drivers that are signed by other Authenticode certificates.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DeviceInstall\\Settings" ], "ValueName": "AllSigningEqual", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DeviceInstallation.admx", "CategoryName": "DeviceInstall_Category", "PolicyName": "DeviceInstall_InstallTimeout", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeviceInstallation", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Configure device installation time-out", "ExplainText": "This policy setting allows you to configure the number of seconds Windows waits for a device installation task to complete.\n\nIf you enable this policy setting, Windows waits for the number of seconds you specify before terminating the installation.\n\nIf you disable or do not configure this policy setting, Windows waits 240 seconds for a device installation task to complete before terminating the installation.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DeviceInstall\\Settings" ], "Elements": [ { "Type": "Decimal", "ValueName": "InstallTimeout", "MinValue": "240", "MaxValue": "4294968" } ] }, { "File": "DeviceInstallation.admx", "CategoryName": "DeviceInstall_Category", "PolicyName": "DeviceInstall_SystemRestore", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeviceInstallation", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Prevent creation of a system restore point during device activity that would normally prompt creation of a restore point", "ExplainText": "This policy setting allows you to prevent Windows from creating a system restore point during device activity that would normally prompt Windows to create a system restore point. Windows normally creates restore points for certain driver activity, such as the installation of an unsigned driver. A system restore point enables you to more easily restore your system to its state before the activity.\n\nIf you enable this policy setting, Windows does not create a system restore point when one would normally be created.\n\nIf you disable or do not configure this policy setting, Windows creates a system restore point as it normally would.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DeviceInstall\\Settings" ], "ValueName": "DisableSystemRestore", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DeviceInstallation.admx", "CategoryName": "DeviceInstall_Category", "PolicyName": "DeviceManagement_RPCInterface_Allow", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeviceInstallation", "Supported": "Windows7ToVista - Windows Server 2008, Windows 7, and Windows Vista", "DisplayName": "Allow remote access to the Plug and Play interface", "ExplainText": "This policy setting allows you to allow or deny remote access to the Plug and Play interface.\n\nIf you enable this policy setting, remote connections to the Plug and Play interface are allowed.\n\nIf you disable or do not configure this policy setting, remote connections to the Plug and Play interface are not allowed.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DeviceInstall\\Settings" ], "ValueName": "AllowRemoteRPC", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DeviceInstallation.admx", "CategoryName": "DeviceInstall_Restrictions_Category", "PolicyName": "DeviceInstall_AllowAdminInstall", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeviceInstallation", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Allow administrators to override Device Installation Restriction policies", "ExplainText": "This policy setting allows you to determine whether members of the Administrators group can install and update the drivers for any device, regardless of other policy settings.\n\nIf you enable this policy setting, members of the Administrators group can use the Add Hardware wizard or the Update Driver wizard to install and update the drivers for any device. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.\n\nIf you disable or do not configure this policy setting, members of the Administrators group are subject to all policy settings that restrict device installation.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DeviceInstall\\Restrictions" ], "ValueName": "AllowAdminInstall", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DeviceInstallation.admx", "CategoryName": "DeviceInstall_Restrictions_Category", "PolicyName": "DeviceInstall_Classes_Allow", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeviceInstallation", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Allow installation of devices using drivers that match these device setup classes", "ExplainText": "This policy setting allows you to specify a list of device setup class globally unique identifiers (GUIDs) for driver packages that Windows is allowed to install. This policy setting is intended to be used only when the \"Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria\" policy setting is enabled, however it may also be used with the \"Prevent installation of devices not described by other policy settings\" policy setting for legacy policy definitions.\n\nWhen this policy setting is enabled together with the \"Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria\" policy setting, Windows is allowed to install or update driver packages whose device setup class GUIDs appear in the list you create, unless another policy setting at the same or higher layer in the hierarchy specifically prevents that installation, such as the following policy settings:\n- Prevent installation of devices for these device classes\n- Prevent installation of devices that match these device IDs\n- Prevent installation of devices that match any of these device instance IDs\nIf the \"Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria\" policy setting is not enabled with this policy setting, then any other policy settings specifically preventing installation will take precedence.\n\nNOTE: The \"Prevent installation of devices not described by other policy settings\" policy setting has been replaced by the \"Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria\" policy setting for supported target Windows 10 versions. It is recommended that you use the \"Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria\" policy setting when possible.\n\nAlternatively, if this policy setting is enabled together with the \"Prevent installation of devices not described by other policy settings\" policy setting, Windows is allowed to install or update driver packages whose device setup class GUIDs appear in the list you create, unless another policy setting specifically prevents installation (for example, the \"Prevent installation of devices that match these device IDs\" policy setting, the \"Prevent installation of devices for these device classes\" policy setting, the \"Prevent installation of devices that match any of these device instance IDs\" policy setting, or the \"Prevent installation of removable devices\" policy setting).\n\nIf you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.\n\nIf you disable or do not configure this policy setting, and no other policy setting describes the device, the \"Prevent installation of devices not described by other policy settings\" policy setting determines whether the device can be installed.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DeviceInstall\\Restrictions" ], "ValueName": "AllowDeviceClasses", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DeviceInstall\\Restrictions\\AllowDeviceClasses" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DeviceInstallation.admx", "CategoryName": "DeviceInstall_Restrictions_Category", "PolicyName": "DeviceInstall_Classes_Deny", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeviceInstallation", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Prevent installation of devices using drivers that match these device setup classes", "ExplainText": "This policy setting allows you to specify a list of device setup class globally unique identifiers (GUIDs) for driver packages that Windows is prevented from installing. By default, this policy setting takes precedence over any other policy setting that allows Windows to install a device.\n\nNOTE: To enable the \"Allow installation of devices that match any of these device IDs\" and \"Allow installation of devices that match any of these device instance IDs\" policy settings to supersede this policy setting for applicable devices, enable the \"Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria\" policy setting.\n\nIf you enable this policy setting, Windows is prevented from installing or updating driver packages whose device setup class GUIDs appear in the list you create. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.\n\nIf you disable or do not configure this policy setting, Windows can install and update devices as allowed or prevented by other policy settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DeviceInstall\\Restrictions" ], "ValueName": "DenyDeviceClasses", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DeviceInstall\\Restrictions\\DenyDeviceClasses" ] }, { "Type": "Boolean", "ValueName": "DenyDeviceClassesRetroactive", "TrueValue": "1", "FalseValue": "0" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DeviceInstallation.admx", "CategoryName": "DeviceInstall_Restrictions_Category", "PolicyName": "DeviceInstall_IDs_Allow", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeviceInstallation", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Allow installation of devices that match any of these device IDs", "ExplainText": "This policy setting allows you to specify a list of Plug and Play hardware IDs and compatible IDs for devices that Windows is allowed to install. This policy setting is intended to be used only when the \"Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria\" policy setting is enabled, however it may also be used with the \"Prevent installation of devices not described by other policy settings\" policy setting for legacy policy definitions.\n\nWhen this policy setting is enabled together with the \"Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria\" policy setting, Windows is allowed to install or update any device whose Plug and Play hardware ID or compatible ID appears in the list you create, unless another policy setting at the same or higher layer in the hierarchy specifically prevents that installation, such as the following policy settings:\n- Prevent installation of devices that match these device IDs\n- Prevent installation of devices that match any of these device instance IDs\nIf the \"Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria\" policy setting is not enabled with this policy setting, then any other policy settings specifically preventing installation will take precedence.\n\nNOTE: The \"Prevent installation of devices not described by other policy settings\" policy setting has been replaced by the \"Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria\" policy setting for supported target Windows 10 versions. It is recommended that you use the \"Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria\" policy setting when possible.\n\nAlternatively, if this policy setting is enabled together with the \"Prevent installation of devices not described by other policy settings\" policy setting, Windows is allowed to install or update any device whose Plug and Play hardware ID or compatible ID appears in the list you create, unless another policy setting specifically prevents that installation (for example, the \"Prevent installation of devices that match any of these device IDs\" policy setting, the \"Prevent installation of devices for these device classes\" policy setting, the \"Prevent installation of devices that match any of these device instance IDs\" policy setting, or the \"Prevent installation of removable devices\" policy setting).\n\nIf you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.\n\nIf you disable or do not configure this policy setting, and no other policy setting describes the device, the \"Prevent installation of devices not described by other policy settings\" policy setting determines whether the device can be installed.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DeviceInstall\\Restrictions" ], "ValueName": "AllowDeviceIDs", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DeviceInstall\\Restrictions\\AllowDeviceIDs" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DeviceInstallation.admx", "CategoryName": "DeviceInstall_Restrictions_Category", "PolicyName": "DeviceInstall_IDs_Deny", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeviceInstallation", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Prevent installation of devices that match any of these device IDs", "ExplainText": "This policy setting allows you to specify a list of Plug and Play hardware IDs and compatible IDs for devices that Windows is prevented from installing. By default, this policy setting takes precedence over any other policy setting that allows Windows to install a device.\n\nNOTE: To enable the \"Allow installation of devices that match any of these device instance IDs\" policy setting to supersede this policy setting for applicable devices, enable the \"Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria\" policy setting.\n\nIf you enable this policy setting, Windows is prevented from installing a device whose hardware ID or compatible ID appears in the list you create. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.\n\nIf you disable or do not configure this policy setting, devices can be installed and updated as allowed or prevented by other policy settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DeviceInstall\\Restrictions" ], "ValueName": "DenyDeviceIDs", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DeviceInstall\\Restrictions\\DenyDeviceIDs" ] }, { "Type": "Boolean", "ValueName": "DenyDeviceIDsRetroactive", "TrueValue": "1", "FalseValue": "0" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DeviceInstallation.admx", "CategoryName": "DeviceInstall_Restrictions_Category", "PolicyName": "DeviceInstall_Instance_IDs_Allow", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeviceInstallation", "Supported": "Windows_10_0_RS7 - At least Windows Server 2016, Windows 10 Version 1909", "DisplayName": "Allow installation of devices that match any of these device instance IDs", "ExplainText": "This policy setting allows you to specify a list of Plug and Play device instance IDs for devices that Windows is allowed to install. This policy setting is intended to be used only when the \"Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria\" policy setting is enabled, however it may also be used with the \"Prevent installation of devices not described by other policy settings\" policy setting for legacy policy definitions.\n\nWhen this policy setting is enabled together with the \"Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria\" policy setting, Windows is allowed to install or update any device whose Plug and Play device instance ID appears in the list you create, unless another policy setting at the same or higher layer in the hierarchy specifically prevents that installation, such as the following policy settings:\n- Prevent installation of devices that match any of these device instance IDs\nIf the \"Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria\" policy setting is not enabled with this policy setting, then any other policy settings specifically preventing installation will take precedence.\n\nNOTE: The \"Prevent installation of devices not described by other policy settings\" policy setting has been replaced by the \"Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria\" policy setting for supported target Windows 10 versions. It is recommended that you use the \"Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria\" policy setting when possible.\n\nAlternatively, if this policy setting is enabled together with the \"Prevent installation of devices not described by other policy settings\" policy setting, Windows is allowed to install or update any device whose Plug and Play device instance ID appears in the list you create, unless another policy setting specifically prevents that installation (for example, the \"Prevent installation of devices that match any of these device IDs\" policy setting, the \"Prevent installation of devices for these device classes\" policy setting, the \"Prevent installation of devices that match any of these device instance IDs\" policy setting, or the \"Prevent installation of removable devices\" policy setting).\n\nIf you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.\n\nIf you disable or do not configure this policy setting, and no other policy setting describes the device, the \"Prevent installation of devices not described by other policy settings\" policy setting determines whether the device can be installed.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DeviceInstall\\Restrictions" ], "ValueName": "AllowInstanceIDs", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DeviceInstall\\Restrictions\\AllowInstanceIDs" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DeviceInstallation.admx", "CategoryName": "DeviceInstall_Restrictions_Category", "PolicyName": "DeviceInstall_Instance_IDs_Deny", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeviceInstallation", "Supported": "Windows_10_0_RS7 - At least Windows Server 2016, Windows 10 Version 1909", "DisplayName": "Prevent installation of devices that match any of these device instance IDs", "ExplainText": "This policy setting allows you to specify a list of Plug and Play device instance IDs for devices that Windows is prevented from installing. This policy setting takes precedence over any other policy setting that allows Windows to install a device.\n\nIf you enable this policy setting, Windows is prevented from installing a device whose device instance ID appears in the list you create. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.\n\nIf you disable or do not configure this policy setting, devices can be installed and updated as allowed or prevented by other policy settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DeviceInstall\\Restrictions" ], "ValueName": "DenyInstanceIDs", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DeviceInstall\\Restrictions\\DenyInstanceIDs" ] }, { "Type": "Boolean", "ValueName": "DenyInstanceIDsRetroactive", "TrueValue": "1", "FalseValue": "0" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DeviceInstallation.admx", "CategoryName": "DeviceInstall_Restrictions_Category", "PolicyName": "DeviceInstall_Removable_Deny", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeviceInstallation", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Prevent installation of removable devices", "ExplainText": "This policy setting allows you to prevent Windows from installing removable devices. A device is considered removable when the driver for the device to which it is connected indicates that the device is removable. For example, a Universal Serial Bus (USB) device is reported to be removable by the drivers for the USB hub to which the device is connected. By default, this policy setting takes precedence over any other policy setting that allows Windows to install a device.\n\nNOTE: To enable the \"Allow installation of devices using drivers that match these device setup classes\", \"Allow installation of devices that match any of these device IDs\", and \"Allow installation of devices that match any of these device instance IDs\" policy settings to supersede this policy setting for applicable devices, enable the \"Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria\" policy setting.\n\nIf you enable this policy setting, Windows is prevented from installing removable devices and existing removable devices cannot have their drivers updated. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of removable devices from a remote desktop client to the remote desktop server.\n\nIf you disable or do not configure this policy setting, Windows can install and update driver packages for removable devices as allowed or prevented by other policy settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DeviceInstall\\Restrictions" ], "ValueName": "DenyRemovableDevices", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DeviceInstallation.admx", "CategoryName": "DeviceInstall_Restrictions_Category", "PolicyName": "DeviceInstall_Unspecified_Deny", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeviceInstallation", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Prevent installation of devices not described by other policy settings", "ExplainText": "This policy setting allows you to prevent the installation of devices that are not specifically described by any other policy setting.\n\nNOTE: This policy setting has been replaced by the \"Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria\" policy setting to provide more granular control. It is recommended that you use the \"Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria\" policy setting instead of this policy setting.\n\nIf you enable this policy setting, Windows is prevented from installing or updating the driver package for any device that is not described by either the \"Allow installation of devices that match any of these device IDs\", the \"Allow installation of devices for these device classes\", or the \"Allow installation of devices that match any of these device instance IDs\" policy setting.\n\nIf you disable or do not configure this policy setting, Windows is allowed to install or update the driver package for any device that is not described by the \"Prevent installation of devices that match any of these device IDs\", \"Prevent installation of devices for these device classes\" policy setting, \"Prevent installation of devices that match any of these device instance IDs\", or \"Prevent installation of removable devices\" policy setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DeviceInstall\\Restrictions" ], "ValueName": "DenyUnspecified", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DeviceInstallation.admx", "CategoryName": "DeviceInstall_Restrictions_Category", "PolicyName": "DeviceInstall_Allow_Deny_Layered", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeviceInstallation", "Supported": "Windows_10_0_21H2 - At least Windows Server 2016, Windows 10 Version 2106", "DisplayName": "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria", "ExplainText": "This policy setting will change the evaluation order in which Allow and Prevent policy settings are applied when more than one install policy setting is applicable for a given device. Enable this policy setting to ensure that overlapping device match criteria is applied based on an established hierarchy where more specific match criteria supersedes less specific match criteria. The hierarchical order of evaluation for policy settings that specify device match criteria is as follows:\n\nDevice instance IDs > Device IDs > Device setup class > Removable devices\n\nDevice instance IDs\n1. Prevent installation of devices using drivers that match these device instance IDs\n2. Allow installation of devices using drivers that match these device instance IDs\n\nDevice IDs\n3. Prevent installation of devices using drivers that match these device IDs\n4. Allow installation of devices using drivers that match these device IDs\n\nDevice setup class\n5. Prevent installation of devices using drivers that match these device setup classes\n6. Allow installation of devices using drivers that match these device setup classes\n\nRemovable devices\n7. Prevent installation of removable devices\n\nNOTE: This policy setting provides more granular control than the \"Prevent installation of devices not described by other policy settings\" policy setting. If these conflicting policy settings are enabled at the same time, the \"Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria\" policy setting will be enabled and the other policy setting will be ignored.\n\nIf you disable or do not configure this policy setting, the default evaluation is used. By default, all \"Prevent installation...\" policy settings have precedence over any other policy setting that allows Windows to install a device.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DeviceInstall\\Restrictions" ], "ValueName": "AllowDenyLayered", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DeviceInstallation.admx", "CategoryName": "DeviceInstall_Restrictions_Category", "PolicyName": "DeviceInstall_Policy_RebootTime", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeviceInstallation", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Time (in seconds) to force reboot when required for policy changes to take effect", "ExplainText": "This policy setting establishes the amount of time (in seconds) that the system will wait to reboot in order to enforce a change in device installation restriction policies.\n\nIf you enable this policy setting, set the amount of seconds you want the system to wait until a reboot.\n\nIf you disable or do not configure this policy setting, the system does not force a reboot.\n\nNote: If no reboot is forced, the device installation restriction right will not take effect until the system is restarted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DeviceInstall\\Restrictions" ], "ValueName": "ForceReboot", "Elements": [ { "Type": "Decimal", "ValueName": "RebootTime", "MinValue": "0", "MaxValue": "4294968" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DeviceInstallation.admx", "CategoryName": "DeviceInstall_Restrictions_Category", "PolicyName": "DeviceInstall_DeniedPolicy_SimpleText", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeviceInstallation", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Display a custom message title when device installation is prevented by a policy setting", "ExplainText": "This policy setting allows you to display a custom message title in a notification when a device installation is attempted and a policy setting prevents the installation.\n\nIf you enable this policy setting, Windows displays the text you type in the Main Text box as the title text of a notification when a policy setting prevents device installation.\n\nIf you disable or do not configure this policy setting, Windows displays a default title in a notification when a policy setting prevents device installation.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DeviceInstall\\Restrictions\\DeniedPolicy" ], "Elements": [ { "Type": "Text", "ValueName": "SimpleText", "Required": true, "MaxLength": "63" } ] }, { "File": "DeviceInstallation.admx", "CategoryName": "DeviceInstall_Restrictions_Category", "PolicyName": "DeviceInstall_DeniedPolicy_DetailText", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeviceInstallation", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Display a custom message when installation is prevented by a policy setting", "ExplainText": "This policy setting allows you to display a custom message to users in a notification when a device installation is attempted and a policy setting prevents the installation.\n\nIf you enable this policy setting, Windows displays the text you type in the Detail Text box when a policy setting prevents device installation.\n\nIf you disable or do not configure this policy setting, Windows displays a default message when a policy setting prevents device installation.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DeviceInstall\\Restrictions\\DeniedPolicy" ], "Elements": [ { "Type": "Text", "ValueName": "DetailText", "Required": true, "MaxLength": "128" } ] }, { "File": "DeviceInstallation.admx", "CategoryName": "DriverInstall_Category", "PolicyName": "DriverInstall_Classes_AllowUser", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeviceInstallation", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Allow non-administrators to install drivers for these device setup classes", "ExplainText": "This policy setting specifies a list of device setup class GUIDs describing driver packages that non-administrator members of the built-in Users group may install on the system.\n\nIf you enable this policy setting, members of the Users group may install new drivers for the specified device setup classes. The drivers must be signed according to Windows Driver Signing Policy, or be signed by publishers already in the TrustedPublisher store.\n\nIf you disable or do not configure this policy setting, only members of the Administrators group are allowed to install new driver packages on the system.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DriverInstall\\Restrictions" ], "ValueName": "AllowUserDeviceClasses", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DriverInstall\\Restrictions\\AllowUserDeviceClasses" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DeviceInstallation.admx", "CategoryName": "DriverInstall_Category", "PolicyName": "DriverSigning", "Class": "User", "NameSpace": "Microsoft.Policies.DeviceInstallation", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Code signing for driver packages", "ExplainText": "Determines how the system responds when a user tries to install driver package files that are not digitally signed.\n\nThis setting establishes the least secure response permitted on the systems of users in the group. Users can use System in Control Panel to select a more secure setting, but when this setting is enabled, the system does not implement any setting less secure than the one the setting established.\n\nWhen you enable this setting, use the drop-down box to specify the desired response.\n\n-- \"Ignore\" directs the system to proceed with the installation even if it includes unsigned files.\n\n-- \"Warn\" notifies the user that files are not digitally signed and lets the user decide whether to stop or to proceed with the installation and whether to permit unsigned files to be installed. \"Warn\" is the default.\n\n-- \"Block\" directs the system to refuse to install unsigned files. As a result, the installation stops, and none of the files in the driver package are installed.\n\nTo change driver file security without specifying a setting, use System in Control Panel. Right-click My Computer, click Properties, click the Hardware tab, and then click the Driver Signing button.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows NT\\Driver Signing" ], "Elements": [ { "Type": "Enum", "ValueName": "BehaviorOnFailedVerify", "Items": [ { "DisplayName": "Ignore", "Data": "0" }, { "DisplayName": "Warn", "Data": "1" }, { "DisplayName": "Block", "Data": "2" } ] } ] }, { "File": "DeviceSetup.admx", "CategoryName": "DeviceInstall_Category", "PolicyName": "DeviceInstall_BalloonTips", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeviceSoftwareSetup", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn off \"Found New Hardware\" balloons during device installation", "ExplainText": "This policy setting allows you to turn off \"Found New Hardware\" balloons during device installation.\n\nIf you enable this policy setting, \"Found New Hardware\" balloons do not appear while a device is being installed.\n\nIf you disable or do not configure this policy setting, \"Found New Hardware\" balloons appear while a device is being installed, unless the driver for the device suppresses the balloons.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DeviceInstall\\Settings" ], "ValueName": "DisableBalloonTips", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DeviceSetup.admx", "CategoryName": "DeviceInstall_Category", "PolicyName": "DeviceInstall_GenericDriverSendToWER", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeviceSoftwareSetup", "Supported": "Windows_10_0_RS3ToVista - Windows Server 2016 Version 1709, Windows 10 Version 1709, Windows Server 2016 Version 1703, Windows 10 Version 1703, Windows 10, Windows 8.1, Windows 8, Windows 7, and Windows Vista only", "DisplayName": "Do not send a Windows error report when a generic driver is installed on a device", "ExplainText": "Windows has a feature that sends \"generic-driver-installed\" reports through the Windows Error Reporting infrastructure. This policy allows you to disable the feature.\n\nIf you enable this policy setting, an error report is not sent when a generic driver is installed.\n\nIf you disable or do not configure this policy setting, an error report is sent when a generic driver is installed.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DeviceInstall\\Settings" ], "ValueName": "DisableSendGenericDriverNotFoundToWER", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DeviceSetup.admx", "CategoryName": "DeviceInstall_Category", "PolicyName": "DeviceInstall_RequestAdditionalSoftwareSendToWER", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeviceSoftwareSetup", "Supported": "Windows_10_0_RS3ToWindows7 - Windows Server 2016 Version 1709, Windows 10 Version 1709, Windows Server 2016 Version 1703, Windows 10 Version 1703, Windows 10, Windows 8.1, Windows 8, and Windows 7 only", "DisplayName": "Prevent Windows from sending an error report when a device driver requests additional software during installation", "ExplainText": "Windows has a feature that allows a device driver to request additional software through the Windows Error Reporting infrastructure. This policy allows you to disable the feature.\n\nIf you enable this policy setting, Windows will not send an error report to request additional software even if this is specified by the device driver.\n\nIf you disable or do not configure this policy setting, Windows sends an error report when a device driver that requests additional software is installed.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DeviceInstall\\Settings" ], "ValueName": "DisableSendRequestAdditionalSoftwareToWER", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DeviceSetup.admx", "CategoryName": "DriverInstall_Category", "PolicyName": "DriverSearchPlaces", "Class": "User", "NameSpace": "Microsoft.Policies.DeviceSoftwareSetup", "Supported": "WindowsVistaToXP - Windows Server 2008, Windows Server 2003, Windows Vista, and Windows XP", "DisplayName": "Configure driver search locations", "ExplainText": "This setting configures the location that Windows searches for drivers when a new piece of hardware is found.\n\nBy default, Windows searches the following places for drivers: local installation, floppy drives, CD-ROM drives, Windows Update.\n\nUsing this setting, you may remove the floppy and CD-ROM drives from the search algorithm.\n\nIf you enable this setting, you can remove the locations by selecting the associated check box beside the location name.\n\nIf you disable or do not configure this setting, Windows searches the installation location, floppy drives, and CD-ROM drives.\n\nNote: To prevent searching Windows Update for drivers also see \"Turn off Windows Update device driver searching\" in Administrative Templates/System/Internet Communication Management/Internet Communication settings.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\DriverSearching" ], "Elements": [ { "Type": "Boolean", "ValueName": "DontSearchFloppies", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "DontSearchCD", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "DontSearchWindowsUpdate", "TrueValue": "1", "FalseValue": "0" } ] }, { "File": "DeviceSetup.admx", "CategoryName": "DriverInstall_Category", "PolicyName": "DriverSearchPlaces_DontPromptForWindowsUpdate_1", "Class": "User", "NameSpace": "Microsoft.Policies.DeviceSoftwareSetup", "Supported": "WindowsVistaToXPSP2 - Windows Server 2008, Windows Server 2003, Windows Vista, and Windows XP SP2", "DisplayName": "Turn off Windows Update device driver search prompt", "ExplainText": "Specifies whether the administrator will be prompted about going to Windows Update to search for device drivers using the Internet.\n\nNote: This setting only has effect if \"Turn off Windows Update device driver searching\" in \"Administrative Templates/System/Internet Communication Management/Internet Communication settings\" is disabled or not configured.\n\nIf you enable this setting, administrators will not be prompted to search Windows Update.\n\nIf you disable or do not configure this setting, and \"Turn off Windows Update device driver searching\" is disabled or not configured, the administrator will be prompted for consent before going to Windows Update to search for device drivers.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\DriverSearching" ], "ValueName": "DontPromptForWindowsUpdate", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DeviceSetup.admx", "CategoryName": "DriverInstall_Category", "PolicyName": "DriverSearchPlaces_DontPromptForWindowsUpdate_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeviceSoftwareSetup", "Supported": "WindowsVistaToXPSP2 - Windows Server 2008, Windows Server 2003, Windows Vista, and Windows XP SP2", "DisplayName": "Turn off Windows Update device driver search prompt", "ExplainText": "Specifies whether the administrator will be prompted about going to Windows Update to search for device drivers using the Internet.\n\nNote: This setting only has effect if \"Turn off Windows Update device driver searching\" in \"Administrative Templates/System/Internet Communication Management/Internet Communication settings\" is disabled or not configured.\n\nIf you enable this setting, administrators will not be prompted to search Windows Update.\n\nIf you disable or do not configure this setting, and \"Turn off Windows Update device driver searching\" is disabled or not configured, the administrator will be prompted for consent before going to Windows Update to search for device drivers.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DriverSearching" ], "ValueName": "DontPromptForWindowsUpdate", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DeviceSetup.admx", "CategoryName": "DeviceInstall_Category", "PolicyName": "DriverSearchPlaces_SearchOrderConfiguration", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeviceSoftwareSetup", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Specify search order for device driver source locations", "ExplainText": "This policy setting allows you to specify the order in which Windows searches source locations for device drivers.\n\nIf you enable this policy setting, you can select whether Windows searches for drivers on Windows Update unconditionally, only if necessary, or not at all.\n\nNote that searching always implies that Windows will attempt to search Windows Update exactly one time. With this setting, Windows will not continually search for updates. This setting is used to ensure that the best software will be found for the device, even if the network is temporarily available.\n\nIf the setting for searching only if needed is specified, then Windows will search for a driver only if a driver is not locally available on the system.\n\nIf you disable or do not configure this policy setting, members of the Administrators group can determine the priority order in which Windows searches source locations for device drivers.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DriverSearching" ], "Elements": [ { "Type": "Enum", "ValueName": "SearchOrderConfig", "Items": [ { "DisplayName": "Always search Windows Update", "Data": "1" }, { "DisplayName": "Search Windows Update only if needed", "Data": "2" }, { "DisplayName": "Do not search Windows Update", "Data": "0" } ], "Required": true } ] }, { "File": "DeviceSetup.admx", "CategoryName": "DeviceInstall_Category", "PolicyName": "DriverSearchPlaces_SearchServerConfiguration", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeviceSoftwareSetup", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Specify the search server for device driver updates", "ExplainText": "This policy setting allows you to specify the search server that Windows uses to find updates for device drivers.\n\nIf you enable this policy setting, you can select whether Windows searches Windows Update (WU), searches a Managed Server, or a combination of both.\n\nNote that if both are specified, then Windows will first search the Managed Server, such as a Windows Server Update Services (WSUS) server. Only if no update is found will Windows then also search Windows Update.\n\nIf you disable or do not configure this policy setting, members of the Administrators group can determine the server used in the search for device drivers.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DriverSearching" ], "Elements": [ { "Type": "Enum", "ValueName": "DriverServerSelection", "Items": [ { "DisplayName": "Search Windows Update", "Data": "0" }, { "DisplayName": "Search Managed Server", "Data": "1" }, { "DisplayName": "Search Managed Server, then WU", "Data": "2" } ], "Required": true } ] }, { "File": "DeviceSetup.admx", "CategoryName": "DeviceInstall_Category", "PolicyName": "DeviceMetadata_PreventDeviceMetadataFromNetwork", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeviceSoftwareSetup", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Prevent automatic download of applications associated with device metadata", "ExplainText": "This policy setting allows you to prevent Windows from downloading applications associated with device metadata.\n\nIf you enable this policy setting, Windows does not download applications associated with device metadata for installed devices. This policy setting overrides the setting in the Device Installation Settings dialog box (Control Panel > System and Security > System > Advanced System Settings > Hardware tab).\n\nIf you disable or do not configure this policy setting, the setting in the Device Installation Settings dialog box controls whether Windows downloads applications associated with device metadata.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Device Metadata" ], "ValueName": "PreventDeviceMetadataFromNetwork", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DFS.admx", "CategoryName": "Network", "PolicyName": "DFSDiscoverDC", "Class": "Machine", "NameSpace": "Microsoft.Policies.DistributedFileSystem", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Configure how often a DFS client discovers domain controllers", "ExplainText": "This policy setting allows you to configure how often a Distributed File System (DFS) client attempts to discover domain controllers on a network. By default, a DFS client attempts to discover domain controllers every 15 minutes.\n\nIf you enable this policy setting, you can configure how often a DFS client attempts to discover domain controllers. This value is specified in minutes.\n\nIf you disable or do not configure this policy setting, the default value of 15 minutes applies.\n\nNote: The minimum value you can select is 15 minutes. If you try to set this setting to a value less than 15 minutes, the default value of 15 minutes is applied.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\System\\DFSClient" ], "Elements": [ { "Type": "Decimal", "ValueName": "DfsDcNameDelay", "MinValue": "15", "MaxValue": "360" } ] }, { "File": "DigitalLocker.admx", "CategoryName": "Digitalx_GroupPolicyCategory", "PolicyName": "Digitalx_DiableApplication_TitleText_1", "Class": "User", "NameSpace": "Microsoft.Policies.DigitalLocker", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Do not allow Digital Locker to run", "ExplainText": "Specifies whether Digital Locker can run.\n\nDigital Locker is a dedicated download manager associated with Windows Marketplace and a feature of Windows that can be used to manage and download products acquired and stored in the user's Windows Marketplace Digital Locker.\n\nIf you enable this setting, Digital Locker will not run.\n\nIf you disable or do not configure this setting, Digital Locker can be run.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\Digital Locker" ], "ValueName": "DoNotRunDigitalLocker", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DigitalLocker.admx", "CategoryName": "Digitalx_GroupPolicyCategory", "PolicyName": "Digitalx_DiableApplication_TitleText_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.DigitalLocker", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Do not allow Digital Locker to run", "ExplainText": "Specifies whether Digital Locker can run.\n\nDigital Locker is a dedicated download manager associated with Windows Marketplace and a feature of Windows that can be used to manage and download products acquired and stored in the user's Windows Marketplace Digital Locker.\n\nIf you enable this setting, Digital Locker will not run.\n\nIf you disable or do not configure this setting, Digital Locker can be run.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Digital Locker" ], "ValueName": "DoNotRunDigitalLocker", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DiskDiagnostic.admx", "CategoryName": "WdiScenarioCategory", "PolicyName": "DfdAlertPolicy", "Class": "Machine", "NameSpace": "Microsoft.Policies.DiskDiagnostics", "Supported": "WindowsLonghornServerDesktopExperienceOrVista - Windows Server 2008 with Desktop Experience installed or Windows Vista", "DisplayName": "Disk Diagnostic: Configure custom alert text", "ExplainText": "This policy setting substitutes custom alert text in the disk diagnostic message shown to users when a disk reports a S.M.A.R.T. fault.\n\nIf you enable this policy setting, Windows displays custom alert text in the disk diagnostic message. The custom text may not exceed 512 characters.\n\nIf you disable or do not configure this policy setting, Windows displays the default alert text in the disk diagnostic message.\n\nNo reboots or service restarts are required for this policy setting to take effect: changes take effect immediately.\n\nThis policy setting only takes effect if the Disk Diagnostic scenario policy setting is enabled or not configured and the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios are not executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console.\n\nNote: For Windows Server systems, this policy setting applies only if the Desktop Experience optional component is installed and the Remote Desktop Services role is not installed.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WDI\\{29689E29-2CE9-4751-B4FC-8EFF5066E3FD}" ], "Elements": [ { "Type": "Text", "ValueName": "DfdAlertTextOverride", "Required": true, "MaxLength": "512" } ] }, { "File": "DiskDiagnostic.admx", "CategoryName": "WdiScenarioCategory", "PolicyName": "WdiScenarioExecutionPolicy", "Class": "Machine", "NameSpace": "Microsoft.Policies.DiskDiagnostics", "Supported": "WindowsLonghornServerDesktopExperienceOrVista - Windows Server 2008 with Desktop Experience installed or Windows Vista", "DisplayName": "Disk Diagnostic: Configure execution level", "ExplainText": "This policy setting determines the execution level for S.M.A.R.T.-based disk diagnostics.\n\nSelf-Monitoring And Reporting Technology (S.M.A.R.T.) is a standard mechanism for storage devices to report faults to Windows. A disk that reports a S.M.A.R.T. fault may need to be repaired or replaced. The Diagnostic Policy Service (DPS) detects and logs S.M.A.R.T. faults to the event log when they occur.\n\nIf you enable this policy setting, the DPS also warns users of S.M.A.R.T. faults and guides them through backup and recovery to minimize potential data loss.\n\nIf you disable this policy, S.M.A.R.T. faults are still detected and logged, but no corrective action is taken.\n\nIf you do not configure this policy setting, the DPS enables S.M.A.R.T. fault resolution by default.\n\nThis policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured.\n\nNo reboots or service restarts are required for this policy setting to take effect: changes take effect immediately.\n\nThis policy setting takes effect only when the DPS is in the running state. When the service is stopped or disabled, diagnostic scenarios are not executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console.\n\nNote: For Windows Server systems, this policy setting applies only if the Desktop Experience optional component is installed and the Remote Desktop Services role is not installed.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WDI\\{29689E29-2CE9-4751-B4FC-8EFF5066E3FD}" ], "Elements": [ { "Type": "EnabledList", "ValueName": "ScenarioExecutionEnabled", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WDI\\{29689E29-2CE9-4751-B4FC-8EFF5066E3FD}" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "EnabledScenarioExecutionLevel", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WDI\\{29689E29-2CE9-4751-B4FC-8EFF5066E3FD}" ], "Data": "2" }, { "Type": "DisabledList", "ValueName": "ScenarioExecutionEnabled", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WDI\\{29689E29-2CE9-4751-B4FC-8EFF5066E3FD}" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "EnabledScenarioExecutionLevel", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WDI\\{29689E29-2CE9-4751-B4FC-8EFF5066E3FD}" ], "Data": "1" } ] }, { "File": "DiskNVCache.admx", "CategoryName": "NvCacheCat", "PolicyName": "BootResumePolicy", "Class": "Machine", "NameSpace": "Microsoft.Policies.DiskNVCache", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn off boot and resume optimizations", "ExplainText": "This policy setting turns off the boot and resume optimizations for the hybrid hard disks in the system.\n\nIf you enable this policy setting, the system does not use the non-volatile (NV) cache to optimize boot and resume.\n\nIf you disable this policy setting, the system uses the NV cache to achieve faster boot and resume. The system determines the data that will be stored in the NV cache to optimize boot and resume. The required data is stored in the NV cache during shutdown and hibernate, respectively. This might cause a slight increase in the time taken for shutdown and hibernate.\n\nIf you do not configure this policy setting, the default behavior is observed and the NV cache is used for boot and resume optimizations.\n\nNote: This policy setting is applicable only if the NV cache feature is on.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\NvCache" ], "ValueName": "OptimizeBootAndResume", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "DiskNVCache.admx", "CategoryName": "NvCacheCat", "PolicyName": "CachePowerModePolicy", "Class": "Machine", "NameSpace": "Microsoft.Policies.DiskNVCache", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn off cache power mode", "ExplainText": "This policy setting turns off power save mode on the hybrid hard disks in the system.\n\nIf you enable this policy setting, the hard disks are not put into NV cache power save mode and no power savings are achieved.\n\nIf you disable this policy setting, the hard disks are put into an NV cache power saving mode. In this mode, the system tries to save power by aggressively spinning down the disk.\n\nIf you do not configure this policy setting, the default behavior is to allow the hybrid hard disks to be in power save mode.\n\nNote: This policy setting is applicable only if the NV cache feature is on.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\NvCache" ], "ValueName": "EnablePowerModeState", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "DiskNVCache.admx", "CategoryName": "NvCacheCat", "PolicyName": "FeatureOffPolicy", "Class": "Machine", "NameSpace": "Microsoft.Policies.DiskNVCache", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn off non-volatile cache feature", "ExplainText": "This policy setting turns off all support for the non-volatile (NV) cache on all hybrid hard disks in the system. To check if you have hybrid hard disks in the system, from Device Manager, right-click the disk drive and select Properties. The NV cache can be used to optimize boot and resume by reading data from the cache while the disks are spinning up. The NV cache can also be used to reduce the power consumption of the system by keeping the disks spun down while satisfying reads and writes from the cache.\n\nIf you enable this policy setting, the system will not manage the NV cache and will not enable NV cache power saving mode.\n\nIf you disable this policy setting, the system will manage the NV cache on the disks if the other policy settings for the NV cache are appropriately configured.\n\nNote: This policy setting will take effect on next boot.\n\nIf you do not configure this policy setting, the default behavior is to turn on support for the NV cache.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\NvCache" ], "ValueName": "EnableNvCache", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "DiskNVCache.admx", "CategoryName": "NvCacheCat", "PolicyName": "SolidStatePolicy", "Class": "Machine", "NameSpace": "Microsoft.Policies.DiskNVCache", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn off solid state mode", "ExplainText": "This policy setting turns off the solid state mode for the hybrid hard disks.\n\nIf you enable this policy setting, frequently written files such as the file system metadata and registry may not be stored in the NV cache.\n\nIf you disable this policy setting, the system will store frequently written data into the non-volatile (NV) cache. This allows the system to exclusively run out of the NV cache and power down the disk for longer periods to save power. Note that this can cause increased wear of the NV cache.\n\nIf you do not configure this policy setting, the default behavior of the system is observed and frequently written files will be stored in the NV cache.\n\nNote: This policy setting is applicable only if the NV cache feature is on.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\NvCache" ], "ValueName": "EnableSolidStateMode", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "DiskQuota.admx", "CategoryName": "DiskQuota", "PolicyName": "DQ_Enable", "Class": "Machine", "NameSpace": "Microsoft.Policies.DiskQuota", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Enable disk quotas", "ExplainText": "This policy setting turns on and turns off disk quota management on all NTFS volumes of the computer, and prevents users from changing the setting.\n\nIf you enable this policy setting, disk quota management is turned on, and users cannot turn it off.\n\nIf you disable the policy setting, disk quota management is turned off, and users cannot turn it on.\n\nIf this policy setting is not configured, disk quota management is turned off by default, but administrators can turn it on.\n\nTo prevent users from changing the setting while a setting is in effect, the system disables the \"Enable quota management\" option on the Quota tab of NTFS volumes.\n\nNote: This policy setting turns on disk quota management but does not establish or enforce a particular disk quota limit. To specify a disk quota limit, use the \"Default quota limit and warning level\" policy setting. Otherwise, the system uses the physical space on the volume as the quota limit.\n\nNote: To turn on or turn off disk quota management without specifying a setting, in My Computer, right-click the name of an NTFS volume, click Properties, click the Quota tab, and then click \"Enable quota management.\"", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\DiskQuota" ], "ClientExtension": "{3610eda5-77ef-11d2-8dc5-00c04fa31a66}", "ValueName": "Enable", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DiskQuota.admx", "CategoryName": "DiskQuota", "PolicyName": "DQ_Enforce", "Class": "Machine", "NameSpace": "Microsoft.Policies.DiskQuota", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Enforce disk quota limit", "ExplainText": "This policy setting determines whether disk quota limits are enforced and prevents users from changing the setting.\n\nIf you enable this policy setting, disk quota limits are enforced. If you disable this policy setting, disk quota limits are not enforced. When you enable or disable this policy setting, the system disables the \"Deny disk space to users exceeding quota limit\" option on the Quota tab so administrators cannot make changes while the setting is in effect.\n\nIf you do not configure this policy setting, the disk quota limit is not enforced by default, but administrators can change the setting.\n\nEnforcement is optional. When users reach an enforced disk quota limit, the system responds as though the physical space on the volume were exhausted. When users reach an unenforced limit, their status in the Quota Entries window changes, but they can continue to write to the volume as long as physical space is available.\n\nNote: This policy setting overrides user settings that enable or disable quota enforcement on their volumes.\n\nNote: To specify a disk quota limit, use the \"Default quota limit and warning level\" policy setting. Otherwise, the system uses the physical space on the volume as the quota limit.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\DiskQuota" ], "ClientExtension": "{3610eda5-77ef-11d2-8dc5-00c04fa31a66}", "ValueName": "Enforce", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DiskQuota.admx", "CategoryName": "DiskQuota", "PolicyName": "DQ_Limit", "Class": "Machine", "NameSpace": "Microsoft.Policies.DiskQuota", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Specify default quota limit and warning level", "ExplainText": "This policy setting specifies the default disk quota limit and warning level for new users of the volume.\n\nThis policy setting determines how much disk space can be used by each user on each of the NTFS file system volumes on a computer. It also specifies the warning level, the point at which the user's status in the Quota Entries window changes to indicate that the user is approaching the disk quota limit.\n\nThis setting overrides new users\u2019 settings for the disk quota limit and warning level on their volumes, and it disables the corresponding options in the \"Select the default quota limit for new users of this volume\" section on the Quota tab.\n\nThis policy setting applies to all new users as soon as they write to the volume. It does not affect disk quota limits for current users, or affect customized limits and warning levels set for particular users (on the Quota tab in Volume Properties).\n\nIf you disable or do not configure this policy setting, the disk space available to users is not limited. The disk quota management feature uses the physical space on each volume as its quota limit and warning level.\n\nWhen you select a limit, remember that the same limit applies to all users on all volumes, regardless of actual volume size. Be sure to set the limit and warning level so that it is reasonable for the range of volumes in the group.\n\nThis policy setting is effective only when disk quota management is enabled on the volume. Also, if disk quotas are not enforced, users can exceed the quota limit you set. When users reach the quota limit, their status in the Quota Entries window changes, but users can continue to write to the volume.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\DiskQuota" ], "Elements": [ { "Type": "Decimal", "ValueName": "Limit", "MinValue": "0", "MaxValue": "1000", "Required": true, "ClientExtension": "{3610eda5-77ef-11d2-8dc5-00c04fa31a66}" }, { "Type": "Enum", "ValueName": "LimitUnits", "Items": [ { "DisplayName": "KB", "Data": "1" }, { "DisplayName": "MB", "Data": "2" }, { "DisplayName": "GB", "Data": "3" }, { "DisplayName": "TB", "Data": "4" }, { "DisplayName": "PB", "Data": "5" }, { "DisplayName": "EB", "Data": "6" } ], "Required": true, "ClientExtension": "{3610eda5-77ef-11d2-8dc5-00c04fa31a66}" }, { "Type": "Decimal", "ValueName": "Threshold", "MinValue": "0", "MaxValue": "1000", "Required": true, "ClientExtension": "{3610eda5-77ef-11d2-8dc5-00c04fa31a66}" }, { "Type": "Enum", "ValueName": "ThresholdUnits", "Items": [ { "DisplayName": "KB", "Data": "1" }, { "DisplayName": "MB", "Data": "2" }, { "DisplayName": "GB", "Data": "3" }, { "DisplayName": "TB", "Data": "4" }, { "DisplayName": "PB", "Data": "5" }, { "DisplayName": "EB", "Data": "6" } ], "Required": true, "ClientExtension": "{3610eda5-77ef-11d2-8dc5-00c04fa31a66}" } ] }, { "File": "DiskQuota.admx", "CategoryName": "DiskQuota", "PolicyName": "DQ_LogEventOverLimit", "Class": "Machine", "NameSpace": "Microsoft.Policies.DiskQuota", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Log event when quota limit is exceeded", "ExplainText": "This policy setting determines whether the system records an event in the local Application log when users reach their disk quota limit on a volume, and prevents users from changing the logging setting.\n\nIf you enable this policy setting, the system records an event when the user reaches their limit. If you disable this policy setting, no event is recorded. Also, when you enable or disable this policy setting, the system disables the \"Log event when a user exceeds their quota limit\" option on the Quota tab, so administrators cannot change the setting while a setting is in effect.\n\nIf you do not configure this policy setting, no events are recorded, but administrators can use the Quota tab option to change the setting.\n\nThis policy setting is independent of the enforcement policy settings for disk quotas. As a result, you can direct the system to log an event, regardless of whether or not you choose to enforce the disk quota limit.\n\nAlso, this policy setting does not affect the Quota Entries window on the Quota tab. Even without the logged event, users can detect that they have reached their limit, because their status in the Quota Entries window changes.\n\nNote: To find the logging option, in My Computer, right-click the name of an NTFS file system volume, click Properties, and then click the Quota tab.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\DiskQuota" ], "ClientExtension": "{3610eda5-77ef-11d2-8dc5-00c04fa31a66}", "ValueName": "LogEventOverLimit", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DiskQuota.admx", "CategoryName": "DiskQuota", "PolicyName": "DQ_LogEventOverThreshold", "Class": "Machine", "NameSpace": "Microsoft.Policies.DiskQuota", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Log event when quota warning level is exceeded", "ExplainText": "This policy setting determines whether the system records an event in the Application log when users reach their disk quota warning level on a volume.\n\nIf you enable this policy setting, the system records an event. If you disable this policy setting, no event is recorded. When you enable or disable this policy setting, the system disables the corresponding \"Log event when a user exceeds their warning level\" option on the Quota tab so that administrators cannot change logging while a policy setting is in effect.\n\nIf you do not configure this policy setting, no event is recorded, but administrators can use the Quota tab option to change the logging setting.\n\nThis policy setting does not affect the Quota Entries window on the Quota tab. Even without the logged event, users can detect that they have reached their warning level because their status in the Quota Entries window changes.\n\nNote: To find the logging option, in My Computer, right-click the name of an NTFS file system volume, click Properties, and then click the Quota tab.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\DiskQuota" ], "ClientExtension": "{3610eda5-77ef-11d2-8dc5-00c04fa31a66}", "ValueName": "LogEventOverThreshold", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DiskQuota.admx", "CategoryName": "DiskQuota", "PolicyName": "DQ_RemovableMedia", "Class": "Machine", "NameSpace": "Microsoft.Policies.DiskQuota", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Apply policy to removable media", "ExplainText": "This policy setting extends the disk quota policies in this folder to NTFS file system volumes on removable media.\n\nIf you disable or do not configure this policy setting, the disk quota policies established in this folder apply to fixed-media NTFS volumes only. Note: When this policy setting is applied, the computer will apply the disk quota to both fixed and removable media.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\DiskQuota" ], "ClientExtension": "{3610eda5-77ef-11d2-8dc5-00c04fa31a66}", "ValueName": "ApplyToRemovableMedia", "Elements": [] }, { "File": "Display.admx", "CategoryName": "DisplayCat", "PolicyName": "DisplayTurnOnGdiDPIScaling", "Class": "Machine", "NameSpace": "Microsoft.Policies.Display", "Supported": "Windows_10_0_RS2 - At least Windows Server 2016, Windows 10 Version 1703", "DisplayName": "Turn on GdiDPIScaling for applications", "ExplainText": "GDI DPI Scaling enables applications that are not DPI aware to become per monitor DPI aware.\n\nThis policy setting lets you specify legacy applications that have GDI DPI Scaling turned on.\n\nIf you enable this policy setting, GDI DPI Scaling is turned on for all legacy applications in the list.\n\nIf you disable or do not configure this policy setting, GDI DPI Scaling will not be enabled for an application except when an application is enabled by using ApplicationCompatibility database, ApplicationCompatibility UI System (Enhanced) setting, or an application manifest.\n\nIf GDI DPI Scaling is configured to both turn off and turn on an application, the application will be turned off.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Display" ], "Elements": [ { "Type": "Text", "ValueName": "EnableGdiDPIScaling", "Required": true } ] }, { "File": "Display.admx", "CategoryName": "DisplayCat", "PolicyName": "DisplayConfigureMultipleDisplayMode", "Class": "Machine", "NameSpace": "Microsoft.Policies.Display", "Supported": "Windows_11_0_24H2 - At least Windows 11 Version 24H2", "DisplayName": "Configure Multiple Display Mode", "ExplainText": "Enabling this policy allows to override the default behavior when connecting an additional monitor. It allows control over whether the display will automatically clone (mirror) the primary screen or extend the desktop.\nExtend expands the display onto the second monitor allowing to have different content on each screen. Clone duplicates the primary display onto the second monitor showing the same content on both screens. Internal Default uses the system's default behavior determined by Windows Settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Display" ], "Elements": [ { "Type": "Enum", "ValueName": "DefaultTopologySetting", "Items": [ { "DisplayName": "Default", "Data": "0" }, { "DisplayName": "Internal Only", "Data": "1" }, { "DisplayName": "External Only", "Data": "2" }, { "DisplayName": "Clone", "Data": "3" }, { "DisplayName": "Extend", "Data": "4" } ], "KeyPath": [ "HKLM\\System\\CurrentControlSet\\Control\\GraphicsDrivers\\Configuration" ] } ] }, { "File": "Display.admx", "CategoryName": "DisplayCat", "PolicyName": "DisplaySetClonePreferredResolutionSource", "Class": "Machine", "NameSpace": "Microsoft.Policies.Display", "Supported": "Windows_11_0_24H2 - At least Windows 11 Version 24H2", "DisplayName": "Set Cloned Monitor Preferred Resolution Source", "ExplainText": "Enabling this policy allows to override the default behavior when connecting an additional monitor. It allows control over whether a cloned display prioritizes the internal or external monitor i.e. setting its preferred resolution source.\nInternal sets the resolution of the main display as the source on both screens. External sets the resolution of the connected (external) display as the source on both screens. Default uses the system's default behavior determined by Windows Settings.", "KeyPath": [ "HKLM\\System\\CurrentControlSet\\Control\\GraphicsDrivers\\Configuration" ], "Elements": [ { "Type": "Enum", "ValueName": "DefaultCloneResolutionSetting", "Items": [ { "DisplayName": "Default", "Data": "0" }, { "DisplayName": "Internal", "Data": "1" }, { "DisplayName": "External", "Data": "2" } ], "KeyPath": [ "HKLM\\System\\CurrentControlSet\\Control\\GraphicsDrivers\\Configuration" ] } ] }, { "File": "Display.admx", "CategoryName": "DisplayCat", "PolicyName": "DisplayTurnOffGdiDPIScaling", "Class": "Machine", "NameSpace": "Microsoft.Policies.Display", "Supported": "Windows_10_0_RS2 - At least Windows Server 2016, Windows 10 Version 1703", "DisplayName": "Turn off GdiDPIScaling for applications", "ExplainText": "GDI DPI Scaling enables applications that are not DPI aware to become per monitor DPI aware.\n\nThis policy setting lets you specify legacy applications that have GDI DPI Scaling turned off.\n\nIf you enable this policy setting, GDI DPI Scaling is turned off for all applications in the list, even if they are enabled by using ApplicationCompatibility database, ApplicationCompatibility UI System (Enhanced) setting, or an application manifest.\n\nIf you disable or do not configure this policy setting, GDI DPI Scaling might still be turned on for legacy applications.\n\nIf GDI DPI Scaling is configured to both turn off and turn on an application, the application will be turned off.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Display" ], "Elements": [ { "Type": "Text", "ValueName": "DisableGdiDPIScaling", "Required": true } ] }, { "File": "Display.admx", "CategoryName": "DisplayCat", "PolicyName": "DisplayPerProcessSystemDpiSettings", "Class": "Both", "NameSpace": "Microsoft.Policies.Display", "Supported": "Windows_10_0_RS4 - At least Windows Server 2016, Windows 10 Version 1803", "DisplayName": "Configure Per-Process System DPI settings", "ExplainText": "Per Process System DPI is an application compatibility feature for desktop applications that do not render properly after a display-scale factor (DPI) change. When the display scale factor of the primary display changes (which can happen when you connect or disconnect a display that has a different display scale factor (DPI), connect remotely from a device with a different display scale factor, or manually change the display scale factor), many desktop applications can display blurry. Desktop applications that have not been updated to display properly in this scenario will be blurry until the user logs out and back in to Windows.\n\nWhen you enable this policy some blurry applications will be crisp after they are restarted, without requiring the user to log out and back in to Windows.\n\nBe aware of the following:\n\nPer Process System DPI will only improve the rendering of desktop applications that are positioned on the primary display. Some desktop applications can still be blurry on secondary displays that have different display scale factors.\n\nPer Process System DPI will not work for all applications as some older desktop applications will always be blurry on high DPI displays.\n\nIn some cases, you may see some odd behavior in some desktop applications. If that happens, Per Process System DPI should be disabled.\n\nEnabling this setting lets you specify the system-wide default for desktop applications as well as per-application overrides. If you disable or do not configure this setting, Per Process System DPI will not apply to any processes on the system.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Display", "HKCU\\Software\\Policies\\Microsoft\\Windows\\Display" ], "Elements": [ { "Type": "Enum", "ValueName": "EnablePerProcessSystemDPI", "Items": [ { "DisplayName": "Enable", "Data": "1" }, { "DisplayName": "Disable", "Data": "0" } ], "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Control Panel\\Desktop", "HKCU\\Software\\Policies\\Microsoft\\Windows\\Control Panel\\Desktop" ] }, { "Type": "Text", "ValueName": "EnablePerProcessSystemDPIForProcesses" }, { "Type": "Text", "ValueName": "DisablePerProcessSystemDPIForProcesses" } ] }, { "File": "DistributedLinkTracking.admx", "CategoryName": "System", "PolicyName": "DLT_AllowDomainMode", "Class": "Machine", "NameSpace": "Microsoft.Policies.DistributedLinkTracking", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Allow Distributed Link Tracking clients to use domain resources", "ExplainText": "Specifies that Distributed Link Tracking clients in this domain may use the Distributed Link Tracking (DLT) server, which runs on domain controllers. The DLT client enables programs to track linked files that are moved within an NTFS volume, to another NTFS volume on the same computer, or to an NTFS volume on another computer. The DLT client can more reliably track links when allowed to use the DLT server. This policy should not be set unless the DLT server is running on all domain controllers in the domain.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "DLT_AllowDomainMode", "Elements": [] }, { "File": "DmaGuard.admx", "CategoryName": "DmaGuard", "PolicyName": "DmaGuardEnumerationPolicy", "Class": "Machine", "NameSpace": "Microsoft.Policies.DmaGuard", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Enumeration policy for external devices incompatible with Kernel DMA Protection", "ExplainText": "Enumeration policy for external DMA-capable devices incompatible with DMA remapping. This policy only takes effect when Kernel DMA Protection is enabled and supported by the system. Note: this policy does not apply to 1394, PCMCIA or ExpressCard devices.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Kernel DMA Protection" ], "Elements": [ { "Type": "Enum", "ValueName": "DeviceEnumerationPolicy", "Items": [ { "DisplayName": "Block all", "Data": "0" }, { "DisplayName": "Only while logged in (default)", "Data": "1" }, { "DisplayName": "Allow all", "Data": "2" } ] } ] }, { "File": "DnsClient.admx", "CategoryName": "DNS_Client", "PolicyName": "DNS_Domain", "Class": "Machine", "NameSpace": "Microsoft.Policies.DNSClient", "Supported": "WindowsXPOnly - Windows XP Professional only", "DisplayName": "Connection-specific DNS suffix", "ExplainText": "Specifies a connection-specific DNS suffix. This policy setting supersedes local connection-specific DNS suffixes, and those configured using DHCP.\n\nTo use this policy setting, click Enabled, and then enter a string value representing the DNS suffix.\n\nIf you enable this policy setting, the DNS suffix that you enter will be applied to all network connections used by the DNS client.\n\nIf you disable this policy setting, or if you do not configure this policy setting, the DNS client will use the local or DHCP supplied connection specific DNS suffix, if configured.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient" ], "Elements": [ { "Type": "Text", "ValueName": "AdapterDomainName", "Required": true } ] }, { "File": "DnsClient.admx", "CategoryName": "DNS_Client", "PolicyName": "DNS_NameServer", "Class": "Machine", "NameSpace": "Microsoft.Policies.DNSClient", "Supported": "WindowsXPOnly - Windows XP Professional only", "DisplayName": "DNS servers", "ExplainText": "Defines the DNS servers to which the DNS client sends queries when it attempts to resolve names. This policy setting supersedes the list of DNS servers configured locally and those configured using DHCP.\n\nTo use this policy setting, click Enabled, and then enter a space-delimited list of IP addresses in the available field. To use this policy setting, you must enter at least one IP address.\n\nIf you enable this policy setting, the list of DNS servers is applied to all network connections used by the DNS client.\n\nIf you disable this policy setting, or if you do not configure this policy setting, the DNS client will use the local or DHCP supplied list of DNS servers, if configured.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient" ], "Elements": [ { "Type": "Text", "ValueName": "NameServer", "Required": true } ] }, { "File": "DnsClient.admx", "CategoryName": "DNS_Client", "PolicyName": "DNS_PrimaryDnsSuffix", "Class": "Machine", "NameSpace": "Microsoft.Policies.DNSClient", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Primary DNS suffix", "ExplainText": "Specifies the primary DNS suffix used by the DNS client in DNS name registration and DNS name resolution.\n\nTo use this policy setting, click Enabled and enter the entire primary DNS suffix you want to assign. For example: microsoft.com.\n\nImportant: In order for changes to this policy setting to be applied on the DNS client, you must restart Windows.\n\nIf you enable this policy setting, it supersedes the primary DNS suffix configured in the DNS Suffix and NetBIOS Computer Name dialog box using the System control panel.\n\nYou can use this policy setting to prevent users, including local administrators, from changing the primary DNS suffix.\n\nIf you disable this policy setting, or if you do not configure this policy setting, the DNS client uses the local primary DNS suffix, which is usually the DNS name of Active Directory domain to which it is joined.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\System\\DNSClient" ], "Elements": [ { "Type": "Text", "ValueName": "NV PrimaryDnsSuffix" } ] }, { "File": "DnsClient.admx", "CategoryName": "DNS_Client", "PolicyName": "DNS_RegisterAdapterName", "Class": "Machine", "NameSpace": "Microsoft.Policies.DNSClient", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Register DNS records with connection-specific DNS suffix", "ExplainText": "Specifies if the DNS client performing dynamic DNS registration will register A and PTR resource records with a concatenation of its computer name and a connection-specific DNS suffix, in addition to registering these records with a concatenation of its computer name and the primary DNS suffix.\n\nBy default, a DNS client performing dynamic DNS registration registers A and PTR resource records with a concatenation of its computer name and the primary DNS suffix. For example, a computer name of mycomputer and a primary DNS suffix of microsoft.com will be registered as: mycomputer.microsoft.com.\n\nIf you enable this policy setting, the DNS client will register A and PTR resource records with its connection-specific DNS suffix, in addition to the primary DNS suffix. This applies to all network connections used by the DNS client.\n\nFor example, with a computer name of mycomputer, a primary DNS suffix of microsoft.com, and a connection specific DNS suffix of VPNconnection, the DNS client will register A and PTR resource records for mycomputer.VPNconnection and mycomputer.microsoft.com when this policy setting is enabled.\n\nImportant: This policy setting is ignored by the DNS client if dynamic DNS registration is disabled.\n\nIf you disable this policy setting, or if you do not configure this policy setting, the DNS client will not register any A and PTR resource records using a connection-specific DNS suffix.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient" ], "ValueName": "RegisterAdapterName", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DnsClient.admx", "CategoryName": "DNS_Client", "PolicyName": "DNS_RegisterReverseLookup", "Class": "Machine", "NameSpace": "Microsoft.Policies.DNSClient", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Register PTR records", "ExplainText": "Specifies if the DNS client will register PTR resource records.\n\nBy default, DNS clients configured to perform dynamic DNS registration will attempt to register PTR resource record only if they successfully registered the corresponding A resource record.\n\nIf you enable this policy setting, registration of PTR records will be determined by the option that you choose under Register PTR records.\n\nTo use this policy setting, click Enabled, and then select one of the following options from the drop-down list:\n\nDo not register: the DNS client will not attempt to register PTR resource records.\n\nRegister: the DNS client will attempt to register PTR resource records even if registration of the corresponding A records was not successful.\n\nRegister only if A record registration succeeds: the DNS client will attempt to register PTR resource records only if registration of the corresponding A records was successful.\n\nIf you disable this policy setting, or if you do not configure this policy setting, the DNS client will use locally configured settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient" ], "Elements": [ { "Type": "Enum", "ValueName": "RegisterReverseLookup", "Items": [ { "DisplayName": "Register only if A record registration succeeds", "Data": "2" }, { "DisplayName": "Register", "Data": "1" }, { "DisplayName": "Do not register", "Data": "0" } ], "Required": true } ] }, { "File": "DnsClient.admx", "CategoryName": "DNS_Client", "PolicyName": "DNS_Doh", "Class": "Machine", "NameSpace": "Microsoft.Policies.DNSClient", "Supported": "Windows_10_0_20H2_SERVER_20H2 - At least Windows Server 20H2, Windows 10 Version 20H2", "DisplayName": "Configure encrypted name resolution", "ExplainText": "Specifies if the DNS client will perform name resolution over encrypted protocols.\n\nBy default, the DNS client will do classic DNS name resolution (over UDP or TCP port 53). This setting can enhance the DNS client to use encrypted protocols to resolve domain names.\n\nTo use this policy setting, click Enabled, and then select one of the following options from the drop-down list:\n\nProhibit encryption: no encrypted name resolution will be performed.\n\nAllow encryption: Use encrypted name resolution if the configured servers support it. If they don't support it, try classic name resolution.\n\nRequire encryption: Allow only encrypted name resolution. If there are no configured DNS servers that handle encryption, name resolution will fail.\n\nIn addition to the generic encryption policy, additional policies can be configured at the individual protocol level.\n\nFor example, in order to force DoT name resolution only, a combination of \"Require encryption\" and \"Block DoH\" would be needed (vice versa to force DoH).\n\nFor the example above, it is the admin's responsibility to ensure that if DoT is forced, there are valid DoT servers configured on the machine (vice versa for DoH).\n\nIf you disable this policy setting, or if you do not configure this policy setting, the DNS client will use locally configured settings. DDR (Discovery of Designated Resolvers) plaintext traffic will be allowed as it is necessary for auto-discovering encryption settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient" ], "Elements": [ { "Type": "Enum", "ValueName": "DoHPolicy", "Items": [ { "DisplayName": "Require encryption", "Data": "3" }, { "DisplayName": "Allow encryption", "Data": "2" }, { "DisplayName": "Prohibit encryption", "Data": "1" } ], "Required": true }, { "Type": "Enum", "ValueName": "DohPolicySetting", "Items": [ { "DisplayName": "Allow DoH", "Data": "0" }, { "DisplayName": "Block DoH", "Data": "1" } ], "Required": true }, { "Type": "Enum", "ValueName": "DotPolicySetting", "Items": [ { "DisplayName": "Allow DoT", "Data": "0" }, { "DisplayName": "Block DoT", "Data": "1" } ], "Required": true } ] }, { "File": "DnsClient.admx", "CategoryName": "DNS_Client", "PolicyName": "DNS_Ddr", "Class": "Machine", "NameSpace": "Microsoft.Policies.DNSClient", "Supported": "Windows_11_0_23H2 - At least Windows 11 Version 23H2", "DisplayName": "Configure Discovery of Designated Resolvers (DDR) protocol", "ExplainText": "Specifies if the DNS client would use the DDR protocol.\n\nThe Discovery of Designated Resolvers (DDR) protocol allows Windows to move from unencrypted DNS to encrypted DNS when only the IP address of a resolver is known.\n\nIf you enable this policy, the DNS client will use the DDR protocol.\n\nIf you disable this policy setting, or if you do not configure this policy setting, the DNS client will use locally configured settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient" ], "ValueName": "EnableDdr", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DnsClient.admx", "CategoryName": "DNS_Client", "PolicyName": "DNS_MDNS", "Class": "Machine", "NameSpace": "Microsoft.Policies.DNSClient", "Supported": "Windows_10_0_RS2 - At least Windows Server 2016, Windows 10 Version 1703", "DisplayName": "Configure multicast DNS (mDNS) protocol", "ExplainText": "Specifies if the DNS client will perform name resolution over mDNS.\n\nIf you enable this policy, the DNS client will use mDNS protocol.\n\nIf you disable this policy setting, or if you do not configure this policy setting, the DNS client will use locally configured settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient" ], "ValueName": "EnableMDNS", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DnsClient.admx", "CategoryName": "DNS_Client", "PolicyName": "DNS_Netbios", "Class": "Machine", "NameSpace": "Microsoft.Policies.DNSClient", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Configure NetBIOS settings", "ExplainText": "Specifies if the DNS client will perform name resolution over NetBIOS.\n\nBy default, the DNS client will disable NetBIOS name resolution on public networks for security reasons.\n\nTo use this policy setting, click Enabled, and then select one of the following options from the drop-down list:\n\nDisable NetBIOS name resolution: Never allow NetBIOS name resolution.\n\nAllow NetBIOS name resolution: Always allow NetBIOS name resolution.\n\nDisable NetBIOS name resolution on public networks: Only allow NetBIOS name resolution on network adapters which are not connected to public networks.\n\nNetBIOS learning mode: Always allow NetBIOS name resolution and use it as a fallback after mDNS/LLMNR queries fail.\n\nIf you disable this policy setting, or if you do not configure this policy setting, the DNS client will use locally configured settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient" ], "Elements": [ { "Type": "Enum", "ValueName": "EnableNetbios", "Items": [ { "DisplayName": "Disable NetBIOS name resolution", "Data": "0" }, { "DisplayName": "Allow NetBIOS name resolution", "Data": "1" }, { "DisplayName": "Disable NetBIOS name resolution on public networks", "Data": "2" }, { "DisplayName": "NetBIOS learning mode", "Data": "3" } ], "Required": true } ] }, { "File": "DnsClient.admx", "CategoryName": "DNS_Client", "PolicyName": "DNS_RegistrationEnabled", "Class": "Machine", "NameSpace": "Microsoft.Policies.DNSClient", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Dynamic update", "ExplainText": "Specifies if DNS dynamic update is enabled. DNS clients configured for DNS dynamic update automatically register and update their DNS resource records with a DNS server.\n\nIf you enable this policy setting, or you do not configure this policy setting, the DNS client will attempt to use dynamic DNS registration on all network connections that have connection-specific dynamic DNS registration enabled. For a dynamic DNS registration to be enabled on a network connection, the connection-specific configuration must allow dynamic DNS registration, and this policy setting must not be disabled.\n\nIf you disable this policy setting, the DNS client may not use dynamic DNS registration for any of their network connections, regardless of the configuration for individual network connections.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient" ], "ValueName": "RegistrationEnabled", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DnsClient.admx", "CategoryName": "DNS_Client", "PolicyName": "DNS_RegistrationOverwritesInConflict", "Class": "Machine", "NameSpace": "Microsoft.Policies.DNSClient", "Supported": "WindowsXPOnly - Windows XP Professional only", "DisplayName": "Replace addresses in conflicts", "ExplainText": "Specifies whether dynamic updates should overwrite existing resource records that contain conflicting IP addresses.\n\nThis policy setting is designed for DNS clients that register address (A) resource records in DNS zones that do not use Secure Dynamic Updates. Secure Dynamic Update preserves ownership of resource records and does not allow a DNS client to overwrite records that are registered by other DNS clients.\n\nDuring dynamic update of resource records in a zone that does not use Secure Dynamic Updates, an A resource record might exist that associates the client's host name with an IP address different than the one currently in use by the client. By default, the DNS client attempts to replace the existing A resource record with an A resource record that has the client's current IP address.\n\nIf you enable this policy setting or if you do not configure this policy setting, DNS clients maintain their default behavior and will attempt to replace conflicting A resource records during dynamic update.\n\nIf you disable this policy setting, existing A resource records that contain conflicting IP addresses will not be replaced during a dynamic update, and an error will be recorded in Event Viewer.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient" ], "ValueName": "RegistrationOverwritesInConflict", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DnsClient.admx", "CategoryName": "DNS_Client", "PolicyName": "DNS_RegistrationRefreshInterval", "Class": "Machine", "NameSpace": "Microsoft.Policies.DNSClient", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Registration refresh interval", "ExplainText": "Specifies the interval used by DNS clients to refresh registration of A and PTR resource. This policy setting only applies DNS clients performing dynamic DNS updates.\n\nDNS clients configured to perform dynamic DNS registration of A and PTR resource records periodically reregister their records with DNS servers, even if the record has not changed. This reregistration is required to indicate to DNS servers that records are current and should not be automatically removed (scavenged) when a DNS server is configured to delete stale records.\n\nWarning: If record scavenging is enabled on the zone, the value of this policy setting should never be longer than the value of the DNS zone refresh interval. Configuring the registration refresh interval to be longer than the refresh interval of the DNS zone might result in the undesired deletion of A and PTR resource records.\n\nTo specify the registration refresh interval, click Enabled and then enter a value of 1800 or greater. The value that you specify is the number of seconds to use for the registration refresh interval. For example, 1800 seconds is 30 minutes.\n\nIf you enable this policy setting, registration refresh interval that you specify will be applied to all network connections used by DNS clients that receive this policy setting.\n\nIf you disable this policy setting, or if you do not configure this policy setting, the DNS client will use the local or DHCP supplied setting. By default, DNS clients configured with a static IP address attempt to update their DNS resource records once every 24 hours and DHCP clients will attempt to update their DNS resource records when a DHCP lease is granted or renewed.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient" ], "Elements": [ { "Type": "Decimal", "ValueName": "RegistrationRefreshInterval", "MinValue": "1800", "MaxValue": "4294967200" } ] }, { "File": "DnsClient.admx", "CategoryName": "DNS_Client", "PolicyName": "DNS_RegistrationTtl", "Class": "Machine", "NameSpace": "Microsoft.Policies.DNSClient", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "TTL value for A and PTR records", "ExplainText": "Specifies the value of the time to live (TTL) field in A and PTR resource records that are registered by the DNS client to which this policy setting is applied.\n\nTo specify the TTL, click Enabled and then enter a value in seconds (for example, 900 is 15 minutes).\n\nIf you enable this policy setting, the TTL value that you specify will be applied to DNS resource records registered for all network connections used by the DNS client.\n\nIf you disable this policy setting, or if you do not configure this policy setting, the DNS client will use the TTL settings specified in DNS. By default, the TTL is 1200 seconds (20 minutes).", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient" ], "Elements": [ { "Type": "Decimal", "ValueName": "RegistrationTtl", "MinValue": "0", "MaxValue": "4294967200" } ] }, { "File": "DnsClient.admx", "CategoryName": "DNS_Client", "PolicyName": "DNS_SearchList", "Class": "Machine", "NameSpace": "Microsoft.Policies.DNSClient", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "DNS suffix search list", "ExplainText": "Specifies the DNS suffixes to attach to an unqualified single-label name before submission of a DNS query for that name.\n\nAn unqualified single-label name contains no dots. The name \"example\" is a single-label name. This is different from a fully qualified domain name such as \"example.microsoft.com.\"\n\nDNS clients that receive this policy setting will attach one or more suffixes to DNS queries for a single-label name. For example, a DNS query for the single-label name \"example\" will be modified to \"example.microsoft.com\" before sending the query to a DNS server if this policy setting is enabled with a suffix of \"microsoft.com.\"\n\nTo use this policy setting, click Enabled, and then enter a string value representing the DNS suffixes that should be appended to single-label names. You must specify at least one suffix. Use a comma-delimited string, such as \"microsoft.com,serverua.microsoft.com,office.microsoft.com\" to specify multiple suffixes.\n\nIf you enable this policy setting, one DNS suffix is attached at a time for each query. If a query is unsuccessful, a new DNS suffix is added in place of the failed suffix, and this new query is submitted. The values are used in the order they appear in the string, starting with the leftmost value and proceeding to the right until a query is successful or all suffixes are tried.\n\nIf you disable this policy setting, or if you do not configure this policy setting, the primary DNS suffix and network connection-specific DNS suffixes are appended to the unqualified queries.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient" ], "Elements": [ { "Type": "Text", "ValueName": "SearchList", "Required": true } ] }, { "File": "DnsClient.admx", "CategoryName": "DNS_Client", "PolicyName": "DNS_UpdateSecurityLevel", "Class": "Machine", "NameSpace": "Microsoft.Policies.DNSClient", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Update security level", "ExplainText": "Specifies the security level for dynamic DNS updates.\n\nTo use this policy setting, click Enabled and then select one of the following values:\n\nUnsecure followed by secure - the DNS client sends secure dynamic updates only when nonsecure dynamic updates are refused.\n\nOnly unsecure - the DNS client sends only nonsecure dynamic updates.\n\nOnly secure - The DNS client sends only secure dynamic updates.\n\nIf you enable this policy setting, DNS clients that attempt to send dynamic DNS updates will use the security level that you specify in this policy setting.\n\nIf you disable this policy setting, or if you do not configure this policy setting, DNS clients will use local settings. By default, DNS clients attempt to use unsecured dynamic update first. If an unsecured update is refused, clients try to use secure update.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient" ], "Elements": [ { "Type": "Enum", "ValueName": "UpdateSecurityLevel", "Items": [ { "DisplayName": "Only secure", "Data": "256" }, { "DisplayName": "Only unsecure", "Data": "16" }, { "DisplayName": "Unsecure followed by secure", "Data": "0" } ], "Required": true } ] }, { "File": "DnsClient.admx", "CategoryName": "DNS_Client", "PolicyName": "DNS_UpdateTopLevelDomainZones", "Class": "Machine", "NameSpace": "Microsoft.Policies.DNSClient", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Update top level domain zones", "ExplainText": "Specifies if the DNS client may send dynamic updates to zones with a single label name. These zones are also known as top-level domain zones, for example: \"com.\"\n\nBy default, a DNS client that is configured to perform dynamic DNS update will update the DNS zone that is authoritative for its DNS resource records unless the authoritative zone is a top-level domain or root zone.\n\nIf you enable this policy setting, the DNS client sends dynamic updates to any zone that is authoritative for the resource records that the DNS client needs to update, except the root zone.\n\nIf you disable this policy setting, or if you do not configure this policy setting, the DNS client does not send dynamic updates to the root zone or top-level domain zones that are authoritative for the resource records that the DNS client needs to update.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient" ], "ValueName": "UpdateTopLevelDomainZones", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DnsClient.admx", "CategoryName": "DNS_Client", "PolicyName": "DNS_UseDomainNameDevolution", "Class": "Machine", "NameSpace": "Microsoft.Policies.DNSClient", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Primary DNS suffix devolution", "ExplainText": "Specifies if the DNS client performs primary DNS suffix devolution during the name resolution process.\n\nWith devolution, a DNS client creates queries by appending a single-label, unqualified domain name with the parent suffix of the primary DNS suffix name, and the parent of that suffix, and so on, stopping if the name is successfully resolved or at a level determined by devolution settings. Devolution can be used when a user or application submits a query for a single-label domain name.\n\nThe DNS client appends DNS suffixes to the single-label, unqualified domain name based on the state of the Append primary and connection specific DNS suffixes radio button and Append parent suffixes of the primary DNS suffix check box on the DNS tab in Advanced TCP/IP Settings for the Internet Protocol (TCP/IP) Properties dialog box.\n\nDevolution is not enabled if a global suffix search list is configured using Group Policy.\n\nIf a global suffix search list is not configured, and the Append primary and connection specific DNS suffixes radio button is selected, the DNS client appends the following names to a single-label name when it sends DNS queries:\n\nThe primary DNS suffix, as specified on the Computer Name tab of the System control panel.\n\nEach connection-specific DNS suffix, assigned either through DHCP or specified in the DNS suffix for this connection box on the DNS tab in the Advanced TCP/IP Settings dialog box for each connection.\n\nFor example, when a user submits a query for a single-label name such as \"example,\" the DNS client attaches a suffix such as \"microsoft.com\" resulting in the query \"example.microsoft.com,\" before sending the query to a DNS server.\n\nIf a DNS suffix search list is not specified, the DNS client attaches the primary DNS suffix to a single-label name. If this query fails, the connection-specific DNS suffix is attached for a new query. If none of these queries are resolved, the client devolves the primary DNS suffix of the DNS client (drops the leftmost label of the primary DNS suffix), attaches this devolved primary DNS suffix to the single-label name, and submits this new query to a DNS server.\n\nFor example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the non-dot-terminated single-label name \"example,\" and the DNS query for example.ooo.aaa.microsoft.com fails, the DNS client devolves the primary DNS suffix (drops the leftmost label) till the specified devolution level, and submits a query for example.aaa.microsoft.com. If this query fails, the primary DNS suffix is devolved further if it is under specified devolution level and the query example.microsoft.com is submitted. If this query fails, devolution continues if it is under specified devolution level and the query example.microsoft.com is submitted, corresponding to a devolution level of two. The primary DNS suffix cannot be devolved beyond a devolution level of two. The devolution level can be configured using the primary DNS suffix devolution level policy setting. The default devolution level is two.\n\nIf you enable this policy setting, or if you do not configure this policy setting, DNS clients attempt to resolve single-label names using concatenations of the single-label name to be resolved and the devolved primary DNS suffix.\n\nIf you disable this policy setting, DNS clients do not attempt to resolve names that are concatenations of the single-label name to be resolved and the devolved primary DNS suffix.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient" ], "ValueName": "UseDomainNameDevolution", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DnsClient.admx", "CategoryName": "DNS_Client", "PolicyName": "DNS_DomainNameDevolutionLevel", "Class": "Machine", "NameSpace": "Microsoft.Policies.DNSClient", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Primary DNS suffix devolution level", "ExplainText": "Specifies if the devolution level that DNS clients will use if they perform primary DNS suffix devolution during the name resolution process.\n\nWith devolution, a DNS client creates queries by appending a single-label, unqualified domain name with the parent suffix of the primary DNS suffix name, and the parent of that suffix, and so on, stopping if the name is successfully resolved or at a level determined by devolution settings. Devolution can be used when a user or application submits a query for a single-label domain name.\n\nThe DNS client appends DNS suffixes to the single-label, unqualified domain name based on the state of the Append primary and connection specific DNS suffixes radio button and Append parent suffixes of the primary DNS suffix check box on the DNS tab in Advanced TCP/IP Settings for the Internet Protocol (TCP/IP) Properties dialog box.\n\nDevolution is not enabled if a global suffix search list is configured using Group Policy.\n\nIf a global suffix search list is not configured, and the Append primary and connection specific DNS suffixes radio button is selected, the DNS client appends the following names to a single-label name when it sends DNS queries:\n\nThe primary DNS suffix, as specified on the Computer Name tab of the System control panel.\n\nEach connection-specific DNS suffix, assigned either through DHCP or specified in the DNS suffix for this connection box on the DNS tab in the Advanced TCP/IP Settings dialog box for each connection.\n\nFor example, when a user submits a query for a single-label name such as \"example,\" the DNS client attaches a suffix such as \"microsoft.com\" resulting in the query \"example.microsoft.com,\" before sending the query to a DNS server.\n\nIf a DNS suffix search list is not specified, the DNS client attaches the primary DNS suffix to a single-label name. If this query fails, the connection-specific DNS suffix is attached for a new query. If none of these queries are resolved, the client devolves the primary DNS suffix of the DNS client (drops the leftmost label of the primary DNS suffix), attaches this devolved primary DNS suffix to the single-label name, and submits this new query to a DNS server.\n\nFor example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the non-dot-terminated single-label name \"example,\" and the DNS query for example.ooo.aaa.microsoft.com fails, the DNS client devolves the primary DNS suffix (drops the leftmost label) till the specified devolution level, and submits a query for example.aaa.microsoft.com. If this query fails, the primary DNS suffix is devolved further if it is under specified devolution level and the query example.microsoft.com is submitted. If this query fails, devolution continues if it is under specified devolution level and the query example.microsoft.com is submitted, corresponding to a devolution level of two. The primary DNS suffix cannot be devolved beyond a devolution level of two. The devolution level can be configured using this policy setting. The default devolution level is two.\n\nIf you enable this policy setting and DNS devolution is also enabled, DNS clients use the DNS devolution level that you specify.\n\nIf this policy setting is disabled, or if this policy setting is not configured, DNS clients use the default devolution level of two provided that DNS devolution is enabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient\\EnableDevolutionLevelControl" ], "Elements": [ { "Type": "Decimal", "ValueName": "DomainNameDevolutionLevel", "MinValue": "2", "MaxValue": "4294967200" } ] }, { "File": "DnsClient.admx", "CategoryName": "DNS_Client", "PolicyName": "Turn_Off_Multicast", "Class": "Machine", "NameSpace": "Microsoft.Policies.DNSClient", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn off multicast name resolution", "ExplainText": "Specifies that link local multicast name resolution (LLMNR) is disabled on the DNS client.\n\nLLMNR is a secondary name resolution protocol. With LLMNR, queries are sent using multicast over a local network link on a single subnet from a DNS client to another DNS client on the same subnet that also has LLMNR enabled. LLMNR does not require a DNS server or DNS client configuration, and provides name resolution in scenarios in which conventional DNS name resolution is not possible.\n\nIf you enable this policy setting, LLMNR will be disabled on all available network adapters on the DNS client.\n\nIf you disable this policy setting, or you do not configure this policy setting, LLMNR will be enabled on all available network adapters.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient" ], "ValueName": "EnableMulticast", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "DnsClient.admx", "CategoryName": "DNS_Client", "PolicyName": "DNS_AppendToMultiLabelName", "Class": "Machine", "NameSpace": "Microsoft.Policies.DNSClient", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Allow DNS suffix appending to unqualified multi-label name queries", "ExplainText": "Specifies that the DNS client may attach suffixes to an unqualified multi-label name before sending subsequent DNS queries if the original name query fails.\n\nA name containing dots, but not dot-terminated, is called an unqualified multi-label name, for example \"server.corp\" is an unqualified multi-label name. The name \"server.corp.contoso.com.\" is an example of a fully qualified name because it contains a terminating dot.\n\nFor example, if attaching suffixes is allowed, an unqualified multi-label name query for \"server.corp\" will be queried by the DNS client first. If the query succeeds, the response is returned to the client. If the query fails, the unqualified multi-label name is appended with DNS suffixes. These suffixes can be derived from a combination of the local DNS client's primary domain suffix, a connection-specific domain suffix, and a DNS suffix search list.\n\nIf attaching suffixes is allowed, and a DNS client with a primary domain suffix of \"contoso.com\" performs a query for \"server.corp\" the DNS client will send a query for \"server.corp\" first, and then a query for \"server.corp.contoso.com.\" second if the first query fails.\n\nIf you enable this policy setting, suffixes are allowed to be appended to an unqualified multi-label name if the original name query fails.\n\nIf you disable this policy setting, no suffixes are appended to unqualified multi-label name queries if the original name query fails.\n\nIf you do not configure this policy setting, the DNS client will use its local settings to determine the query behavior for unqualified multi-label names.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient" ], "ValueName": "AppendToMultiLabelName", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DnsClient.admx", "CategoryName": "DNS_Client", "PolicyName": "DNS_SmartMultiHomedNameResolution", "Class": "Machine", "NameSpace": "Microsoft.Policies.DNSClient", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Turn off smart multi-homed name resolution", "ExplainText": "Specifies that a multi-homed DNS client should optimize name resolution across networks. The setting improves performance by issuing parallel DNS, link local multicast name resolution (LLMNR) and NetBIOS over TCP/IP (NetBT) queries across all networks. In the event that multiple positive responses are received, the network binding order is used to determine which response to accept.\n\nIf you enable this policy setting, the DNS client will not perform any optimizations. DNS queries will be issued across all networks first. LLMNR queries will be issued if the DNS queries fail, followed by NetBT queries if LLMNR queries fail.\n\nIf you disable this policy setting, or if you do not configure this policy setting, name resolution will be optimized when issuing DNS, LLMNR and NetBT queries.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient" ], "ValueName": "DisableSmartNameResolution", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DnsClient.admx", "CategoryName": "DNS_Client", "PolicyName": "DNS_SmartProtocolReorder", "Class": "Machine", "NameSpace": "Microsoft.Policies.DNSClient", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Turn off smart protocol reordering", "ExplainText": "Specifies that the DNS client should prefer responses from link local name resolution protocols on non-domain networks over DNS responses when issuing queries for flat names. Examples of link local name resolution protocols include link local multicast name resolution (LLMNR) and NetBIOS over TCP/IP (NetBT).\n\nIf you enable this policy setting, the DNS client will prefer DNS responses, followed by LLMNR, followed by NetBT for all networks.\n\nIf you disable this policy setting, or if you do not configure this policy setting, the DNS client will prefer link local responses for flat name queries on non-domain networks.\n\nNote: This policy setting is applicable only if the turn off smart multi-homed name resolution policy setting is disabled or not configured.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient" ], "ValueName": "DisableSmartProtocolReordering", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DnsClient.admx", "CategoryName": "DNS_Client", "PolicyName": "DNS_AllowFQDNNetBiosQueries", "Class": "Machine", "NameSpace": "Microsoft.Policies.DNSClient", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Allow NetBT queries for fully qualified domain names", "ExplainText": "Specifies that NetBIOS over TCP/IP (NetBT) queries are issued for fully qualified domain names.\n\nIf you enable this policy setting, NetBT queries will be issued for multi-label and fully qualified domain names such as \"www.example.com\" in addition to single-label names.\n\nIf you disable this policy setting, or if you do not configure this policy setting, NetBT queries will only be issued for single-label names such as \"example\" and not for multi-label and fully qualified domain names.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient" ], "ValueName": "QueryNetBTFQDN", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DnsClient.admx", "CategoryName": "DNS_Client", "PolicyName": "DNS_PreferLocalResponsesOverLowerOrderDns", "Class": "Machine", "NameSpace": "Microsoft.Policies.DNSClient", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Prefer link local responses over DNS when received over a network with higher precedence", "ExplainText": "Specifies that responses from link local name resolution protocols received over a network interface that is higher in the binding order are preferred over DNS responses from network interfaces lower in the binding order. Examples of link local name resolution protocols include link local multicast name resolution (LLMNR) and NetBIOS over TCP/IP (NetBT).\n\nIf you enable this policy setting, responses from link local protocols will be preferred over DNS responses if the local responses are from a network with a higher binding order.\n\nIf you disable this policy setting, or if you do not configure this policy setting, then DNS responses from networks lower in the binding order will be preferred over responses from link local protocols received from networks higher in the binding order.\n\nNote: This policy setting is applicable only if the turn off smart multi-homed name resolution policy setting is disabled or not configured.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient" ], "ValueName": "PreferLocalOverLowerBindingDNS", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DnsClient.admx", "CategoryName": "DNS_Client", "PolicyName": "DNS_IdnEncoding", "Class": "Machine", "NameSpace": "Microsoft.Policies.DNSClient", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Turn off IDN encoding", "ExplainText": "Specifies whether the DNS client should convert internationalized domain names (IDNs) to Punycode when the DNS client is on non-domain networks with no WINS servers configured.\n\nIf this policy setting is enabled, IDNs are not converted to Punycode.\n\nIf this policy setting is disabled, or if this policy setting is not configured, IDNs are converted to Punycode when the DNS client is on non-domain networks with no WINS servers configured.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient" ], "ValueName": "DisableIdnEncoding", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DnsClient.admx", "CategoryName": "DNS_Client", "PolicyName": "DNS_IdnMapping", "Class": "Machine", "NameSpace": "Microsoft.Policies.DNSClient", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "IDN mapping", "ExplainText": "Specifies whether the DNS client should convert internationalized domain names (IDNs) to the Nameprep form, a canonical Unicode representation of the string.\n\nIf this policy setting is enabled, IDNs are converted to the Nameprep form.\n\nIf this policy setting is disabled, or if this policy setting is not configured, IDNs are not converted to the Nameprep form.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient" ], "ValueName": "EnableIdnMapping", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DnsClient.admx", "CategoryName": "DNS_Client", "PolicyName": "DNS_TurnOffIPv6DefaultDnsServers", "Class": "Machine", "NameSpace": "Microsoft.Policies.DNSClient", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Turn off default IPv6 DNS Servers", "ExplainText": "If you enable this policy, the DNS client will not use the default IPv6 DNS server addresses provided by Windows.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient" ], "ValueName": "DisableIPv6DefaultDnsServers", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DPAPI.admx", "CategoryName": "DPAPI", "PolicyName": "DomainBackupKeyRotationPeriod", "Class": "Machine", "NameSpace": "Microsoft.Policies.DPAPI", "Supported": "Windows_10_0_SERVER - At least Windows Server 2016", "DisplayName": "Set the DPAPI backup keys rotation period", "ExplainText": "This policy setting specifies the DPAPI backup keys rotation period.\nYou can use this setting to override the default value of 90 days. Set 0 to disable the DPAPI backup keys rotation.\nIf you enable this policy setting, set the number of days that the system waits before generating a new DPAPI backup key.\nIf you disable or do not configure this policy setting, the default value of 90 days is used.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DPAPI" ], "Elements": [ { "Type": "Decimal", "ValueName": "DomainBackupKeyRotationPeriod", "MinValue": "0", "MaxValue": "18262" } ] }, { "File": "DWM.admx", "CategoryName": "CAT_DesktopWindowManager", "PolicyName": "DwmDisallowAnimations_1", "Class": "User", "NameSpace": "Microsoft.Policies.DesktopWindowManager", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Do not allow window animations", "ExplainText": "This policy setting controls the appearance of window animations such as those found when restoring, minimizing, and maximizing windows.\n\nIf you enable this policy setting, window animations are turned off.\n\nIf you disable or do not configure this policy setting, window animations are turned on.\n\nChanging this policy setting requires a logoff for it to be applied.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\DWM" ], "ValueName": "DisallowAnimations", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DWM.admx", "CategoryName": "CAT_DesktopWindowManager", "PolicyName": "DwmDisallowAnimations_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.DesktopWindowManager", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Do not allow window animations", "ExplainText": "This policy setting controls the appearance of window animations such as those found when restoring, minimizing, and maximizing windows.\n\nIf you enable this policy setting, window animations are turned off.\n\nIf you disable or do not configure this policy setting, window animations are turned on.\n\nChanging this policy setting requires a logoff for it to be applied.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\DWM" ], "ValueName": "DisallowAnimations", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DWM.admx", "CategoryName": "CAT_DesktopWindowManager", "PolicyName": "DwmDisallowFlip3D_1", "Class": "User", "NameSpace": "Microsoft.Policies.DesktopWindowManager", "Supported": "Windows7ToVista - Windows Server 2008, Windows 7, and Windows Vista", "DisplayName": "Do not allow Flip3D invocation", "ExplainText": "This policy setting allows you to configure the accessibility of the Flip 3D feature. Flip 3D allows the user to view items on the Windows desktop as they are being flipped through in three dimensions.\n\nIf you enable this policy setting, Flip 3D is inaccessible.\n\nIf you disable or do not configure this policy setting, Flip 3D is accessible, if desktop composition is turned on. When Windows Flip 3D is activated with the Windows+Tab keys, a visual version of the desktop is presented and items can be flipped through to select.\n\nChanging this policy setting requires a logoff for it to be applied.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\DWM" ], "ValueName": "DisallowFlip3d", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DWM.admx", "CategoryName": "CAT_DesktopWindowManager", "PolicyName": "DwmDisallowFlip3D_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.DesktopWindowManager", "Supported": "Windows7ToVista - Windows Server 2008, Windows 7, and Windows Vista", "DisplayName": "Do not allow Flip3D invocation", "ExplainText": "This policy setting allows you to configure the accessibility of the Flip 3D feature. Flip 3D allows the user to view items on the Windows desktop as they are being flipped through in three dimensions.\n\nIf you enable this policy setting, Flip 3D is inaccessible.\n\nIf you disable or do not configure this policy setting, Flip 3D is accessible, if desktop composition is turned on. When Windows Flip 3D is activated with the Windows+Tab keys, a visual version of the desktop is presented and items can be flipped through to select.\n\nChanging this policy setting requires a logoff for it to be applied.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\DWM" ], "ValueName": "DisallowFlip3d", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DWM.admx", "CategoryName": "CAT_DesktopWindowManager", "PolicyName": "DwmDisableAccentAndGradient", "Class": "Machine", "NameSpace": "Microsoft.Policies.DesktopWindowManager", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Use solid color for Start background", "ExplainText": "This policy setting controls the Start background visuals.\n\nIf you enable this policy setting, the Start background will use a solid color.\n\nIf you disable or do not configure this policy setting, the Start background will use the default visuals.\n\nNote: If this policy setting is enabled, users can continue to select a color in Start Personalization. However, setting the accent will have no effect.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\DWM" ], "ValueName": "DisableAccentGradient", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DWM.admx", "CategoryName": "CAT_DesktopWindowManagerColorization", "PolicyName": "DwmDefaultColorizationColor_1", "Class": "User", "NameSpace": "Microsoft.Policies.DesktopWindowManager", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Specify a default color", "ExplainText": "This policy setting controls the default color for window frames when the user does not specify a color.\n\nIf you enable this policy setting and specify a default color, this color is used in glass window frames, if the user does not specify a color.\n\nIf you disable or do not configure this policy setting, the default internal color is used, if the user does not specify a color.\n\nNote: This policy setting can be used in conjunction with the \"Prevent color changes of window frames\" setting, to enforce a specific color for window frames that cannot be changed by users.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\DWM" ], "ValueName": "DefaultColorizationColorState", "Elements": [ { "Type": "Decimal", "ValueName": "DefaultColorizationColorAlpha", "MinValue": "0", "MaxValue": "255", "Required": true }, { "Type": "Decimal", "ValueName": "DefaultColorizationColorRed", "MinValue": "0", "MaxValue": "255", "Required": true }, { "Type": "Decimal", "ValueName": "DefaultColorizationColorGreen", "MinValue": "0", "MaxValue": "255", "Required": true }, { "Type": "Decimal", "ValueName": "DefaultColorizationColorBlue", "MinValue": "0", "MaxValue": "255", "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DWM.admx", "CategoryName": "CAT_DesktopWindowManagerColorization", "PolicyName": "DwmDefaultColorizationColor_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.DesktopWindowManager", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Specify a default color", "ExplainText": "This policy setting controls the default color for window frames when the user does not specify a color.\n\nIf you enable this policy setting and specify a default color, this color is used in glass window frames, if the user does not specify a color.\n\nIf you disable or do not configure this policy setting, the default internal color is used, if the user does not specify a color.\n\nNote: This policy setting can be used in conjunction with the \"Prevent color changes of window frames\" setting, to enforce a specific color for window frames that cannot be changed by users.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\DWM" ], "ValueName": "DefaultColorizationColorState", "Elements": [ { "Type": "Decimal", "ValueName": "DefaultColorizationColorAlpha", "MinValue": "0", "MaxValue": "255", "Required": true }, { "Type": "Decimal", "ValueName": "DefaultColorizationColorRed", "MinValue": "0", "MaxValue": "255", "Required": true }, { "Type": "Decimal", "ValueName": "DefaultColorizationColorGreen", "MinValue": "0", "MaxValue": "255", "Required": true }, { "Type": "Decimal", "ValueName": "DefaultColorizationColorBlue", "MinValue": "0", "MaxValue": "255", "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DWM.admx", "CategoryName": "CAT_DesktopWindowManagerColorization", "PolicyName": "DwmDisallowColorizationColorChanges_1", "Class": "User", "NameSpace": "Microsoft.Policies.DesktopWindowManager", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Do not allow color changes", "ExplainText": "This policy setting controls the ability to change the color of window frames.\n\nIf you enable this policy setting, you prevent users from changing the default window frame color.\n\nIf you disable or do not configure this policy setting, you allow users to change the default window frame color.\n\nNote: This policy setting can be used in conjunction with the \"Specify a default color for window frames\" policy setting, to enforce a specific color for window frames that cannot be changed by users.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\DWM" ], "ValueName": "DisallowColorizationColorChanges", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "DWM.admx", "CategoryName": "CAT_DesktopWindowManagerColorization", "PolicyName": "DwmDisallowColorizationColorChanges_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.DesktopWindowManager", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Do not allow color changes", "ExplainText": "This policy setting controls the ability to change the color of window frames.\n\nIf you enable this policy setting, you prevent users from changing the default window frame color.\n\nIf you disable or do not configure this policy setting, you allow users to change the default window frame color.\n\nNote: This policy setting can be used in conjunction with the \"Specify a default color for window frames\" policy setting, to enforce a specific color for window frames that cannot be changed by users.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\DWM" ], "ValueName": "DisallowColorizationColorChanges", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "EAIME.admx", "CategoryName": "L_IME", "PolicyName": "L_TurnOnMisconversionLoggingForMisconversionReport", "Class": "User", "NameSpace": "Microsoft.Policies.IME", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Turn on misconversion logging for misconversion report", "ExplainText": "This policy setting allows you to turn on logging of misconversion for the misconversion report.\n\nIf you enable this policy setting, misconversion logging is turned on.\n\nIf you disable or do not configure this policy setting, misconversion logging is turned off.\n\nThis policy setting applies to Japanese Microsoft IME and Traditional Chinese IME.", "KeyPath": [ "HKCU\\software\\policies\\microsoft\\ime\\shared" ], "ValueName": "misconvlogging", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "EAIME.admx", "CategoryName": "L_IME", "PolicyName": "L_TurnOffSavingAutoTuningDataToFile", "Class": "User", "NameSpace": "Microsoft.Policies.IME", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Turn off saving auto-tuning data to file", "ExplainText": "This policy setting allows you to turn off saving the auto-tuning result to file.\n\nIf you enable this policy setting, the auto-tuning data is not saved to file.\n\nIf you disable or do not configure this policy setting, auto-tuning data is saved to file by default.\n\nThis policy setting applies to Japanese Microsoft IME only.", "KeyPath": [ "HKCU\\software\\policies\\microsoft\\ime\\imejp" ], "ValueName": "SaveAutoTuneDataToFile", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "EAIME.admx", "CategoryName": "L_IME", "PolicyName": "L_TurnOffHistorybasedPredictiveInput", "Class": "User", "NameSpace": "Microsoft.Policies.IME", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Turn off history-based predictive input", "ExplainText": "This policy setting allows you to turn off history-based predictive input.\n\nIf you enable this policy setting, history-based predictive input is turned off.\n\nIf you disable or do not configure this policy setting, history-based predictive input is on by default.\n\nThis policy setting applies to Japanese Microsoft IME only.\n\nNote: Changes to this setting will not take effect until the user logs off.", "KeyPath": [ "HKCU\\software\\policies\\microsoft\\ime\\imejp" ], "ValueName": "UseHistorybasedPredictiveInput", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "EAIME.admx", "CategoryName": "L_IME", "PolicyName": "L_TurnOffOpenExtendedDictionary", "Class": "User", "NameSpace": "Microsoft.Policies.IME", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Turn off Open Extended Dictionary", "ExplainText": "This policy setting allows you to turn off Open Extended Dictionary.\n\nIf you enable this policy setting, Open Extended Dictionary is turned off. You cannot add a new Open Extended Dictionary.\n\nFor Japanese Microsoft IME, an Open Extended Dictionary that is added before enabling this policy setting is not used for conversion.\n\nIf you disable or do not configure this policy setting, Open Extended Dictionary can be added and used by default.\n\nThis policy setting is applied to Japanese Microsoft IME.", "KeyPath": [ "HKCU\\software\\policies\\microsoft\\ime\\shared" ], "ValueName": "OpenExtendedDict", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "EAIME.admx", "CategoryName": "L_IME", "PolicyName": "L_TurnOffInternetSearchIntegration", "Class": "User", "NameSpace": "Microsoft.Policies.IME", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Turn off Internet search integration", "ExplainText": "This policy setting allows you to turn off Internet search integration.\n\nSearch integration includes both using Search Provider (Japanese Microsoft IME) and performing bing search from predictive input for Japanese Microsoft IME.\n\nIf you enable this policy setting, you cannot use search integration.\n\nIf you disable or do not configure this policy setting, the search integration function can be used by default.\n\nThis policy setting applies to Japanese Microsoft IME.\n\nNote: Changes to this setting will not take effect until the user logs off.", "KeyPath": [ "HKCU\\software\\policies\\microsoft\\ime\\shared" ], "ValueName": "SearchPlugin", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "EAIME.admx", "CategoryName": "L_IME", "PolicyName": "L_TurnOffCustomDictionary", "Class": "User", "NameSpace": "Microsoft.Policies.IME", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Turn off custom dictionary", "ExplainText": "This policy setting allows you to turn off the ability to use a custom dictionary.\n\nIf you enable this policy setting, you cannot add, edit, and delete words in the custom dictionary either with GUI tools or APIs. A word registered in the custom dictionary before enabling this policy setting can continue to be used for conversion.\n\nIf you disable or do not configure this policy setting, the custom dictionary can be used by default.\n\n[Clear auto-tuning information] removes self-tuned words from the custom dictionary, even if a group policy setting is turned on. To do this, select Settings > Time & Language > Japanese Options > Microsoft IME Options. If compatibility mode is turned on, select Advanced options > Dictionary/Auto-tuning > [Clear auto-tuning information].\n\n[Clear input history] removes self-tuned words from the custom dictionary, even if a group policy setting is turned on. To do this, select Settings > Time & Language > Japanese Options > Microsoft IME Options > Learning and Dictionary > [Clear input history].\n\nThis policy setting is applied to Japanese Microsoft IME.\n\nNote: Changes to this setting will not take effect until the user logs off.", "KeyPath": [ "HKCU\\software\\policies\\microsoft\\ime\\shared" ], "ValueName": "UserDict", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "EAIME.admx", "CategoryName": "L_IME", "PolicyName": "L_RestrictCharacterCodeRangeOfConversion", "Class": "User", "NameSpace": "Microsoft.Policies.IME", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Restrict character code range of conversion", "ExplainText": "This policy setting allows you to restrict character code range of conversion by setting character filter.\n\nIf you enable this policy setting, then only the character code ranges specified by this policy setting are used for conversion of IME. You can specify multiple ranges by setting a value combined with a bitwise OR of following values:\n\n0x0001 // JIS208 area\n0x0002 // NEC special char code\n0x0004 // NEC selected IBM extended code\n0x0008 // IBM extended code\n0x0010 // Half width katakana code\n0x0100 // EUDC(GAIJI)\n0x0200 // S-JIS unmapped area\n0x0400 // Unicode char\n0x0800 // surrogate char\n0x1000 // IVS char\n0xFFFF // no definition.\n\nIf you disable or do not configure this policy setting, no range of characters are filtered by default.\n\nThis policy setting applies to Japanese Microsoft IME only.\n\nNote: Changes to this setting will not take effect until the user logs off.", "KeyPath": [ "HKCU\\software\\policies\\microsoft\\ime\\imejp" ], "Elements": [ { "Type": "Text", "ValueName": "CodeAreaForConversion", "Required": true, "Expandable": true } ] }, { "File": "EAIME.admx", "CategoryName": "L_IME", "PolicyName": "L_DoNotIncludeNonPublishingStandardGlyphInTheCandidateList", "Class": "User", "NameSpace": "Microsoft.Policies.IME", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Do not include Non-Publishing Standard Glyph in the candidate list", "ExplainText": "This policy setting allows you to include the Non-Publishing Standard Glyph in the candidate list when Publishing Standard Glyph for the word exists.\n\nIf you enable this policy setting, Non-Publishing Standard Glyph is not included in the candidate list when Publishing Standard Glyph for the word exists.\n\nIf you disable or do not configure this policy setting, both Publishing Standard Glyph and Non-Publishing Standard Glyph are included in the candidate list.\n\nThis policy setting applies to Japanese Microsoft IME only.\n\nNote: Changes to this setting will not take effect until the user logs off.", "KeyPath": [ "HKCU\\software\\policies\\microsoft\\ime\\imejp" ], "ValueName": "ShowOnlyPublishingStandardGlyph", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "EAIME.admx", "CategoryName": "L_IME", "PolicyName": "L_TurnOnCloudCandidate", "Class": "User", "NameSpace": "Microsoft.Policies.IME", "Supported": "Windows_10_0_NOARM - At least Windows Server 2016 or Windows 10", "DisplayName": "Turn on cloud candidate", "ExplainText": "This policy setting controls the cloud candidates feature, which uses an online service to provide input suggestions that don't exist in a PC's local dictionary.\n\nIf you enable this policy setting, the functionality associated with this feature is turned on, the user's keyboard input is sent to Microsoft to generate the suggestions, and the user won't be able to turn it off.\n\nIf you disable this policy setting, the functionality associated with this feature is turned off, and the user won't be able to turn it on.\n\nIf you don't configure this policy setting, it will be turned off by default, and the user can turn on and turn off the cloud candidates feature.\n\nThis Policy setting applies to Microsoft CHS Pinyin IME and JPN IME.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\InputMethod\\Settings\\Shared" ], "ValueName": "Enable Cloud Candidate", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "EAIME.admx", "CategoryName": "L_IME", "PolicyName": "L_TurnOnCloudCandidateCHS", "Class": "User", "NameSpace": "Microsoft.Policies.IME", "Supported": "Windows_6_3only - Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1 only", "DisplayName": "Turn on cloud candidate for CHS", "ExplainText": "This policy setting controls the cloud candidates feature, which uses an online service to provide input suggestions that don't exist in a PC's local dictionary.\n\nIf you enable this policy setting, the functionality associated with this feature is turned on, the user's keyboard input is sent to Microsoft to generate the suggestions, and the user won't be able to turn it off.\n\nIf you disable this policy setting, the functionality associated with this feature is turned off, and the user won't be able to turn it on.\n\nIf you don't configure this policy setting, it will be turned off by default, and the user can turn on and turn off the cloud candidates feature.\n\nThis Policy setting applies only to Microsoft CHS Pinyin IME.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\InputMethod\\Settings\\CHS" ], "ValueName": "Enable Cloud Candidate", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "EAIME.admx", "CategoryName": "L_IME", "PolicyName": "L_ConfigureSimplifiedChineseImeVersion", "Class": "User", "NameSpace": "Microsoft.Policies.IME", "Supported": "Windows_10_0_19H1", "DisplayName": "Configure Simplified Chinese IME version", "ExplainText": "This policy setting controls the version of Microsoft IME.\u200b\n\nIf you don\u2019t configure this policy setting, user can control IME version to use. The new Microsoft IME is on by default.\u200b\n\nIf you enable this, user is not allowed to control IME version to use. The previous version of Microsoft IME is always selected.\u200b\n\nIf you disable this, user is not allowed to control IME version to use. The new Microsoft IME is always selected.\n\nThis Policy setting applies only to Microsoft Simplified Chinese IME.\n\nNote: Changes to this setting will not take effect until the user logs off.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\InputMethod\\Settings\\CHS" ], "ValueName": "ConfigureImeVersion", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "EAIME.admx", "CategoryName": "L_IME", "PolicyName": "L_ConfigureTraditionalChineseImeVersion", "Class": "User", "NameSpace": "Microsoft.Policies.IME", "Supported": "Windows_10_0_19H1", "DisplayName": "Configure Traditional Chinese IME version", "ExplainText": "This policy setting controls the version of Microsoft IME.\u200b\n\nIf you don\u2019t configure this policy setting, user can control IME version to use. The new Microsoft IME is on by default.\u200b\n\nIf you enable this, user is not allowed to control IME version to use. The previous version of Microsoft IME is always selected.\u200b\n\nIf you disable this, user is not allowed to control IME version to use. The new Microsoft IME is always selected.\n\nThis Policy setting applies only to Microsoft Traditional Chinese IME.\n\nNote: Changes to this setting will not take effect until the user logs off.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\InputMethod\\Settings\\CHT" ], "ValueName": "ConfigureImeVersion", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "EAIME.admx", "CategoryName": "L_IME", "PolicyName": "L_ConfigureJapaneseImeVersion", "Class": "User", "NameSpace": "Microsoft.Policies.IME", "Supported": "Windows_10_0_19H1", "DisplayName": "Configure Japanese IME version", "ExplainText": "This policy setting controls the version of Microsoft IME.\u200b\n\nIf you don\u2019t configure this policy setting, user can control IME version to use. The new Microsoft IME is on by default.\u200b\n\nIf you enable this, user is not allowed to control IME version to use. The previous version of Microsoft IME is always selected.\u200b\n\nIf you disable this, user is not allowed to control IME version to use. The new Microsoft IME is always selected.\n\nThis Policy setting applies only to Microsoft Japanese IME.\n\nNote: Changes to this setting will not take effect until the user logs off.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\InputMethod\\Settings\\JPN" ], "ValueName": "ConfigureImeVersion", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "EAIME.admx", "CategoryName": "L_IME", "PolicyName": "L_ConfigureKoreanImeVersion", "Class": "User", "NameSpace": "Microsoft.Policies.IME", "Supported": "Windows_10_0_19H1", "DisplayName": "Configure Korean IME version", "ExplainText": "This policy setting controls the version of Microsoft IME.\u200b\n\nIf you don\u2019t configure this policy setting, user can control IME version to use. The new Microsoft IME is on by default.\u200b\n\nIf you enable this, user is not allowed to control IME version to use. The previous version of Microsoft IME is always selected.\u200b\n\nIf you disable this, user is not allowed to control IME version to use. The new Microsoft IME is always selected.\n\nThis Policy setting applies only to Microsoft Korean IME.\n\nNote: Changes to this setting will not take effect until the user logs off.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\InputMethod\\Settings\\KOR" ], "ValueName": "ConfigureImeVersion", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "EarlyLaunchAM.admx", "CategoryName": "ELAMCategory", "PolicyName": "POL_DriverLoadPolicy_Name", "Class": "Machine", "NameSpace": "FullArmor.Policies.0EF0F32B_7305_4FC7_BBEB_D43DCC622C81", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Boot-Start Driver Initialization Policy", "ExplainText": "This policy setting allows you to specify which boot-start drivers are initialized based on a classification determined by an Early Launch Antimalware boot-start driver. The Early Launch Antimalware boot-start driver can return the following classifications for each boot-start driver:\n- Good: The driver has been signed and has not been tampered with.\n- Bad: The driver has been identified as malware. It is recommended that you do not allow known bad drivers to be initialized.\n- Bad, but required for boot: The driver has been identified as malware, but the computer cannot successfully boot without loading this driver.\n- Unknown: This driver has not been attested to by your malware detection application and has not been classified by the Early Launch Antimalware boot-start driver.\n\nIf you enable this policy setting you will be able to choose which boot-start drivers to initialize the next time the computer is started.\n\nIf you disable or do not configure this policy setting, the boot start drivers determined to be Good, Unknown or Bad but Boot Critical are initialized and the initialization of drivers determined to be Bad is skipped.\n\nIf your malware detection application does not include an Early Launch Antimalware boot-start driver or if your Early Launch Antimalware boot-start driver has been disabled, this setting has no effect and all boot-start drivers are initialized.", "KeyPath": [ "HKLM\\System\\CurrentControlSet\\Policies\\EarlyLaunch" ], "Elements": [ { "Type": "Enum", "ValueName": "DriverLoadPolicy", "Items": [ { "DisplayName": "Good only", "Data": "8" }, { "DisplayName": "Good and unknown", "Data": "1" }, { "DisplayName": "Good, unknown and bad but critical", "Data": "3" }, { "DisplayName": "All", "Data": "7" } ], "Required": true, "KeyPath": [ "HKLM\\System\\CurrentControlSet\\Policies\\EarlyLaunch" ] } ] }, { "File": "EdgeUI.admx", "CategoryName": "EdgeUI", "PolicyName": "TurnOffBackstack", "Class": "User", "NameSpace": "Microsoft.Policies.EdgeUI", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Turn off switching between recent apps", "ExplainText": "If you enable this setting, users will not be allowed to switch between recent apps. The App Switching option in the PC settings app will be disabled as well.\n\nIf you disable or do not configure this policy setting, users will be allowed to switch between recent apps.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\EdgeUI" ], "ValueName": "TurnOffBackstack", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "EdgeUI.admx", "CategoryName": "EdgeUI", "PolicyName": "DisableMFUTracking", "Class": "User", "NameSpace": "Microsoft.Policies.EdgeUI", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Turn off tracking of app usage", "ExplainText": "This policy setting prevents Windows from keeping track of the apps that are used and searched most frequently. If you enable this policy setting, apps will be sorted alphabetically in:\n- search results\n- the Search and Share panes\n- the drop-down app list in the Picker\n\nIf you disable or don't configure this policy setting, Windows will keep track of the apps that are used and searched most frequently. Most frequently used apps will appear at the top.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\EdgeUI" ], "ValueName": "DisableMFUTracking", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "EdgeUI.admx", "CategoryName": "EdgeUI", "PolicyName": "DisableRecentApps", "Class": "User", "NameSpace": "Microsoft.Policies.EdgeUI", "Supported": "Windows_6_3 - At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1", "DisplayName": "Do not show recent apps when the mouse is pointing to the upper-left corner of the screen", "ExplainText": "This policy setting allows you to prevent the last app and the list of recent apps from appearing when the mouse is pointing to the upper-left corner of the screen.\n\nIf you enable this policy setting, the user will no longer be able to switch to recent apps using the mouse. The user will still be able to switch apps using touch gestures, keyboard shortcuts, and the Start screen.\n\nIf you disable or don't configure this policy setting, the recent apps will be available by default, and the user can configure this setting.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\EdgeUI" ], "ValueName": "DisableRecentApps", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "EdgeUI.admx", "CategoryName": "EdgeUI", "PolicyName": "DisableCharms", "Class": "User", "NameSpace": "Microsoft.Policies.EdgeUI", "Supported": "Windows_6_3 - At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1", "DisplayName": "Search, Share, Start, Devices, and Settings don't appear when the mouse is pointing to the upper-right corner of the screen", "ExplainText": "This policy setting allows you to prevent Search, Share, Start, Devices, and Settings from appearing when the mouse is pointing to the upper-right corner of the screen.\n\nIf you enable this policy setting, Search, Share, Start, Devices, and Settings will no longer appear when the mouse is pointing to the upper-right corner. They'll still be available if the mouse is pointing to the lower-right corner.\n\nIf you disable or don't configure this policy setting, Search, Share, Start, Devices, and Settings will be available by default, and the user can configure this setting.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\EdgeUI" ], "ValueName": "DisableCharms", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "EdgeUI.admx", "CategoryName": "EdgeUI", "PolicyName": "ShowCommandPromptOnWinX", "Class": "User", "NameSpace": "Microsoft.Policies.EdgeUI", "Supported": "Windows_6_3 - At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1", "DisplayName": "Prevent users from replacing the Command Prompt with Windows PowerShell in the menu they see when they right-click the lower-left corner or press the Windows logo key+X", "ExplainText": "This policy setting allows you to prevent users from replacing the Command Prompt with Windows PowerShell in the menu they see when they right-click the lower-left corner or press the Windows logo key + X.\n\nIf you enable this policy setting, the Command Prompt will always be listed in that menu, and users won't be able to replace it with Windows PowerShell. Users will still be able to access Windows PowerShell, but not from that menu.\n\nIf you disable or don't configure this policy setting, Command Prompt will be listed in the menu by default, and users can configure this setting.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\EdgeUI" ], "ValueName": "ShowCommandPromptOnWinX", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "EdgeUI.admx", "CategoryName": "EdgeUI", "PolicyName": "DisableHelpSticker", "Class": "Both", "NameSpace": "Microsoft.Policies.EdgeUI", "Supported": "Windows_6_3 - At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1", "DisplayName": "Disable help tips", "ExplainText": "Disables help tips that Windows shows to the user.\n\nBy default, Windows will show the user help tips until the user has successfully completed the scenarios.\n\nIf this setting is enabled, Windows will not show any help tips to the user.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\EdgeUI", "HKCU\\Software\\Policies\\Microsoft\\Windows\\EdgeUI" ], "ValueName": "DisableHelpSticker", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "EdgeUI.admx", "CategoryName": "EdgeUI", "PolicyName": "AllowEdgeSwipe", "Class": "Both", "NameSpace": "Microsoft.Policies.EdgeUI", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Allow edge swipe", "ExplainText": "If you disable this policy setting, users will not be able to invoke any system UI by swiping in from any screen edge.\n\nIf you enable or do not configure this policy setting, users will be able to invoke system UI by swiping in from the screen edges.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\EdgeUI", "HKCU\\Software\\Policies\\Microsoft\\Windows\\EdgeUI" ], "ValueName": "AllowEdgeSwipe", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "EncryptFilesonMove.admx", "CategoryName": "System", "PolicyName": "NoEncryptOnMove", "Class": "Machine", "NameSpace": "Microsoft.Policies.EncrypedFiles", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Do not automatically encrypt files moved to encrypted folders", "ExplainText": "This policy setting prevents File Explorer from encrypting files that are moved to an encrypted folder.\n\nIf you enable this policy setting, File Explorer will not automatically encrypt files that are moved to an encrypted folder.\n\nIf you disable or do not configure this policy setting, File Explorer automatically encrypts files that are moved to an encrypted folder.\n\nThis setting applies only to files moved within a volume. When files are moved to other volumes, or if you create a new file in an encrypted folder, File Explorer encrypts those files automatically.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoEncryptOnMove", "Elements": [] }, { "File": "EnhancedStorage.admx", "CategoryName": "EnStorDeviceAccess", "PolicyName": "RootHubConnectedEnStorDevices", "Class": "Machine", "NameSpace": "Microsoft.Policies.EnhancedStorageAccess", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Allow only USB root hub connected Enhanced Storage devices", "ExplainText": "This policy setting configures whether or not only USB root hub connected Enhanced Storage devices are allowed. Allowing only root hub connected Enhanced Storage devices minimizes the risk of an unauthorized USB device reading data on an Enhanced Storage device.\n\nIf you enable this policy setting, only USB root hub connected Enhanced Storage devices are allowed.\n\nIf you disable or do not configure this policy setting, USB Enhanced Storage devices connected to both USB root hubs and non-root hubs will be allowed.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\EnhancedStorageDevices" ], "ValueName": "RootHubConnectedEnStorDevices", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "EnhancedStorage.admx", "CategoryName": "EnStorDeviceAccess", "PolicyName": "LockDeviceOnMachineLock", "Class": "Machine", "NameSpace": "Microsoft.Policies.EnhancedStorageAccess", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Lock Enhanced Storage when the computer is locked", "ExplainText": "This policy setting locks Enhanced Storage devices when the computer is locked.\n\nThis policy setting is supported in Windows Server SKUs only.\n\nIf you enable this policy setting, the Enhanced Storage device remains locked when the computer is locked.\n\nIf you disable or do not configure this policy setting, the Enhanced Storage device state is not changed when the computer is locked.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\EnhancedStorageDevices" ], "ValueName": "LockDeviceOnMachineLock", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "EnhancedStorage.admx", "CategoryName": "EnStorDeviceAccess", "PolicyName": "DisallowLegacyDiskDevices", "Class": "Machine", "NameSpace": "Microsoft.Policies.EnhancedStorageAccess", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Do not allow non-Enhanced Storage removable devices", "ExplainText": "This policy setting configures whether or not non-Enhanced Storage removable devices are allowed on your computer.\n\nIf you enable this policy setting, non-Enhanced Storage removable devices are not allowed on your computer.\n\nIf you disable or do not configure this policy setting, non-Enhanced Storage removable devices are allowed on your computer.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\EnhancedStorageDevices" ], "ValueName": "DisallowLegacyDiskDevices", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "EnhancedStorage.admx", "CategoryName": "EnStorDeviceAccess", "PolicyName": "DisablePasswordAuthentication", "Class": "Machine", "NameSpace": "Microsoft.Policies.EnhancedStorageAccess", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Do not allow password authentication of Enhanced Storage devices", "ExplainText": "This policy setting configures whether or not a password can be used to unlock an Enhanced Storage device.\n\nIf you enable this policy setting, a password cannot be used to unlock an Enhanced Storage device.\n\nIf you disable or do not configure this policy setting, a password can be used to unlock an Enhanced Storage device.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\EnhancedStorageDevices" ], "ValueName": "DisablePasswordAuthentication", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "EnhancedStorage.admx", "CategoryName": "EnStorDeviceAccess", "PolicyName": "TCGSecurityActivationDisabled", "Class": "Machine", "NameSpace": "Microsoft.Policies.EnhancedStorageAccess", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Do not allow Windows to activate Enhanced Storage devices", "ExplainText": "This policy setting configures whether or not Windows will activate an Enhanced Storage device.\n\nIf you enable this policy setting, Windows will not activate unactivated Enhanced Storage devices.\n\nIf you disable or do not configure this policy setting, Windows will activate unactivated Enhanced Storage devices.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\EnhancedStorageDevices" ], "ValueName": "TCGSecurityActivationDisabled", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "EnhancedStorage.admx", "CategoryName": "EnStorDeviceAccess", "PolicyName": "ApprovedSilos", "Class": "Machine", "NameSpace": "Microsoft.Policies.EnhancedStorageAccess", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Configure list of IEEE 1667 silos usable on your computer", "ExplainText": "This policy setting allows you to create a list of IEEE 1667 silos, compliant with the Institute of Electrical and Electronics Engineers, Inc. (IEEE) 1667 specification, that are usable on your computer.\n\nIf you enable this policy setting, only IEEE 1667 silos that match a silo type identifier specified in this policy are usable on your computer.\n\nIf you disable or do not configure this policy setting, all IEEE 1667 silos on Enhanced Storage devices are usable on your computer.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\EnhancedStorageDevices\\ApprovedSilos" ], "ValueName": "SiloAllowListPolicy", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\EnhancedStorageDevices\\ApprovedSilos\\List" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "EnhancedStorage.admx", "CategoryName": "EnStorDeviceAccess", "PolicyName": "ApprovedEnStorDevices", "Class": "Machine", "NameSpace": "Microsoft.Policies.EnhancedStorageAccess", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Configure list of Enhanced Storage devices usable on your computer", "ExplainText": "This policy setting allows you to configure a list of Enhanced Storage devices by manufacturer and product ID that are usable on your computer.\n\nIf you enable this policy setting, only Enhanced Storage devices that contain a manufacturer and product ID specified in this policy are usable on your computer.\n\nIf you disable or do not configure this policy setting, all Enhanced Storage devices are usable on your computer.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\EnhancedStorageDevices\\ApprovedEnStorDevices" ], "ValueName": "PolicyEnabled", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\EnhancedStorageDevices\\ApprovedEnStorDevices\\List" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ErrorReporting.admx", "CategoryName": "CAT_WindowsErrorReporting", "PolicyName": "PCH_ConfigureReport", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsErrorReporting", "Supported": "WindowsNET_XP - Windows Server 2003 and Windows XP only", "DisplayName": "Configure Error Reporting", "ExplainText": "This policy setting configures how errors are reported to Microsoft, and what information is sent when Windows Error Reporting is enabled.\n\nThis policy setting does not enable or disable Windows Error Reporting. To turn Windows Error Reporting on or off, see the Turn off Windows Error Reporting policy setting in Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication settings.\n\nImportant: If the Turn off Windows Error Reporting policy setting is not configured, then Control Panel settings for Windows Error Reporting override this policy setting.\n\nIf you enable this policy setting, the setting overrides any user changes made to Windows Error Reporting settings in Control Panel, and default values are applied for any Windows Error Reporting policy settings that are not configured (even if users have changed settings by using Control Panel). If you enable this policy setting, you can configure the following settings in the policy setting:\n\n- \"\"Do not display links to any Microsoft \u2018More information\u2019 websites\"\": Select this option if you do not want error dialog boxes to display links to Microsoft websites.\n\n- \"\"Do not collect additional files\"\": Select this option if you do not want additional files to be collected and included in error reports.\n\n- \"\"Do not collect additional computer data\"\": Select this if you do not want additional information about the computer to be collected and included in error reports.\n\n- \"\"Force queue mode for application errors\"\": Select this option if you do not want users to report errors. When this option is selected, errors are stored in a queue directory, and the next administrator to log on to the computer can send the error reports to Microsoft.\n\n- \"\"Corporate file path\"\": Type a UNC path to enable Corporate Error Reporting. All errors are stored at the specified location instead of being sent directly to Microsoft, and the next administrator to log onto the computer can send the error reports to Microsoft.\n\n- \"\"Replace instances of the word \u2018Microsoft\u2019 with\"\": You can specify text with which to customize your error report dialog boxes. The word \"\"Microsoft\"\" is replaced with the specified text.\n\nIf you do not configure this policy setting, users can change Windows Error Reporting settings in Control Panel. By default, these settings are Enable Reporting on computers that are running Windows XP, and Report to Queue on computers that are running Windows Server 2003.\n\nIf you disable this policy setting, configuration settings in the policy setting are left blank.\n\nSee related policy settings Display Error Notification (same folder as this policy setting), and Turn off Windows Error Reporting in Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\PCHealth\\ErrorReporting" ], "Elements": [ { "Type": "Boolean", "ValueName": "DWNoExternalURL", "TrueValue": "1", "FalseValue": "0", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\PCHealth\\ErrorReporting\\DW" ] }, { "Type": "Boolean", "ValueName": "DWNoFileCollection", "TrueValue": "1", "FalseValue": "0", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\PCHealth\\ErrorReporting\\DW" ] }, { "Type": "Boolean", "ValueName": "DWNoSecondLevelCollection", "TrueValue": "1", "FalseValue": "0", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\PCHealth\\ErrorReporting\\DW" ] }, { "Type": "Boolean", "ValueName": "ForceQueueMode", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Text", "ValueName": "DWFileTreeRoot", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\PCHealth\\ErrorReporting\\DW" ] }, { "Type": "Text", "ValueName": "DWReporteeName", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\PCHealth\\ErrorReporting\\DW" ] } ] }, { "File": "ErrorReporting.admx", "CategoryName": "CAT_WindowsErrorReporting", "PolicyName": "PCH_ShowUI", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsErrorReporting", "Supported": "WindowsNET_XP - Windows Server 2003 and Windows XP only", "DisplayName": "Display Error Notification", "ExplainText": "This policy setting controls whether users are shown an error dialog box that lets them report an error.\n\nIf you enable this policy setting, users are notified in a dialog box that an error has occurred, and can display more details about the error. If the Configure Error Reporting policy setting is also enabled, the user can also report the error.\n\nIf you disable this policy setting, users are not notified that errors have occurred. If the Configure Error Reporting policy setting is also enabled, errors are reported, but users receive no notification. Disabling this policy setting is useful for servers that do not have interactive users.\n\nIf you do not configure this policy setting, users can change this setting in Control Panel, which is set to enable notification by default on computers that are running Windows XP Personal Edition and Windows XP Professional Edition, and disable notification by default on computers that are running Windows Server.\n\nSee also the Configure Error Reporting policy setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\PCHealth\\ErrorReporting" ], "ValueName": "ShowUI", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" }, { "Type": "EnabledList", "ValueName": "DWAllowHeadless", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\PCHealth\\ErrorReporting\\DW" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "DWAllowHeadless", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\PCHealth\\ErrorReporting\\DW" ], "Data": "1" } ] }, { "File": "ErrorReporting.admx", "CategoryName": "CAT_WindowsErrorReporting", "PolicyName": "WerDisable_1", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsErrorReporting", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Disable Windows Error Reporting", "ExplainText": "This policy setting turns off Windows Error Reporting, so that reports are not collected or sent to either Microsoft or internal servers within your organization when software unexpectedly stops working or fails.\n\nIf you enable this policy setting, Windows Error Reporting does not send any problem information to Microsoft. Additionally, solution information is not available in Security and Maintenance in Control Panel.\n\nIf you disable or do not configure this policy setting, the Turn off Windows Error Reporting policy setting in Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication settings takes precedence. If Turn off Windows Error Reporting is also either disabled or not configured, user settings in Control Panel for Windows Error Reporting are applied.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Error Reporting" ], "ValueName": "Disabled", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ErrorReporting.admx", "CategoryName": "CAT_WindowsErrorReporting", "PolicyName": "WerDisable_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsErrorReporting", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Disable Windows Error Reporting", "ExplainText": "This policy setting turns off Windows Error Reporting, so that reports are not collected or sent to either Microsoft or internal servers within your organization when software unexpectedly stops working or fails.\n\nIf you enable this policy setting, Windows Error Reporting does not send any problem information to Microsoft. Additionally, solution information is not available in Security and Maintenance in Control Panel.\n\nIf you disable or do not configure this policy setting, the Turn off Windows Error Reporting policy setting in Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication settings takes precedence. If Turn off Windows Error Reporting is also either disabled or not configured, user settings in Control Panel for Windows Error Reporting are applied.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Error Reporting" ], "ValueName": "Disabled", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ErrorReporting.admx", "CategoryName": "CAT_WindowsErrorReporting", "PolicyName": "WerDoNotShowUI", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsErrorReporting", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Prevent display of the user interface for critical errors", "ExplainText": "This policy setting prevents the display of the user interface for critical errors.\n\nIf you enable or do not configure this policy setting, Windows Error Reporting does not display any GUI-based error messages or dialog boxes for critical errors.\n\nIf you disable this policy setting, Windows Error Reporting displays the GUI-based error messages or dialog boxes for critical errors.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Error Reporting" ], "ValueName": "DontShowUI", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ErrorReporting.admx", "CategoryName": "CAT_WindowsErrorReporting", "PolicyName": "WerNoLogging_1", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsErrorReporting", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Disable logging", "ExplainText": "This policy setting controls whether Windows Error Reporting saves its own events and error messages to the system event log.\n\nIf you enable this policy setting, Windows Error Reporting events are not recorded in the system event log.\n\nIf you disable or do not configure this policy setting, Windows Error Reporting events and errors are logged to the system event log, as with other Windows-based programs.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Error Reporting" ], "ValueName": "LoggingDisabled", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ErrorReporting.admx", "CategoryName": "CAT_WindowsErrorReporting", "PolicyName": "WerNoLogging_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsErrorReporting", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Disable logging", "ExplainText": "This policy setting controls whether Windows Error Reporting saves its own events and error messages to the system event log.\n\nIf you enable this policy setting, Windows Error Reporting events are not recorded in the system event log.\n\nIf you disable or do not configure this policy setting, Windows Error Reporting events and errors are logged to the system event log, as with other Windows-based programs.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Error Reporting" ], "ValueName": "LoggingDisabled", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ErrorReporting.admx", "CategoryName": "CAT_WindowsErrorReporting", "PolicyName": "WerNoSecondLevelData_1", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsErrorReporting", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Do not send additional data", "ExplainText": "This policy setting controls whether additional data in support of error reports can be sent to Microsoft automatically.\n\nIf you enable this policy setting, any additional data requests from Microsoft in response to a Windows Error Reporting report are automatically declined, without notification to the user.\n\nIf you disable or do not configure this policy setting, then consent policy settings in Computer Configuration/Administrative Templates/Windows Components/Windows Error Reporting/Consent take precedence.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Error Reporting" ], "ValueName": "DontSendAdditionalData", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ErrorReporting.admx", "CategoryName": "CAT_WindowsErrorReporting", "PolicyName": "WerNoSecondLevelData_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsErrorReporting", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Do not send additional data", "ExplainText": "This policy setting controls whether additional data in support of error reports can be sent to Microsoft automatically.\n\nIf you enable this policy setting, any additional data requests from Microsoft in response to a Windows Error Reporting report are automatically declined, without notification to the user.\n\nIf you disable or do not configure this policy setting, then consent policy settings in Computer Configuration/Administrative Templates/Windows Components/Windows Error Reporting/Consent take precedence.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Error Reporting" ], "ValueName": "DontSendAdditionalData", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ErrorReporting.admx", "CategoryName": "CAT_WindowsErrorReporting", "PolicyName": "WerBypassDataThrottling_1", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsErrorReporting", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Do not throttle additional data", "ExplainText": "This policy setting determines whether Windows Error Reporting (WER) sends additional, second-level report data even if a CAB file containing data about the same event types has already been uploaded to the server.\n\nIf you enable this policy setting, WER does not throttle data; that is, WER uploads additional CAB files that can contain data about the same event types as an earlier uploaded report.\n\nIf you disable or do not configure this policy setting, WER throttles data by default; that is, WER does not upload more than one CAB file for a report that contains data about the same event types.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Error Reporting" ], "ValueName": "BypassDataThrottling", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ErrorReporting.admx", "CategoryName": "CAT_WindowsErrorReporting", "PolicyName": "WerBypassDataThrottling_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsErrorReporting", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Do not throttle additional data", "ExplainText": "This policy setting determines whether Windows Error Reporting (WER) sends additional, second-level report data even if a CAB file containing data about the same event types has already been uploaded to the server.\n\nIf you enable this policy setting, WER does not throttle data; that is, WER uploads additional CAB files that can contain data about the same event types as an earlier uploaded report.\n\nIf you disable or do not configure this policy setting, WER throttles data by default; that is, WER does not upload more than one CAB file for a report that contains data about the same event types.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Error Reporting" ], "ValueName": "BypassDataThrottling", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ErrorReporting.admx", "CategoryName": "CAT_WindowsErrorReporting", "PolicyName": "WerAutoApproveOSDumps_1", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsErrorReporting", "Supported": "Windows_6_3only - Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1 only", "DisplayName": "Automatically send memory dumps for OS-generated error reports", "ExplainText": "This policy setting controls whether memory dumps in support of OS-generated error reports can be sent to Microsoft automatically. This policy does not apply to error reports generated by 3rd-party products, or additional data other than memory dumps.\n\nIf you enable or do not configure this policy setting, any memory dumps generated for error reports by Microsoft Windows are automatically uploaded, without notification to the user.\n\nIf you disable this policy setting, then all memory dumps are uploaded according to the default consent and notification settings.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Error Reporting" ], "ValueName": "AutoApproveOSDumps", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ErrorReporting.admx", "CategoryName": "CAT_WindowsErrorReporting", "PolicyName": "WerAutoApproveOSDumps_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsErrorReporting", "Supported": "Windows_6_3only - Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1 only", "DisplayName": "Automatically send memory dumps for OS-generated error reports", "ExplainText": "This policy setting controls whether memory dumps in support of OS-generated error reports can be sent to Microsoft automatically. This policy does not apply to error reports generated by 3rd-party products, or additional data other than memory dumps.\n\nIf you enable or do not configure this policy setting, any memory dumps generated for error reports by Microsoft Windows are automatically uploaded, without notification to the user.\n\nIf you disable this policy setting, then all memory dumps are uploaded according to the default consent and notification settings.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Error Reporting" ], "ValueName": "AutoApproveOSDumps", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ErrorReporting.admx", "CategoryName": "CAT_WindowsErrorReporting", "PolicyName": "WerBypassPowerThrottling_1", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsErrorReporting", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Send additional data when on battery power", "ExplainText": "This policy setting determines whether Windows Error Reporting (WER) checks if the computer is running on battery power. By default, when a computer is running on battery power, WER only checks for solutions, but does not upload additional report data until the computer is connected to a more permanent power source.\n\nIf you enable this policy setting, WER does not determine whether the computer is running on battery power, but checks for solutions and uploads report data normally.\n\nIf you disable or do not configure this policy setting, WER checks for solutions while a computer is running on battery power, but does not upload report data until the computer is connected to a more permanent power source.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Error Reporting" ], "ValueName": "BypassPowerThrottling", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ErrorReporting.admx", "CategoryName": "CAT_WindowsErrorReporting", "PolicyName": "WerBypassPowerThrottling_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsErrorReporting", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Send additional data when on battery power", "ExplainText": "This policy setting determines whether Windows Error Reporting (WER) checks if the computer is running on battery power. By default, when a computer is running on battery power, WER only checks for solutions, but does not upload additional report data until the computer is connected to a more permanent power source.\n\nIf you enable this policy setting, WER does not determine whether the computer is running on battery power, but checks for solutions and uploads report data normally.\n\nIf you disable or do not configure this policy setting, WER checks for solutions while a computer is running on battery power, but does not upload report data until the computer is connected to a more permanent power source.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Error Reporting" ], "ValueName": "BypassPowerThrottling", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ErrorReporting.admx", "CategoryName": "CAT_WindowsErrorReporting", "PolicyName": "WerBypassNetworkCostThrottling_1", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsErrorReporting", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Send data when on connected to a restricted/costed network", "ExplainText": "This policy setting determines whether Windows Error Reporting (WER) checks for a network cost policy that restricts the amount of data that is sent over the network.\n\nIf you enable this policy setting, WER does not check for network cost policy restrictions, and transmits data even if network cost is restricted.\n\nIf you disable or do not configure this policy setting, WER does not send data, but will check the network cost policy again if the network profile is changed.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Error Reporting" ], "ValueName": "BypassNetworkCostThrottling", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ErrorReporting.admx", "CategoryName": "CAT_WindowsErrorReporting", "PolicyName": "WerBypassNetworkCostThrottling_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsErrorReporting", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Send data when on connected to a restricted/costed network", "ExplainText": "This policy setting determines whether Windows Error Reporting (WER) checks for a network cost policy that restricts the amount of data that is sent over the network.\n\nIf you enable this policy setting, WER does not check for network cost policy restrictions, and transmits data even if network cost is restricted.\n\nIf you disable or do not configure this policy setting, WER does not send data, but will check the network cost policy again if the network profile is changed.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Error Reporting" ], "ValueName": "BypassNetworkCostThrottling", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ErrorReporting.admx", "CategoryName": "CAT_WindowsErrorReportingAdvanced", "PolicyName": "PCH_AllOrNoneDef", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsErrorReporting", "Supported": "WindowsNET_XP - Windows Server 2003 and Windows XP only", "DisplayName": "Default application reporting settings", "ExplainText": "This policy setting controls whether errors in general applications are included in reports when Windows Error Reporting is enabled.\n\nIf you enable this policy setting, you can instruct Windows Error Reporting in the Default pull-down menu to report either all application errors (the default setting), or no application errors.\n\nIf the Report all errors in Microsoft applications check box is filled, all errors in Microsoft applications are reported, regardless of the setting in the Default pull-down menu. When the Report all errors in Windows check box is filled, all errors in Windows applications are reported, regardless of the setting in the Default dropdown list. The Windows applications category is a subset of Microsoft applications.\n\nIf you disable or do not configure this policy setting, users can enable or disable Windows Error Reporting in Control Panel. The default setting in Control Panel is Upload all applications.\n\nThis policy setting is ignored if the Configure Error Reporting policy setting is disabled or not configured.\n\nFor related information, see the Configure Error Reporting and Report Operating System Errors policy settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\PCHealth\\ErrorReporting" ], "Elements": [ { "Type": "Enum", "ValueName": "AllOrNone", "Items": [ { "DisplayName": "Report all application errors", "Data": "1" }, { "DisplayName": "Do not report any application errors", "Data": "0" } ] }, { "Type": "Boolean", "ValueName": "IncludeMicrosoftApps", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "IncludeWindowsApps", "TrueValue": "1", "FalseValue": "0" } ] }, { "File": "ErrorReporting.admx", "CategoryName": "CAT_WindowsErrorReportingAdvanced", "PolicyName": "PCH_AllOrNoneEx", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsErrorReporting", "Supported": "WindowsNET_XP - Windows Server 2003 and Windows XP only", "DisplayName": "List of applications to never report errors for", "ExplainText": "This policy setting controls Windows Error Reporting behavior for errors in general applications when Windows Error Reporting is turned on.\n\nIf you enable this policy setting, you can create a list of applications that are never included in error reports. To create a list of applications for which Windows Error Reporting never reports errors, click Show under the Exclude errors for applications on this list setting, and then add or remove applications from the list of application file names in the Show Contents dialog box (example: notepad.exe). File names must always include the .exe file name extension. Errors that are generated by applications in this list are not reported, even if the Default Application Reporting Settings policy setting is configured to report all application errors.\n\nIf this policy setting is enabled, the Exclude errors for applications on this list setting takes precedence. If an application is listed both in the List of applications to always report errors for policy setting, and in the exclusion list in this policy setting, the application is excluded from error reporting. You can also use the exclusion list in this policy setting to exclude specific Microsoft applications or parts of Windows if the check boxes for these categories are filled in the Default application reporting settings policy setting.\n\nIf you disable or do not configure this policy setting, the Default application reporting settings policy setting takes precedence.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\PCHealth" ], "ValueName": "ErrorReporting", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\PCHealth\\ErrorReporting\\ExclusionList" ] } ] }, { "File": "ErrorReporting.admx", "CategoryName": "CAT_WindowsErrorReportingAdvanced", "PolicyName": "PCH_AllOrNoneInc", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsErrorReporting", "Supported": "WindowsNET_XP - Windows Server 2003 and Windows XP only", "DisplayName": "List of applications to always report errors for", "ExplainText": "This policy setting specifies applications for which Windows Error Reporting should always report errors.\n\nTo create a list of applications for which Windows Error Reporting never reports errors, click Show under the Exclude errors for applications on this list setting, and then add or remove applications from the list of application file names in the Show Contents dialog box (example: notepad.exe). Errors that are generated by applications in this list are not reported, even if the Default Application Reporting Settings policy setting is configured to report all application errors.\n\nIf you enable this policy setting, you can create a list of applications that are always included in error reporting. To add applications to the list, click Show under the Report errors for applications on this list setting, and edit the list of application file names in the Show Contents dialog box. The file names must include the .exe file name extension (for example, notepad.exe). Errors that are generated by applications on this list are always reported, even if the Default dropdown in the Default application reporting policy setting is set to report no application errors.\n\nIf the Report all errors in Microsoft applications or Report all errors in Windows components check boxes in the Default Application Reporting policy setting are filled, Windows Error Reporting reports errors as if all applications in these categories were added to the list in this policy setting. (Note: The Microsoft applications category includes the Windows components category.)\n\nIf you disable this policy setting or do not configure it, the Default application reporting settings policy setting takes precedence.\n\nAlso see the \"\"Default Application Reporting\"\" and \"\"Application Exclusion List\"\" policies.\n\nThis setting will be ignored if the 'Configure Error Reporting' setting is disabled or not configured.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\PCHealth" ], "ValueName": "ErrorReporting", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\PCHealth\\ErrorReporting\\InclusionList" ] } ] }, { "File": "ErrorReporting.admx", "CategoryName": "CAT_WindowsErrorReportingAdvanced", "PolicyName": "PCH_ReportOperatingSystemFaults", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsErrorReporting", "Supported": "WindowsNET_XP - Windows Server 2003 and Windows XP only", "DisplayName": "Report operating system errors", "ExplainText": "This policy setting controls whether errors in the operating system are included Windows Error Reporting is enabled.\n\nIf you enable this policy setting, Windows Error Reporting includes operating system errors.\n\nIf you disable this policy setting, operating system errors are not included in error reports.\n\nIf you do not configure this policy setting, users can change this setting in Control Panel. By default, Windows Error Reporting settings in Control Panel are set to upload operating system errors.\n\nSee also the Configure Error Reporting policy setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\PCHealth\\ErrorReporting" ], "ValueName": "IncludeKernelFaults", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ErrorReporting.admx", "CategoryName": "CAT_WindowsErrorReportingAdvanced", "PolicyName": "WerArchive_1", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsErrorReporting", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Configure Report Archive", "ExplainText": "This policy setting controls the behavior of the Windows Error Reporting archive.\n\nIf you enable this policy setting, you can configure Windows Error Reporting archiving behavior. If Archive behavior is set to Store all, all data collected for each error report is stored in the appropriate location. If Archive behavior is set to Store parameters only, only the minimum information required to check for an existing solution is stored. The Maximum number of reports to store setting determines how many reports are stored before older reports are automatically deleted.\n\nIf you disable or do not configure this policy setting, no Windows Error Reporting information is stored.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Error Reporting" ], "ValueName": "DisableArchive", "Elements": [ { "Type": "Enum", "ValueName": "ConfigureArchive", "Items": [ { "DisplayName": "Store all", "Data": "2" }, { "DisplayName": "Store parameters only", "Data": "1" } ], "Required": true }, { "Type": "Decimal", "ValueName": "MaxArchiveCount", "MinValue": "0", "MaxValue": "5000" }, { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "ErrorReporting.admx", "CategoryName": "CAT_WindowsErrorReportingAdvanced", "PolicyName": "WerArchive_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsErrorReporting", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Configure Report Archive", "ExplainText": "This policy setting controls the behavior of the Windows Error Reporting archive.\n\nIf you enable this policy setting, you can configure Windows Error Reporting archiving behavior. If Archive behavior is set to Store all, all data collected for each error report is stored in the appropriate location. If Archive behavior is set to Store parameters only, only the minimum information required to check for an existing solution is stored. The Maximum number of reports to store setting determines how many reports are stored before older reports are automatically deleted.\n\nIf you disable or do not configure this policy setting, no Windows Error Reporting information is stored.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Error Reporting" ], "ValueName": "DisableArchive", "Elements": [ { "Type": "Enum", "ValueName": "ConfigureArchive", "Items": [ { "DisplayName": "Store all", "Data": "2" }, { "DisplayName": "Store parameters only", "Data": "1" } ], "Required": true }, { "Type": "Decimal", "ValueName": "MaxArchiveCount", "MinValue": "0", "MaxValue": "5000" }, { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "ErrorReporting.admx", "CategoryName": "CAT_WindowsErrorReportingAdvanced", "PolicyName": "WerCER", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsErrorReporting", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Configure Corporate Windows Error Reporting", "ExplainText": "This policy setting specifies a corporate server to which Windows Error Reporting sends reports (if you do not want to send error reports to Microsoft).\n\nIf you enable this policy setting, you can specify the name or IP address of an error report destination server on your organization\u2019s network. You can also select Connect using SSL to transmit error reports over a Secure Sockets Layer (SSL) connection, and specify a port number on the destination server for transmission.\n\nIf you disable or do not configure this policy setting, Windows Error Reporting sends error reports to Microsoft.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Error Reporting" ], "Elements": [ { "Type": "Text", "ValueName": "CorporateWerServer", "Required": true, "MaxLength": "256" }, { "Type": "Boolean", "ValueName": "CorporateWerUseSSL", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "CorporateWerUploadOnFreeNetworksOnly", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Decimal", "ValueName": "CorporateWerPortNumber", "MinValue": "0", "MaxValue": "65535", "Required": true } ] }, { "File": "ErrorReporting.admx", "CategoryName": "CAT_WindowsErrorReportingAdvanced", "PolicyName": "WerExlusion_1", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsErrorReporting", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "List of applications to be excluded", "ExplainText": "This policy setting limits Windows Error Reporting behavior for errors in general applications when Windows Error Reporting is turned on.\n\nIf you enable this policy setting, you can create a list of applications that are never included in error reports. To create a list of applications for which Windows Error Reporting never reports errors, click Show, and then add or remove applications from the list of application file names in the Show Contents dialog box (example: notepad.exe). File names must always include the .exe file name extension. To remove an application from the list, click the name, and then press DELETE. If this policy setting is enabled, the Exclude errors for applications on this list setting takes precedence.\n\nIf you disable or do not configure this policy setting, errors are reported on all Microsoft and Windows applications by default.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows" ], "ValueName": "Windows Error Reporting", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Windows Error Reporting\\ExcludedApplications" ] } ] }, { "File": "ErrorReporting.admx", "CategoryName": "CAT_WindowsErrorReportingAdvanced", "PolicyName": "WerExlusion_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsErrorReporting", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "List of applications to be excluded", "ExplainText": "This policy setting limits Windows Error Reporting behavior for errors in general applications when Windows Error Reporting is turned on.\n\nIf you enable this policy setting, you can create a list of applications that are never included in error reports. To create a list of applications for which Windows Error Reporting never reports errors, click Show, and then add or remove applications from the list of application file names in the Show Contents dialog box (example: notepad.exe). File names must always include the .exe file name extension. To remove an application from the list, click the name, and then press DELETE. If this policy setting is enabled, the Exclude errors for applications on this list setting takes precedence.\n\nIf you disable or do not configure this policy setting, errors are reported on all Microsoft and Windows applications by default.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows" ], "ValueName": "Windows Error Reporting", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Windows Error Reporting\\ExcludedApplications" ] } ] }, { "File": "ErrorReporting.admx", "CategoryName": "CAT_WindowsErrorReportingAdvanced", "PolicyName": "WerQueue_1", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsErrorReporting", "Supported": "Windows_10_0_RS2ToVista - Windows Server 2016 Version 1703, Windows 10 Version 1703, Windows 10, Windows 8.1, Windows 8, Windows 7, and Windows Vista only", "DisplayName": "Configure Report Queue", "ExplainText": "This policy setting determines the behavior of the Windows Error Reporting report queue.\n\nIf you enable this policy setting, you can configure report queue behavior by using the controls in the policy setting. When the Queuing behavior pull-down list is set to Default, Windows determines, when a problem occurs, whether the report should be placed in the reporting queue, or the user should be prompted to send it immediately. When Queuing behavior is set to Always queue, all reports are added to the queue until the user is prompted to send the reports, or until the user sends problem reports by using the Solutions to Problems page in Control Panel.\n\nThe Maximum number of reports to queue setting determines how many reports can be queued before older reports are automatically deleted. The setting for Number of days between solution check reminders determines the interval time between the display of system notifications that remind the user to check for solutions to problems. A value of 0 disables the reminder.\n\nIf you disable or do not configure this policy setting, Windows Error Reporting reports are not queued, and users can only send reports at the time that a problem occurs.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Error Reporting" ], "ValueName": "DisableQueue", "Elements": [ { "Type": "Enum", "ValueName": "ForceQueue", "Items": [ { "DisplayName": "Default", "Data": "0" }, { "DisplayName": "Always queue", "Data": "1" } ], "Required": true }, { "Type": "Decimal", "ValueName": "MaxQueueCount", "MinValue": "0", "MaxValue": "1000" }, { "Type": "Decimal", "ValueName": "MaxQueueSize", "MinValue": "0", "MaxValue": "1024" }, { "Type": "Decimal", "ValueName": "QueuePesterInterval", "MinValue": "0", "MaxValue": "90" }, { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "ErrorReporting.admx", "CategoryName": "CAT_WindowsErrorReportingAdvanced", "PolicyName": "WerQueue_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsErrorReporting", "Supported": "Windows_10_0_RS2ToVista - Windows Server 2016 Version 1703, Windows 10 Version 1703, Windows 10, Windows 8.1, Windows 8, Windows 7, and Windows Vista only", "DisplayName": "Configure Report Queue", "ExplainText": "This policy setting determines the behavior of the Windows Error Reporting report queue.\n\nIf you enable this policy setting, you can configure report queue behavior by using the controls in the policy setting. When the Queuing behavior pull-down list is set to Default, Windows determines, when a problem occurs, whether the report should be placed in the reporting queue, or the user should be prompted to send it immediately. When Queuing behavior is set to Always queue, all reports are added to the queue until the user is prompted to send the reports, or until the user sends problem reports by using the Solutions to Problems page in Control Panel. If Queuing behavior is set to Always queue for administrator, reports are queued until an administrator is prompted to send them, or until the administrator sends them by using the Solutions to Problems page in Control Panel.\n\nThe Maximum number of reports to queue setting determines how many reports can be queued before older reports are automatically deleted. The setting for Number of days between solution check reminders determines the interval time between the display of system notifications that remind the user to check for solutions to problems. A value of 0 disables the reminder.\n\nIf you disable or do not configure this policy setting, Windows Error Reporting reports are not queued, and users can only send reports at the time that a problem occurs.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Error Reporting" ], "ValueName": "DisableQueue", "Elements": [ { "Type": "Enum", "ValueName": "ForceQueue", "Items": [ { "DisplayName": "Default", "Data": "0" }, { "DisplayName": "Always queue", "Data": "1" }, { "DisplayName": "Always queue for administrator", "Data": "2" } ], "Required": true }, { "Type": "Decimal", "ValueName": "MaxQueueCount", "MinValue": "0", "MaxValue": "1000" }, { "Type": "Decimal", "ValueName": "MaxQueueSize", "MinValue": "0", "MaxValue": "1024" }, { "Type": "Decimal", "ValueName": "MinFreeDiskSpace", "MinValue": "0", "MaxValue": null }, { "Type": "Decimal", "ValueName": "QueuePesterInterval", "MinValue": "0", "MaxValue": "90" }, { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "ErrorReporting.admx", "CategoryName": "CAT_WindowsErrorReportingConsent", "PolicyName": "WerConsentCustomize_1", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsErrorReporting", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Customize consent settings", "ExplainText": "This policy setting determines the consent behavior of Windows Error Reporting for specific event types.\n\nIf you enable this policy setting, you can add specific event types to a list by clicking Show, and typing event types in the Value Name column of the Show Contents dialog box. Event types are those for generic, non-fatal errors: crash, no response, and kernel fault errors. For each specified event type, you can set a consent level of 0, 1, 2, 3, or 4.\n\n- 0 (Disable): Windows Error Reporting sends no data to Microsoft for this event type.\n\n- 1 (Always ask before sending data): Windows prompts the user for consent to send reports.\n\n- 2 (Send parameters): Windows Error Reporting automatically sends the minimum data required to check for an existing solution, and Windows prompts the user for consent to send any additional data requested by Microsoft.\n\n- 3 (Send parameters and safe additional data): Windows Error Reporting automatically sends the minimum data required to check for an existing solution, as well as data which Windows has determined (within a high probability) does not contain personally identifiable data, and prompts the user for consent to send any additional data requested by Microsoft.\n\n- 4 (Send all data): Any data requested by Microsoft is sent automatically.\n\nIf you disable or do not configure this policy setting, then the default consent settings that are applied are those specified by the user in Control Panel, or in the Configure Default Consent policy setting.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Error Reporting" ], "ValueName": "Consent", "Elements": [ { "Type": "List", "ValueName": null } ] }, { "File": "ErrorReporting.admx", "CategoryName": "CAT_WindowsErrorReportingConsent", "PolicyName": "WerConsentCustomize_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsErrorReporting", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Customize consent settings", "ExplainText": "This policy setting determines the consent behavior of Windows Error Reporting for specific event types.\n\nIf you enable this policy setting, you can add specific event types to a list by clicking Show, and typing event types in the Value Name column of the Show Contents dialog box. Event types are those for generic, non-fatal errors: crash, no response, and kernel fault errors. For each specified event type, you can set a consent level of 0, 1, 2, 3, or 4.\n\n- 0 (Disable): Windows Error Reporting sends no data to Microsoft for this event type.\n\n- 1 (Always ask before sending data): Windows prompts the user for consent to send reports.\n\n- 2 (Send parameters): Windows Error Reporting automatically sends the minimum data required to check for an existing solution, and Windows prompts the user for consent to send any additional data requested by Microsoft.\n\n- 3 (Send parameters and safe additional data): Windows Error Reporting automatically sends the minimum data required to check for an existing solution, as well as data which Windows has determined (within a high probability) does not contain personally identifiable data, and prompts the user for consent to send any additional data requested by Microsoft.\n\n- 4 (Send all data): Any data requested by Microsoft is sent automatically.\n\nIf you disable or do not configure this policy setting, then the default consent settings that are applied are those specified by the user in Control Panel, or in the Configure Default Consent policy setting.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Error Reporting" ], "ValueName": "Consent", "Elements": [ { "Type": "List", "ValueName": null } ] }, { "File": "ErrorReporting.admx", "CategoryName": "CAT_WindowsErrorReportingConsent", "PolicyName": "WerConsentOverride_1", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsErrorReporting", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Ignore custom consent settings", "ExplainText": "This policy setting determines the behavior of the Configure Default Consent setting in relation to custom consent settings.\n\nIf you enable this policy setting, the default consent levels of Windows Error Reporting always override any other consent policy setting.\n\nIf you disable or do not configure this policy setting, custom consent policy settings for error reporting determine the consent level for specified event types, and the default consent setting determines only the consent level of any other error reports.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Error Reporting\\Consent" ], "ValueName": "DefaultOverrideBehavior", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ErrorReporting.admx", "CategoryName": "CAT_WindowsErrorReportingConsent", "PolicyName": "WerConsentOverride_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsErrorReporting", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Ignore custom consent settings", "ExplainText": "This policy setting determines the behavior of the Configure Default Consent setting in relation to custom consent settings.\n\nIf you enable this policy setting, the default consent levels of Windows Error Reporting always override any other consent policy setting.\n\nIf you disable or do not configure this policy setting, custom consent policy settings for error reporting determine the consent level for specified event types, and the default consent setting determines only the consent level of any other error reports.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Error Reporting\\Consent" ], "ValueName": "DefaultOverrideBehavior", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ErrorReporting.admx", "CategoryName": "CAT_WindowsErrorReportingConsent", "PolicyName": "WerDefaultConsent_1", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsErrorReporting", "Supported": "Windows_6_3ToVista - Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows 8, Windows Server 2008, Windows 7, and Windows Vista", "DisplayName": "Configure Default consent", "ExplainText": "This policy setting determines the default consent behavior of Windows Error Reporting.\n\nIf you enable this policy setting, you can set the default consent handling for error reports. The following list describes the Consent level settings that are available in the pull-down menu in this policy setting:\n\n- Always ask before sending data: Windows prompts users for consent to send reports.\n\n- Send parameters: Only the minimum data that is required to check for an existing solution is sent automatically, and Windows prompts users for consent to send any additional data that is requested by Microsoft.\n\n- Send parameters and safe additional data: the minimum data that is required to check for an existing solution, along with data which Windows has determined (within a high probability) does not contain personally-identifiable information is sent automatically, and Windows prompts the user for consent to send any additional data that is requested by Microsoft.\n\n- Send all data: any error reporting data requested by Microsoft is sent automatically.\n\nIf this policy setting is disabled or not configured, then the consent level defaults to the highest-privacy setting: Always ask before sending data.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Error Reporting\\Consent" ], "Elements": [ { "Type": "Enum", "ValueName": "DefaultConsent", "Items": [ { "DisplayName": "Always ask before sending data", "Data": "1" }, { "DisplayName": "Send parameters", "Data": "2" }, { "DisplayName": "Send parameters and safe additional data", "Data": "3" }, { "DisplayName": "Send all data", "Data": "4" } ], "Required": true } ] }, { "File": "ErrorReporting.admx", "CategoryName": "CAT_WindowsErrorReportingConsent", "PolicyName": "WerDefaultConsent_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsErrorReporting", "Supported": "Windows_6_3ToVista - Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows 8, Windows Server 2008, Windows 7, and Windows Vista", "DisplayName": "Configure Default consent", "ExplainText": "This policy setting determines the default consent behavior of Windows Error Reporting.\n\nIf you enable this policy setting, you can set the default consent handling for error reports. The following list describes the Consent level settings that are available in the pull-down menu in this policy setting:\n\n- Always ask before sending data: Windows prompts users for consent to send reports.\n\n- Send parameters: Only the minimum data that is required to check for an existing solution is sent automatically, and Windows prompts users for consent to send any additional data that is requested by Microsoft.\n\n- Send parameters and safe additional data: the minimum data that is required to check for an existing solution, along with data which Windows has determined (within a high probability) does not contain personally-identifiable information is sent automatically, and Windows prompts the user for consent to send any additional data that is requested by Microsoft.\n\n- Send all data: any error reporting data requested by Microsoft is sent automatically.\n\nIf this policy setting is disabled or not configured, then the consent level defaults to the highest-privacy setting: Always ask before sending data.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Error Reporting\\Consent" ], "Elements": [ { "Type": "Enum", "ValueName": "DefaultConsent", "Items": [ { "DisplayName": "Always ask before sending data", "Data": "1" }, { "DisplayName": "Send parameters", "Data": "2" }, { "DisplayName": "Send parameters and safe additional data", "Data": "3" }, { "DisplayName": "Send all data", "Data": "4" } ], "Required": true } ] }, { "File": "EventForwarding.admx", "CategoryName": "EventForwarding", "PolicyName": "SubscriptionManager", "Class": "Machine", "NameSpace": "Microsoft.Policies.EventForwarding", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Configure target Subscription Manager", "ExplainText": "This policy setting allows you to configure the server address, refresh interval, and issuer certificate authority (CA) of a target Subscription Manager.\n\nIf you enable this policy setting, you can configure the Source Computer to contact a specific FQDN (Fully Qualified Domain Name) or IP Address and request subscription specifics.\n\nUse the following syntax when using the HTTPS protocol:\nServer=https://:5986/wsman/SubscriptionManager/WEC,Refresh=,IssuerCA=. When using the HTTP protocol, use port 5985.\n\nIf you disable or do not configure this policy setting, the Event Collector computer will not be specified.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\EventLog" ], "ValueName": "EventForwarding", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\EventLog\\EventForwarding\\SubscriptionManager" ] } ] }, { "File": "EventForwarding.admx", "CategoryName": "EventForwarding", "PolicyName": "ForwarderResourceUsage", "Class": "Machine", "NameSpace": "Microsoft.Policies.EventForwarding", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Configure forwarder resource usage", "ExplainText": "This policy setting controls resource usage for the forwarder (source computer) by controlling the events/per second sent to the Event Collector.\n\nIf you enable this policy setting, you can control the volume of events sent to the Event Collector by the source computer. This may be required in high volume environments.\n\nIf you disable or do not configure this policy setting, forwarder resource usage is not specified.\n\nThis setting applies across all subscriptions for the forwarder (source computer).", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\EventLog\\EventForwarding" ], "Elements": [ { "Type": "Decimal", "ValueName": "MaxForwardingRate", "MinValue": "0", "MaxValue": null } ] }, { "File": "EventLog.admx", "CategoryName": "EventLog_Application", "PolicyName": "Channel_Log_AutoBackup_1", "Class": "Machine", "NameSpace": "Microsoft.Policies.EventLogs", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Back up log automatically when full", "ExplainText": "This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the \"Retain old events\" policy setting is enabled.\n\nIf you enable this policy setting and the \"Retain old events\" policy setting is enabled, the Event Log file is automatically closed and renamed when it is full. A new file is then started.\n\nIf you disable this policy setting and the \"Retain old events\" policy setting is enabled, new events are discarded and old events are retained.\n\nIf you do not configure this policy setting and the \"Retain old events\" policy setting is enabled, new events are discarded and the old events are retained.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\EventLog\\Application" ], "ValueName": "AutoBackupLogFiles", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "EventLog.admx", "CategoryName": "EventLog_Application", "PolicyName": "Channel_Log_FileLogAccess_1", "Class": "Machine", "NameSpace": "Microsoft.Policies.EventLogs", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Configure log access", "ExplainText": "This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string.\n\nIf you enable this policy setting, only those users matching the security descriptor can access the log.\n\nIf you disable or do not configure this policy setting, all authenticated users and system services can write, read, or clear this log.\n\nNote: If you enable this policy setting, some tools and APIs may ignore it. The same change should be made to the \"Configure log access (legacy)\" policy setting to enforce this change across all tools and APIs.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\EventLog\\Application" ], "Elements": [ { "Type": "Text", "ValueName": "ChannelAccess" } ] }, { "File": "EventLog.admx", "CategoryName": "EventLog_Application", "PolicyName": "Channel_Log_FileLogAccess_5", "Class": "Machine", "NameSpace": "Microsoft.Policies.EventLogs", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Configure log access (legacy)", "ExplainText": "This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string. You must set both \"configure log access\" policy settings for this log in order to affect the both modern and legacy tools.\n\nIf you enable this policy setting, only those users matching the security descriptor can access the log.\n\nIf you disable this policy setting, all authenticated users and system services can write, read, or clear this log.\n\nIf you do not configure this policy setting, the previous policy setting configuration remains in effect.", "KeyPath": [ "HKLM\\System\\CurrentControlSet\\Services\\EventLog\\Application" ], "Elements": [ { "Type": "Text", "ValueName": "CustomSD" } ] }, { "File": "EventLog.admx", "CategoryName": "EventLog_Application", "PolicyName": "Channel_Log_Retention_1", "Class": "Machine", "NameSpace": "Microsoft.Policies.EventLogs", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Control Event Log behavior when the log file reaches its maximum size", "ExplainText": "This policy setting controls Event Log behavior when the log file reaches its maximum size.\n\nIf you enable this policy setting and a log file reaches its maximum size, new events are not written to the log and are lost.\n\nIf you disable or do not configure this policy setting and a log file reaches its maximum size, new events overwrite old events.\n\nNote: Old events may or may not be retained according to the \"Backup log automatically when full\"\u009d policy setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\EventLog\\Application" ], "ValueName": "Retention", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "EventLog.admx", "CategoryName": "EventLog_Application", "PolicyName": "Channel_LogFilePath_1", "Class": "Machine", "NameSpace": "Microsoft.Policies.EventLogs", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Control the location of the log file", "ExplainText": "This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators.\n\nIf you enable this policy setting, the Event Log uses the path specified in this policy setting.\n\nIf you disable or do not configure this policy setting, the Event Log uses the folder %SYSTEMROOT%\\System32\\winevt\\Logs.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\EventLog\\Application" ], "Elements": [ { "Type": "Text", "ValueName": "File" } ] }, { "File": "EventLog.admx", "CategoryName": "EventLog_Application", "PolicyName": "Channel_LogMaxSize_1", "Class": "Machine", "NameSpace": "Microsoft.Policies.EventLogs", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Specify the maximum log file size (KB)", "ExplainText": "This policy setting specifies the maximum size of the log file in kilobytes.\n\nIf you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes), in kilobyte increments.\n\nIf you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog, and it defaults to 1 megabyte.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\EventLog\\Application" ], "Elements": [ { "Type": "Decimal", "ValueName": "MaxSize", "MinValue": "1024", "MaxValue": "2147483647", "Required": true } ] }, { "File": "EventLog.admx", "CategoryName": "EventLog_Security", "PolicyName": "Channel_Log_AutoBackup_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.EventLogs", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Back up log automatically when full", "ExplainText": "This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the \"Retain old events\" policy setting is enabled.\n\nIf you enable this policy setting and the \"Retain old events\" policy setting is enabled, the Event Log file is automatically closed and renamed when it is full. A new file is then started.\n\nIf you disable this policy setting and the \"Retain old events\" policy setting is enabled, new events are discarded and old events are retained.\n\nIf you do not configure this policy setting and the \"Retain old events\" policy setting is enabled, new events are discarded and the old events are retained.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\EventLog\\Security" ], "ValueName": "AutoBackupLogFiles", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "EventLog.admx", "CategoryName": "EventLog_Security", "PolicyName": "Channel_Log_FileLogAccess_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.EventLogs", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Configure log access", "ExplainText": "This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string. You cannot configure write permissions for this log. You must set both \"configure log access\" policy settings for this log in order to affect the both modern and legacy tools.\n\nIf you enable this policy setting, only those users whose security descriptor matches the configured specified value can access the log.\n\nIf you disable or do not configure this policy setting, only system software and administrators can read or clear this log.\n\nNote: If you enable this policy setting, some tools and APIs may ignore it. The same change should be made to the \"Configure log access (legacy)\" policy setting to enforce this change across all tools and APIs.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\EventLog\\Security" ], "Elements": [ { "Type": "Text", "ValueName": "ChannelAccess" } ] }, { "File": "EventLog.admx", "CategoryName": "EventLog_Security", "PolicyName": "Channel_Log_FileLogAccess_6", "Class": "Machine", "NameSpace": "Microsoft.Policies.EventLogs", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Configure log access (legacy)", "ExplainText": "This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string. You cannot configure write permissions for this log.\n\nIf you enable this policy setting, only those users whose security descriptor matches the configured specified value can access the log.\n\nIf you disable this policy setting, only system software and administrators can read or clear this log.\n\nIf you do not configure this policy setting, the previous policy setting configuration remains in effect.", "KeyPath": [ "HKLM\\System\\CurrentControlSet\\Services\\EventLog\\Security" ], "Elements": [ { "Type": "Text", "ValueName": "CustomSD" } ] }, { "File": "EventLog.admx", "CategoryName": "EventLog_Security", "PolicyName": "Channel_Log_Retention_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.EventLogs", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Control Event Log behavior when the log file reaches its maximum size", "ExplainText": "This policy setting controls Event Log behavior when the log file reaches its maximum size.\n\nIf you enable this policy setting and a log file reaches its maximum size, new events are not written to the log and are lost.\n\nIf you disable or do not configure this policy setting and a log file reaches its maximum size, new events overwrite old events.\n\nNote: Old events may or may not be retained according to the \"Backup log automatically when full\"\u009d policy setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\EventLog\\Security" ], "ValueName": "Retention", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "EventLog.admx", "CategoryName": "EventLog_Security", "PolicyName": "Channel_LogFilePath_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.EventLogs", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Control the location of the log file", "ExplainText": "This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators.\n\nIf you enable this policy setting, the Event Log uses the path specified in this policy setting.\n\nIf you disable or do not configure this policy setting, the Event Log uses the folder %SYSTEMROOT%\\System32\\winevt\\Logs.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\EventLog\\Security" ], "Elements": [ { "Type": "Text", "ValueName": "File" } ] }, { "File": "EventLog.admx", "CategoryName": "EventLog_Security", "PolicyName": "Channel_LogMaxSize_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.EventLogs", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Specify the maximum log file size (KB)", "ExplainText": "This policy setting specifies the maximum size of the log file in kilobytes.\n\nIf you enable this policy setting, you can configure the maximum log file size to be between 20 megabytes (20480 kilobytes) and 2 terabytes (2147483647 kilobytes), in kilobyte increments.\n\nIf you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog, and it defaults to 20 megabytes.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\EventLog\\Security" ], "Elements": [ { "Type": "Decimal", "ValueName": "MaxSize", "MinValue": "20480", "MaxValue": "2147483647", "Required": true } ] }, { "File": "EventLog.admx", "CategoryName": "EventLog_Setup", "PolicyName": "Channel_Log_AutoBackup_3", "Class": "Machine", "NameSpace": "Microsoft.Policies.EventLogs", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Back up log automatically when full", "ExplainText": "This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the \"Retain old events\" policy setting is enabled.\n\nIf you enable this policy setting and the \"Retain old events\" policy setting is enabled, the Event Log file is automatically closed and renamed when it is full. A new file is then started.\n\nIf you disable this policy setting and the \"Retain old events\" policy setting is enabled, new events are discarded and old events are retained.\n\nIf you do not configure this policy setting and the \"Retain old events\" policy setting is enabled, new events are discarded and the old events are retained.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\EventLog\\Setup" ], "ValueName": "AutoBackupLogFiles", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "EventLog.admx", "CategoryName": "EventLog_Setup", "PolicyName": "Channel_Log_FileLogAccess_3", "Class": "Machine", "NameSpace": "Microsoft.Policies.EventLogs", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Configure log access", "ExplainText": "This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string.\n\nIf you enable this policy setting, only those users matching the security descriptor can access the log.\n\nIf you disable or do not configure this policy setting, all authenticated users and system services can write, read, or clear this log.\n\nNote: If you enable this policy setting, some tools and APIs may ignore it. The same change should be made to the \"Configure log access (legacy)\" policy setting to enforce this change across all tools and APIs.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\EventLog\\Setup" ], "Elements": [ { "Type": "Text", "ValueName": "ChannelAccess" } ] }, { "File": "EventLog.admx", "CategoryName": "EventLog_Setup", "PolicyName": "Channel_Log_FileLogAccess_7", "Class": "Machine", "NameSpace": "Microsoft.Policies.EventLogs", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Configure log access (legacy)", "ExplainText": "This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string. You must set both \"configure log access\" policy settings for this log in order to affect the both modern and legacy tools.\n\nIf you enable this policy setting, only those users matching the security descriptor can access the log.\n\nIf you disable this policy setting, all authenticated users and system services can write, read, or clear this log.\n\nIf you do not configure this policy setting, the previous policy setting configuration remains in effect.", "KeyPath": [ "HKLM\\System\\CurrentControlSet\\Services\\EventLog\\Setup" ], "Elements": [ { "Type": "Text", "ValueName": "CustomSD" } ] }, { "File": "EventLog.admx", "CategoryName": "EventLog_Setup", "PolicyName": "Channel_Log_Retention_3", "Class": "Machine", "NameSpace": "Microsoft.Policies.EventLogs", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Control Event Log behavior when the log file reaches its maximum size", "ExplainText": "This policy setting controls Event Log behavior when the log file reaches its maximum size.\n\nIf you enable this policy setting and a log file reaches its maximum size, new events are not written to the log and are lost.\n\nIf you disable or do not configure this policy setting and a log file reaches its maximum size, new events overwrite old events.\n\nNote: Old events may or may not be retained according to the \"Backup log automatically when full\"\u009d policy setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\EventLog\\Setup" ], "ValueName": "Retention", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "EventLog.admx", "CategoryName": "EventLog_Setup", "PolicyName": "Channel_LogEnabled", "Class": "Machine", "NameSpace": "Microsoft.Policies.EventLogs", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn on logging", "ExplainText": "This policy setting turns on logging.\n\nIf you enable or do not configure this policy setting, then events can be written to this log.\n\nIf the policy setting is disabled, then no new events can be logged. Events can always be read from the log, regardless of this policy setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\EventLog\\Setup" ], "ValueName": "Enabled", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "EventLog.admx", "CategoryName": "EventLog_Setup", "PolicyName": "Channel_LogFilePath_3", "Class": "Machine", "NameSpace": "Microsoft.Policies.EventLogs", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Control the location of the log file", "ExplainText": "This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators.\n\nIf you enable this policy setting, the Event Log uses the path specified in this policy setting.\n\nIf you disable or do not configure this policy setting, the Event Log uses the folder %SYSTEMROOT%\\System32\\winevt\\Logs.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\EventLog\\Setup" ], "Elements": [ { "Type": "Text", "ValueName": "File" } ] }, { "File": "EventLog.admx", "CategoryName": "EventLog_Setup", "PolicyName": "Channel_LogMaxSize_3", "Class": "Machine", "NameSpace": "Microsoft.Policies.EventLogs", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Specify the maximum log file size (KB)", "ExplainText": "This policy setting specifies the maximum size of the log file in kilobytes.\n\nIf you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes), in kilobyte increments.\n\nIf you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog, and it defaults to 1 megabyte.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\EventLog\\Setup" ], "Elements": [ { "Type": "Decimal", "ValueName": "MaxSize", "MinValue": "1024", "MaxValue": "2147483647", "Required": true } ] }, { "File": "EventLog.admx", "CategoryName": "EventLog_System", "PolicyName": "Channel_Log_AutoBackup_4", "Class": "Machine", "NameSpace": "Microsoft.Policies.EventLogs", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Back up log automatically when full", "ExplainText": "This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the \"Retain old events\" policy setting is enabled.\n\nIf you enable this policy setting and the \"Retain old events\" policy setting is enabled, the Event Log file is automatically closed and renamed when it is full. A new file is then started.\n\nIf you disable this policy setting and the \"Retain old events\" policy setting is enabled, new events are discarded and old events are retained.\n\nIf you do not configure this policy setting and the \"Retain old events\" policy setting is enabled, new events are discarded and the old events are retained.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\EventLog\\System" ], "ValueName": "AutoBackupLogFiles", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "EventLog.admx", "CategoryName": "EventLog_System", "PolicyName": "Channel_Log_FileLogAccess_4", "Class": "Machine", "NameSpace": "Microsoft.Policies.EventLogs", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Configure log access", "ExplainText": "This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string. You must set both \"configure log access\" policy settings for this log in order to affect the both modern and legacy tools.\n\nIf you enable this policy setting, only users whose security descriptor matches the configured value can access the log.\n\nIf you disable or do not configure this policy setting, only system software and administrators can write or clear this log, and any authenticated user can read events from it.\n\nNote: If you enable this policy setting, some tools and APIs may ignore it. The same change should be made to the \"Configure log access (legacy)\" policy setting to enforce this change across all tools and APIs.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\EventLog\\System" ], "Elements": [ { "Type": "Text", "ValueName": "ChannelAccess" } ] }, { "File": "EventLog.admx", "CategoryName": "EventLog_System", "PolicyName": "Channel_Log_FileLogAccess_8", "Class": "Machine", "NameSpace": "Microsoft.Policies.EventLogs", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Configure log access (legacy)", "ExplainText": "This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string.\n\nIf you enable this policy setting, only users whose security descriptor matches the configured value can access the log.\n\nIf you disable this policy setting, only system software and administrators can write or clear this log, and any authenticated user can read events from it.\n\nIf you do not configure this policy setting, the previous policy setting configuration remains in effect.", "KeyPath": [ "HKLM\\System\\CurrentControlSet\\Services\\EventLog\\System" ], "Elements": [ { "Type": "Text", "ValueName": "CustomSD" } ] }, { "File": "EventLog.admx", "CategoryName": "EventLog_System", "PolicyName": "Channel_Log_Retention_4", "Class": "Machine", "NameSpace": "Microsoft.Policies.EventLogs", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Control Event Log behavior when the log file reaches its maximum size", "ExplainText": "This policy setting controls Event Log behavior when the log file reaches its maximum size.\n\nIf you enable this policy setting and a log file reaches its maximum size, new events are not written to the log and are lost.\n\nIf you disable or do not configure this policy setting and a log file reaches its maximum size, new events overwrite old events.\n\nNote: Old events may or may not be retained according to the \"Backup log automatically when full\"\u009d policy setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\EventLog\\System" ], "ValueName": "Retention", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "EventLog.admx", "CategoryName": "EventLog_System", "PolicyName": "Channel_LogFilePath_4", "Class": "Machine", "NameSpace": "Microsoft.Policies.EventLogs", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Control the location of the log file", "ExplainText": "This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators.\n\nIf you enable this policy setting, the Event Log uses the path specified in this policy setting.\n\nIf you disable or do not configure this policy setting, the Event Log uses the folder %SYSTEMROOT%\\System32\\winevt\\Logs.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\EventLog\\System" ], "Elements": [ { "Type": "Text", "ValueName": "File" } ] }, { "File": "EventLog.admx", "CategoryName": "EventLog_System", "PolicyName": "Channel_LogMaxSize_4", "Class": "Machine", "NameSpace": "Microsoft.Policies.EventLogs", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Specify the maximum log file size (KB)", "ExplainText": "This policy setting specifies the maximum size of the log file in kilobytes.\n\nIf you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes), in kilobyte increments.\n\nIf you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog, and it defaults to 1 megabyte.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\EventLog\\System" ], "Elements": [ { "Type": "Decimal", "ValueName": "MaxSize", "MinValue": "1024", "MaxValue": "2147483647", "Required": true } ] }, { "File": "EventLog.admx", "CategoryName": "EventLogCategory", "PolicyName": "RpcAccess_Remote", "Class": "Machine", "NameSpace": "Microsoft.Policies.EventLogs", "Supported": "Windows_11_0_22H1", "DisplayName": "Limit remote access to the Event Log Service", "ExplainText": "This policy setting controls which remote users will be allowed to connect to the Event Log service on this machine.\n\nIf you enable this policy, you can restrict which group remote users must be a member of in order to connect to the Event Log Service on this machine. You can require that remote users be a member of one of the following builtin groups:\n\n\u2022 Authenticated Users\n\u2022 EventLog Readers\n\u2022 Administrators\n\nIf you disable or do not configure this policy, the default value will be Authenticated Users.\n\nFor prior versions of Windows, only Authenticated Users was supported. To maintain backwards compatability, local connections to the service will always be allowed from Authenticated Users.\n\nThis setting does not control access to individual logs. Once a remote connection is allowed, it will still need access to the specific resources it is attempting to use.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\EventLog" ], "ValueName": "EnableRemoteRpcAccessRestrictions", "Elements": [ { "Type": "Enum", "ValueName": "RpcAccess_Remote_Setting", "Items": [ { "DisplayName": "Authenticated Users", "Data": "0" }, { "DisplayName": "Event Log Readers", "Data": "1" }, { "DisplayName": "Administrators", "Data": "2" } ], "Required": true, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\EventLog" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "EventLogging.admx", "CategoryName": "EventLogging", "PolicyName": "EnableProtectedEventLogging", "Class": "Machine", "NameSpace": "Microsoft.Policies.EventLogging", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Enable Protected Event Logging", "ExplainText": "This policy setting lets you configure Protected Event Logging.\n\nIf you enable this policy setting, components that support it will use the certificate you supply to encrypt potentially sensitive event log data before writing it to the event log. Data will be encrypted using the Cryptographic Message Syntax (CMS) standard and the public key you provide. You can use the Unprotect-CmsMessage PowerShell cmdlet to decrypt these encrypted messages, provided that you have access to the private key corresponding to the public key that they were encrypted with.\n\nIf you disable or do not configure this policy setting, components will not encrypt event log messages before writing them to the event log.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\EventLog\\ProtectedEventLogging" ], "ValueName": "EnableProtectedEventLogging", "Elements": [ { "Type": "MultiText", "ValueName": "EncryptionCertificate", "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "EventViewer.admx", "CategoryName": "EventViewer", "PolicyName": "EventViewer_RedirectionProgram", "Class": "Machine", "NameSpace": "Microsoft.Policies.EventViewer", "Supported": "WindowsXPSP2 - At least Windows XP Professional with SP2", "DisplayName": "Events.asp program", "ExplainText": "This is the program that will be invoked when the user clicks the events.asp link.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\EventViewer" ], "Elements": [ { "Type": "Text", "ValueName": "MicrosoftRedirectionProgram", "Expandable": true } ] }, { "File": "EventViewer.admx", "CategoryName": "EventViewer", "PolicyName": "EventViewer_RedirectionProgramCommandLineParameters", "Class": "Machine", "NameSpace": "Microsoft.Policies.EventViewer", "Supported": "WindowsXPSP2 - At least Windows XP Professional with SP2", "DisplayName": "Events.asp program command line parameters", "ExplainText": "This specifies the command line parameters that will be passed to the events.asp program", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\EventViewer" ], "Elements": [ { "Type": "Text", "ValueName": "MicrosoftRedirectionProgramCommandLineParameters" } ] }, { "File": "EventViewer.admx", "CategoryName": "EventViewer", "PolicyName": "EventViewer_RedirectionURL", "Class": "Machine", "NameSpace": "Microsoft.Policies.EventViewer", "Supported": "WindowsXPSP2 - At least Windows XP Professional with SP2", "DisplayName": "Events.asp URL", "ExplainText": "This is the URL that will be passed to the Description area in the Event Properties dialog box. Change this value if you want to use a different Web server to handle event information requests.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\EventViewer" ], "Elements": [ { "Type": "Text", "ValueName": "MicrosoftRedirectionURL" } ] }, { "File": "ExploitGuard.admx", "CategoryName": "ExploitProtection", "PolicyName": "ExploitProtection_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.ExploitGuard", "Supported": "Windows_10_0_RS3 - At least Windows Server 2016, Windows 10 Version 1709", "DisplayName": "Use a common set of exploit protection settings", "ExplainText": "Specify a common set of Microsoft Defender Exploit Guard system and application mitigation settings that can be applied to all endpoints that have this GP setting configured.\n\nThere are some prerequisites before you can enable this setting:\n- Manually configure a device's system and application mitigation settings using the Set-ProcessMitigation PowerShell cmdlet, the ConvertTo-ProcessMitigationPolicy PowerShell cmdlet, or directly in Windows Security.\n- Generate an XML file with the settings from the device by running the Get-ProcessMitigation PowerShell cmdlet or using the Export button at the bottom of the Exploit Protection area in Windows Security.\n- Place the generated XML file in a shared or local path.\n\nNote: Endpoints that have this GP setting set to Enabled must be able to access the XML file, otherwise the settings will not be applied.\n\nEnabled\nSpecify the location of the XML file in the Options section. You can use a local (or mapped) path, a UNC path, or a URL, such as the following:\n- C:\\MitigationSettings\\Config.XML\n- \\\\Server\\Share\\Config.xml\n- https://localhost:8080/Config.xml\n\nThe settings in the XML file will be applied to the endpoint.\n\nDisabled\nCommon settings will not be applied, and the locally configured settings will be used instead.\n\nNot configured\nSame as Disabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender ExploitGuard\\Exploit Protection" ], "Elements": [ { "Type": "Text", "ValueName": "ExploitProtectionSettings", "Required": true, "MaxLength": "65535" } ] }, { "File": "Explorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "AlwaysShowClassicMenu", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsExplorer2", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Display the menu bar in File Explorer", "ExplainText": "This policy setting configures File Explorer to always display the menu bar.\n\nNote: By default, the menu bar is not displayed in File Explorer.\n\nIf you enable this policy setting, the menu bar will be displayed in File Explorer.\n\nIf you disable or do not configure this policy setting, the menu bar will not be displayed in File Explorer.\n\nNote: When the menu bar is not displayed, users can access the menu bar by pressing the 'ALT' key.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "AlwaysShowClassicMenu", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Explorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "PreventItemCreationInUsersFilesFolder", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsExplorer2", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Prevent users from adding files to the root of their Users Files folder.", "ExplainText": "This policy setting allows administrators to prevent users from adding new items such as files or folders to the root of their Users Files folder in File Explorer.\n\nIf you enable this policy setting, users will no longer be able to add new items such as files or folders to the root of their Users Files folder in File Explorer.\n\nIf you disable or do not configure this policy setting, users will be able to add new items such as files or folders to the root of their Users Files folder in File Explorer.\n\nNote: Enabling this policy setting does not prevent the user from being able to add new items such as files and folders to their actual file system profile folder at %userprofile%.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "PreventItemCreationInUsersFilesFolder", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Explorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "TurnOffSPIAnimations", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsExplorer2", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn off common control and window animations", "ExplainText": "This policy is similar to settings directly available to computer users. Disabling animations can improve usability for users with some visual disabilities as well as improving performance and battery life in some scenarios.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "TurnOffSPIAnimations", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Explorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "NoDataExecutionPrevention", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsExplorer2", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Turn off Data Execution Prevention for Explorer", "ExplainText": "Disabling data execution prevention can allow certain legacy plug-in applications to function without terminating Explorer.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "NoDataExecutionPrevention", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Explorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "NoHeapTerminationOnCorruption", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsExplorer2", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn off heap termination on corruption", "ExplainText": "Disabling heap termination on corruption can allow certain legacy plug-in applications to function without terminating Explorer immediately, although Explorer may still terminate unexpectedly later.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "NoHeapTerminationOnCorruption", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Explorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "AdminInfoUrl", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsExplorer2", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Set a support web page link", "ExplainText": "Sets the target of the More Information link that will be displayed when the user attempts to run a program that is blocked by policy.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "Elements": [ { "Type": "Text", "ValueName": "AdminInfoUrl" } ] }, { "File": "Explorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "DisableRoamedProfileInit", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsExplorer2", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Do not reinitialize a pre-existing roamed user profile when it is loaded on a machine for the first time", "ExplainText": "This policy setting allows administrators who have configured roaming profile in conjunction with Delete Cached Roaming Profile Group Policy setting to ensure that Explorer will not reinitialize default program associations and other settings to default values.\n\nIf you enable this policy setting on a machine that does not contain all programs installed in the same manner as it was on the machine on which the user had last logged on, unexpected behavior could occur.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "DisableRoamedProfileInit", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Explorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "DisableGraphRecentItems", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsExplorer2", "Supported": "Windows_11_0_22H2_NOSERVER - At least Windows 11 Version 22H2", "DisplayName": "Show files based on your account and cloud provider activity", "ExplainText": "Turning off this setting will prevent File Explorer from requesting cloud file metadata and displaying it in the homepage and other views in File Explorer. Any insights and files based on account or cloud provider activity will be stopped in views such as Recent, Recommended, Favorites, Shared, etc.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "DisableGraphRecentItems", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Explorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "DisableAdvancedSettingsSourceIntegration", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsExplorer2", "Supported": "Windows_11_0_22H2_NOSERVER - At least Windows 11 Version 22H2", "DisplayName": "Turn off Advanced Settings source integration in File Explorer", "ExplainText": "Disabling Advanced Settings source integration will prevent File Explorer from showing repository information from the Advanced Settings sytem component", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "DisableAdvancedSettingsSourceIntegration", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Explorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "DisableFileExplorerPrelaunch", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsExplorer2", "Supported": "Windows_11_0_22H2_NOSERVER - At least Windows 11 Version 22H2", "DisplayName": "Disable File Explorer feature to prelaunch a window in the background", "ExplainText": "This policy prevents users from enabling the Prelaunch feature in File Explorer, which creates a window in the background to accelerate the launch experience and improve responsiveness.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "DisableFileExplorerPrelaunch", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ExternalBoot.admx", "CategoryName": "PortableOperatingSystem", "PolicyName": "PortableOperatingSystem_Launcher", "Class": "Machine", "NameSpace": "Microsoft.Policies.PortableOperatingSystem", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Windows To Go Default Startup Options", "ExplainText": "This policy setting controls whether the PC will boot to Windows To Go if a USB device containing a Windows To Go workspace is connected, and controls whether users can make changes using the Windows To Go Startup Options Control Panel item.\n\nIf you enable this setting, booting to Windows To Go when a USB device is connected will be enabled, and users will not be able to make changes using the Windows To Go Startup Options Control Panel item.\n\nIf you disable this setting, booting to Windows To Go when a USB device is connected will not be enabled unless a user configures the option manually in the BIOS or other boot order configuration.\n\nIf you do not configure this setting, users who are members of the Administrators group can make changes using the Windows To Go Startup Options Control Panel item.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\PortableOperatingSystem" ], "ClientExtension": "{BA649533-0AAC-4E04-B9BC-4DBAE0325B12}", "ValueName": "Launcher", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ExternalBoot.admx", "CategoryName": "PortableOperatingSystem", "PolicyName": "PortableOperatingSystem_Hibernate", "Class": "Machine", "NameSpace": "Microsoft.Policies.PortableOperatingSystem", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Allow hibernate (S4) when starting from a Windows To Go workspace", "ExplainText": "Specifies whether the PC can use the hibernation sleep state (S4) when started from a Windows To Go workspace.\n\nIf you enable this setting, Windows, when started from a Windows To Go workspace, can hibernate the PC.\n\nIf you disable or don't configure this setting, Windows, when started from a Windows To Go workspace, can't hibernate the PC.", "KeyPath": [ "HKLM\\System\\CurrentControlSet\\Policies\\Microsoft\\PortableOperatingSystem" ], "ClientExtension": "{C34B2751-1CF4-44F5-9262-C3FC39666591}", "ValueName": "Hibernate", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ExternalBoot.admx", "CategoryName": "PortableOperatingSystem", "PolicyName": "PortableOperatingSystem_Sleep", "Class": "Machine", "NameSpace": "Microsoft.Policies.PortableOperatingSystem", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Disallow standby sleep states (S1-S3) when starting from a Windows to Go workspace", "ExplainText": "Specifies whether the PC can use standby sleep states (S1-S3) when starting from a Windows To Go workspace.\n\nIf you enable this setting, Windows, when started from a Windows To Go workspace, can't use standby states to make the PC sleep.\n\nIf you disable or don't configure this setting, Windows, when started from a Windows To Go workspace, can use standby states to make the PC sleep.", "KeyPath": [ "HKLM\\System\\CurrentControlSet\\Policies\\Microsoft\\PortableOperatingSystem" ], "ValueName": "Sleep", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "FeedbackNotifications.admx", "CategoryName": "DataCollectionAndPreviewBuilds", "PolicyName": "DoNotShowFeedbackNotifications", "Class": "Machine", "NameSpace": "Microsoft.Policies.FeedbackNotifications", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Do not show feedback notifications", "ExplainText": "This policy setting allows an organization to prevent its devices from showing feedback questions from Microsoft.\n\nIf you enable this policy setting, users will no longer see feedback notifications through the Windows Feedback app.\n\nIf you disable or do not configure this policy setting, users may see notifications through the Windows Feedback app asking users for feedback.\n\nNote: If you disable or do not configure this policy setting, users can control how often they receive feedback questions.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DataCollection" ], "ValueName": "DoNotShowFeedbackNotifications", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "FileHistory.admx", "CategoryName": "FileHistory", "PolicyName": "DisableFileHistory", "Class": "Machine", "NameSpace": "Microsoft.Policies.FileHistory", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Turn off File History", "ExplainText": "This policy setting allows you to turn off File History.\n\nIf you enable this policy setting, File History cannot be activated to create regular, automatic backups.\n\nIf you disable or do not configure this policy setting, File History can be activated to create regular, automatic backups.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\FileHistory" ], "ValueName": "Disabled", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "FileRecovery.admx", "CategoryName": "WdiScenarioCategory", "PolicyName": "WdiScenarioExecutionPolicy", "Class": "Machine", "NameSpace": "Microsoft.Policies.FileRecovery", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Configure Corrupted File Recovery behavior", "ExplainText": "This policy setting allows you to configure the recovery behavior for corrupted files to one of three states:\n\nRegular: Detection, troubleshooting, and recovery of corrupted files will automatically start with a minimal UI display. Windows will attempt to present you with a dialog box when a system restart is required. This is the default recovery behavior for corrupted files.\n\nSilent: Detection, troubleshooting, and recovery of corrupted files will automatically start with no UI. Windows will log an administrator event when a system restart is required. This behavior is recommended for headless operation.\n\nTroubleshooting Only: Detection and troubleshooting of corrupted files will automatically start with no UI. Recovery is not attempted automatically. Windows will log an administrator event with instructions if manual recovery is possible.\n\nIf you enable this setting, the recovery behavior for corrupted files will be set to either the regular (default), silent, or troubleshooting only state.\n\nIf you disable this setting, the recovery behavior for corrupted files will be disabled. No troubleshooting or resolution will be attempted.\n\nIf you do not configure this setting, the recovery behavior for corrupted files will be set to the regular recovery behavior.\n\nNo system or service restarts are required for changes to this policy to take immediate effect after a Group Policy refresh.\n\nNote: This policy setting will take effect only when the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, system file recovery will not be attempted. The DPS can be configured with the Services snap-in to the Microsoft Management Console.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WDI\\{8519d925-541e-4a2b-8b1e-8059d16082f2}" ], "ValueName": "ScenarioExecutionEnabled", "Elements": [ { "Type": "Enum", "ValueName": "EnabledScenarioExecutionLevel", "Items": [ { "DisplayName": "Troubleshooting Only", "Data": "1" }, { "DisplayName": "Regular", "Data": "2" }, { "DisplayName": "Silent", "Data": "3" } ], "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "FileRevocation.admx", "CategoryName": "FileRevocationCategory", "PolicyName": "DelegatedPackageFamilyNames", "Class": "User", "NameSpace": "Microsoft.Policies.FileRevocation", "Supported": "Windows_6_3 - At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1", "DisplayName": "Allow Windows Runtime apps to revoke enterprise data", "ExplainText": "Windows Runtime applications can protect content which has been associated with an enterprise identifier (EID), but can only revoke access to content it protected. To allow an application to revoke access to all content on the device that is protected by a particular enterprise, add an entry to the list on a new line that contains the enterprise identifier, separated by a comma, and the Package Family Name of the application. The EID must be an internet domain belonging to the enterprise in standard international domain name format.\n\nExample value:\nContoso.com,ContosoIT.HumanResourcesApp_m5g0r7arhahqy\n\nIf you enable this policy setting, the application identified by the Package Family Name will be permitted to revoke access to all content protected using the specified EID on the device.\n\nIf you disable or do not configure this policy setting, the only Windows Runtime applications that can revoke access to all enterprise-protected content on the device are Windows Mail and the user-selected mailto protocol handler app. Any other Windows Runtime application will only be able to revoke access to content it protected.\n\nNote: File revocation applies to all content protected under the same second level domain as the provided enterprise identifier. So, revoking an enterprise ID of mail.contoso.com will revoke the user\u2019s access to all content protected under the contoso.com hierarchy.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\FileRevocation" ], "Elements": [ { "Type": "MultiText", "ValueName": "DelegatedTuples" } ] }, { "File": "FileServerVSSProvider.admx", "CategoryName": "Cat_FileShareShadowCopyProvider", "PolicyName": "Pol_EncryptProtocol", "Class": "Machine", "NameSpace": "Microsoft.Policies.FileShareShadowCopy.Provider", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Allow or Disallow use of encryption to protect the RPC protocol messages between File Share Shadow Copy Provider running on application server and File Share Shadow Copy Agent running on the file servers.", "ExplainText": "Determines whether the RPC protocol messagese used by VSS for SMB2 File Shares feature is enabled.\n\nVSS for SMB2 File Shares feature enables VSS aware backup applications to perform application consistent backup and restore of VSS aware applications storing data on SMB2 File Shares.\n\nBy default, the RPC protocol message between File Server VSS provider and File Server VSS Agent is signed but not encrypted.\n\nNote: To make changes to this setting effective, you must restart Volume Shadow Copy (VSS) Service .", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\fssProv" ], "ValueName": "EncryptProtocol", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "FileSys.admx", "CategoryName": "Filesystem", "PolicyName": "SymlinkEvaluation", "Class": "Machine", "NameSpace": "Microsoft.Policies.FileSys", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Selectively allow the evaluation of a symbolic link", "ExplainText": "Symbolic links can introduce vulnerabilities in certain applications. To mitigate this issue, you can selectively enable or disable the evaluation of these types of symbolic links:\n\nLocal Link to a Local Target\nLocal Link to a Remote Target\nRemote Link to Remote Target\nRemote Link to Local Target\n\nFor further information please refer to the Windows Help section\n\nNOTE: If this policy is Disabled or Not Configured, local administrators may select the types of symbolic links to be evaluated.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Filesystems\\NTFS" ], "ValueName": "SymLinkState", "Elements": [ { "Type": "Boolean", "ValueName": "SymlinkLocalToLocalEvaluation", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "SymlinkLocalToRemoteEvaluation", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "SymlinkRemoteToRemoteEvaluation", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "SymlinkRemoteToLocalEvaluation", "TrueValue": "1", "FalseValue": "0" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "FileSys.admx", "CategoryName": "Filesystem", "PolicyName": "LongPathsEnabled", "Class": "Machine", "NameSpace": "Microsoft.Policies.FileSys", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Enable Win32 long paths", "ExplainText": "Enabling Win32 long paths will allow manifested win32 applications and packaged Microsoft Store applications to access paths beyond the normal 260 character limit. Enabling this setting will cause the long paths to be accessible within the process.", "KeyPath": [ "HKLM\\System\\CurrentControlSet\\Control\\FileSystem" ], "ValueName": "LongPathsEnabled", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "FileSys.admx", "CategoryName": "NTFS", "PolicyName": "DisableCompression", "Class": "Machine", "NameSpace": "Microsoft.Policies.FileSys", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Do not allow compression on all NTFS volumes", "ExplainText": "Compression can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of compressed files.\n\nA reboot is required for this setting to take effect", "KeyPath": [ "HKLM\\System\\CurrentControlSet\\Policies" ], "ValueName": "NtfsDisableCompression", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "FileSys.admx", "CategoryName": "NTFS", "PolicyName": "DisableEncryption", "Class": "Machine", "NameSpace": "Microsoft.Policies.FileSys", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Do not allow encryption on all NTFS volumes", "ExplainText": "Encryption can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of encrypted files.\n\nA reboot is required for this setting to take effect", "KeyPath": [ "HKLM\\System\\CurrentControlSet\\Policies" ], "ValueName": "NtfsDisableEncryption", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "FileSys.admx", "CategoryName": "NTFS", "PolicyName": "EnablePagefileEncryption", "Class": "Machine", "NameSpace": "Microsoft.Policies.FileSys", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Enable NTFS pagefile encryption", "ExplainText": "Encrypting the page file prevents malicious users from reading data that has been paged to disk, but also adds processing overhead for filesystem operations. Enabling this setting will cause the page files to be encrypted.", "KeyPath": [ "HKLM\\System\\CurrentControlSet\\Policies" ], "ValueName": "NtfsEncryptPagingFile", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "FileSys.admx", "CategoryName": "NTFS", "PolicyName": "ShortNameCreationSettings", "Class": "Machine", "NameSpace": "Microsoft.Policies.FileSys", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Short name creation options", "ExplainText": "These settings provide control over whether or not short names are generated during file creation. Some applications require short names for compatibility, but short names have a negative performance impact on the system.\n\nIf you enable short names on all volumes then short names will always be generated. If you disable them on all volumes then they will never be generated. If you set short name creation to be configurable on a per volume basis then an on-disk flag will determine whether or not short names are created on a given volume. If you disable short name creation on all data volumes then short names will only be generated for files created on the system volume.", "KeyPath": [ "HKLM\\System\\CurrentControlSet\\Policies" ], "Elements": [ { "Type": "Enum", "ValueName": "NtfsDisable8dot3NameCreation", "Items": [ { "DisplayName": "Enable on all volumes", "Data": "0" }, { "DisplayName": "Disable on all volumes", "Data": "1" }, { "DisplayName": "Enable / disable on a per volume basis", "Data": "2" }, { "DisplayName": "Disable on all data volumes", "Data": "3" } ] } ] }, { "File": "FileSys.admx", "CategoryName": "Filesystem", "PolicyName": "DisableDeleteNotification", "Class": "Machine", "NameSpace": "Microsoft.Policies.FileSys", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Disable delete notifications on all volumes", "ExplainText": "Delete notification is a feature that notifies the underlying storage device of clusters that are freed due to a file delete operation.\n\nA value of 0, the default, will enable delete notifications for all volumes.\nA value of 1 will disable delete notifications for all volumes.", "KeyPath": [ "HKLM\\System\\CurrentControlSet\\Policies" ], "ValueName": "DisableDeleteNotification", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "FileSys.admx", "CategoryName": "NTFS", "PolicyName": "TxfDeprecatedFunctionality", "Class": "Machine", "NameSpace": "Microsoft.Policies.FileSys", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Enable / disable TXF deprecated features", "ExplainText": "TXF deprecated features included savepoints, secondary RM, miniversion and roll forward. Please enable it if you want to use these APIs.", "KeyPath": [ "HKLM\\System\\CurrentControlSet\\Policies" ], "ValueName": "NtfsEnableTxfDeprecatedFunctionality", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "FileSys.admx", "CategoryName": "NTFS", "PolicyName": "NtfsForceNonPagedPoolAllocation", "Class": "Machine", "NameSpace": "Microsoft.Policies.FileSys", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Enable NTFS non-paged pool usage", "ExplainText": "By default NTFS allocates memory from both pageable and non-pageable memory as needed. Enabling this setting tells NTFS to use non-pageable memory for all allocations. NTFS also changes all of its code sections to be non-pageable.\n\nThe benefit of enabling this feature is a reduction in page-faults and stack usage at the cost of additional memory consumption.\n\nA reboot is required for this setting to take effect", "KeyPath": [ "HKLM\\System\\CurrentControlSet\\Policies" ], "ValueName": "NtfsForceNonPagedPoolAllocation", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "FileSys.admx", "CategoryName": "NTFS", "PolicyName": "NtfsParallelFlushThreshold", "Class": "Machine", "NameSpace": "Microsoft.Policies.FileSys", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "NTFS parallel flush threshold", "ExplainText": "When flushing modified file data from memory, NTFS chooses to use one or more threads based on how many files are currently open. This setting gives control over the open file threshold used to trigger parallel flush.", "KeyPath": [ "HKLM\\System\\CurrentControlSet\\Policies" ], "Elements": [ { "Type": "Decimal", "ValueName": "NtfsParallelFlushThreshold", "MinValue": "100", "MaxValue": "1000000" } ] }, { "File": "FileSys.admx", "CategoryName": "NTFS", "PolicyName": "NtfsParallelFlushWorkers", "Class": "Machine", "NameSpace": "Microsoft.Policies.FileSys", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "NTFS parallel flush worker threads", "ExplainText": "When flushing modified file data from memory, NTFS chooses to use one or more threads based on how many files are currently open. This setting gives control over how many threads will be used.\n\nMaking this value larger may decrease the time it takes to flush a volume but the flush may have a larger impact on other concurrent IO operations.\n\nValues with special meaning:\n0: Use the system calculated default\n1: Disable parallel flush\n\nThe default value and limit for this setting varies based on the number of available processors on a given system:\n- Default value calculation is: (([NumProcessors]/2) + 1)\n- Default max value calculation is: ([NumProcessors]*2)", "KeyPath": [ "HKLM\\System\\CurrentControlSet\\Policies" ], "Elements": [ { "Type": "Decimal", "ValueName": "NtfsParallelFlushWorkers", "MinValue": "0", "MaxValue": "1024" } ] }, { "File": "FileSys.admx", "CategoryName": "NTFS", "PolicyName": "NtfsDefaultTier", "Class": "Machine", "NameSpace": "Microsoft.Policies.FileSys", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "NTFS default tier", "ExplainText": "For NTFS tiered volumes this controls the tier that new allocations go to by default.\n\nClient systems default to the Performance tier.\nServer systems default to the Capacity tier.", "KeyPath": [ "HKLM\\System\\CurrentControlSet\\Policies" ], "Elements": [ { "Type": "Enum", "ValueName": "NtfsDefaultTier", "Items": [ { "DisplayName": "Capacity tier", "Data": "1" }, { "DisplayName": "Performance tier", "Data": "2" } ] } ] }, { "File": "FileSys.admx", "CategoryName": "Filesystem", "PolicyName": "ClfsAuthenticationChecking", "Class": "Machine", "NameSpace": "Microsoft.Policies.FileSys", "Supported": "Windows_10_0_RS1 - At least Windows Server 2016, Windows 10 Version 1607", "DisplayName": "Enable / disable CLFS logfile authentication", "ExplainText": "This policy setting configures CLFS logfile authentication, a security feature which aims to harden logfile parsing.\n\nLogfile authentication provides the ability for the CLFS driver to detect malicious modications made to logfiles. If modifications are detected, CLFS will deem the logfile as unsafe for parsing and return an error to the caller. CLFS is able to detect modifications by writing authentication codes to logfiles, which combines file data with a system-unique cryptographic key.\n\nA side effect of logfile authentication is that CLFS will fail to open logfiles that were created on other systems, as these logfiles contain authentication codes created using a system-unique cryptographic key. To open a logfile that was created on another system, an administrator must first use the \"fsutil.exe clfs authenticate\" command to correct the authentication codes.\n\nIf you enable or do not configure this setting, CLFS will refer to local registry settings on whether logfile authentication should be done or not. By default, CLFS will do logfile authentication. The local registry settings for this feature can be found at \"HKLM:\\SYSTEM\\CurrentControlSet\\Services\\CLFS\\Authentication\".\n\nIf you disable his setting, CLFS will no longer perform logfile authentication. Logfiles will be able to be moved and opened across systems without Administrative action. However, CLFS will open and parse all logfiles, including maliciously crafted logfiles that may compromise the system.", "KeyPath": [ "HKLM\\System\\CurrentControlSet\\Policies" ], "ValueName": "ClfsAuthenticationChecking", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "filtermanager.admx", "CategoryName": "Filesystem", "PolicyName": "DevDriveAttachPolicy", "Class": "Machine", "NameSpace": "Microsoft.Policies.FltMgr", "Supported": "Windows_11_0_22H2 - At least Windows 11 Version 22H2", "DisplayName": "Dev drive filter attach policy", "ExplainText": "Dev drive is a drive optimized for performance considering developer scenarios and by default no file system filters are attached to it. Filters listed in this setting will be allowed to attach even on a dev drive.\n\nA reboot is required for this setting to take effect.", "KeyPath": [ "HKLM\\System\\CurrentControlSet\\Policies" ], "Elements": [ { "Type": "MultiText", "ValueName": "FltmgrDevDriveAttachPolicy", "Required": true } ] }, { "File": "FindMy.admx", "CategoryName": "FindMyDeviceCat", "PolicyName": "FindMy_AllowFindMyDeviceConfig", "Class": "Machine", "NameSpace": "Microsoft.Policies.FindMyDevice", "Supported": "Windows_10_0_NOSERVER - At least Windows 10", "DisplayName": "Turn On/Off Find My Device", "ExplainText": "This policy turns on Find My Device.\n\nWhen Find My Device is on, the device and its location are registered in the cloud so that the device can be located when the user initiates a Find command from account.microsoft.com. On devices that are compatible with active digitizers, enabling Find My Device will also allow the user to view the last location of use of their active digitizer on their device; this location is stored locally on the user's device after each use of their active digitizer.\n\nWhen Find My Device is off, the device and its location are not registered and the Find My Device feature will not work.The user will also not be able to view the location of the last use of their active digitizer on their device.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\FindMyDevice" ], "ValueName": "AllowFindMyDevice", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "FolderRedirection.admx", "CategoryName": "Fdeploy_Cat", "PolicyName": "LocalizeXPRelativePaths_1", "Class": "User", "NameSpace": "Microsoft.Policies.FolderRedirection", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Use localized subfolder names when redirecting Start Menu and My Documents", "ExplainText": "This policy setting allows the administrator to define whether Folder Redirection should use localized names for the All Programs, Startup, My Music, My Pictures, and My Videos subfolders when redirecting the parent Start Menu and legacy My Documents folder respectively.\n\nIf you enable this policy setting, Windows Vista, Windows 7, Windows 8, and Windows Server 2012 will use localized folder names for these subfolders when redirecting the Start Menu or legacy My Documents folder.\n\nIf you disable or not configure this policy setting, Windows Vista, Windows 7, Windows 8, and Windows Server 2012 will use the standard English names for these subfolders when redirecting the Start Menu or legacy My Documents folder.\n\nNote: This policy is valid only on Windows Vista, Windows 7, Windows 8, and Windows Server 2012 when it processes a legacy redirection policy already deployed for these folders in your existing localized environment.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\System\\Fdeploy" ], "ValueName": "LocalizeXPRelativePaths", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "FolderRedirection.admx", "CategoryName": "Fdeploy_Cat", "PolicyName": "DisableFRAdminPin", "Class": "User", "NameSpace": "Microsoft.Policies.FolderRedirection", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Do not automatically make all redirected folders available offline", "ExplainText": "This policy setting allows you to control whether all redirected shell folders, such as Contacts, Documents, Desktop, Favorites, Music, Pictures, Videos, Start Menu, and AppData\\Roaming, are available offline by default.\n\nIf you enable this policy setting, users must manually select the files they wish to make available offline.\n\nIf you disable or do not configure this policy setting, redirected shell folders are automatically made available offline. All subfolders within the redirected folders are also made available offline.\n\nNote: This policy setting does not prevent files from being automatically cached if the network share is configured for \"Automatic Caching\", nor does it affect the availability of the \"Always available offline\" menu option in the user interface.\n\nNote: Do not enable this policy setting if users will need access to their redirected files if the network or server holding the redirected files becomes unavailable.\n\nNote: If one or more valid folder GUIDs are specified in the policy setting \"Do not automatically make specific redirected folders available offline\", that setting will override the configured value of \"Do not automatically make all redirected folders available offline\".", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\NetCache" ], "ValueName": "DisableFRAdminPin", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "FolderRedirection.admx", "CategoryName": "Fdeploy_Cat", "PolicyName": "DisableFRAdminPinByFolder", "Class": "User", "NameSpace": "Microsoft.Policies.FolderRedirection", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Do not automatically make specific redirected folders available offline", "ExplainText": "This policy setting allows you to control whether individual redirected shell folders are available offline by default.\n\nFor the folders affected by this setting, users must manually select the files they wish to make available offline.\n\nIf you disable or do not configure this policy setting, all redirected shell folders are automatically made available offline. All subfolders within the redirected folders are also made available offline.\n\nNote: This policy setting does not prevent files from being automatically cached if the network share is configured for \"Automatic Caching\", nor does it affect the availability of the \"Always available offline\" menu option in the user interface.\n\nNote: The configuration of this policy for any folder will override the configured value of \"Do not automatically make all redirected folders available offline\".", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\NetCache\\DisableFRAdminPinByFolder" ], "Elements": [ { "Type": "Boolean", "ValueName": "DisableFRAdminPinByFolder", "TrueValue": "1", "FalseValue": "0", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\NetCache\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}" ] }, { "Type": "Boolean", "ValueName": "DisableFRAdminPinByFolder", "TrueValue": "1", "FalseValue": "0", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\NetCache\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}" ] }, { "Type": "Boolean", "ValueName": "DisableFRAdminPinByFolder", "TrueValue": "1", "FalseValue": "0", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\NetCache\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}" ] }, { "Type": "Boolean", "ValueName": "DisableFRAdminPinByFolder", "TrueValue": "1", "FalseValue": "0", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\NetCache\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}" ] }, { "Type": "Boolean", "ValueName": "DisableFRAdminPinByFolder", "TrueValue": "1", "FalseValue": "0", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\NetCache\\{33E28130-4E1E-4676-835A-98395C3BC3BB}" ] }, { "Type": "Boolean", "ValueName": "DisableFRAdminPinByFolder", "TrueValue": "1", "FalseValue": "0", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\NetCache\\{4BD8D571-6D19-48D3-BE97-422220080E43}" ] }, { "Type": "Boolean", "ValueName": "DisableFRAdminPinByFolder", "TrueValue": "1", "FalseValue": "0", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\NetCache\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}" ] }, { "Type": "Boolean", "ValueName": "DisableFRAdminPinByFolder", "TrueValue": "1", "FalseValue": "0", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\NetCache\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}" ] }, { "Type": "Boolean", "ValueName": "DisableFRAdminPinByFolder", "TrueValue": "1", "FalseValue": "0", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\NetCache\\{56784854-C6CB-462b-8169-88E350ACB882}" ] }, { "Type": "Boolean", "ValueName": "DisableFRAdminPinByFolder", "TrueValue": "1", "FalseValue": "0", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\NetCache\\{374DE290-123F-4565-9164-39C4925E467B}" ] }, { "Type": "Boolean", "ValueName": "DisableFRAdminPinByFolder", "TrueValue": "1", "FalseValue": "0", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\NetCache\\{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}" ] }, { "Type": "Boolean", "ValueName": "DisableFRAdminPinByFolder", "TrueValue": "1", "FalseValue": "0", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\NetCache\\{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}" ] }, { "Type": "Boolean", "ValueName": "DisableFRAdminPinByFolder", "TrueValue": "1", "FalseValue": "0", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\NetCache\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}" ] } ] }, { "File": "FolderRedirection.admx", "CategoryName": "Fdeploy_Cat", "PolicyName": "LocalizeXPRelativePaths_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.FolderRedirection", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Use localized subfolder names when redirecting Start Menu and My Documents", "ExplainText": "This policy setting allows the administrator to define whether Folder Redirection should use localized names for the All Programs, Startup, My Music, My Pictures, and My Videos subfolders when redirecting the parent Start Menu and legacy My Documents folder respectively.\n\nIf you enable this policy setting, Windows Vista, Windows 7, Windows 8, and Windows Server 2012 will use localized folder names for these subfolders when redirecting the Start Menu or legacy My Documents folder.\n\nIf you disable or not configure this policy setting, Windows Vista, Windows 7, Windows 8, and Windows Server 2012 will use the standard English names for these subfolders when redirecting the Start Menu or legacy My Documents folder.\n\nNote: This policy is valid only on Windows Vista, Windows 7, Windows 8, and Windows Server 2012 when it processes a legacy redirection policy already deployed for these folders in your existing localized environment.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System\\Fdeploy" ], "ValueName": "LocalizeXPRelativePaths", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "FolderRedirection.admx", "CategoryName": "Fdeploy_Cat", "PolicyName": "FolderRedirectionEnableCacheRename", "Class": "User", "NameSpace": "Microsoft.Policies.FolderRedirection", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Enable optimized move of contents in Offline Files cache on Folder Redirection server path change", "ExplainText": "This policy setting controls whether the contents of redirected folders is copied from the old location to the new location or simply renamed in the Offline Files cache when a folder is redirected to a new location.\n\nIf you enable this policy setting, when the path to a redirected folder is changed from one network location to another and Folder Redirection is configured to move the content to the new location, instead of copying the content to the new location, the cached content is renamed in the local cache and not copied to the new location. To use this policy setting, you must move or restore the server content to the new network location using a method that preserves the state of the files, including their timestamps, before updating the Folder Redirection location.\n\nIf you disable or do not configure this policy setting, when the path to a redirected folder is changed and Folder Redirection is configured to move the content to the new location, Windows copies the contents of the local cache to the new network location, then deleted the content from the old network location.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\System\\Fdeploy" ], "ValueName": "FolderRedirectionEnableCacheRename", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "FolderRedirection.admx", "CategoryName": "Fdeploy_Cat", "PolicyName": "PrimaryComputer_FR_1", "Class": "User", "NameSpace": "Microsoft.Policies.FolderRedirection", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Redirect folders on primary computers only", "ExplainText": "This policy setting controls whether folders are redirected on a user's primary computers only. This policy setting is useful to improve logon performance and to increase security for user data on computers where the user might not want to download private data, such as on a meeting room computer or on a computer in a remote office.\n\nTo designate a user's primary computers, an administrator must use management software or a script to add primary computer attributes to the user's account in Active Directory Domain Services (AD DS). This policy setting also requires the Windows Server 2012 version of the Active Directory schema to function.\n\nIf you enable this policy setting and the user has redirected folders, such as the Documents and Pictures folders, the folders are redirected on the user's primary computer only.\n\nIf you disable or do not configure this policy setting and the user has redirected folders, the folders are redirected on every computer that the user logs on to.\n\nNote: If you enable this policy setting in Computer Configuration and User Configuration, the Computer Configuration policy setting takes precedence.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\System\\Fdeploy" ], "ValueName": "PrimaryComputerEnabledFR", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "FolderRedirection.admx", "CategoryName": "Fdeploy_Cat", "PolicyName": "PrimaryComputer_FR_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.FolderRedirection", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Redirect folders on primary computers only", "ExplainText": "This policy setting controls whether folders are redirected on a user's primary computers only. This policy setting is useful to improve logon performance and to increase security for user data on computers where the user might not want to download private data, such as on a meeting room computer or on a computer in a remote office.\n\nTo designate a user's primary computers, an administrator must use management software or a script to add primary computer attributes to the user's account in Active Directory Domain Services (AD DS). This policy setting also requires the Windows Server 2012 version of the Active Directory schema to function.\n\nIf you enable this policy setting and the user has redirected folders, such as the Documents and Pictures folders, the folders are redirected on the user's primary computer only.\n\nIf you disable or do not configure this policy setting and the user has redirected folders, the folders are redirected on every computer that the user logs on to.\n\nNote: If you enable this policy setting in Computer Configuration and User Configuration, the Computer Configuration policy setting takes precedence.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System\\Fdeploy" ], "ValueName": "PrimaryComputerEnabledFR", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "FramePanes.admx", "CategoryName": "ExplorerFramePanePolicies", "PolicyName": "NoPreviewPane", "Class": "User", "NameSpace": "Microsoft.Policies.FramePanes", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn on or off details pane", "ExplainText": "This policy setting shows or hides the Details Pane in File Explorer.\n\nIf you enable this policy setting and configure it to hide the pane, the Details Pane in File Explorer is hidden and cannot be turned on by the user.\n\nIf you enable this policy setting and configure it to show the pane, the Details Pane is always visible and cannot be hidden by the user. Note: This has a side effect of not being able to toggle to the Preview Pane since the two cannot be displayed at the same time.\n\nIf you disable, or do not configure this policy setting, the Details Pane is hidden by default and can be displayed by the user. This is the default policy setting.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "Elements": [ { "Type": "Enum", "ValueName": "NoPreviewPane", "Items": [ { "DisplayName": "Always hide", "Data": "1" }, { "DisplayName": "Always show", "Data": "2" } ], "Required": true } ] }, { "File": "FramePanes.admx", "CategoryName": "ExplorerFramePanePolicies", "PolicyName": "NoReadingPane", "Class": "User", "NameSpace": "Microsoft.Policies.FramePanes", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn off Preview Pane", "ExplainText": "Hides the Preview Pane in File Explorer.\n\nIf you enable this policy setting, the Preview Pane in File Explorer is hidden and cannot be turned on by the user.\n\nIf you disable, or do not configure this setting, the Preview Pane is hidden by default and can be displayed by the user.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoReadingPane", "Elements": [] }, { "File": "fthsvc.admx", "CategoryName": "WdiScenarioCategory", "PolicyName": "WdiScenarioExecutionPolicy", "Class": "Machine", "NameSpace": "Microsoft.Policies.FaultTolerantHeap", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Configure Scenario Execution Level", "ExplainText": "This policy setting permits or prohibits the Diagnostic Policy Service (DPS) from automatically resolving any heap corruption problems.\n\nIf you enable this policy setting, the DPS detects, troubleshoots, and attempts to resolve automatically any heap corruption problems.\n\nIf you disable this policy setting, Windows cannot detect, troubleshoot, and attempt to resolve automatically any heap corruption problems that are handled by the DPS.\n\nIf you do not configure this policy setting, the DPS enables Fault Tolerant Heap for resolution by default.\n\nThis policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured.\n\nThis policy setting takes effect only when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios are not executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console.\n\nNo system restart or service restart is required for this policy setting to take effect: changes take effect immediately.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WDI\\{dc42ff48-e40d-4a60-8675-e71f7e64aa9a}" ], "Elements": [ { "Type": "EnabledList", "ValueName": "ScenarioExecutionEnabled", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WDI\\{dc42ff48-e40d-4a60-8675-e71f7e64aa9a}" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "EnabledScenarioExecutionLevel", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WDI\\{dc42ff48-e40d-4a60-8675-e71f7e64aa9a}" ], "Data": "2" }, { "Type": "DisabledList", "ValueName": "ScenarioExecutionEnabled", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WDI\\{dc42ff48-e40d-4a60-8675-e71f7e64aa9a}" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "EnabledScenarioExecutionLevel", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WDI\\{dc42ff48-e40d-4a60-8675-e71f7e64aa9a}" ], "Data": "1" } ] }, { "File": "GameDVR.admx", "CategoryName": "GAMEDVR", "PolicyName": "AllowGameDVR", "Class": "Machine", "NameSpace": "Microsoft.Policies.GameDVR", "Supported": "Windows_10_0_NOSERVER - At least Windows 10", "DisplayName": "Enables or disables Windows Game Recording and Broadcasting", "ExplainText": "Windows Game Recording and Broadcasting.\n\nThis setting enables or disables the Windows Game Recording and Broadcasting features. If you disable this setting, Windows Game Recording will not be allowed.\nIf the setting is enabled or not configured, then Recording and Broadcasting (streaming) will be allowed.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\GameDVR" ], "ValueName": "AllowGameDVR", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Globalization.admx", "CategoryName": "NlsManagementCat", "PolicyName": "CustomLocalesNoSelect_1", "Class": "User", "NameSpace": "Microsoft.Policies.Globalization", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Disallow selection of Custom Locales", "ExplainText": "This policy setting prevents a user from selecting a supplemental custom locale as their user locale. The user is restricted to the set of locales that are installed with the operating system.\n\nThis does not affect the selection of replacement locales. To prevent the selection of replacement locales, adjust the permissions of the %windir%\\Globalization directory to prevent the installation of locales by unauthorized users.\n\nThe policy setting \"Restrict user locales\" can also be enabled to disallow selection of a custom locale, even if this policy setting is not configured.\n\nIf you enable this policy setting, the user cannot select a custom locale as their user locale, but they can still select a replacement locale if one is installed.\n\nIf you disable or do not configure this policy setting, the user can select a custom locale as their user locale.\n\nIf this policy setting is enabled at the machine level, it cannot be disabled by a per-user policy setting. If this policy setting is disabled at the machine level, the per-user policy setting will be ignored. If this policy setting is not configured at the machine level, restrictions will be based on per-user policy settings.\n\nTo set this policy setting on a per-user basis, make sure that you do not configure the per-machine policy setting.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Control Panel\\International" ], "ValueName": "CustomLocalesNoSelect", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Globalization.admx", "CategoryName": "NlsManagementCat", "PolicyName": "CustomLocalesNoSelect_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.Globalization", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Disallow selection of Custom Locales", "ExplainText": "This policy setting prevents a user from selecting a supplemental custom locale as their user locale. The user is restricted to the set of locales that are installed with the operating system.\n\nThis does not affect the selection of replacement locales. To prevent the selection of replacement locales, adjust the permissions of the %windir%\\Globalization directory to prevent the installation of locales by unauthorized users.\n\nThe policy setting \"Restrict user locales\" can also be enabled to disallow selection of a custom locale, even if this policy setting is not configured.\n\nIf you enable this policy setting, the user cannot select a custom locale as their user locale, but they can still select a replacement locale if one is installed.\n\nIf you disable or do not configure this policy setting, the user can select a custom locale as their user locale.\n\nIf this policy setting is enabled at the machine level, it cannot be disabled by a per-user policy setting. If this policy setting is disabled at the machine level, the per-user policy setting will be ignored. If this policy setting is not configured at the machine level, restrictions will be based on per-user policy settings.\n\nTo set this policy setting on a per-user basis, make sure that you do not configure the per-machine policy setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Control Panel\\International" ], "ValueName": "CustomLocalesNoSelect", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Globalization.admx", "CategoryName": "NlsManagementCat", "PolicyName": "LocaleSystemRestrict", "Class": "Machine", "NameSpace": "Microsoft.Policies.Globalization", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Restrict system locales", "ExplainText": "This policy setting restricts the permitted system locales to the specified list. If the list is empty, it locks the system locale to its current value. This policy setting does not change the existing system locale; however, the next time that an administrator attempts to change the computer's system locale, they will be restricted to the specified list.\n\nThe locale list is specified using language names, separated by a semicolon (;). For example, en-US is English (United States). Specifying \"en-US;en-CA\" would restrict the system locale to English (United States) and English (Canada).\n\nIf you enable this policy setting, administrators can select a system locale only from the specified system locale list.\n\nIf you disable or do not configure this policy setting, administrators can select any system locale shipped with the operating system.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Control Panel\\International" ], "ValueName": "RestrictSystemLocales", "Elements": [ { "Type": "Text", "ValueName": "AllowableSystemLocaleTagList", "MaxLength": "200" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Globalization.admx", "CategoryName": "NlsManagementCat", "PolicyName": "BlockUserInputMethodsForSignIn", "Class": "Machine", "NameSpace": "Microsoft.Policies.Globalization", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Disallow copying of user input methods to the system account for sign-in", "ExplainText": "This policy prevents automatic copying of user input methods to the system account for use on the sign-in screen. The user is restricted to the set of input methods that are enabled in the system account.\n\nNote this does not affect the availability of user input methods on the lock screen or with the UAC prompt.\n\nIf the policy is Enabled, then the user will get input methods enabled for the system account on the sign-in page.\n\nIf the policy is Disabled or Not Configured, then the user will be able to use input methods enabled for their user account on the sign-in page.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Control Panel\\International" ], "ValueName": "BlockUserInputMethodsForSignIn", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Globalization.admx", "CategoryName": "NlsManagementCat", "PolicyName": "LocaleUserRestrict_1", "Class": "User", "NameSpace": "Microsoft.Policies.Globalization", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Restrict user locales", "ExplainText": "This policy setting restricts users on a computer to the specified list of user locales. If the list is empty, it locks all user locales to their current values. This policy setting does not change existing user locale settings; however, the next time a user attempts to change their user locale, their choices will be restricted to locales in this list.\n\nTo set this policy setting on a per-user basis, make sure that you do not configure the per-computer policy setting.\n\nThe locale list is specified using language tags, separated by a semicolon (;). For example, en-US is English (United States). Specifying \"en-CA;fr-CA\" would restrict the user locale to English (Canada) and French (Canada).\n\nIf you enable this policy setting, only locales in the specified locale list can be selected by users.\n\nIf you disable or do not configure this policy setting, users can select any locale installed on the computer, unless restricted by the \"Disallow selection of Custom Locales\" policy setting.\n\nIf this policy setting is enabled at the computer level, it cannot be disabled by a per-user policy. If this policy setting is disabled at the computer level, the per-user policy is ignored. If this policy setting is not configured at the computer level, restrictions are based on per-user policies.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Control Panel\\International" ], "ValueName": "RestrictUserLocales", "Elements": [ { "Type": "Text", "ValueName": "AllowableUserLocaleTagList", "MaxLength": "200" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Globalization.admx", "CategoryName": "NlsManagementCat", "PolicyName": "LocaleUserRestrict_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.Globalization", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Restrict user locales", "ExplainText": "This policy setting restricts users on a computer to the specified list of user locales. If the list is empty, it locks all user locales to their current values. This policy setting does not change existing user locale settings; however, the next time a user attempts to change their user locale, their choices will be restricted to locales in this list.\n\nTo set this policy setting on a per-user basis, make sure that you do not configure the per-computer policy setting.\n\nThe locale list is specified using language tags, separated by a semicolon (;). For example, en-US is English (United States). Specifying \"en-CA;fr-CA\" would restrict the user locale to English (Canada) and French (Canada).\n\nIf you enable this policy setting, only locales in the specified locale list can be selected by users.\n\nIf you disable or do not configure this policy setting, users can select any locale installed on the computer, unless restricted by the \"Disallow selection of Custom Locales\" policy setting.\n\nIf this policy setting is enabled at the computer level, it cannot be disabled by a per-user policy. If this policy setting is disabled at the computer level, the per-user policy is ignored. If this policy setting is not configured at the computer level, restrictions are based on per-user policies.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Control Panel\\International" ], "ValueName": "RestrictUserLocales", "Elements": [ { "Type": "Text", "ValueName": "AllowableUserLocaleTagList", "MaxLength": "200" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Globalization.admx", "CategoryName": "NlsManagementCat", "PolicyName": "PreventGeoIdChange_1", "Class": "User", "NameSpace": "Microsoft.Policies.Globalization", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Disallow changing of geographic location", "ExplainText": "This policy setting prevents users from changing their user geographical location (GeoID).\n\nIf you enable this policy setting, users cannot change their GeoID.\n\nIf you disable or do not configure this policy setting, users may select any GeoID.\n\nIf you enable this policy setting at the computer level, it cannot be disabled by a per-user policy setting. If you disable this policy setting at the computer level, the per-user policy is ignored. If you do not configure this policy setting at the computer level, restrictions are based on per-user policy settings.\n\nTo set this policy setting on a per-user basis, make sure that the per-computer policy setting is not configured.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Control Panel\\International" ], "ValueName": "PreventGeoIdChange", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Globalization.admx", "CategoryName": "NlsManagementCat", "PolicyName": "PreventGeoIdChange_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.Globalization", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Disallow changing of geographic location", "ExplainText": "This policy setting prevents users from changing their user geographical location (GeoID).\n\nIf you enable this policy setting, users cannot change their GeoID.\n\nIf you disable or do not configure this policy setting, users may select any GeoID.\n\nIf you enable this policy setting at the computer level, it cannot be disabled by a per-user policy setting. If you disable this policy setting at the computer level, the per-user policy is ignored. If you do not configure this policy setting at the computer level, restrictions are based on per-user policy settings.\n\nTo set this policy setting on a per-user basis, make sure that the per-computer policy setting is not configured.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Control Panel\\International" ], "ValueName": "PreventGeoIdChange", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Globalization.admx", "CategoryName": "NlsManagementCat", "PolicyName": "PreventUserOverrides_1", "Class": "User", "NameSpace": "Microsoft.Policies.Globalization", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Disallow user override of locale settings", "ExplainText": "This policy setting prevents the user from customizing their locale by changing their user overrides.\n\nAny existing overrides in place when this policy is enabled will be frozen. To remove existing user overrides, first reset the user(s) values to the defaults and then apply this policy.\n\nWhen this policy setting is enabled, users can still choose alternate locales installed on the system unless prevented by other policies, however, they will be unable to customize those choices. The user cannot customize their user locale with user overrides.\n\nIf this policy setting is disabled or not configured, then the user can customize their user locale overrides.\n\nIf this policy is set to Enabled at the computer level, then it cannot be disabled by a per-User policy. If this policy is set to Disabled at the computer level, then the per-User policy will be ignored. If this policy is set to Not Configured at the computer level, then restrictions will be based on per-User policies.\n\nTo set this policy on a per-user basis, make sure that the per-computer policy is set to Not Configured.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Control Panel\\International" ], "ValueName": "PreventUserOverrides", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Globalization.admx", "CategoryName": "NlsManagementCat", "PolicyName": "PreventUserOverrides_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.Globalization", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Disallow user override of locale settings", "ExplainText": "This policy setting prevents the user from customizing their locale by changing their user overrides.\n\nAny existing overrides in place when this policy is enabled will be frozen. To remove existing user overrides, first reset the user(s) values to the defaults and then apply this policy.\n\nWhen this policy setting is enabled, users can still choose alternate locales installed on the system unless prevented by other policies, however, they will be unable to customize those choices. The user cannot customize their user locale with user overrides.\n\nIf this policy setting is disabled or not configured, then the user can customize their user locale overrides.\n\nIf this policy is set to Enabled at the computer level, then it cannot be disabled by a per-User policy. If this policy is set to Disabled at the computer level, then the per-User policy will be ignored. If this policy is set to Not Configured at the computer level, then restrictions will be based on per-User policies.\n\nTo set this policy on a per-user basis, make sure that the per-computer policy is set to Not Configured.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Control Panel\\International" ], "ValueName": "PreventUserOverrides", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Globalization.admx", "CategoryName": "RegionalOptions", "PolicyName": "HideAdminOptions", "Class": "User", "NameSpace": "Microsoft.Policies.Globalization", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Hide Regional and Language Options administrative options", "ExplainText": "This policy setting removes the Administrative options from the Region settings control panel. Administrative options include interfaces for setting system locale and copying settings to the default user. This policy setting does not, however, prevent an administrator or another application from changing these values programmatically.\n\nThis policy setting is used only to simplify the Regional Options control panel.\n\nIf you enable this policy setting, the user cannot see the Administrative options.\n\nIf you disable or do not configure this policy setting, the user can see the Administrative options.\n\nNote: Even if a user can see the Administrative options, other policies may prevent them from modifying the values.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Control Panel\\International" ], "ValueName": "HideAdminOptions", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Globalization.admx", "CategoryName": "RegionalOptions", "PolicyName": "HideCurrentLocation", "Class": "User", "NameSpace": "Microsoft.Policies.Globalization", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Hide the geographic location option", "ExplainText": "This policy setting removes the option to change the user's geographical location (GeoID) from the Region settings control panel.\n\nThis policy setting is used only to simplify the Regional Options control panel.\n\nIf you enable this policy setting, the user does not see the option to change the GeoID. This does not prevent the user or an application from changing the GeoID programmatically.\n\nIf you disable or do not configure this policy setting, the user sees the option for changing the user location (GeoID).\n\nNote: Even if a user can see the GeoID option, the \"Disallow changing of geographical location\" option can prevent them from actually changing their current geographical location.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Control Panel\\International" ], "ValueName": "HideCurrentLocation", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Globalization.admx", "CategoryName": "RegionalOptions", "PolicyName": "HideLanguageSelection", "Class": "User", "NameSpace": "Microsoft.Policies.Globalization", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Hide the select language group options", "ExplainText": "This policy setting removes the option to change the user's menus and dialogs (UI) language from the Language and Regional Options control panel.\n\nThis policy setting is used only to simplify the Regional Options control panel.\n\nIf you enable this policy setting, the user does not see the option for changing the UI language. This does not prevent the user or an application from changing the UI language programmatically.\n\nIf you disable or do not configure this policy setting, the user sees the option for changing the UI language.\n\nNote: Even if a user can see the option to change the UI language, other policy settings can prevent them from changing their UI language.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Control Panel\\International" ], "ValueName": "HideLanguageSelection", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Globalization.admx", "CategoryName": "RegionalOptions", "PolicyName": "HideLocaleSelectAndCustomize", "Class": "User", "NameSpace": "Microsoft.Policies.Globalization", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Hide user locale selection and customization options", "ExplainText": "This policy setting removes the regional formats interface from the Region settings control panel.\n\nThis policy setting is used only to simplify the Regional and Language Options control panel.\n\nIf you enable this policy setting, the user does not see the regional formats options. This does not prevent the user or an application from changing their user locale or user overrides programmatically.\n\nIf you disable or do not configure this policy setting, the user sees the regional formats options for changing and customizing the user locale.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Control Panel\\International" ], "ValueName": "HideLocaleSelectAndCustomize", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Globalization.admx", "CategoryName": "RegionalOptions", "PolicyName": "LockMachineUILanguage", "Class": "Machine", "NameSpace": "Microsoft.Policies.Globalization", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Restricts the UI language Windows uses for all logged users", "ExplainText": "This policy setting restricts the Windows UI language for all users.\n\nThis is a policy setting for computers with more than one UI language installed.\n\nIf you enable this policy setting, the UI language of Windows menus and dialogs for systems with more than one language will follow the language specified by the administrator as the system UI languages. The UI language selected by the user will be ignored if it is different than any of the system UI languages.\n\nIf you disable or do not configure this policy setting, the user can specify which UI language is used.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MUI\\Settings" ], "Elements": [ { "Type": "Enum", "ValueName": "PreferredUILanguages", "Items": [ { "DisplayName": "English", "Data": "en-US" }, { "DisplayName": "Japanese", "Data": "ja-JP" }, { "DisplayName": "Korean", "Data": "ko-KR" }, { "DisplayName": "German", "Data": "de-DE" }, { "DisplayName": "Simplified Chinese", "Data": "zh-CN" }, { "DisplayName": "Traditional Chinese (Taiwan)", "Data": "zh-TW" }, { "DisplayName": "French", "Data": "fr-FR" }, { "DisplayName": "Spanish", "Data": "es-ES" }, { "DisplayName": "Italian", "Data": "it-IT" }, { "DisplayName": "Swedish", "Data": "sv-SE" }, { "DisplayName": "Dutch", "Data": "nl-NL" }, { "DisplayName": "Portuguese (Brazil)", "Data": "pt-BR" }, { "DisplayName": "Finnish", "Data": "fi-FI" }, { "DisplayName": "Norwegian", "Data": "nb-NO" }, { "DisplayName": "Danish", "Data": "da-DK" }, { "DisplayName": "Hungarian", "Data": "hu-HU" }, { "DisplayName": "Polish", "Data": "pl-PL" }, { "DisplayName": "Russian", "Data": "ru-RU" }, { "DisplayName": "Czech", "Data": "cs-CZ" }, { "DisplayName": "Greek", "Data": "el-GR" }, { "DisplayName": "Portuguese (Portugal)", "Data": "pt-PT" }, { "DisplayName": "Turkish", "Data": "tr-TR" }, { "DisplayName": "Arabic", "Data": "ar-SA" }, { "DisplayName": "Hebrew", "Data": "he-IL" }, { "DisplayName": "Slovak", "Data": "sk-SK" }, { "DisplayName": "Slovenian", "Data": "sl-SI" }, { "DisplayName": "Romanian", "Data": "ro-RO" }, { "DisplayName": "Croatian", "Data": "hr-HR" }, { "DisplayName": "Bulgarian", "Data": "bg-BG" }, { "DisplayName": "Estonian", "Data": "et-EE" }, { "DisplayName": "Lithuanian", "Data": "lt-LT" }, { "DisplayName": "Latvian", "Data": "lv-LV" }, { "DisplayName": "Thai", "Data": "th-TH" }, { "DisplayName": "Traditional Chinese (Hong Kong SAR)", "Data": "zh-HK" }, { "DisplayName": "Serbian (Latin)", "Data": "sr-Latn-CS" }, { "DisplayName": "Ukrainian", "Data": "uk-UA" } ], "Required": true } ] }, { "File": "Globalization.admx", "CategoryName": "RegionalOptions", "PolicyName": "LockUserUILanguage", "Class": "User", "NameSpace": "Microsoft.Policies.Globalization", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Restricts the UI languages Windows should use for the selected user", "ExplainText": "This policy setting restricts the Windows UI language for specific users.\n\nThis policy setting applies to computers with more than one UI language installed.\n\nIf you enable this policy setting, the UI language of Windows menus and dialogs for systems with more than one language is restricted to a specified language for the selected user. If the specified language is not installed on the target computer or you disable this policy setting, the language selection defaults to the language selected by the user.\n\nIf you disable or do not configure this policy setting, there is no restriction on which language users should use.\n\nTo enable this policy setting in Windows Server 2003, Windows XP, or Windows 2000, to use the \"Restrict selection of Windows menus and dialogs language\" policy setting.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Control Panel\\Desktop" ], "Elements": [ { "Type": "Enum", "ValueName": "PreferredUILanguages", "Items": [ { "DisplayName": "English", "Data": "en-US" }, { "DisplayName": "Japanese", "Data": "ja-JP" }, { "DisplayName": "Korean", "Data": "ko-KR" }, { "DisplayName": "German", "Data": "de-DE" }, { "DisplayName": "Simplified Chinese", "Data": "zh-CN" }, { "DisplayName": "Traditional Chinese (Taiwan)", "Data": "zh-TW" }, { "DisplayName": "French", "Data": "fr-FR" }, { "DisplayName": "Spanish", "Data": "es-ES" }, { "DisplayName": "Italian", "Data": "it-IT" }, { "DisplayName": "Swedish", "Data": "sv-SE" }, { "DisplayName": "Dutch", "Data": "nl-NL" }, { "DisplayName": "Portuguese (Brazil)", "Data": "pt-BR" }, { "DisplayName": "Finnish", "Data": "fi-FI" }, { "DisplayName": "Norwegian", "Data": "nb-NO" }, { "DisplayName": "Danish", "Data": "da-DK" }, { "DisplayName": "Hungarian", "Data": "hu-HU" }, { "DisplayName": "Polish", "Data": "pl-PL" }, { "DisplayName": "Russian", "Data": "ru-RU" }, { "DisplayName": "Czech", "Data": "cs-CZ" }, { "DisplayName": "Greek", "Data": "el-GR" }, { "DisplayName": "Portuguese (Portugal)", "Data": "pt-PT" }, { "DisplayName": "Turkish", "Data": "tr-TR" }, { "DisplayName": "Arabic", "Data": "ar-SA" }, { "DisplayName": "Hebrew", "Data": "he-IL" }, { "DisplayName": "Slovak", "Data": "sk-SK" }, { "DisplayName": "Slovenian", "Data": "sl-SI" }, { "DisplayName": "Romanian", "Data": "ro-RO" }, { "DisplayName": "Croatian", "Data": "hr-HR" }, { "DisplayName": "Bulgarian", "Data": "bg-BG" }, { "DisplayName": "Estonian", "Data": "et-EE" }, { "DisplayName": "Lithuanian", "Data": "lt-LT" }, { "DisplayName": "Latvian", "Data": "lv-LV" }, { "DisplayName": "Thai", "Data": "th-TH" }, { "DisplayName": "Traditional Chinese (Hong Kong SAR)", "Data": "zh-HK" }, { "DisplayName": "Serbian (Latin)", "Data": "sr-Latn-CS" }, { "DisplayName": "Ukrainian", "Data": "uk-UA" } ], "Required": true } ] }, { "File": "Globalization.admx", "CategoryName": "RegionalOptions", "PolicyName": "MachineUILanguageOverwrite", "Class": "Machine", "NameSpace": "Microsoft.Policies.Globalization", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Force selected system UI language to overwrite the user UI language", "ExplainText": "This policy setting controls which UI language is used for computers with more than one UI language installed.\n\nIf you enable this policy setting, the UI language of Windows menus and dialogs for systems with more than one language is restricted to a specified language. If the specified language is not installed on the target computer or you disable this policy setting, the language selection defaults to the language selected by the local administrator.\n\nIf you disable or do not configure this policy setting, there is no restriction of a specific language used for the Windows menus and dialogs.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MUI\\Settings" ], "ValueName": "MachineUILock", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Globalization.admx", "CategoryName": "RegionalOptions", "PolicyName": "RestrictUILangSelect", "Class": "User", "NameSpace": "Microsoft.Policies.Globalization", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Restrict selection of Windows menus and dialogs language", "ExplainText": "This policy setting restricts users to the specified language by disabling the menus and dialog box controls in the Region settings control panel. If the specified language is not installed on the target computer, the language selection defaults to English.\n\nIf you enable this policy setting, the dialog box controls in the Regional and Language Options control panel are not accessible to the logged on user. This prevents users from specifying a language different than the one used.\n\nTo enable this policy setting in Windows Vista, use the \"Restricts the UI languages Windows should use for the selected user\" policy setting.\n\nIf you disable or do not configure this policy setting, the logged-on user can access the dialog box controls in the Regional and Language Options control panel to select any available UI language.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Control Panel\\Desktop" ], "Elements": [ { "Type": "Enum", "ValueName": "MultiUILanguageID", "Items": [ { "DisplayName": "English", "Data": "00000409" }, { "DisplayName": "Japanese", "Data": "00000411" }, { "DisplayName": "Korean", "Data": "00000412" }, { "DisplayName": "German", "Data": "00000407" }, { "DisplayName": "Simplified Chinese", "Data": "00000804" }, { "DisplayName": "Traditional Chinese", "Data": "00000404" }, { "DisplayName": "French", "Data": "0000040c" }, { "DisplayName": "Spanish", "Data": "00000c0a" }, { "DisplayName": "Italian", "Data": "00000410" }, { "DisplayName": "Swedish", "Data": "0000041d" }, { "DisplayName": "Dutch", "Data": "00000413" }, { "DisplayName": "Portuguese (Brazil)", "Data": "00000416" }, { "DisplayName": "Finnish", "Data": "0000040b" }, { "DisplayName": "Norwegian", "Data": "00000414" }, { "DisplayName": "Danish", "Data": "00000406" }, { "DisplayName": "Hungarian", "Data": "0000040e" }, { "DisplayName": "Polish", "Data": "00000415" }, { "DisplayName": "Russian", "Data": "00000419" }, { "DisplayName": "Czech", "Data": "00000405" }, { "DisplayName": "Greek", "Data": "00000408" }, { "DisplayName": "Portuguese (Portugal)", "Data": "00000816" }, { "DisplayName": "Turkish", "Data": "0000041f" }, { "DisplayName": "Arabic", "Data": "00000401" }, { "DisplayName": "Hebrew", "Data": "0000040d" }, { "DisplayName": "Slovak", "Data": "0000041b" }, { "DisplayName": "Slovenian", "Data": "00000424" }, { "DisplayName": "Romanian", "Data": "00000418" }, { "DisplayName": "Croatian", "Data": "0000041a" }, { "DisplayName": "Bulgarian", "Data": "00000402" }, { "DisplayName": "Estonian", "Data": "00000425" }, { "DisplayName": "Lithuanian", "Data": "00000427" }, { "DisplayName": "Latvian", "Data": "00000426" }, { "DisplayName": "Thai", "Data": "0000041e" } ], "Required": true } ] }, { "File": "Globalization.admx", "CategoryName": "RegionalOptions", "PolicyName": "TurnOffOfferTextPredictions", "Class": "User", "NameSpace": "Microsoft.Policies.Globalization", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn off offer text predictions as I type", "ExplainText": "This policy turns off the offer text predictions as I type option. This does not, however, prevent the user or an application from changing the setting programmatically.\n\nThe offer text predictions as I type option controls whether or not text prediction suggestions will be presented to the user on the on-screen keyboard.\n\nIf the policy is Enabled, then the option will be locked to not offer text predictions.\n\nIf the policy is Disabled or Not Configured, then the user will be free to change the setting according to their preference.\n\nNote that the availability and function of this setting is dependent on supported languages being enabled.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Control Panel\\International" ], "ValueName": "TurnOffOfferTextPredictions", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Globalization.admx", "CategoryName": "RegionalOptions", "PolicyName": "TurnOffInsertSpace", "Class": "User", "NameSpace": "Microsoft.Policies.Globalization", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn off insert a space after selecting a text prediction", "ExplainText": "This policy turns off the insert a space after selecting a text prediction option. This does not, however, prevent the user or an application from changing the setting programmatically.\n\nThe insert a space after selecting a text prediction option controls whether or not a space will be inserted after the user selects a text prediction candidate when using the on-screen keyboard.\n\nIf the policy is Enabled, then the option will be locked to not insert a space after selecting a text prediction.\n\nIf the policy is Disabled or Not Configured, then the user will be free to change the setting according to their preference.\n\nNote that the availability and function of this setting is dependent on supported languages being enabled.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Control Panel\\International" ], "ValueName": "TurnOffInsertSpace", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Globalization.admx", "CategoryName": "RegionalOptions", "PolicyName": "TurnOffAutocorrectMisspelledWords", "Class": "User", "NameSpace": "Microsoft.Policies.Globalization", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn off autocorrect misspelled words", "ExplainText": "This policy turns off the autocorrect misspelled words option. This does not, however, prevent the user or an application from changing the setting programmatically.\n\nThe autocorrect misspelled words option controls whether or not errors in typed text will be automatically corrected.\n\nIf the policy is Enabled, then the option will be locked to not autocorrect misspelled words.\n\nIf the policy is Disabled or Not Configured, then the user will be free to change the setting according to their preference.\n\nNote that the availability and function of this setting is dependent on supported languages being enabled.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Control Panel\\International" ], "ValueName": "TurnOffAutocorrectMisspelledWords", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Globalization.admx", "CategoryName": "RegionalOptions", "PolicyName": "TurnOffHighlightMisspelledWords", "Class": "User", "NameSpace": "Microsoft.Policies.Globalization", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn off highlight misspelled words", "ExplainText": "This policy turns off the highlight misspelled words option. This does not, however, prevent the user or an application from changing the setting programmatically.\n\nThe highlight misspelled words option controls whether or next spelling errors in typed text will be highlighted.\n\nIf the policy is Enabled, then the option will be locked to not highlight misspelled words.\n\nIf the policy is Disabled or Not Configured, then the user will be free to change the setting according to their preference.\n\nNote that the availability and function of this setting is dependent on supported languages being enabled.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Control Panel\\International" ], "ValueName": "TurnOffHighlightMisspelledWords", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Globalization.admx", "CategoryName": "RegionalOptions", "PolicyName": "BlockCleanupOfUnusedPreinstalledLangPacks", "Class": "Machine", "NameSpace": "Microsoft.Policies.Globalization", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Block clean-up of unused language packs", "ExplainText": "This policy setting controls whether the LPRemove task will run to clean up language packs installed on a machine but are not used by any users on that machine.\n\nIf you enable this policy setting, language packs that are installed as part of the system image will remain installed even if they are not used by any user on that system.\n\nIf you disable or do not configure this policy setting, language packs that are installed as part of the system image but are not used by any user on that system will be removed as part of a scheduled clean up task.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Control Panel\\International" ], "ValueName": "BlockCleanupOfUnusedPreinstalledLangPacks", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Globalization.admx", "CategoryName": "RegionalOptions", "PolicyName": "AllowInputPersonalization", "Class": "Machine", "NameSpace": "Microsoft.Policies.Globalization", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Allow users to enable online speech recognition services", "ExplainText": "This policy specifies whether users on the device have the option to enable online speech recognition services.\n\nIf this policy is enabled or not configured, control is deferred to users, and users may choose whether to enable speech services via settings.\n\nIf this policy is disabled, speech services will be disabled, and users cannot enable speech services via settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\InputPersonalization" ], "ValueName": "AllowInputPersonalization", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Globalization.admx", "CategoryName": "System", "PolicyName": "Y2K", "Class": "User", "NameSpace": "Microsoft.Policies.Globalization", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Century interpretation for Year 2000", "ExplainText": "This policy setting determines how programs interpret two-digit years.\n\nThis policy setting affects only the programs that use this Windows feature to interpret two-digit years. If a program does not interpret two-digit years correctly, consult the documentation or manufacturer of the program.\n\nIf you enable this policy setting, the system specifies the largest two-digit year interpreted as being preceded by 20. All numbers less than or equal to the specified value are interpreted as being preceded by 20. All numbers greater than the specified value are interpreted as being preceded by 19.\n\nFor example, the default value, 2029, specifies that all two-digit years less than or equal to 29 (00 to 29) are interpreted as being preceded by 20, that is 2000 to 2029. Conversely, all two-digit years greater than 29 (30 to 99) are interpreted as being preceded by 19, that is, 1930 to 1999.\n\nIf you disable or do not configure this policy setting, Windows does not interpret two-digit year formats using this scheme for the program.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Control Panel\\International\\Calendars\\TwoDigitYearMax" ], "Elements": [ { "Type": "Decimal", "ValueName": "1", "MinValue": "2001", "MaxValue": "2099", "StoreAsText": true } ] }, { "File": "Globalization.admx", "CategoryName": "InputPersonalization", "PolicyName": "ImplicitDataCollectionOff_1", "Class": "User", "NameSpace": "Microsoft.Policies.Globalization", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn off automatic learning", "ExplainText": "This policy setting turns off the automatic learning component of handwriting recognition personalization.\n\nAutomatic learning enables the collection and storage of text and ink written by the user in order to help adapt handwriting recognition to the vocabulary and handwriting style of the user.\n\nText that is collected includes all outgoing messages in Windows Mail, and MAPI enabled email clients, as well as URLs from the Internet Explorer browser history. The information that is stored includes word frequency and new words not already known to the handwriting recognition engines (for example, proper names and acronyms). Deleting email content or the browser history does not delete the stored personalization data. Ink entered through Input Panel is collected and stored.\n\nNote: Automatic learning of both text and ink might not be available for all languages, even when handwriting personalization is available. See Tablet PC Help for more information.\n\nIf you enable this policy setting, automatic learning stops and any stored data is deleted. Users cannot configure this setting in Control Panel.\n\nIf you disable this policy setting, automatic learning is turned on. Users cannot configure this policy setting in Control Panel. Collected data is only used for handwriting recognition, if handwriting personalization is turned on.\n\nIf you do not configure this policy, users can choose to enable or disable automatic learning either from the Handwriting tab in the Tablet Settings in Control Panel or from the opt-in dialog.\n\nThis policy setting is related to the \"Turn off handwriting personalization\" policy setting.\n\nNote: The amount of stored ink is limited to 50 MB and the amount of text information to approximately 5 MB. When these limits are reached and new data is collected, old data is deleted to make room for more recent data.\n\nNote: Handwriting personalization works only for Microsoft handwriting recognizers, and not with third-party recognizers.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\InputPersonalization" ], "Elements": [ { "Type": "EnabledList", "ValueName": "RestrictImplicitTextCollection", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\InputPersonalization" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "RestrictImplicitInkCollection", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\InputPersonalization" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "RestrictImplicitTextCollection", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\InputPersonalization" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "RestrictImplicitInkCollection", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\InputPersonalization" ], "Data": "0" } ] }, { "File": "Globalization.admx", "CategoryName": "InputPersonalization", "PolicyName": "ImplicitDataCollectionOff_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.Globalization", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn off automatic learning", "ExplainText": "This policy setting turns off the automatic learning component of handwriting recognition personalization.\n\nAutomatic learning enables the collection and storage of text and ink written by the user in order to help adapt handwriting recognition to the vocabulary and handwriting style of the user.\n\nText that is collected includes all outgoing messages in Windows Mail, and MAPI enabled email clients, as well as URLs from the Internet Explorer browser history. The information that is stored includes word frequency and new words not already known to the handwriting recognition engines (for example, proper names and acronyms). Deleting email content or the browser history does not delete the stored personalization data. Ink entered through Input Panel is collected and stored.\n\nNote: Automatic learning of both text and ink might not be available for all languages, even when handwriting personalization is available. See Tablet PC Help for more information.\n\nIf you enable this policy setting, automatic learning stops and any stored data is deleted. Users cannot configure this setting in Control Panel.\n\nIf you disable this policy setting, automatic learning is turned on. Users cannot configure this policy setting in Control Panel. Collected data is only used for handwriting recognition, if handwriting personalization is turned on.\n\nIf you do not configure this policy, users can choose to enable or disable automatic learning either from the Handwriting tab in the Tablet Settings in Control Panel or from the opt-in dialog.\n\nThis policy setting is related to the \"Turn off handwriting personalization\" policy setting.\n\nNote: The amount of stored ink is limited to 50 MB and the amount of text information to approximately 5 MB. When these limits are reached and new data is collected, old data is deleted to make room for more recent data.\n\nNote: Handwriting personalization works only for Microsoft handwriting recognizers, and not with third-party recognizers.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\InputPersonalization" ], "Elements": [ { "Type": "EnabledList", "ValueName": "RestrictImplicitTextCollection", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\InputPersonalization" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "RestrictImplicitInkCollection", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\InputPersonalization" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "RestrictImplicitTextCollection", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\InputPersonalization" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "RestrictImplicitInkCollection", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\InputPersonalization" ], "Data": "0" } ] }, { "File": "Globalization.admx", "CategoryName": "RegionalOptions", "PolicyName": "RestrictLanguagePacksAndFeaturesInstall_1", "Class": "User", "NameSpace": "Microsoft.Policies.Globalization", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Restrict Language Pack and Language Feature Installation", "ExplainText": "This policy setting restricts\u202fthe user from installing language packs and language features on demand.\u202fThis policy does not restrict switching the\u202fWindows\u202flanguage,\u202fif you want to restrict the\u202fWindows\u202flanguage\u202fuse the following policy: \"Restricts the UI languages Windows should use for the selected user.\"\n\nIf you enable this policy setting, the\u202finstallation of language packs and language features\u202fis\u202fprevented\u202ffor the user.\n\nIf you disable or do not configure this policy setting, there is no\u202flanguage packs or language features\u202finstallation\u202frestriction\u202ffor\u202fthe user.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Control Panel\\International" ], "ValueName": "RestrictLanguagePacksAndFeaturesInstall", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Globalization.admx", "CategoryName": "RegionalOptions", "PolicyName": "RestrictLanguagePacksAndFeaturesInstall_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.Globalization", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Restrict Language Pack and Language Feature Installation", "ExplainText": "This policy setting restricts\u202fall users from installing language packs and language features on demand packages.\u202fThis policy does not restrict switching the\u202fWindows\u202flanguage,\u202fif you want to restrict the\u202fWindows\u202flanguage\u202fuse the following policy: \"Restricts the UI languages Windows uses for all logged users.\"\n\nIf you enable this policy setting, the\u202finstallation of language packs and language features\u202fis\u202fprevented\u202ffor all users.\n\nIf you disable or do not configure this policy setting, there is no\u202flanguage packs or feature\u202finstallation\u202frestriction\u202ffor\u202fany user.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Control Panel\\International" ], "ValueName": "RestrictLanguagePacksAndFeaturesInstall", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "GroupPolicy.admx", "CategoryName": "MitOptions", "PolicyName": "FontMitigation", "Class": "Machine", "NameSpace": "Microsoft.Policies.GroupPolicy", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Untrusted Font Blocking", "ExplainText": "This security feature provides a global setting to prevent programs from loading untrusted fonts. Untrusted fonts are any font installed outside of the %windir%\\Fonts directory. This feature can be configured to be in 3 modes: On, Off, and Audit. By default, it is Off and no fonts are blocked. If you aren't quite ready to deploy this feature into your organization, you can run it in Audit mode to see if blocking untrusted fonts causes any usability or compatibility issues.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\MitigationOptions" ], "ClientExtension": "{2A8FDC61-2347-4C87-92F6-B05EB91A201A}", "Elements": [ { "Type": "Enum", "ValueName": "MitigationOptions_FontBocking", "Items": [ { "DisplayName": "Block untrusted fonts and log events", "Data": "1000000000000" }, { "DisplayName": "Do not block untrusted fonts", "Data": "2000000000000" }, { "DisplayName": "Log events without blocking untrusted fonts", "Data": "3000000000000" } ], "Required": true } ] }, { "File": "GroupPolicy.admx", "CategoryName": "MitOptions", "PolicyName": "ProcessMitigationOptions", "Class": "Both", "NameSpace": "Microsoft.Policies.GroupPolicy", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Process Mitigation Options", "ExplainText": "This security feature provides a means to override individual process MitigationOptions settings. This can be used to enforce a number of security policies specific to applications. The application name is specified as the Value name, including extension. The Value is specified as a bit field with a series of flags in particular positions. Bits can be set to either 0 (setting is forced off), 1 (setting is forced on), or ? (setting retains its existing value prior to GPO evaluation). The recognized bit locations are:\n\nPROCESS_CREATION_MITIGATION_POLICY_DEP_ENABLE (0x00000001)\nEnables data execution prevention (DEP) for the child process\n\nPROCESS_CREATION_MITIGATION_POLICY_DEP_ATL_THUNK_ENABLE (0x00000002)\nEnables DEP-ATL thunk emulation for the child process. DEP-ATL thunk emulation causes the system to intercept NX faults that originate from the Active Template Library (ATL) thunk layer.\n\nPROCESS_CREATION_MITIGATION_POLICY_SEHOP_ENABLE (0x00000004)\nEnables structured exception handler overwrite protection (SEHOP) for the child process. SEHOP blocks exploits that use the structured exception handler (SEH) overwrite technique.\n\nPROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON (0x00000100)\nThe force Address Space Layout Randomization (ASLR) policy forcibly rebases images that are not dynamic base compatible by acting as though an image base collision happened at load time. If relocations are required, images that do not have a base relocation section will not be loaded.\n\nPROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_ON (0x00010000)\nPROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_OFF (0x00020000)\nThe bottom-up randomization policy, which includes stack randomization options, causes a random location to be used as the lowest user address.\n\nFor instance, to enable PROCESS_CREATION_MITIGATION_POLICY_DEP_ENABLE and PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON, disable PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_OFF, and to leave all other options at their default values, specify a value of:\n???????????????0???????1???????1\n\nSetting flags not specified here to any value other than ? results in undefined behavior.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\MitigationOptions", "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\MitigationOptions" ], "ClientExtension": "{4B7C3B0F-E993-4E06-A241-3FBE06943684}", "ValueName": "ProcessMitigationOptions", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\MitigationOptions\\ProcessMitigationOptions", "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\MitigationOptions\\ProcessMitigationOptions" ] } ] }, { "File": "GroupPolicy.admx", "CategoryName": "NetworkFonts", "PolicyName": "EnableFontProviders", "Class": "Machine", "NameSpace": "Microsoft.Policies.GroupPolicy", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Enable Font Providers", "ExplainText": "This policy setting determines whether Windows is allowed to download fonts and font catalog data from an online font provider.\n\nIf you enable this policy setting, Windows periodically queries an online font provider to determine whether a new font catalog is available. Windows may also download font data if needed to format or render text.\n\nIf you disable this policy setting, Windows does not connect to an online font provider and only enumerates locally-installed fonts.\n\nIf you do not configure this policy setting, the default behavior depends on the Windows edition. Changes to this policy take effect on reboot.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "EnableFontProviders", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "GroupPolicy.admx", "CategoryName": "PolicyPolicies", "PolicyName": "EnableCDP", "Class": "Machine", "NameSpace": "Microsoft.Policies.GroupPolicy", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Continue experiences on this device", "ExplainText": "This policy setting determines whether the Windows device is allowed to participate in cross-device experiences (continue experiences).\n\nIf you enable this policy setting, the Windows device is discoverable by other Windows devices that belong to the same user, and can participate in cross-device experiences.\n\nIf you disable this policy setting, the Windows device is not discoverable by other devices, and cannot participate in cross-device experiences.\n\nIf you do not configure this policy setting, the default behavior depends on the Windows edition. Changes to this policy take effect on reboot.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "EnableCdp", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "GroupPolicy.admx", "CategoryName": "PolicyPolicies", "PolicyName": "EnableMMX", "Class": "Machine", "NameSpace": "Microsoft.Policies.GroupPolicy", "Supported": "Windows_10_0_RS4 - At least Windows Server 2016, Windows 10 Version 1803", "DisplayName": "Phone-PC linking on this device", "ExplainText": "This policy allows IT admins to turn off the ability to Link a Phone with a PC to continue reading, emailing and other tasks that requires linking between Phone and PC.\n\nIf you enable this policy setting, the Windows device will be able to enroll in Phone-PC linking functionality and participate in Continue on PC experiences.\n\nIf you disable this policy setting, the Windows device is not allowed to be linked to Phones, will remove itself from the device list of any linked Phones, and cannot participate in Continue on PC experiences.\n\nIf you do not configure this policy setting, the default behavior depends on the Windows edition. Changes to this policy take effect on reboot.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "EnableMmx", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "GroupPolicy.admx", "CategoryName": "PolicyPolicies", "PolicyName": "EnableAppUriHandlers", "Class": "Machine", "NameSpace": "Microsoft.Policies.GroupPolicy", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Configure web-to-app linking with app URI handlers", "ExplainText": "This policy setting determines whether Windows supports web-to-app linking with app URI handlers.\n\nEnabling this policy setting enables web-to-app linking so that apps can be launched with a http(s) URI.\n\nDisabling this policy disables web-to-app linking and http(s) URIs will be opened in the default browser instead of launching the associated app.\n\nIf you do not configure this policy setting, the default behavior depends on the Windows edition. Changes to this policy take effect on reboot.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "EnableAppUriHandlers", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "GroupPolicy.admx", "CategoryName": "PolicyPolicies", "PolicyName": "EnableLogonOptimization", "Class": "Machine", "NameSpace": "Microsoft.Policies.GroupPolicy", "Supported": "Windows_6_3 - At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1", "DisplayName": "Configure Group Policy Caching", "ExplainText": "This policy setting allows you to configure Group Policy caching behavior.\n\nIf you enable or do not configure this policy setting, Group Policy caches policy information after every background processing session. This cache saves applicable GPOs and the settings contained within them. When Group Policy runs in synchronous foreground mode, it refers to this cache, which enables it to run faster. When the cache is read, Group Policy attempts to contact a logon domain controller to determine the link speed. When Group Policy runs in background mode or asynchronous foreground mode, it continues to download the latest version of the policy information, and it uses a bandwidth estimate to determine slow link thresholds. (See the \"Configure Group Policy Slow Link Detection\" policy setting to configure asynchronous foreground behavior.)\n\nThe slow link value that is defined in this policy setting determines how long Group Policy will wait for a response from the domain controller before reporting the link speed as slow. The default is 500 milliseconds.\n\nThe timeout value that is defined in this policy setting determines how long Group Policy will wait for a response from the domain controller before determining that there is no network connectivity. This stops the current Group Policy processing. Group Policy will run in the background the next time a connection to a domain controller is established. Setting this value too high might result in longer waits for the user at boot or logon. The default is 5000 milliseconds.\n\nIf you disable this policy setting, the Group Policy client will not cache applicable GPOs or settings that are contained within the GPOs. When Group Policy runs synchronously, it downloads the latest version of the policy from the network and uses bandwidth estimates to determine slow link thresholds. (See the \"Configure Group Policy Slow Link Detection\" policy setting to configure asynchronous foreground behavior.)", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "EnableLogonOptimization", "Elements": [ { "Type": "Decimal", "ValueName": "SyncModeSlowLinkThreshold", "MinValue": "0", "MaxValue": "300000" }, { "Type": "Decimal", "ValueName": "SyncModeNoDCThreshold", "MinValue": "0", "MaxValue": "600000" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "GroupPolicy.admx", "CategoryName": "PolicyPolicies", "PolicyName": "EnableLogonOptimizationOnServerSKU", "Class": "Machine", "NameSpace": "Microsoft.Policies.GroupPolicy", "Supported": "Windows_6_3 - At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1", "DisplayName": "Enable Group Policy Caching for Servers", "ExplainText": "This policy setting allows you to configure Group Policy caching behavior on Windows Server machines.\nIf you enable this policy setting, Group Policy caches policy information after every background processing session. This cache saves applicable GPOs and the settings contained within them. When Group Policy runs in synchronous foreground mode, it refers to this cache, which enables it to run faster. When the cache is read, Group Policy attempts to contact a logon domain controller to determine the link speed. When Group Policy runs in background mode or asynchronous foreground mode, it continues to download the latest version of the policy information, and it uses a bandwidth estimate to determine slow link thresholds. (See the \"Configure Group Policy Slow Link Detection\" policy setting to configure asynchronous foreground behavior.)\nThe slow link value that is defined in this policy setting determines how long Group Policy will wait for a response from the domain controller before reporting the link speed as slow. The default is 500 milliseconds.\nThe timeout value that is defined in this policy setting determines how long Group Policy will wait for a response from the domain controller before determining that there is no network connectivity. This stops the current Group Policy processing. Group Policy will run in the background the next time a connection to a domain controller is established. Setting this value too high might result in longer waits for the user at boot or logon. The default is 5000 milliseconds.\nIf you disable or do not configure this policy setting, the Group Policy client will not cache applicable GPOs or settings that are contained within the GPOs. When Group Policy runs synchronously, it downloads the latest version of the policy from the network and uses bandwidth estimates to determine slow link thresholds. (See the \"Configure Group Policy Slow Link Detection\" policy setting to configure asynchronous foreground behavior.)", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "EnableLogonOptimizationOnServerSKU", "Elements": [ { "Type": "Decimal", "ValueName": "SyncModeSlowLinkThresholdOnServerSKU", "MinValue": "0", "MaxValue": "300000" }, { "Type": "Decimal", "ValueName": "SyncModeNoDCThresholdOnServerSKU", "MinValue": "0", "MaxValue": "600000" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "GroupPolicy.admx", "CategoryName": "PolicyPolicies", "PolicyName": "LogonScriptDelay", "Class": "Machine", "NameSpace": "Microsoft.Policies.GroupPolicy", "Supported": "Windows_6_3 - At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1", "DisplayName": "Configure Logon Script Delay", "ExplainText": "Enter \"0\" to disable Logon Script Delay.\n\nThis policy setting allows you to configure how long the Group Policy client waits after logon before running scripts.\n\nBy default, the Group Policy client waits five minutes before running logon scripts. This helps create a responsive desktop environment by preventing disk contention.\n\nIf you enable this policy setting, Group Policy will wait for the specified amount of time before running logon scripts.\n\nIf you disable this policy setting, Group Policy will run scripts immediately after logon.\n\nIf you do not configure this policy setting, Group Policy will wait five minutes before running logon scripts.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "EnableLogonScriptDelay", "Elements": [ { "Type": "Decimal", "ValueName": "AsyncScriptDelay", "MinValue": "0", "MaxValue": "1000" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "GroupPolicy.admx", "CategoryName": "PolicyPolicies", "PolicyName": "ResetDfsClientInfoDuringRefreshPolicy", "Class": "Machine", "NameSpace": "Microsoft.Policies.GroupPolicy", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Enable AD/DFS domain controller synchronization during policy refresh", "ExplainText": "Enabling this setting will cause the Group Policy Client to connect to the same domain controller for DFS shares as is being used for Active Directory.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "ResetDfsClientInfoDuringRefreshPolicy", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "GroupPolicy.admx", "CategoryName": "PolicyPolicies", "PolicyName": "DisableAOACProcessing", "Class": "Machine", "NameSpace": "Microsoft.Policies.GroupPolicy", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Turn off Group Policy Client Service AOAC optimization", "ExplainText": "This policy setting prevents the Group Policy Client Service from stopping when idle.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "DisableAOACProcessing", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "GroupPolicy.admx", "CategoryName": "PolicyPolicies", "PolicyName": "SlowLinkDefaultForDirectAccess", "Class": "Machine", "NameSpace": "Microsoft.Policies.GroupPolicy", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Configure Direct Access connections as a fast network connection", "ExplainText": "This policy setting allows an administrator to define the Direct Access connection to be considered a fast network connection for the purposes of applying and updating Group Policy.\n\nWhen Group Policy detects the bandwidth speed of a Direct Access connection, the detection can sometimes fail to provide any bandwidth speed information. If Group Policy detects a bandwidth speed, Group Policy will follow the normal rules for evaluating if the Direct Access connection is a fast or slow network connection. If no bandwidth speed is detected, Group Policy will default to a slow network connection. This policy setting allows the administrator the option to override the default to slow network connection and instead default to using a fast network connection in the case that no network bandwidth speed is determined.\n\nNote: When Group Policy detects a slow network connection, Group Policy will only process those client side extensions configured for processing across a slow link (slow network connection).\n\nIf you enable this policy, when Group Policy cannot determine the bandwidth speed across Direct Access, Group Policy will evaluate the network connection as a fast link and process all client side extensions.\n\nIf you disable this setting or do not configure it, Group Policy will evaluate the network connection as a slow link and process only those client side extensions configured to process over a slow link.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "SlowLinkDefaultForDirectAccess", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "GroupPolicy.admx", "CategoryName": "PolicyPolicies", "PolicyName": "SlowlinkDefaultToAsync", "Class": "Machine", "NameSpace": "Microsoft.Policies.GroupPolicy", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Change Group Policy processing to run asynchronously when a slow network connection is detected.", "ExplainText": "This policy directs Group Policy processing to skip processing any client side extension that requires synchronous processing (that is, whether computers wait for the network to be fully initialized during computer startup and user logon) when a slow network connection is detected.\n\nIf you enable this policy setting, when a slow network connection is detected, Group Policy processing will always run in an asynchronous manner.\nClient computers will not wait for the network to be fully initialized at startup and logon. Existing users will be logged on using cached credentials,\nwhich will result in shorter logon times. Group Policy will be applied in the background after the network becomes available.\nNote that because this is a background refresh, extensions requiring synchronous processing such as Software Installation, Folder Redirection\nand Drive Maps preference extension will not be applied.\n\nNote: There are two conditions that will cause Group Policy to be processed synchronously even if this policy setting is enabled:\n1 - At the first computer startup after the client computer has joined the domain.\n2 - If the policy setting \"Always wait for the network at computer startup and logon\" is enabled.\n\nIf you disable or do not configure this policy setting, detecting a slow network connection will not affect whether Group Policy processing will be synchronous or asynchronous.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "SlowlinkDefaultToAsync", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "GroupPolicy.admx", "CategoryName": "PolicyPolicies", "PolicyName": "DisableLGPOProcessing", "Class": "Machine", "NameSpace": "Microsoft.Policies.GroupPolicy", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn off Local Group Policy Objects processing", "ExplainText": "This policy setting prevents Local Group Policy Objects (Local GPOs) from being applied.\n\nBy default, the policy settings in Local GPOs are applied before any domain-based GPO policy settings. These policy settings can apply to both users and the local computer. You can disable the processing and application of all Local GPOs to ensure that only domain-based GPOs are applied.\n\nIf you enable this policy setting, the system does not process and apply any Local GPOs.\n\nIf you disable or do not configure this policy setting, Local GPOs continue to be applied.\n\nNote: For computers joined to a domain, it is strongly recommended that you only configure this policy setting in domain-based GPOs. This policy setting will be ignored on computers that are joined to a workgroup.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "DisableLGPOProcessing", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "GroupPolicy.admx", "CategoryName": "PolicyPolicies", "PolicyName": "SyncWaitTime", "Class": "Machine", "NameSpace": "Microsoft.Policies.GroupPolicy", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Specify startup policy processing wait time", "ExplainText": "This policy setting specifies how long Group Policy should wait for network availability notifications during startup policy processing. If the startup policy processing is synchronous, the computer is blocked until the network is available or the default wait time is reached. If the startup policy processing is asynchronous, the computer is not blocked and policy processing will occur in the background. In either case, configuring this policy setting overrides any system-computed wait times.\n\nIf you enable this policy setting, Group Policy will use this administratively configured maximum wait time and override any default or system-computed wait time.\n\nIf you disable or do not configure this policy setting, Group Policy will use the default wait time of 30 seconds on computers running Windows Vista operating system.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "Elements": [ { "Type": "Decimal", "ValueName": "GpNetworkStartTimeoutPolicyValue", "MinValue": "1", "MaxValue": "600" } ] }, { "File": "GroupPolicy.admx", "CategoryName": "PolicyPolicies", "PolicyName": "AllowX-ForestPolicy-and-RUP", "Class": "Machine", "NameSpace": "Microsoft.Policies.GroupPolicy", "Supported": "WindowsNET - At least Windows Server 2003", "DisplayName": "Allow cross-forest user policy and roaming user profiles", "ExplainText": "This policy setting allows user-based policy processing, roaming user profiles, and user object logon scripts for interactive logons across forests.\n\nThis policy setting affects all user accounts that interactively log on to a computer in a different forest when a trust across forests or a two-way forest trust exists.\n\nIf you do not configure this policy setting:\n- No user-based policy settings are applied from the user's forest.\n- Users do not receive their roaming profiles; they receive a local profile on the computer from the local forest. A warning message appears to the user, and an event log message (1529) is posted.\n- Loopback Group Policy processing is applied, using the Group Policy Objects (GPOs) that are scoped to the computer.\n- An event log message (1109) is posted, stating that loopback was invoked in Replace mode.\n\nIf you enable this policy setting, the behavior is exactly the same as in Windows 2000: user policy is applied, and a roaming user profile is allowed from the trusted forest.\n\nIf you disable this policy setting, the behavior is the same as if it is not configured.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "AllowX-ForestPolicy-and-RUP", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "GroupPolicy.admx", "CategoryName": "PolicyPolicies", "PolicyName": "CSE_AppMgmt", "Class": "Machine", "NameSpace": "Microsoft.Policies.GroupPolicy", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Configure software Installation policy processing", "ExplainText": "This policy setting determines when software installation policies are updated.\n\nThis policy setting affects all policy settings that use the software installation component of Group Policy, such as policy settings in Software Settings\\Software Installation. You can set software installation policy only for Group Policy Objects stored in Active Directory, not for Group Policy Objects on the local computer.\n\nThis policy setting overrides customized settings that the program implementing the software installation policy set when it was installed.\n\nIf you enable this policy setting, you can use the check boxes provided to change the options. If you disable or do not configure this policy setting, it has no effect on the system.\n\nThe \"Allow processing across a slow network connection\" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays.\n\nThe \"Process even if the Group Policy objects have not changed\" option updates and reapplies the policies even if the policies have not changed. Many policy setting implementations specify that they are updated only when changed. However, you might want to update unchanged policy settings, such as reapplying a desired policies in case a user has changed it.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Group Policy\\{c6dc5466-785a-11d2-84d0-00c04fb169f7}" ], "Elements": [ { "Type": "Boolean", "ValueName": "NoSlowLink", "TrueValue": "0", "FalseValue": "1" }, { "Type": "Boolean", "ValueName": "NoGPOListChanges", "TrueValue": "0", "FalseValue": "1" } ] }, { "File": "GroupPolicy.admx", "CategoryName": "PolicyPolicies", "PolicyName": "CSE_DiskQuota", "Class": "Machine", "NameSpace": "Microsoft.Policies.GroupPolicy", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Configure disk quota policy processing", "ExplainText": "This policy setting determines when disk quota policies are updated.\n\nThis policy setting affects all policies that use the disk quota component of Group Policy, such as those in Computer Configuration\\Administrative Templates\\System\\Disk Quotas.\n\nThis policy setting overrides customized settings that the program implementing the disk quota policy set when it was installed.\n\nIf you enable this policy setting, you can use the check boxes provided to change the options. If you disable or do not configure this policy setting, it has no effect on the system.\n\nThe \"Allow processing across a slow network connection\" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays.\n\nThe \"Do not apply during periodic background processing\" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes will not take effect until the next user logon or system restart.\n\nThe \"Process even if the Group Policy objects have not changed\" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Group Policy\\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}" ], "Elements": [ { "Type": "Boolean", "ValueName": "NoSlowLink", "TrueValue": "0", "FalseValue": "1" }, { "Type": "Boolean", "ValueName": "NoBackgroundPolicy", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "NoGPOListChanges", "TrueValue": "0", "FalseValue": "1" } ] }, { "File": "GroupPolicy.admx", "CategoryName": "PolicyPolicies", "PolicyName": "CSE_EFSRecovery", "Class": "Machine", "NameSpace": "Microsoft.Policies.GroupPolicy", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Configure EFS recovery policy processing", "ExplainText": "This policy setting determines when encryption policies are updated.\n\nThis policy setting affects all policies that use the encryption component of Group Policy, such as policies related to encryption in Windows Settings\\Security Settings.\n\nIt overrides customized settings that the program implementing the encryption policy set when it was installed.\n\nIf you enable this policy setting, you can use the check boxes provided to change the options. If you disable or do not configure this policy setting, it has no effect on the system.\n\nThe \"Allow processing across a slow network connection\" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays.\n\nThe \"Do not apply during periodic background processing\" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes will not take effect until the next user logon or system restart.\n\nThe \"Process even if the Group Policy objects have not changed\" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Group Policy\\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}" ], "Elements": [ { "Type": "Boolean", "ValueName": "NoSlowLink", "TrueValue": "0", "FalseValue": "1" }, { "Type": "Boolean", "ValueName": "NoBackgroundPolicy", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "NoGPOListChanges", "TrueValue": "0", "FalseValue": "1" } ] }, { "File": "GroupPolicy.admx", "CategoryName": "PolicyPolicies", "PolicyName": "CSE_FolderRedirection", "Class": "Machine", "NameSpace": "Microsoft.Policies.GroupPolicy", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Configure folder redirection policy processing", "ExplainText": "This policy setting determines when folder redirection policies are updated.\n\nThis policy setting affects all policies that use the folder redirection component of Group Policy, such as those in WindowsSettings\\Folder Redirection. You can only set folder redirection policy for Group Policy objects, stored in Active Directory, not for Group Policy objects on the local computer.\n\nThis policy setting overrides customized settings that the program implementing the folder redirection policy setting set when it was installed.\n\nIf you enable this policy setting, you can use the check boxes provided to change the options. If you disable or do not configure this policy setting, it has no effect on the system.\n\nThe \"Allow processing across a slow network connection\" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays.\n\nThe \"Process even if the Group Policy objects have not changed\" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Group Policy\\{25537BA6-77A8-11D2-9B6C-0000F8080861}" ], "Elements": [ { "Type": "Boolean", "ValueName": "NoSlowLink", "TrueValue": "0", "FalseValue": "1" }, { "Type": "Boolean", "ValueName": "NoGPOListChanges", "TrueValue": "0", "FalseValue": "1" } ] }, { "File": "GroupPolicy.admx", "CategoryName": "PolicyPolicies", "PolicyName": "CSE_IEM", "Class": "Machine", "NameSpace": "Microsoft.Policies.GroupPolicy", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Configure Internet Explorer Maintenance policy processing", "ExplainText": "This policy setting determines when Internet Explorer Maintenance policies are updated.\n\nThis policy setting affects all policies that use the Internet Explorer Maintenance component of Group Policy, such as those in Windows Settings\\Internet Explorer Maintenance.\n\nThis policy setting overrides customized settings that the program implementing the Internet Explorer Maintenance policy set when it was installed.\n\nIf you enable this policy setting, you can use the check boxes provided to change the options. If you disable or do not configure this policy setting, it has no effect on the system.\n\nThe \"Allow processing across a slow network connection\" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays.\n\nThe \"Do not apply during periodic background processing\" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes will not take effect until the next user logon or system restart.\n\nThe \"Process even if the Group Policy objects have not changed\" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired policy setting in case a user has changed it.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Group Policy\\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}" ], "Elements": [ { "Type": "Boolean", "ValueName": "NoSlowLink", "TrueValue": "0", "FalseValue": "1" }, { "Type": "Boolean", "ValueName": "NoBackgroundPolicy", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "NoGPOListChanges", "TrueValue": "0", "FalseValue": "1" } ] }, { "File": "GroupPolicy.admx", "CategoryName": "PolicyPolicies", "PolicyName": "CSE_IPSecurity", "Class": "Machine", "NameSpace": "Microsoft.Policies.GroupPolicy", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Configure IP security policy processing", "ExplainText": "This policy setting determines when IP security policies are updated.\n\nThis policy setting affects all policies that use the IP security component of Group Policy, such as policies in Computer Configuration\\Windows Settings\\Security Settings\\IP Security Policies on Local Machine.\n\nThis policy setting overrides customized settings that the program implementing the IP security policy set when it was installed.\n\nIf you enable this policy setting, you can use the check boxes provided to change the options. If you disable or do not configure this policy setting, it has no effect on the system.\n\nThe \"Allow processing across a slow network connection\" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays.\n\nThe \"Do not apply during periodic background processing\" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes will not take effect until the next user logon or system restart.\n\nThe \"Process even if the Group Policy objects have not changed\" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired policy setting in case a user has changed it.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Group Policy\\{e437bc1c-aa7d-11d2-a382-00c04f991e27}" ], "Elements": [ { "Type": "Boolean", "ValueName": "NoSlowLink", "TrueValue": "0", "FalseValue": "1" }, { "Type": "Boolean", "ValueName": "NoBackgroundPolicy", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "NoGPOListChanges", "TrueValue": "0", "FalseValue": "1" } ] }, { "File": "GroupPolicy.admx", "CategoryName": "PolicyPolicies", "PolicyName": "CSE_Registry", "Class": "Machine", "NameSpace": "Microsoft.Policies.GroupPolicy", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Configure registry policy processing", "ExplainText": "This policy setting determines when registry policies are updated.\n\nThis policy setting affects all policies in the Administrative Templates folder and any other policies that store values in the registry. It overrides customized settings that the program implementing a registry policy set when it was installed.\n\nIf you enable this policy setting, you can use the check boxes provided to change the options. If you disable or do not configure this policy setting, it has no effect on the system.\n\nThe \"Do not apply during periodic background processing\" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes will not take effect until the next user logon or system restart.\n\nThe \"Process even if the Group Policy objects have not changed\" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired policy setting in case a user has changed it.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Group Policy\\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}" ], "Elements": [ { "Type": "Boolean", "ValueName": "NoBackgroundPolicy", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "NoGPOListChanges", "TrueValue": "0", "FalseValue": "1" } ] }, { "File": "GroupPolicy.admx", "CategoryName": "PolicyPolicies", "PolicyName": "CSE_Scripts", "Class": "Machine", "NameSpace": "Microsoft.Policies.GroupPolicy", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Configure scripts policy processing", "ExplainText": "This policy setting determines when policies that assign shared scripts are updated.\n\nThis policy setting affects all policies that use the scripts component of Group Policy, such as those in WindowsSettings\\Scripts. It overrides customized settings that the program implementing the scripts policy set when it was installed.\n\nIf you enable this policy setting, you can use the check boxes provided to change the options. If you disable or do not configure this setting, it has no effect on the system.\n\nThe \"Allow processing across a slow network connection\" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays.\n\nThe \"Do not apply during periodic background processing\" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes will not take effect until the next user logon or system restart.\n\nThe \"Process even if the Group Policy objects have not changed\" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired policy setting in case a user has changed it.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Group Policy\\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}" ], "Elements": [ { "Type": "Boolean", "ValueName": "NoSlowLink", "TrueValue": "0", "FalseValue": "1" }, { "Type": "Boolean", "ValueName": "NoBackgroundPolicy", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "NoGPOListChanges", "TrueValue": "0", "FalseValue": "1" } ] }, { "File": "GroupPolicy.admx", "CategoryName": "PolicyPolicies", "PolicyName": "CSE_Security", "Class": "Machine", "NameSpace": "Microsoft.Policies.GroupPolicy", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Configure security policy processing", "ExplainText": "This policy setting determines when security policies are updated.\n\nThis policy setting affects all policies that use the security component of Group Policy, such as those in Windows Settings\\Security Settings.\n\nThis policy setting overrides customized settings that the program implementing the security policy set when it was installed.\n\nIf you enable this policy setting, you can use the check boxes provided to change the options. If you disable or do not configure this policy setting, it has no effect on the system.\n\nThe \"Do not apply during periodic background processing\" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes will not take effect until the next user logon or system restart.\n\nThe \"Process even if the Group Policy objects have not changed\" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they be updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired policy setting in case a user has changed it.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Group Policy\\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}" ], "Elements": [ { "Type": "Boolean", "ValueName": "NoBackgroundPolicy", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "NoGPOListChanges", "TrueValue": "0", "FalseValue": "1" } ] }, { "File": "GroupPolicy.admx", "CategoryName": "PolicyPolicies", "PolicyName": "CSE_Wireless", "Class": "Machine", "NameSpace": "Microsoft.Policies.GroupPolicy", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Configure wireless policy processing", "ExplainText": "This policy setting determines when policies that assign wireless network settings are updated.\n\nThis policy setting affects all policies that use the wireless network component of Group Policy, such as those in WindowsSettings\\Wireless Network Policies.\n\nIt overrides customized settings that the program implementing the wireless network set when it was installed.\n\nIf you enable this policy, you can use the check boxes provided to change the options.\n\nIf you disable this setting or do not configure it, it has no effect on the system.\n\nThe \"Allow processing across a slow network connection\" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays.\n\nThe \"Do not apply during periodic background processing\" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes will not take effect until the next user logon or system restart.\n\nThe \"Process even if the Group Policy objects have not changed\" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Group Policy\\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}" ], "Elements": [ { "Type": "Boolean", "ValueName": "NoSlowLink", "TrueValue": "0", "FalseValue": "1" }, { "Type": "Boolean", "ValueName": "NoBackgroundPolicy", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "NoGPOListChanges", "TrueValue": "0", "FalseValue": "1" } ] }, { "File": "GroupPolicy.admx", "CategoryName": "PolicyPolicies", "PolicyName": "CSE_Wired", "Class": "Machine", "NameSpace": "Microsoft.Policies.GroupPolicy", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Configure wired policy processing", "ExplainText": "This policy setting determines when policies that assign wired network settings are updated.\n\nThis policy setting affects all policies that use the wired network component of Group Policy, such as those in Windows Settings\\Wired Network Policies.\n\nIt overrides customized settings that the program implementing the wired network set when it was installed.\n\nIf you enable this policy, you can use the check boxes provided to change the options.\n\nIf you disable this setting or do not configure it, it has no effect on the system.\n\nThe \"Allow processing across a slow network connection\" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays.\n\nThe \"Do not apply during periodic background processing\" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes will not take effect until the next user logon or system restart.\n\nThe \"Process even if the Group Policy objects have not changed\" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Group Policy\\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}" ], "Elements": [ { "Type": "Boolean", "ValueName": "NoSlowLink", "TrueValue": "0", "FalseValue": "1" }, { "Type": "Boolean", "ValueName": "NoBackgroundPolicy", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "NoGPOListChanges", "TrueValue": "0", "FalseValue": "1" } ] }, { "File": "GroupPolicy.admx", "CategoryName": "PolicyPolicies", "PolicyName": "DenyRsopToInteractiveUser_1", "Class": "User", "NameSpace": "Microsoft.Policies.GroupPolicy", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Determine if interactive users can generate Resultant Set of Policy data", "ExplainText": "This policy setting controls the ability of users to view their Resultant Set of Policy (RSoP) data.\n\nBy default, interactively logged on users can view their own Resultant Set of Policy (RSoP) data.\n\nIf you enable this policy setting, interactive users cannot generate RSoP data.\n\nIf you disable or do not configure this policy setting, interactive users can generate RSoP.\n\nNote: This policy setting does not affect administrators. If you enable or disable this policy setting, by default administrators can view RSoP data.\n\nNote: To view RSoP data on a client computer, use the RSoP snap-in for the Microsoft Management Console. You can launch the RSoP snap-in from the command line by typing RSOP.msc\n\nNote: This policy setting exists as both a User Configuration and Computer Configuration setting.\n\nAlso, see the \"Turn off Resultant set of Policy logging\" policy setting in Computer Configuration\\Administrative Templates\\System\\GroupPolicy.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "DenyRsopToInteractiveUser", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "GroupPolicy.admx", "CategoryName": "PolicyPolicies", "PolicyName": "DenyRsopToInteractiveUser_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.GroupPolicy", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Determine if interactive users can generate Resultant Set of Policy data", "ExplainText": "This policy setting controls the ability of users to view their Resultant Set of Policy (RSoP) data.\n\nBy default, interactively logged on users can view their own Resultant Set of Policy (RSoP) data.\n\nIf you enable this policy setting, interactive users cannot generate RSoP data.\n\nIf you disable or do not configure this policy setting, interactive users can generate RSoP.\n\nNote: This policy setting does not affect administrators. If you enable or disable this policy setting, by default administrators can view RSoP data.\n\nNote: To view RSoP data on a client computer, use the RSoP snap-in for the Microsoft Management Console. You can launch the RSoP snap-in from the command line by typing RSOP.msc\n\nNote: This policy setting exists as both a User Configuration and Computer Configuration setting.\n\nAlso, see the \"Turn off Resultant set of Policy logging\" policy setting in Computer Configuration\\Administrative Templates\\System\\GroupPolicy.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "DenyRsopToInteractiveUser", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "GroupPolicy.admx", "CategoryName": "PolicyPolicies", "PolicyName": "DisableAutoADMUpdate", "Class": "User", "NameSpace": "Microsoft.Policies.GroupPolicy", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Turn off automatic update of ADM files", "ExplainText": "Prevents the system from updating the Administrative Templates source files automatically when you open the Group Policy Object Editor. Administrators might want to use this if they are concerned about the amount of space used on the system volume of a DC.\n\nBy default, when you start the Group Policy Object Editor, a timestamp comparison is performed on the source files in the local %SYSTEMROOT%\\inf directory and the source files stored in the GPO. If the local files are newer, they are copied into the GPO.\n\nChanging the status of this setting to Enabled will keep any source files from copying to the GPO.\n\nChanging the status of this setting to Disabled will enforce the default behavior. Files will always be copied to the GPO if they have a later timestamp.\n\nNOTE: If the Computer Configuration policy setting, \"Always use local ADM files for the Group Policy Object Editor\" is enabled, the state of this setting is ignored and always treated as Enabled.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Group Policy Editor" ], "ValueName": "DisableAutoADMUpdate", "Elements": [] }, { "File": "GroupPolicy.admx", "CategoryName": "PolicyPolicies", "PolicyName": "DisableBackgroundPolicy", "Class": "Machine", "NameSpace": "Microsoft.Policies.GroupPolicy", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Turn off background refresh of Group Policy", "ExplainText": "This policy setting prevents Group Policy from being updated while the computer is in use. This policy setting applies to Group Policy for computers, users, and domain controllers.\n\nIf you enable this policy setting, the system waits until the current user logs off the system before updating the computer and user settings.\n\nIf you disable or do not configure this policy setting, updates can be applied while users are working. The frequency of updates is determined by the \"Set Group Policy refresh interval for computers\" and \"Set Group Policy refresh interval for users\" policy settings.\n\nNote: If you make changes to this policy setting, you must restart your computer for it to take effect.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "ValueName": "DisableBkGndGroupPolicy", "Elements": [] }, { "File": "GroupPolicy.admx", "CategoryName": "PolicyPolicies", "PolicyName": "DisableUsersFromMachGP", "Class": "Machine", "NameSpace": "Microsoft.Policies.GroupPolicy", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Remove users' ability to invoke machine policy refresh", "ExplainText": "This policy setting allows you to control a user's ability to invoke a computer policy refresh.\n\nIf you enable this policy setting, users are not able to invoke a refresh of computer policy. Computer policy will still be applied at startup or when an official policy refresh occurs.\n\nIf you disable or do not configure this policy setting, the default behavior applies. By default, computer policy is applied when the computer starts up. It also applies at a specified refresh interval or when manually invoked by the user.\n\nNote: This policy setting applies only to non-administrators. Administrators can still invoke a refresh of computer policy at any time, no matter how this policy setting is configured.\n\nAlso, see the \"Set Group Policy refresh interval for computers\" policy setting to change the policy refresh interval.\n\nNote: If you make changes to this policy setting, you must restart your computer for it to take effect.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "DenyUsersFromMachGP", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "GroupPolicy.admx", "CategoryName": "PolicyPolicies", "PolicyName": "EnforcePoliciesOnly", "Class": "User", "NameSpace": "Microsoft.Policies.GroupPolicy", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Enforce Show Policies Only", "ExplainText": "This policy setting prevents administrators from viewing or using Group Policy preferences.\n\nA Group Policy administration (.adm) file can contain both true settings and preferences. True settings, which are fully supported by Group Policy, must use registry entries in the Software\\Policies or Software\\Microsoft\\Windows\\CurrentVersion\\Policies registry subkeys. Preferences, which are not fully supported, use registry entries in other subkeys.\n\nIf you enable this policy setting, the \"Show Policies Only\" command is turned on, and administrators cannot turn it off. As a result, Group Policy Object Editor displays only true settings; preferences do not appear.\n\nIf you disable or do not configure this policy setting, the \"Show Policies Only\" command is turned on by default, but administrators can view preferences by turning off the \"Show Policies Only\" command.\n\nNote: To find the \"Show Policies Only\" command, in Group Policy Object Editor, click the Administrative Templates folder (either one), right-click the same folder, and then point to \"View.\"\n\nIn Group Policy Object Editor, preferences have a red icon to distinguish them from true settings, which have a blue icon.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Group Policy Editor" ], "ValueName": "ShowPoliciesOnly", "Elements": [] }, { "File": "GroupPolicy.admx", "CategoryName": "PolicyPolicies", "PolicyName": "GPDCOptions", "Class": "User", "NameSpace": "Microsoft.Policies.GroupPolicy", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Configure Group Policy domain controller selection", "ExplainText": "This policy setting determines which domain controller the Group Policy Object Editor snap-in uses.\n\nIf you enable this setting, you can which domain controller is used according to these options:\n\n\"Use the Primary Domain Controller\" indicates that the Group Policy Object Editor snap-in reads and writes changes to the domain controller designated as the PDC Operations Master for the domain.\n\n\"Inherit from Active Directory Snap-ins\" indicates that the Group Policy Object Editor snap-in reads and writes changes to the domain controller that Active Directory Users and Computers or Active Directory Sites and Services snap-ins use.\n\n\"Use any available domain controller\" indicates that the Group Policy Object Editor snap-in can read and write changes to any available domain controller.\n\nIf you disable this setting or do not configure it, the Group Policy Object Editor snap-in uses the domain controller designated as the PDC Operations Master for the domain.\n\nNote: To change the PDC Operations Master for a domain, in Active Directory Users and Computers, right-click a domain, and then click \"Operations Masters.\"", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Group Policy Editor" ], "Elements": [ { "Type": "Enum", "ValueName": "DCOption", "Items": [ { "DisplayName": "Use the Primary Domain Controller", "Data": "1" }, { "DisplayName": "Inherit from Active Directory Snap-ins", "Data": "2" }, { "DisplayName": "Use any available domain controller", "Data": "3" } ] } ] }, { "File": "GroupPolicy.admx", "CategoryName": "PolicyPolicies", "PolicyName": "GPTransferRate_1", "Class": "User", "NameSpace": "Microsoft.Policies.GroupPolicy", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Configure Group Policy slow link detection", "ExplainText": "This policy setting defines a slow connection for purposes of applying and updating Group Policy.\n\nIf the rate at which data is transferred from the domain controller providing a policy update to the computers in this group is slower than the rate specified by this setting, the system considers the connection to be slow.\n\nThe system's response to a slow policy connection varies among policies. The program implementing the policy can specify the response to a slow link. Also, the policy processing settings in this folder lets you override the programs' specified responses to slow links.\n\nIf you enable this setting, you can, in the \"Connection speed\" box, type a decimal number between 0 and 4,294,967,200, indicating a transfer rate in kilobits per second. Any connection slower than this rate is considered to be slow. If you type 0, all connections are considered to be fast.\n\nIf you disable this setting or do not configure it, the system uses the default value of 500 kilobits per second.\n\nThis setting appears in the Computer Configuration and User Configuration folders. The setting in Computer Configuration defines a slow link for policies in the Computer Configuration folder. The setting in User Configuration defines a slow link for settings in the User Configuration folder.\n\nAlso, see the \"Do not detect slow network connections\" and related policies in Computer Configuration\\Administrative Templates\\System\\User Profile. Note: If the profile server has IP connectivity, the connection speed setting is used. If the profile server does not have IP connectivity, the SMB timing is used.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\System" ], "Elements": [ { "Type": "Decimal", "ValueName": "GroupPolicyMinTransferRate", "MinValue": "0", "MaxValue": "4294967200" } ] }, { "File": "GroupPolicy.admx", "CategoryName": "PolicyPolicies", "PolicyName": "GPTransferRate_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.GroupPolicy", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Configure Group Policy slow link detection", "ExplainText": "This policy setting defines a slow connection for purposes of applying and updating Group Policy.\n\nIf the rate at which data is transferred from the domain controller providing a policy update to the computers in this group is slower than the rate specified by this setting, the system considers the connection to be slow.\n\nThe system's response to a slow policy connection varies among policies. The program implementing the policy can specify the response to a slow link. Also, the policy processing settings in this folder lets you override the programs' specified responses to slow links.\n\nIf you enable this setting, you can, in the \"Connection speed\" box, type a decimal number between 0 and 4,294,967,200, indicating a transfer rate in kilobits per second. Any connection slower than this rate is considered to be slow. If you type 0, all connections are considered to be fast.\n\nIf you disable this setting or do not configure it, the system uses the default value of 500 kilobits per second.\n\nThis setting appears in the Computer Configuration and User Configuration folders. The setting in Computer Configuration defines a slow link for policies in the Computer Configuration folder. The setting in User Configuration defines a slow link for settings in the User Configuration folder.\n\nAlso, see the \"Do not detect slow network connections\" and related policies in Computer Configuration\\Administrative Templates\\System\\User Profile. Note: If the profile server has IP connectivity, the connection speed setting is used. If the profile server does not have IP connectivity, the SMB timing is used.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "Elements": [ { "Type": "Decimal", "ValueName": "GroupPolicyMinTransferRate", "MinValue": "0", "MaxValue": "4294967200" }, { "Type": "Boolean", "ValueName": "SlowLinkDefaultFor3G", "TrueValue": "1", "FalseValue": "0" } ] }, { "File": "GroupPolicy.admx", "CategoryName": "PolicyPolicies", "PolicyName": "GroupPolicyRefreshRate", "Class": "Machine", "NameSpace": "Microsoft.Policies.GroupPolicy", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Set Group Policy refresh interval for computers", "ExplainText": "This policy setting specifies how often Group Policy for computers is updated while the computer is in use (in the background). This setting specifies a background update rate only for Group Policies in the Computer Configuration folder.\n\nIn addition to background updates, Group Policy for the computer is always updated when the system starts.\n\nBy default, computer Group Policy is updated in the background every 90 minutes, with a random offset of 0 to 30 minutes.\n\nIf you enable this setting, you can specify an update rate from 0 to 64,800 minutes (45 days). If you select 0 minutes, the computer tries to update Group Policy every 7 seconds. However, because updates might interfere with users' work and increase network traffic, very short update intervals are not appropriate for most installations.\n\nIf you disable this setting, Group Policy is updated every 90 minutes (the default). To specify that Group Policy should never be updated while the computer is in use, select the \"Turn off background refresh of Group Policy\" policy.\n\nThe Set Group Policy refresh interval for computers policy also lets you specify how much the actual update interval varies. To prevent clients with the same update interval from requesting updates simultaneously, the system varies the update interval for each client by a random number of minutes. The number you type in the random time box sets the upper limit for the range of variance. For example, if you type 30 minutes, the system selects a variance of 0 to 30 minutes. Typing a large number establishes a broad range and makes it less likely that client requests overlap. However, updates might be delayed significantly.\n\nThis setting establishes the update rate for computer Group Policy. To set an update rate for user policies, use the \"Set Group Policy refresh interval for users\" setting (located in User Configuration\\Administrative Templates\\System\\Group Policy).\n\nThis setting is only used when the \"Turn off background refresh of Group Policy\" setting is not enabled.\n\nNote: Consider notifying users that their policy is updated periodically so that they recognize the signs of a policy update. When Group Policy is updated, the Windows desktop is refreshed; it flickers briefly and closes open menus. Also, restrictions imposed by Group Policies, such as those that limit the programs users can run, might interfere with tasks in progress.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "Elements": [ { "Type": "Decimal", "ValueName": "GroupPolicyRefreshTime", "MinValue": "0", "MaxValue": "44640", "Required": true }, { "Type": "Decimal", "ValueName": "GroupPolicyRefreshTimeOffset", "MinValue": "0", "MaxValue": "1440", "Required": true } ] }, { "File": "GroupPolicy.admx", "CategoryName": "PolicyPolicies", "PolicyName": "GroupPolicyRefreshRateDC", "Class": "Machine", "NameSpace": "Microsoft.Policies.GroupPolicy", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Set Group Policy refresh interval for domain controllers", "ExplainText": "This policy setting specifies how often Group Policy is updated on domain controllers while they are running (in the background). The updates specified by this setting occur in addition to updates performed when the system starts.\n\nBy default, Group Policy on the domain controllers is updated every five minutes.\n\nIf you enable this setting, you can specify an update rate from 0 to 64,800 minutes (45 days). If you select 0 minutes, the domain controller tries to update Group Policy every 7 seconds. However, because updates might interfere with users' work and increase network traffic, very short update intervals are not appropriate for most installations.\n\nIf you disable or do not configure this setting, the domain controller updates Group Policy every 5 minutes (the default). To specify that Group Policies for users should never be updated while the computer is in use, select the \"Turn off background refresh of Group Policy\" setting.\n\nThis setting also lets you specify how much the actual update interval varies. To prevent domain controllers with the same update interval from requesting updates simultaneously, the system varies the update interval for each controller by a random number of minutes. The number you type in the random time box sets the upper limit for the range of variance. For example, if you type 30 minutes, the system selects a variance of 0 to 30 minutes. Typing a large number establishes a broad range and makes it less likely that update requests overlap. However, updates might be delayed significantly.\n\nNote: This setting is used only when you are establishing policy for a domain, site, organizational unit (OU), or customized group. If you are establishing policy for a local computer only, the system ignores this setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "Elements": [ { "Type": "Decimal", "ValueName": "GroupPolicyRefreshTimeDC", "MinValue": "0", "MaxValue": "44640", "Required": true }, { "Type": "Decimal", "ValueName": "GroupPolicyRefreshTimeOffsetDC", "MinValue": "0", "MaxValue": "1440", "Required": true } ] }, { "File": "GroupPolicy.admx", "CategoryName": "PolicyPolicies", "PolicyName": "GroupPolicyRefreshRateUser", "Class": "User", "NameSpace": "Microsoft.Policies.GroupPolicy", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Set Group Policy refresh interval for users", "ExplainText": "This policy setting specifies how often Group Policy for users is updated while the computer is in use (in the background). This setting specifies a background update rate only for the Group Policies in the User Configuration folder.\n\nIn addition to background updates, Group Policy for users is always updated when users log on.\n\nBy default, user Group Policy is updated in the background every 90 minutes, with a random offset of 0 to 30 minutes.\n\nIf you enable this setting, you can specify an update rate from 0 to 64,800 minutes (45 days). If you select 0 minutes, the computer tries to update user Group Policy every 7 seconds. However, because updates might interfere with users' work and increase network traffic, very short update intervals are not appropriate for most installations.\n\nIf you disable this setting, user Group Policy is updated every 90 minutes (the default). To specify that Group Policy for users should never be updated while the computer is in use, select the \"Turn off background refresh of Group Policy\" setting.\n\nThis setting also lets you specify how much the actual update interval varies. To prevent clients with the same update interval from requesting updates simultaneously, the system varies the update interval for each client by a random number of minutes. The number you type in the random time box sets the upper limit for the range of variance. For example, if you type 30 minutes, the system selects a variance of 0 to 30 minutes. Typing a large number establishes a broad range and makes it less likely that client requests overlap. However, updates might be delayed significantly.\n\nImportant: If the \"Turn off background refresh of Group Policy\" setting is enabled, this setting is ignored.\n\nNote: This setting establishes the update rate for user Group Policies. To set an update rate for computer Group Policies, use the \"Group Policy refresh interval for computers\" setting (located in Computer Configuration\\Administrative Templates\\System\\Group Policy).\n\nTip: Consider notifying users that their policy is updated periodically so that they recognize the signs of a policy update. When Group Policy is updated, the Windows desktop is refreshed; it flickers briefly and closes open menus. Also, restrictions imposed by Group Policies, such as those that limit the programs a user can run, might interfere with tasks in progress.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\System" ], "Elements": [ { "Type": "Decimal", "ValueName": "GroupPolicyRefreshTime", "MinValue": "0", "MaxValue": "44640", "Required": true }, { "Type": "Decimal", "ValueName": "GroupPolicyRefreshTimeOffset", "MinValue": "0", "MaxValue": "1440", "Required": true } ] }, { "File": "GroupPolicy.admx", "CategoryName": "PolicyPolicies", "PolicyName": "NewGPODisplayName", "Class": "User", "NameSpace": "Microsoft.Policies.GroupPolicy", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Set default name for new Group Policy objects", "ExplainText": "This policy setting allows you to set the default display name for new Group Policy objects.\n\nThis setting allows you to specify the default name for new Group Policy objects created from policy compliant Group Policy Management tools including the Group Policy tab in Active Directory tools and the GPO browser.\n\nThe display name can contain environment variables and can be a maximum of 255 characters long.\n\nIf this setting is Disabled or Not Configured, the default display name of New Group Policy object is used.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Group Policy Editor" ], "Elements": [ { "Type": "Text", "ValueName": "GPODisplayName", "Required": true, "MaxLength": "255" } ] }, { "File": "GroupPolicy.admx", "CategoryName": "PolicyPolicies", "PolicyName": "NewGPOLinksDisabled", "Class": "User", "NameSpace": "Microsoft.Policies.GroupPolicy", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Create new Group Policy Object links disabled by default", "ExplainText": "This policy setting allows you to create new Group Policy object links in the disabled state.\n\nIf you enable this setting, you can create all new Group Policy object links in the disabled state by default. After you configure and test the new object links by using a policy compliant Group Policy management tool such as Active Directory Users and Computers or Active Directory Sites and Services, you can enable the object links for use on the system.\n\nIf you disable this setting or do not configure it, new Group Policy object links are created in the enabled state. If you do not want them to be effective until they are configured and tested, you must disable the object link.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Group Policy Editor" ], "ValueName": "NewGPOLinksDisabled", "Elements": [] }, { "File": "GroupPolicy.admx", "CategoryName": "PolicyPolicies", "PolicyName": "OnlyUseLocalAdminFiles", "Class": "Machine", "NameSpace": "Microsoft.Policies.GroupPolicy", "Supported": "WindowsXPOrServerOnly - Windows Server 2003 and Windows XP only", "DisplayName": "Always use local ADM files for Group Policy Object Editor", "ExplainText": "This policy setting lets you always use local ADM files for the Group Policy snap-in.\n\nBy default, when you edit a Group Policy Object (GPO) using the Group Policy Object Editor snap-in, the ADM files are loaded from that GPO into the Group Policy Object Editor snap-in. This allows you to use the same version of the ADM files that were used to create the GPO while editing this GPO.\n\nThis leads to the following behavior:\n\n- If you originally created the GPO with, for example, an English system, the GPO contains English ADM files.\n\n- If you later edit the GPO from a different-language system, you get the English ADM files as they were in the GPO.\n\nYou can change this behavior by using this setting.\n\nIf you enable this setting, the Group Policy Object Editor snap-in always uses local ADM files in your %windir%\\inf directory when editing GPOs.\n\nThis leads to the following behavior:\n\n- If you had originally created the GPO with an English system, and then you edit the GPO with a Japanese system, the Group Policy Object Editor snap-in uses the local Japanese ADM files, and you see the text in Japanese under Administrative Templates.\n\nIf you disable or do not configure this setting, the Group Policy Object Editor snap-in always loads all ADM files from the actual GPO.\n\nNote: If the ADMs that you require are not all available locally in your %windir%\\inf directory, you might not be able to see all the settings that have been configured in the GPO that you are editing.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Group Policy" ], "ValueName": "OnlyUseLocalAdminFiles", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "GroupPolicy.admx", "CategoryName": "PolicyPolicies", "PolicyName": "RSoPLogging", "Class": "Machine", "NameSpace": "Microsoft.Policies.GroupPolicy", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Turn off Resultant Set of Policy logging", "ExplainText": "This setting allows you to enable or disable Resultant Set of Policy (RSoP) logging on a client computer.\n\nRSoP logs information on Group Policy settings that have been applied to the client. This information includes details such as which Group Policy Objects (GPO) were applied, where they came from, and the client-side extension settings that were included.\n\nIf you enable this setting, RSoP logging is turned off.\n\nIf you disable or do not configure this setting, RSoP logging is turned on. By default, RSoP logging is always on.\n\nNote: To view the RSoP information logged on a client computer, you can use the RSoP snap-in in the Microsoft Management Console (MMC).", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "RSoPLogging", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "GroupPolicy.admx", "CategoryName": "PolicyPolicies", "PolicyName": "UserPolicyMode", "Class": "Machine", "NameSpace": "Microsoft.Policies.GroupPolicy", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Configure user Group Policy loopback processing mode", "ExplainText": "This policy setting directs the system to apply the set of Group Policy objects for the computer to any user who logs on to a computer affected by this setting. It is intended for special-use computers, such as those in public places, laboratories, and classrooms, where you must modify the user setting based on the computer that is being used.\n\nBy default, the user's Group Policy Objects determine which user settings apply. If this setting is enabled, then, when a user logs on to this computer, the computer's Group Policy Objects determine which set of Group Policy Objects applies.\n\nIf you enable this setting, you can select one of the following modes from the Mode box:\n\n\"Replace\" indicates that the user settings defined in the computer's Group Policy Objects replace the user settings normally applied to the user.\n\n\"Merge\" indicates that the user settings defined in the computer's Group Policy Objects and the user settings normally applied to the user are combined. If the settings conflict, the user settings in the computer's Group Policy Objects take precedence over the user's normal settings.\n\nIf you disable this setting or do not configure it, the user's Group Policy Objects determines which user settings apply.\n\nNote: This setting is effective only when both the computer account and the user account are in at least Windows 2000 domains.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "Elements": [ { "Type": "Enum", "ValueName": "UserPolicyMode", "Items": [ { "DisplayName": "Merge", "Data": "1" }, { "DisplayName": "Replace", "Data": "2" } ] } ] }, { "File": "GroupPolicy.admx", "CategoryName": "PolicyPolicies", "PolicyName": "CorpConnSyncWaitTime", "Class": "Machine", "NameSpace": "Microsoft.Policies.GroupPolicy", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Specify workplace connectivity wait time for policy processing", "ExplainText": "This policy setting specifies how long Group Policy should wait for workplace connectivity notifications during startup policy processing. If the startup policy processing is synchronous, the computer is blocked until workplace connectivity is available or the wait time is reached. If the startup policy processing is asynchronous, the computer is not blocked and policy processing will occur in the background. In either case, configuring this policy setting overrides any system-computed wait times.\n\nIf you enable this policy setting, Group Policy uses this administratively configured maximum wait time for workplace connectivity, and overrides any default or system-computed wait time.\n\nIf you disable or do not configure this policy setting, Group Policy will use the default wait time of 60 seconds on computers running Windows operating systems greater than Windows 7 configured for workplace connectivity.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "Elements": [ { "Type": "Decimal", "ValueName": "CorpConnStartTimeoutPolicyValue", "MinValue": "1", "MaxValue": "600" } ] }, { "File": "GroupPolicyPreferencesLogging.admx", "CategoryName": "CSE_Logging", "PolicyName": "CSE_Applications_Logging", "Class": "Machine", "NameSpace": "Microsoft.Policies.PreferencesLogging", "Supported": "WindowsXPSP2_Or_WindowsNET - At least Windows Server 2003 operating systems or Windows XP Professional with SP2", "DisplayName": "Configure Applications preference logging and tracing", "ExplainText": "This policy setting allows you to configure the level of detail recorded by event logging for the Applications preference extension, and to turn on tracing for the Applications extension. Logging and tracing provide diagnostic information for troubleshooting.\n\nIf you enable this policy setting, you can configure event logging and turn on tracing for the Applications extension for client computers.\n\nIf you disable or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off.\n\nNotes:\n\n1. User Configuration tracing: To perform tracing for items in this preference extension listed under User Configuration, you must provide a path in the \"User trace\" box to the location where a user trace file can be created on the client computer, and you must turn on the \"Tracing\" option. If there are no preference items under User Configuration in this extension, no user trace file is created.\n\n2. Computer Configuration tracing: This preference extension is available under User Configuration only, so computer configuration tracing is not applicable.\n\n3. Group Policy Modeling query tracing: To perform tracing for items in this preference extension when you perform a Group Policy Modeling query, you must provide a path in the \"Planning trace\" box to the location where a planning trace file can be created on the computer where you run modeling, and you must turn on the \"Tracing\" option. If you are not performing Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Group Policy\\{F9C77450-3A41-477E-9310-9ACD617BD9E3}" ], "Elements": [ { "Type": "Enum", "ValueName": "LogLevel", "Items": [ { "DisplayName": "Informational, Warnings and Errors", "Data": "3" }, { "DisplayName": "Warnings and Errors", "Data": "2" }, { "DisplayName": "Errors Only", "Data": "1" }, { "DisplayName": "None", "Data": "0" } ] }, { "Type": "Enum", "ValueName": "TraceLevel", "Items": [ { "DisplayName": "On", "Data": "2" }, { "DisplayName": "Off", "Data": "0" } ] }, { "Type": "Text", "ValueName": "TraceFilePathUser", "Expandable": true }, { "Type": "Text", "ValueName": "TraceFilePathMachine", "Expandable": true }, { "Type": "Text", "ValueName": "TraceFilePathPlanning", "Expandable": true }, { "Type": "Decimal", "ValueName": "TraceFileMaxSize", "MinValue": "0", "MaxValue": "16384" } ] }, { "File": "GroupPolicyPreferencesLogging.admx", "CategoryName": "CSE_Logging", "PolicyName": "CSE_DataSources_Logging", "Class": "Machine", "NameSpace": "Microsoft.Policies.PreferencesLogging", "Supported": "WindowsXPSP2_Or_WindowsNET - At least Windows Server 2003 operating systems or Windows XP Professional with SP2", "DisplayName": "Configure Data Sources preference logging and tracing", "ExplainText": "This policy setting allows you to configure the level of detail recorded by event logging for the Data Sources preference extension, and to turn on tracing for the Data Sources extension. Logging and tracing provide diagnostic information for troubleshooting.\n\nIf you enable this policy setting, you can configure event logging and turn on tracing for the Data Sources extension for client computers.\n\nIf you disable or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off.\n\nNotes:\n\n1. User Configuration tracing: To perform tracing for items in this preference extension listed under User Configuration, you must provide a path in the \"User trace\" box to the location where a user trace file can be created on the client computer, and you must turn on the \"Tracing\" option. If there are no preference items under User Configuration in this extension, no user trace file is created.\n\n2. Computer Configuration tracing: This preference extension is available under User Configuration only, so computer configuration tracing is not applicable.\n\n3. Group Policy Modeling query tracing: To perform tracing for items in this preference extension when you perform a Group Policy Modeling query, you must provide a path in the \"Planning trace\" box to the location where a planning trace file can be created on the computer where you run modeling, and you must turn on the \"Tracing\" option. If you are not performing Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Group Policy\\{728EE579-943C-4519-9EF7-AB56765798ED}" ], "Elements": [ { "Type": "Enum", "ValueName": "LogLevel", "Items": [ { "DisplayName": "Informational, Warnings and Errors", "Data": "3" }, { "DisplayName": "Warnings and Errors", "Data": "2" }, { "DisplayName": "Errors Only", "Data": "1" }, { "DisplayName": "None", "Data": "0" } ] }, { "Type": "Enum", "ValueName": "TraceLevel", "Items": [ { "DisplayName": "On", "Data": "2" }, { "DisplayName": "Off", "Data": "0" } ] }, { "Type": "Text", "ValueName": "TraceFilePathUser", "Expandable": true }, { "Type": "Text", "ValueName": "TraceFilePathMachine", "Expandable": true }, { "Type": "Text", "ValueName": "TraceFilePathPlanning", "Expandable": true }, { "Type": "Decimal", "ValueName": "TraceFileMaxSize", "MinValue": "0", "MaxValue": "16384" } ] }, { "File": "GroupPolicyPreferencesLogging.admx", "CategoryName": "CSE_Logging", "PolicyName": "CSE_Devices_Logging", "Class": "Machine", "NameSpace": "Microsoft.Policies.PreferencesLogging", "Supported": "WindowsXPSP2_Or_WindowsNET - At least Windows Server 2003 operating systems or Windows XP Professional with SP2", "DisplayName": "Configure Devices preference logging and tracing", "ExplainText": "This policy setting allows you to configure the level of detail recorded by event logging for the Devices preference extension, and to turn on tracing for the Devices extension. Logging and tracing provide diagnostic information for troubleshooting.\n\nIf you enable this policy setting, you can configure event logging and turn on tracing for the Devices extension for client computers.\n\nIf you disable or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off.\n\nNotes:\n\n1. User Configuration tracing: To perform tracing for items in this preference extension listed under User Configuration, you must provide a path in the \"User trace\" box to the location where a user trace file can be created on the client computer, and you must turn on the \"Tracing\" option. If there are no preference items under User Configuration in this extension, no user trace file is created.\n\n2. Computer Configuration tracing: This preference extension is available under User Configuration only, so computer configuration tracing is not applicable.\n\n3. Group Policy Modeling query tracing: To perform tracing for items in this preference extension when you perform a Group Policy Modeling query, you must provide a path in the \"Planning trace\" box to the location where a planning trace file can be created on the computer where you run modeling, and you must turn on the \"Tracing\" option. If you are not performing Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Group Policy\\{1A6364EB-776B-4120-ADE1-B63A406A76B5}" ], "Elements": [ { "Type": "Enum", "ValueName": "LogLevel", "Items": [ { "DisplayName": "Informational, Warnings and Errors", "Data": "3" }, { "DisplayName": "Warnings and Errors", "Data": "2" }, { "DisplayName": "Errors Only", "Data": "1" }, { "DisplayName": "None", "Data": "0" } ] }, { "Type": "Enum", "ValueName": "TraceLevel", "Items": [ { "DisplayName": "On", "Data": "2" }, { "DisplayName": "Off", "Data": "0" } ] }, { "Type": "Text", "ValueName": "TraceFilePathUser", "Expandable": true }, { "Type": "Text", "ValueName": "TraceFilePathMachine", "Expandable": true }, { "Type": "Text", "ValueName": "TraceFilePathPlanning", "Expandable": true }, { "Type": "Decimal", "ValueName": "TraceFileMaxSize", "MinValue": "0", "MaxValue": "16384" } ] }, { "File": "GroupPolicyPreferencesLogging.admx", "CategoryName": "CSE_Logging", "PolicyName": "CSE_Drives_Logging", "Class": "Machine", "NameSpace": "Microsoft.Policies.PreferencesLogging", "Supported": "WindowsXPSP2_Or_WindowsNET - At least Windows Server 2003 operating systems or Windows XP Professional with SP2", "DisplayName": "Configure Drive Maps preference logging and tracing", "ExplainText": "This policy setting allows you to configure the level of detail recorded by event logging for the Drive Maps preference extension, and to turn on tracing for the Drive Maps extension. Logging and tracing provide diagnostic information for troubleshooting.\n\nIf you enable this policy setting, you can configure event logging and turn on tracing for the Drive Maps extension for client computers.\n\nIf you disable or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off.\n\nNotes:\n\n1. User Configuration tracing: To perform tracing for items in this preference extension listed under User Configuration, you must provide a path in the \"User trace\" box to the location where a user trace file can be created on the client computer, and you must turn on the \"Tracing\" option. If there are no preference items under User Configuration in this extension, no user trace file is created.\n\n2. Computer Configuration tracing: This preference extension is available under User Configuration only, so computer configuration tracing is not applicable.\n\n3. Group Policy Modeling query tracing: To perform tracing for items in this preference extension when you perform a Group Policy Modeling query, you must provide a path in the \"Planning trace\" box to the location where a planning trace file can be created on the computer where you run modeling, and you must turn on the \"Tracing\" option. If you are not performing Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Group Policy\\{5794DAFD-BE60-433f-88A2-1A31939AC01F}" ], "Elements": [ { "Type": "Enum", "ValueName": "LogLevel", "Items": [ { "DisplayName": "Informational, Warnings and Errors", "Data": "3" }, { "DisplayName": "Warnings and Errors", "Data": "2" }, { "DisplayName": "Errors Only", "Data": "1" }, { "DisplayName": "None", "Data": "0" } ] }, { "Type": "Enum", "ValueName": "TraceLevel", "Items": [ { "DisplayName": "On", "Data": "2" }, { "DisplayName": "Off", "Data": "0" } ] }, { "Type": "Text", "ValueName": "TraceFilePathUser", "Expandable": true }, { "Type": "Text", "ValueName": "TraceFilePathMachine", "Expandable": true }, { "Type": "Text", "ValueName": "TraceFilePathPlanning", "Expandable": true }, { "Type": "Decimal", "ValueName": "TraceFileMaxSize", "MinValue": "0", "MaxValue": "16384" } ] }, { "File": "GroupPolicyPreferencesLogging.admx", "CategoryName": "CSE_Logging", "PolicyName": "CSE_Environment_Logging", "Class": "Machine", "NameSpace": "Microsoft.Policies.PreferencesLogging", "Supported": "WindowsXPSP2_Or_WindowsNET - At least Windows Server 2003 operating systems or Windows XP Professional with SP2", "DisplayName": "Configure Environment preference logging and tracing", "ExplainText": "This policy setting allows you to configure the level of detail recorded by event logging for the Environment preference extension, and to turn on tracing for the Environment extension. Logging and tracing provide diagnostic information for troubleshooting.\n\nIf you enable this policy setting, you can configure event logging and turn on tracing for the Environment extension for client computers.\n\nIf you disable or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off.\n\nNotes:\n\n1. User Configuration tracing: To perform tracing for items in this preference extension listed under User Configuration, you must provide a path in the \"User trace\" box to the location where a user trace file can be created on the client computer, and you must turn on the \"Tracing\" option. If there are no preference items under User Configuration in this extension, no user trace file is created.\n\n2. Computer Configuration tracing: This preference extension is available under User Configuration only, so computer configuration tracing is not applicable.\n\n3. Group Policy Modeling query tracing: To perform tracing for items in this preference extension when you perform a Group Policy Modeling query, you must provide a path in the \"Planning trace\" box to the location where a planning trace file can be created on the computer where you run modeling, and you must turn on the \"Tracing\" option. If you are not performing Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Group Policy\\{0E28E245-9368-4853-AD84-6DA3BA35BB75}" ], "Elements": [ { "Type": "Enum", "ValueName": "LogLevel", "Items": [ { "DisplayName": "Informational, Warnings and Errors", "Data": "3" }, { "DisplayName": "Warnings and Errors", "Data": "2" }, { "DisplayName": "Errors Only", "Data": "1" }, { "DisplayName": "None", "Data": "0" } ] }, { "Type": "Enum", "ValueName": "TraceLevel", "Items": [ { "DisplayName": "On", "Data": "2" }, { "DisplayName": "Off", "Data": "0" } ] }, { "Type": "Text", "ValueName": "TraceFilePathUser", "Expandable": true }, { "Type": "Text", "ValueName": "TraceFilePathMachine", "Expandable": true }, { "Type": "Text", "ValueName": "TraceFilePathPlanning", "Expandable": true }, { "Type": "Decimal", "ValueName": "TraceFileMaxSize", "MinValue": "0", "MaxValue": "16384" } ] }, { "File": "GroupPolicyPreferencesLogging.admx", "CategoryName": "CSE_Logging", "PolicyName": "CSE_Files_Logging", "Class": "Machine", "NameSpace": "Microsoft.Policies.PreferencesLogging", "Supported": "WindowsXPSP2_Or_WindowsNET - At least Windows Server 2003 operating systems or Windows XP Professional with SP2", "DisplayName": "Configure Files preference logging and tracing", "ExplainText": "This policy setting allows you to configure the level of detail recorded by event logging for the Files preference extension, and to turn on tracing for the Files extension. Logging and tracing provide diagnostic information for troubleshooting.\n\nIf you enable this policy setting, you can configure event logging and turn on tracing for the Files extension for client computers.\n\nIf you disable or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off.\n\nNotes:\n\n1. User Configuration tracing: To perform tracing for items in this preference extension listed under User Configuration, you must provide a path in the \"User trace\" box to the location where a user trace file can be created on the client computer, and you must turn on the \"Tracing\" option. If there are no preference items under User Configuration in this extension, no user trace file is created.\n\n2. Computer Configuration tracing: This preference extension is available under User Configuration only, so computer configuration tracing is not applicable.\n\n3. Group Policy Modeling query tracing: To perform tracing for items in this preference extension when you perform a Group Policy Modeling query, you must provide a path in the \"Planning trace\" box to the location where a planning trace file can be created on the computer where you run modeling, and you must turn on the \"Tracing\" option. If you are not performing Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Group Policy\\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}" ], "Elements": [ { "Type": "Enum", "ValueName": "LogLevel", "Items": [ { "DisplayName": "Informational, Warnings and Errors", "Data": "3" }, { "DisplayName": "Warnings and Errors", "Data": "2" }, { "DisplayName": "Errors Only", "Data": "1" }, { "DisplayName": "None", "Data": "0" } ] }, { "Type": "Enum", "ValueName": "TraceLevel", "Items": [ { "DisplayName": "On", "Data": "2" }, { "DisplayName": "Off", "Data": "0" } ] }, { "Type": "Text", "ValueName": "TraceFilePathUser", "Expandable": true }, { "Type": "Text", "ValueName": "TraceFilePathMachine", "Expandable": true }, { "Type": "Text", "ValueName": "TraceFilePathPlanning", "Expandable": true }, { "Type": "Decimal", "ValueName": "TraceFileMaxSize", "MinValue": "0", "MaxValue": "16384" } ] }, { "File": "GroupPolicyPreferencesLogging.admx", "CategoryName": "CSE_Logging", "PolicyName": "CSE_FolderOptions_Logging", "Class": "Machine", "NameSpace": "Microsoft.Policies.PreferencesLogging", "Supported": "WindowsXPSP2_Or_WindowsNET - At least Windows Server 2003 operating systems or Windows XP Professional with SP2", "DisplayName": "Configure Folder Options preference logging and tracing", "ExplainText": "This policy setting allows you to configure the level of detail recorded by event logging for the Folder Options preference extension, and to turn on tracing for the Folder Options extension. Logging and tracing provide diagnostic information for troubleshooting.\n\nIf you enable this policy setting, you can configure event logging and turn on tracing for the Folder Options extension for client computers.\n\nIf you disable or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off.\n\nNotes:\n\n1. User Configuration tracing: To perform tracing for items in this preference extension listed under User Configuration, you must provide a path in the \"User trace\" box to the location where a user trace file can be created on the client computer, and you must turn on the \"Tracing\" option. If there are no preference items under User Configuration in this extension, no user trace file is created.\n\n2. Computer Configuration tracing: This preference extension is available under User Configuration only, so computer configuration tracing is not applicable.\n\n3. Group Policy Modeling query tracing: To perform tracing for items in this preference extension when you perform a Group Policy Modeling query, you must provide a path in the \"Planning trace\" box to the location where a planning trace file can be created on the computer where you run modeling, and you must turn on the \"Tracing\" option. If you are not performing Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Group Policy\\{A3F3E39B-5D83-4940-B954-28315B82F0A8}" ], "Elements": [ { "Type": "Enum", "ValueName": "LogLevel", "Items": [ { "DisplayName": "Informational, Warnings and Errors", "Data": "3" }, { "DisplayName": "Warnings and Errors", "Data": "2" }, { "DisplayName": "Errors Only", "Data": "1" }, { "DisplayName": "None", "Data": "0" } ] }, { "Type": "Enum", "ValueName": "TraceLevel", "Items": [ { "DisplayName": "On", "Data": "2" }, { "DisplayName": "Off", "Data": "0" } ] }, { "Type": "Text", "ValueName": "TraceFilePathUser", "Expandable": true }, { "Type": "Text", "ValueName": "TraceFilePathMachine", "Expandable": true }, { "Type": "Text", "ValueName": "TraceFilePathPlanning", "Expandable": true }, { "Type": "Decimal", "ValueName": "TraceFileMaxSize", "MinValue": "0", "MaxValue": "16384" } ] }, { "File": "GroupPolicyPreferencesLogging.admx", "CategoryName": "CSE_Logging", "PolicyName": "CSE_Folders_Logging", "Class": "Machine", "NameSpace": "Microsoft.Policies.PreferencesLogging", "Supported": "WindowsXPSP2_Or_WindowsNET - At least Windows Server 2003 operating systems or Windows XP Professional with SP2", "DisplayName": "Configure Folders preference logging and tracing", "ExplainText": "This policy setting allows you to configure the level of detail recorded by event logging for the Folders preference extension, and to turn on tracing for the Folders extension. Logging and tracing provide diagnostic information for troubleshooting.\n\nIf you enable this policy setting, you can configure event logging and turn on tracing for the Folders extension for client computers.\n\nIf you disable or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off.\n\nNotes:\n\n1. User Configuration tracing: To perform tracing for items in this preference extension listed under User Configuration, you must provide a path in the \"User trace\" box to the location where a user trace file can be created on the client computer, and you must turn on the \"Tracing\" option. If there are no preference items under User Configuration in this extension, no user trace file is created.\n\n2. Computer Configuration tracing: This preference extension is available under User Configuration only, so computer configuration tracing is not applicable.\n\n3. Group Policy Modeling query tracing: To perform tracing for items in this preference extension when you perform a Group Policy Modeling query, you must provide a path in the \"Planning trace\" box to the location where a planning trace file can be created on the computer where you run modeling, and you must turn on the \"Tracing\" option. If you are not performing Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Group Policy\\{6232C319-91AC-4931-9385-E70C2B099F0E}" ], "Elements": [ { "Type": "Enum", "ValueName": "LogLevel", "Items": [ { "DisplayName": "Informational, Warnings and Errors", "Data": "3" }, { "DisplayName": "Warnings and Errors", "Data": "2" }, { "DisplayName": "Errors Only", "Data": "1" }, { "DisplayName": "None", "Data": "0" } ] }, { "Type": "Enum", "ValueName": "TraceLevel", "Items": [ { "DisplayName": "On", "Data": "2" }, { "DisplayName": "Off", "Data": "0" } ] }, { "Type": "Text", "ValueName": "TraceFilePathUser", "Expandable": true }, { "Type": "Text", "ValueName": "TraceFilePathMachine", "Expandable": true }, { "Type": "Text", "ValueName": "TraceFilePathPlanning", "Expandable": true }, { "Type": "Decimal", "ValueName": "TraceFileMaxSize", "MinValue": "0", "MaxValue": "16384" } ] }, { "File": "GroupPolicyPreferencesLogging.admx", "CategoryName": "CSE_Logging", "PolicyName": "CSE_IniFiles_Logging", "Class": "Machine", "NameSpace": "Microsoft.Policies.PreferencesLogging", "Supported": "WindowsXPSP2_Or_WindowsNET - At least Windows Server 2003 operating systems or Windows XP Professional with SP2", "DisplayName": "Configure Ini Files preference logging and tracing", "ExplainText": "This policy setting allows you to configure the level of detail recorded by event logging for the Ini Files preference extension, and to turn on tracing for the Ini Files extension. Logging and tracing provide diagnostic information for troubleshooting.\n\nIf you enable this policy setting, you can configure event logging and turn on tracing for the Ini Files extension for client computers.\n\nIf you disable or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off.\n\nNotes:\n\n1. User Configuration tracing: To perform tracing for items in this preference extension listed under User Configuration, you must provide a path in the \"User trace\" box to the location where a user trace file can be created on the client computer, and you must turn on the \"Tracing\" option. If there are no preference items under User Configuration in this extension, no user trace file is created.\n\n2. Computer Configuration tracing: This preference extension is available under User Configuration only, so computer configuration tracing is not applicable.\n\n3. Group Policy Modeling query tracing: To perform tracing for items in this preference extension when you perform a Group Policy Modeling query, you must provide a path in the \"Planning trace\" box to the location where a planning trace file can be created on the computer where you run modeling, and you must turn on the \"Tracing\" option. If you are not performing Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Group Policy\\{74EE6C03-5363-4554-B161-627540339CAB}" ], "Elements": [ { "Type": "Enum", "ValueName": "LogLevel", "Items": [ { "DisplayName": "Informational, Warnings and Errors", "Data": "3" }, { "DisplayName": "Warnings and Errors", "Data": "2" }, { "DisplayName": "Errors Only", "Data": "1" }, { "DisplayName": "None", "Data": "0" } ] }, { "Type": "Enum", "ValueName": "TraceLevel", "Items": [ { "DisplayName": "On", "Data": "2" }, { "DisplayName": "Off", "Data": "0" } ] }, { "Type": "Text", "ValueName": "TraceFilePathUser", "Expandable": true }, { "Type": "Text", "ValueName": "TraceFilePathMachine", "Expandable": true }, { "Type": "Text", "ValueName": "TraceFilePathPlanning", "Expandable": true }, { "Type": "Decimal", "ValueName": "TraceFileMaxSize", "MinValue": "0", "MaxValue": "16384" } ] }, { "File": "GroupPolicyPreferencesLogging.admx", "CategoryName": "CSE_Logging", "PolicyName": "CSE_Internet_Logging", "Class": "Machine", "NameSpace": "Microsoft.Policies.PreferencesLogging", "Supported": "WindowsXPSP2_Or_WindowsNET - At least Windows Server 2003 operating systems or Windows XP Professional with SP2", "DisplayName": "Configure Internet Settings preference logging and tracing", "ExplainText": "This policy setting allows you to configure the level of detail recorded by event logging for the Internet preference extension, and to turn on tracing for the Internet extension. Logging and tracing provide diagnostic information for troubleshooting.\n\nIf you enable this policy setting, you can configure event logging and turn on tracing for the Internet extension for client computers.\n\nIf you disable or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off.\n\nNotes:\n\n1. User Configuration tracing: To perform tracing for items in this preference extension listed under User Configuration, you must provide a path in the \"User trace\" box to the location where a user trace file can be created on the client computer, and you must turn on the \"Tracing\" option. If there are no preference items under User Configuration in this extension, no user trace file is created.\n\n2. Computer Configuration tracing: This preference extension is available under User Configuration only, so computer configuration tracing is not applicable.\n\n3. Group Policy Modeling query tracing: To perform tracing for items in this preference extension when you perform a Group Policy Modeling query, you must provide a path in the \"Planning trace\" box to the location where a planning trace file can be created on the computer where you run modeling, and you must turn on the \"Tracing\" option. If you are not performing Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Group Policy\\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}" ], "Elements": [ { "Type": "Enum", "ValueName": "LogLevel", "Items": [ { "DisplayName": "Informational, Warnings and Errors", "Data": "3" }, { "DisplayName": "Warnings and Errors", "Data": "2" }, { "DisplayName": "Errors Only", "Data": "1" }, { "DisplayName": "None", "Data": "0" } ] }, { "Type": "Enum", "ValueName": "TraceLevel", "Items": [ { "DisplayName": "On", "Data": "2" }, { "DisplayName": "Off", "Data": "0" } ] }, { "Type": "Text", "ValueName": "TraceFilePathUser", "Expandable": true }, { "Type": "Text", "ValueName": "TraceFilePathMachine", "Expandable": true }, { "Type": "Text", "ValueName": "TraceFilePathPlanning", "Expandable": true }, { "Type": "Decimal", "ValueName": "TraceFileMaxSize", "MinValue": "0", "MaxValue": "16384" } ] }, { "File": "GroupPolicyPreferencesLogging.admx", "CategoryName": "CSE_Logging", "PolicyName": "CSE_LocalUsersAndGroups_Logging", "Class": "Machine", "NameSpace": "Microsoft.Policies.PreferencesLogging", "Supported": "WindowsXPSP2_Or_WindowsNET - At least Windows Server 2003 operating systems or Windows XP Professional with SP2", "DisplayName": "Configure Local Users and Groups preference logging and tracing", "ExplainText": "This policy setting allows you to configure the level of detail recorded by event logging for the Local User and Local Group preference extension, and to turn on tracing for the Local User and Local Group extension. Logging and tracing provide diagnostic information for troubleshooting.\n\nIf you enable this policy setting, you can configure event logging and turn on tracing for the Local User and Local Group extension for client computers.\n\nIf you disable or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off.\n\nNotes:\n\n1. User Configuration tracing: To perform tracing for items in this preference extension listed under User Configuration, you must provide a path in the \"User trace\" box to the location where a user trace file can be created on the client computer, and you must turn on the \"Tracing\" option. If there are no preference items under User Configuration in this extension, no user trace file is created.\n\n2. Computer Configuration tracing: This preference extension is available under User Configuration only, so computer configuration tracing is not applicable.\n\n3. Group Policy Modeling query tracing: To perform tracing for items in this preference extension when you perform a Group Policy Modeling query, you must provide a path in the \"Planning trace\" box to the location where a planning trace file can be created on the computer where you run modeling, and you must turn on the \"Tracing\" option. If you are not performing Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Group Policy\\{17D89FEC-5C44-4972-B12D-241CAEF74509}" ], "Elements": [ { "Type": "Enum", "ValueName": "LogLevel", "Items": [ { "DisplayName": "Informational, Warnings and Errors", "Data": "3" }, { "DisplayName": "Warnings and Errors", "Data": "2" }, { "DisplayName": "Errors Only", "Data": "1" }, { "DisplayName": "None", "Data": "0" } ] }, { "Type": "Enum", "ValueName": "TraceLevel", "Items": [ { "DisplayName": "On", "Data": "2" }, { "DisplayName": "Off", "Data": "0" } ] }, { "Type": "Text", "ValueName": "TraceFilePathUser", "Expandable": true }, { "Type": "Text", "ValueName": "TraceFilePathMachine", "Expandable": true }, { "Type": "Text", "ValueName": "TraceFilePathPlanning", "Expandable": true }, { "Type": "Decimal", "ValueName": "TraceFileMaxSize", "MinValue": "0", "MaxValue": "16384" } ] }, { "File": "GroupPolicyPreferencesLogging.admx", "CategoryName": "CSE_Logging", "PolicyName": "CSE_NetworkOptions_Logging", "Class": "Machine", "NameSpace": "Microsoft.Policies.PreferencesLogging", "Supported": "WindowsXPSP2_Or_WindowsNET - At least Windows Server 2003 operating systems or Windows XP Professional with SP2", "DisplayName": "Configure Network Options preference logging and tracing", "ExplainText": "This policy setting allows you to configure the level of detail recorded by event logging for the Network Options preference extension, and to turn on tracing for the Network Options extension. Logging and tracing provide diagnostic information for troubleshooting.\n\nIf you enable this policy setting, you can configure event logging and turn on tracing for the Network Options extension for client computers.\n\nIf you disable or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off.\n\nNotes:\n\n1. User Configuration tracing: To perform tracing for items in this preference extension listed under User Configuration, you must provide a path in the \"User trace\" box to the location where a user trace file can be created on the client computer, and you must turn on the \"Tracing\" option. If there are no preference items under User Configuration in this extension, no user trace file is created.\n\n2. Computer Configuration tracing: This preference extension is available under User Configuration only, so computer configuration tracing is not applicable.\n\n3. Group Policy Modeling query tracing: To perform tracing for items in this preference extension when you perform a Group Policy Modeling query, you must provide a path in the \"Planning trace\" box to the location where a planning trace file can be created on the computer where you run modeling, and you must turn on the \"Tracing\" option. If you are not performing Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Group Policy\\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}" ], "Elements": [ { "Type": "Enum", "ValueName": "LogLevel", "Items": [ { "DisplayName": "Informational, Warnings and Errors", "Data": "3" }, { "DisplayName": "Warnings and Errors", "Data": "2" }, { "DisplayName": "Errors Only", "Data": "1" }, { "DisplayName": "None", "Data": "0" } ] }, { "Type": "Enum", "ValueName": "TraceLevel", "Items": [ { "DisplayName": "On", "Data": "2" }, { "DisplayName": "Off", "Data": "0" } ] }, { "Type": "Text", "ValueName": "TraceFilePathUser", "Expandable": true }, { "Type": "Text", "ValueName": "TraceFilePathMachine", "Expandable": true }, { "Type": "Text", "ValueName": "TraceFilePathPlanning", "Expandable": true }, { "Type": "Decimal", "ValueName": "TraceFileMaxSize", "MinValue": "0", "MaxValue": "16384" } ] }, { "File": "GroupPolicyPreferencesLogging.admx", "CategoryName": "CSE_Logging", "PolicyName": "CSE_NetShares_Logging", "Class": "Machine", "NameSpace": "Microsoft.Policies.PreferencesLogging", "Supported": "WindowsXPSP2_Or_WindowsNET - At least Windows Server 2003 operating systems or Windows XP Professional with SP2", "DisplayName": "Configure Network Shares preference logging and tracing", "ExplainText": "This policy setting allows you to configure the level of detail recorded by event logging for the Network Shares preference extension, and to turn on tracing for the Network Shares extension. Logging and tracing provide diagnostic information for troubleshooting.\n\nIf you enable this policy setting, you can configure event logging and turn on tracing for the Network Shares extension for client computers.\n\nIf you disable or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off.\n\nNotes:\n\n1. User Configuration tracing: To perform tracing for items in this preference extension listed under User Configuration, you must provide a path in the \"User trace\" box to the location where a user trace file can be created on the client computer, and you must turn on the \"Tracing\" option. If there are no preference items under User Configuration in this extension, no user trace file is created.\n\n2. Computer Configuration tracing: This preference extension is available under User Configuration only, so computer configuration tracing is not applicable.\n\n3. Group Policy Modeling query tracing: To perform tracing for items in this preference extension when you perform a Group Policy Modeling query, you must provide a path in the \"Planning trace\" box to the location where a planning trace file can be created on the computer where you run modeling, and you must turn on the \"Tracing\" option. If you are not performing Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Group Policy\\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}" ], "Elements": [ { "Type": "Enum", "ValueName": "LogLevel", "Items": [ { "DisplayName": "Informational, Warnings and Errors", "Data": "3" }, { "DisplayName": "Warnings and Errors", "Data": "2" }, { "DisplayName": "Errors Only", "Data": "1" }, { "DisplayName": "None", "Data": "0" } ] }, { "Type": "Enum", "ValueName": "TraceLevel", "Items": [ { "DisplayName": "On", "Data": "2" }, { "DisplayName": "Off", "Data": "0" } ] }, { "Type": "Text", "ValueName": "TraceFilePathUser", "Expandable": true }, { "Type": "Text", "ValueName": "TraceFilePathMachine", "Expandable": true }, { "Type": "Text", "ValueName": "TraceFilePathPlanning", "Expandable": true }, { "Type": "Decimal", "ValueName": "TraceFileMaxSize", "MinValue": "0", "MaxValue": "16384" } ] }, { "File": "GroupPolicyPreferencesLogging.admx", "CategoryName": "CSE_Logging", "PolicyName": "CSE_PowerOptions_Logging", "Class": "Machine", "NameSpace": "Microsoft.Policies.PreferencesLogging", "Supported": "WindowsXPSP2_Or_WindowsNET - At least Windows Server 2003 operating systems or Windows XP Professional with SP2", "DisplayName": "Configure Power Options preference logging and tracing", "ExplainText": "This policy setting allows you to configure the level of detail recorded by event logging for the Power Options preference extension, and to turn on tracing for the Power Options extension. Logging and tracing provide diagnostic information for troubleshooting.\n\nIf you enable this policy setting, you can configure event logging and turn on tracing for the Power Options extension for client computers.\n\nIf you disable or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off.\n\nNotes:\n\n1. User Configuration tracing: To perform tracing for items in this preference extension listed under User Configuration, you must provide a path in the \"User trace\" box to the location where a user trace file can be created on the client computer, and you must turn on the \"Tracing\" option. If there are no preference items under User Configuration in this extension, no user trace file is created.\n\n2. Computer Configuration tracing: This preference extension is available under User Configuration only, so computer configuration tracing is not applicable.\n\n3. Group Policy Modeling query tracing: To perform tracing for items in this preference extension when you perform a Group Policy Modeling query, you must provide a path in the \"Planning trace\" box to the location where a planning trace file can be created on the computer where you run modeling, and you must turn on the \"Tracing\" option. If you are not performing Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Group Policy\\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}" ], "Elements": [ { "Type": "Enum", "ValueName": "LogLevel", "Items": [ { "DisplayName": "Informational, Warnings and Errors", "Data": "3" }, { "DisplayName": "Warnings and Errors", "Data": "2" }, { "DisplayName": "Errors Only", "Data": "1" }, { "DisplayName": "None", "Data": "0" } ] }, { "Type": "Enum", "ValueName": "TraceLevel", "Items": [ { "DisplayName": "On", "Data": "2" }, { "DisplayName": "Off", "Data": "0" } ] }, { "Type": "Text", "ValueName": "TraceFilePathUser", "Expandable": true }, { "Type": "Text", "ValueName": "TraceFilePathMachine", "Expandable": true }, { "Type": "Text", "ValueName": "TraceFilePathPlanning", "Expandable": true }, { "Type": "Decimal", "ValueName": "TraceFileMaxSize", "MinValue": "0", "MaxValue": "16384" } ] }, { "File": "GroupPolicyPreferencesLogging.admx", "CategoryName": "CSE_Logging", "PolicyName": "CSE_Printers_Logging", "Class": "Machine", "NameSpace": "Microsoft.Policies.PreferencesLogging", "Supported": "WindowsXPSP2_Or_WindowsNET - At least Windows Server 2003 operating systems or Windows XP Professional with SP2", "DisplayName": "Configure Printers preference logging and tracing", "ExplainText": "This policy setting allows you to configure the level of detail recorded by event logging for the Printers preference extension, and to turn on tracing for the Printers extension. Logging and tracing provide diagnostic information for troubleshooting.\n\nIf you enable this policy setting, you can configure event logging and turn on tracing for the Printers extension for client computers.\n\nIf you disable or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off.\n\nNotes:\n\n1. User Configuration tracing: To perform tracing for items in this preference extension listed under User Configuration, you must provide a path in the \"User trace\" box to the location where a user trace file can be created on the client computer, and you must turn on the \"Tracing\" option. If there are no preference items under User Configuration in this extension, no user trace file is created.\n\n2. Computer Configuration tracing: This preference extension is available under User Configuration only, so computer configuration tracing is not applicable.\n\n3. Group Policy Modeling query tracing: To perform tracing for items in this preference extension when you perform a Group Policy Modeling query, you must provide a path in the \"Planning trace\" box to the location where a planning trace file can be created on the computer where you run modeling, and you must turn on the \"Tracing\" option. If you are not performing Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Group Policy\\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}" ], "Elements": [ { "Type": "Enum", "ValueName": "LogLevel", "Items": [ { "DisplayName": "Informational, Warnings and Errors", "Data": "3" }, { "DisplayName": "Warnings and Errors", "Data": "2" }, { "DisplayName": "Errors Only", "Data": "1" }, { "DisplayName": "None", "Data": "0" } ] }, { "Type": "Enum", "ValueName": "TraceLevel", "Items": [ { "DisplayName": "On", "Data": "2" }, { "DisplayName": "Off", "Data": "0" } ] }, { "Type": "Text", "ValueName": "TraceFilePathUser", "Expandable": true }, { "Type": "Text", "ValueName": "TraceFilePathMachine", "Expandable": true }, { "Type": "Text", "ValueName": "TraceFilePathPlanning", "Expandable": true }, { "Type": "Decimal", "ValueName": "TraceFileMaxSize", "MinValue": "0", "MaxValue": "16384" } ] }, { "File": "GroupPolicyPreferencesLogging.admx", "CategoryName": "CSE_Logging", "PolicyName": "CSE_RegionalOptions_Logging", "Class": "Machine", "NameSpace": "Microsoft.Policies.PreferencesLogging", "Supported": "WindowsXPSP2_Or_WindowsNET - At least Windows Server 2003 operating systems or Windows XP Professional with SP2", "DisplayName": "Configure Regional Options preference logging and tracing", "ExplainText": "This policy setting allows you to configure the level of detail recorded by event logging for the Regional Options preference extension, and to turn on tracing for the Regional Options extension. Logging and tracing provide diagnostic information for troubleshooting.\n\nIf you enable this policy setting, you can configure event logging and turn on tracing for the Regional Options extension for client computers.\n\nIf you disable or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off.\n\nNotes:\n\n1. User Configuration tracing: To perform tracing for items in this preference extension listed under User Configuration, you must provide a path in the \"User trace\" box to the location where a user trace file can be created on the client computer, and you must turn on the \"Tracing\" option. If there are no preference items under User Configuration in this extension, no user trace file is created.\n\n2. Computer Configuration tracing: This preference extension is available under User Configuration only, so computer configuration tracing is not applicable.\n\n3. Group Policy Modeling query tracing: To perform tracing for items in this preference extension when you perform a Group Policy Modeling query, you must provide a path in the \"Planning trace\" box to the location where a planning trace file can be created on the computer where you run modeling, and you must turn on the \"Tracing\" option. If you are not performing Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Group Policy\\{E5094040-C46C-4115-B030-04FB2E545B00}" ], "Elements": [ { "Type": "Enum", "ValueName": "LogLevel", "Items": [ { "DisplayName": "Informational, Warnings and Errors", "Data": "3" }, { "DisplayName": "Warnings and Errors", "Data": "2" }, { "DisplayName": "Errors Only", "Data": "1" }, { "DisplayName": "None", "Data": "0" } ] }, { "Type": "Enum", "ValueName": "TraceLevel", "Items": [ { "DisplayName": "On", "Data": "2" }, { "DisplayName": "Off", "Data": "0" } ] }, { "Type": "Text", "ValueName": "TraceFilePathUser", "Expandable": true }, { "Type": "Text", "ValueName": "TraceFilePathMachine", "Expandable": true }, { "Type": "Text", "ValueName": "TraceFilePathPlanning", "Expandable": true }, { "Type": "Decimal", "ValueName": "TraceFileMaxSize", "MinValue": "0", "MaxValue": "16384" } ] }, { "File": "GroupPolicyPreferencesLogging.admx", "CategoryName": "CSE_Logging", "PolicyName": "CSE_PrefRegistry_Logging", "Class": "Machine", "NameSpace": "Microsoft.Policies.PreferencesLogging", "Supported": "WindowsXPSP2_Or_WindowsNET - At least Windows Server 2003 operating systems or Windows XP Professional with SP2", "DisplayName": "Configure Registry preference logging and tracing", "ExplainText": "This policy setting allows you to configure the level of detail recorded by event logging for the Registry preference extension, and to turn on tracing for the Registry extension. Logging and tracing provide diagnostic information for troubleshooting.\n\nIf you enable this policy setting, you can configure event logging and turn on tracing for the Registry extension for client computers.\n\nIf you disable or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off.\n\nNotes:\n\n1. User Configuration tracing: To perform tracing for items in this preference extension listed under User Configuration, you must provide a path in the \"User trace\" box to the location where a user trace file can be created on the client computer, and you must turn on the \"Tracing\" option. If there are no preference items under User Configuration in this extension, no user trace file is created.\n\n2. Computer Configuration tracing: This preference extension is available under User Configuration only, so computer configuration tracing is not applicable.\n\n3. Group Policy Modeling query tracing: To perform tracing for items in this preference extension when you perform a Group Policy Modeling query, you must provide a path in the \"Planning trace\" box to the location where a planning trace file can be created on the computer where you run modeling, and you must turn on the \"Tracing\" option. If you are not performing Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Group Policy\\{B087BE9D-ED37-454f-AF9C-04291E351182}" ], "Elements": [ { "Type": "Enum", "ValueName": "LogLevel", "Items": [ { "DisplayName": "Informational, Warnings and Errors", "Data": "3" }, { "DisplayName": "Warnings and Errors", "Data": "2" }, { "DisplayName": "Errors Only", "Data": "1" }, { "DisplayName": "None", "Data": "0" } ] }, { "Type": "Enum", "ValueName": "TraceLevel", "Items": [ { "DisplayName": "On", "Data": "2" }, { "DisplayName": "Off", "Data": "0" } ] }, { "Type": "Text", "ValueName": "TraceFilePathUser", "Expandable": true }, { "Type": "Text", "ValueName": "TraceFilePathMachine", "Expandable": true }, { "Type": "Text", "ValueName": "TraceFilePathPlanning", "Expandable": true }, { "Type": "Decimal", "ValueName": "TraceFileMaxSize", "MinValue": "0", "MaxValue": "16384" } ] }, { "File": "GroupPolicyPreferencesLogging.admx", "CategoryName": "CSE_Logging", "PolicyName": "CSE_ScheduledTasks_Logging", "Class": "Machine", "NameSpace": "Microsoft.Policies.PreferencesLogging", "Supported": "WindowsXPSP2_Or_WindowsNET - At least Windows Server 2003 operating systems or Windows XP Professional with SP2", "DisplayName": "Configure Scheduled Tasks preference logging and tracing", "ExplainText": "This policy setting allows you to configure the level of detail recorded by event logging for the Scheduled Tasks preference extension, and to turn on tracing for the Scheduled Tasks extension. Logging and tracing provide diagnostic information for troubleshooting.\n\nIf you enable this policy setting, you can configure event logging and turn on tracing for the Scheduled Tasks extension for client computers.\n\nIf you disable or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off.\n\nNotes:\n\n1. User Configuration tracing: To perform tracing for items in this preference extension listed under User Configuration, you must provide a path in the \"User trace\" box to the location where a user trace file can be created on the client computer, and you must turn on the \"Tracing\" option. If there are no preference items under User Configuration in this extension, no user trace file is created.\n\n2. Computer Configuration tracing: This preference extension is available under User Configuration only, so computer configuration tracing is not applicable.\n\n3. Group Policy Modeling query tracing: To perform tracing for items in this preference extension when you perform a Group Policy Modeling query, you must provide a path in the \"Planning trace\" box to the location where a planning trace file can be created on the computer where you run modeling, and you must turn on the \"Tracing\" option. If you are not performing Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Group Policy\\{AADCED64-746C-4633-A97C-D61349046527}" ], "Elements": [ { "Type": "Enum", "ValueName": "LogLevel", "Items": [ { "DisplayName": "Informational, Warnings and Errors", "Data": "3" }, { "DisplayName": "Warnings and Errors", "Data": "2" }, { "DisplayName": "Errors Only", "Data": "1" }, { "DisplayName": "None", "Data": "0" } ] }, { "Type": "Enum", "ValueName": "TraceLevel", "Items": [ { "DisplayName": "On", "Data": "2" }, { "DisplayName": "Off", "Data": "0" } ] }, { "Type": "Text", "ValueName": "TraceFilePathUser", "Expandable": true }, { "Type": "Text", "ValueName": "TraceFilePathMachine", "Expandable": true }, { "Type": "Text", "ValueName": "TraceFilePathPlanning", "Expandable": true }, { "Type": "Decimal", "ValueName": "TraceFileMaxSize", "MinValue": "0", "MaxValue": "16384" } ] }, { "File": "GroupPolicyPreferencesLogging.admx", "CategoryName": "CSE_Logging", "PolicyName": "CSE_Services_Logging", "Class": "Machine", "NameSpace": "Microsoft.Policies.PreferencesLogging", "Supported": "WindowsXPSP2_Or_WindowsNET - At least Windows Server 2003 operating systems or Windows XP Professional with SP2", "DisplayName": "Configure Services preference logging and tracing", "ExplainText": "This policy setting allows you to configure the level of detail recorded by event logging for the Services preference extension, and to turn on tracing for the Services extension. Logging and tracing provide diagnostic information for troubleshooting.\n\nIf you enable this policy setting, you can configure event logging and turn on tracing for the Services extension for client computers.\n\nIf you disable or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off.\n\nNotes:\n\n1. User Configuration tracing: To perform tracing for items in this preference extension listed under User Configuration, you must provide a path in the \"User trace\" box to the location where a user trace file can be created on the client computer, and you must turn on the \"Tracing\" option. If there are no preference items under User Configuration in this extension, no user trace file is created.\n\n2. Computer Configuration tracing: This preference extension is available under User Configuration only, so computer configuration tracing is not applicable.\n\n3. Group Policy Modeling query tracing: To perform tracing for items in this preference extension when you perform a Group Policy Modeling query, you must provide a path in the \"Planning trace\" box to the location where a planning trace file can be created on the computer where you run modeling, and you must turn on the \"Tracing\" option. If you are not performing Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Group Policy\\{91FBB303-0CD5-4055-BF42-E512A681B325}" ], "Elements": [ { "Type": "Enum", "ValueName": "LogLevel", "Items": [ { "DisplayName": "Informational, Warnings and Errors", "Data": "3" }, { "DisplayName": "Warnings and Errors", "Data": "2" }, { "DisplayName": "Errors Only", "Data": "1" }, { "DisplayName": "None", "Data": "0" } ] }, { "Type": "Enum", "ValueName": "TraceLevel", "Items": [ { "DisplayName": "On", "Data": "2" }, { "DisplayName": "Off", "Data": "0" } ] }, { "Type": "Text", "ValueName": "TraceFilePathUser", "Expandable": true }, { "Type": "Text", "ValueName": "TraceFilePathMachine", "Expandable": true }, { "Type": "Text", "ValueName": "TraceFilePathPlanning", "Expandable": true }, { "Type": "Decimal", "ValueName": "TraceFileMaxSize", "MinValue": "0", "MaxValue": "16384" } ] }, { "File": "GroupPolicyPreferencesLogging.admx", "CategoryName": "CSE_Logging", "PolicyName": "CSE_Shortcuts_Logging", "Class": "Machine", "NameSpace": "Microsoft.Policies.PreferencesLogging", "Supported": "WindowsXPSP2_Or_WindowsNET - At least Windows Server 2003 operating systems or Windows XP Professional with SP2", "DisplayName": "Configure Shortcuts preference logging and tracing", "ExplainText": "This policy setting allows you to configure the level of detail recorded by event logging for the Shortcuts preference extension, and to turn on tracing for the Shortcuts extension. Logging and tracing provide diagnostic information for troubleshooting.\n\nIf you enable this policy setting, you can configure event logging and turn on tracing for the Shortcuts extension for client computers.\n\nIf you disable or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off.\n\nNotes:\n\n1. User Configuration tracing: To perform tracing for items in this preference extension listed under User Configuration, you must provide a path in the \"User trace\" box to the location where a user trace file can be created on the client computer, and you must turn on the \"Tracing\" option. If there are no preference items under User Configuration in this extension, no user trace file is created.\n\n2. Computer Configuration tracing: This preference extension is available under User Configuration only, so computer configuration tracing is not applicable.\n\n3. Group Policy Modeling query tracing: To perform tracing for items in this preference extension when you perform a Group Policy Modeling query, you must provide a path in the \"Planning trace\" box to the location where a planning trace file can be created on the computer where you run modeling, and you must turn on the \"Tracing\" option. If you are not performing Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Group Policy\\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}" ], "Elements": [ { "Type": "Enum", "ValueName": "LogLevel", "Items": [ { "DisplayName": "Informational, Warnings and Errors", "Data": "3" }, { "DisplayName": "Warnings and Errors", "Data": "2" }, { "DisplayName": "Errors Only", "Data": "1" }, { "DisplayName": "None", "Data": "0" } ] }, { "Type": "Enum", "ValueName": "TraceLevel", "Items": [ { "DisplayName": "On", "Data": "2" }, { "DisplayName": "Off", "Data": "0" } ] }, { "Type": "Text", "ValueName": "TraceFilePathUser", "Expandable": true }, { "Type": "Text", "ValueName": "TraceFilePathMachine", "Expandable": true }, { "Type": "Text", "ValueName": "TraceFilePathPlanning", "Expandable": true }, { "Type": "Decimal", "ValueName": "TraceFileMaxSize", "MinValue": "0", "MaxValue": "16384" } ] }, { "File": "GroupPolicyPreferencesLogging.admx", "CategoryName": "CSE_Logging", "PolicyName": "CSE_StartMenu_Logging", "Class": "Machine", "NameSpace": "Microsoft.Policies.PreferencesLogging", "Supported": "WindowsXPSP2_Or_WindowsNET - At least Windows Server 2003 operating systems or Windows XP Professional with SP2", "DisplayName": "Configure Start Menu preference logging and tracing", "ExplainText": "This policy setting allows you to configure the level of detail recorded by event logging for the Start Menu preference extension, and to turn on tracing for the Start Menu extension. Logging and tracing provide diagnostic information for troubleshooting.\n\nIf you enable this policy setting, you can configure event logging and turn on tracing for the Start Menu extension for client computers.\n\nIf you disable or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off.\n\nNotes:\n\n1. User Configuration tracing: To perform tracing for items in this preference extension listed under User Configuration, you must provide a path in the \"User trace\" box to the location where a user trace file can be created on the client computer, and you must turn on the \"Tracing\" option. If there are no preference items under User Configuration in this extension, no user trace file is created.\n\n2. Computer Configuration tracing: This preference extension is available under User Configuration only, so computer configuration tracing is not applicable.\n\n3. Group Policy Modeling query tracing: To perform tracing for items in this preference extension when you perform a Group Policy Modeling query, you must provide a path in the \"Planning trace\" box to the location where a planning trace file can be created on the computer where you run modeling, and you must turn on the \"Tracing\" option. If you are not performing Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Group Policy\\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}" ], "Elements": [ { "Type": "Enum", "ValueName": "LogLevel", "Items": [ { "DisplayName": "Informational, Warnings and Errors", "Data": "3" }, { "DisplayName": "Warnings and Errors", "Data": "2" }, { "DisplayName": "Errors Only", "Data": "1" }, { "DisplayName": "None", "Data": "0" } ] }, { "Type": "Enum", "ValueName": "TraceLevel", "Items": [ { "DisplayName": "On", "Data": "2" }, { "DisplayName": "Off", "Data": "0" } ] }, { "Type": "Text", "ValueName": "TraceFilePathUser", "Expandable": true }, { "Type": "Text", "ValueName": "TraceFilePathPlanning", "Expandable": true }, { "Type": "Decimal", "ValueName": "TraceFileMaxSize", "MinValue": "0", "MaxValue": "16384" } ] }, { "File": "Handwriting.admx", "CategoryName": "Handwriting", "PolicyName": "PanelDefaultModeDocked", "Class": "Machine", "NameSpace": "Microsoft.Policies.Handwriting", "Supported": "Windows_10_0_RS3 - At least Windows Server 2016, Windows 10 Version 1709", "DisplayName": "Handwriting Panel Default Mode Docked", "ExplainText": "The handwriting panel has 2 modes - floats near the text box, or, attached to the bottom of the screen. Default is floating near text box. If you want the panel to be fixed, use this policy to fix it to the bottom.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Handwriting" ], "ValueName": "PanelDefaultModeDocked", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Help.admx", "CategoryName": "System", "PolicyName": "HelpQualifiedRootDir_Comp", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsHelp", "Supported": "IE6SP1 - At least Internet Explorer 6 Service Pack 1", "DisplayName": "Restrict potentially unsafe HTML Help functions to specified folders", "ExplainText": "This policy setting allows you to restrict certain HTML Help commands to function only in HTML Help (.chm) files within specified folders and their subfolders. Alternatively, you can disable these commands on the entire system. It is strongly recommended that only folders requiring administrative privileges be added to this policy setting.\n\nIf you enable this policy setting, the commands function only for .chm files in the specified folders and their subfolders.\n\nTo restrict the commands to one or more folders, enable the policy setting and enter the desired folders in the text box on the Settings tab of the Policy Properties dialog box. Use a semicolon to separate folders. For example, to restrict the commands to only .chm files in the %windir%\\help folder and D:\\somefolder, add the following string to the edit box: \"%windir%\\help;D:\\somefolder\".\n\nNote: An environment variable may be used, (for example, %windir%), as long as it is defined on the system. For example, %programfiles% is not defined on some early versions of Windows.\n\nThe \"Shortcut\" command is used to add a link to a Help topic, and runs executables that are external to the Help file. The \"WinHelp\" command is used to add a link to a Help topic, and runs a WinHLP32.exe Help (.hlp) file.\n\nTo disallow the \"Shortcut\" and \"WinHelp\" commands on the entire local system, enable the policy setting and leave the text box on the Settings tab of the Policy Properties dialog box blank.\n\nIf you disable or do not configure this policy setting, these commands are fully functional for all Help files.\n\nNote: Only folders on the local computer can be specified in this policy setting. You cannot use this policy setting to enable the \"Shortcut\" and \"WinHelp\" commands for .chm files that are stored on mapped drives or accessed using UNC paths.\n\nFor additional options, see the \"Restrict these programs from being launched from Help\" policy.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "Elements": [ { "Type": "Text", "ValueName": "HelpQualifiedRootDir" } ] }, { "File": "Help.admx", "CategoryName": "System", "PolicyName": "RestrictRunFromHelp", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsHelp", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Restrict these programs from being launched from Help", "ExplainText": "This policy setting allows you to restrict programs from being run from online Help.\n\nIf you enable this policy setting, you can prevent specified programs from being run from Help. When you enable this policy setting, enter the file names names of the programs you want to restrict, separated by commas.\n\nIf you disable or do not configure this policy setting, users can run all applications from online Help.\n\nNote: You can also restrict users from running applications by using the Software Restriction Policy settings available in Computer Configuration\\Security Settings.\n\nNote: This policy setting is available under Computer Configuration and User Configuration. If both are settings are used, any programs listed in either of these locations cannot launched from Help", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\System" ], "Elements": [ { "Type": "Text", "ValueName": "DisableInHelp", "Required": true } ] }, { "File": "Help.admx", "CategoryName": "System", "PolicyName": "RestrictRunFromHelp_Comp", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsHelp", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Restrict these programs from being launched from Help", "ExplainText": "This policy setting allows you to restrict programs from being run from online Help.\n\nIf you enable this policy setting, you can prevent specified programs from being run from Help. When you enable this policy setting, enter the file names names of the programs you want to restrict, separated by commas.\n\nIf you disable or do not configure this policy setting, users can run all applications from online Help.\n\nNote: You can also restrict users from running applications by using the Software Restriction Policy settings available in Computer Configuration\\Security Settings.\n\nNote: This policy setting is available under Computer Configuration and User Configuration. If both are settings are used, any programs listed in either of these locations cannot launched from Help", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "Elements": [ { "Type": "Text", "ValueName": "DisableInHelp", "Required": true } ] }, { "File": "Help.admx", "CategoryName": "System", "PolicyName": "DisableHHDEP", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsHelp", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Turn off Data Execution Prevention for HTML Help Executible", "ExplainText": "This policy setting allows you to exclude HTML Help Executable from being monitored by software-enforced Data Execution Prevention.\n\nData Execution Prevention (DEP) is designed to block malicious code that takes advantage of exception-handling mechanisms in Windows by monitoring your programs to make sure that they use system memory safely.\n\nIf you enable this policy setting, DEP for HTML Help Executable is turned off. This will allow certain legacy ActiveX controls to function without DEP shutting down HTML Help Executable.\n\nIf you disable or do not configure this policy setting, DEP is turned on for HTML Help Executable. This provides an additional security benefit, but HTLM Help stops if DEP detects system memory abnormalities.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "DisableHHDEP", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "HelpAndSupport.admx", "CategoryName": "Assistance", "PolicyName": "ActiveHelp", "Class": "Machine", "NameSpace": "Microsoft.Policies.HelpAndSupport", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn off Active Help", "ExplainText": "This policy setting specifies whether active content links in trusted assistance content are rendered. By default, the Help viewer renders trusted assistance content with active elements such as ShellExecute links and Guided Help links.\n\nIf you enable this policy setting, active content links are not rendered. The text is displayed, but there are no clickable links for these elements.\n\nIf you disable or do not configure this policy setting, the default behavior applies (Help viewer renders trusted assistance content with active elements).", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Assistance\\Client\\1.0" ], "ValueName": "NoActiveHelp", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "HelpAndSupport.admx", "CategoryName": "InternetManagement_Settings", "PolicyName": "HPExplicitFeedback", "Class": "User", "NameSpace": "Microsoft.Policies.HelpAndSupport", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn off Help Ratings", "ExplainText": "This policy setting specifies whether users can provide ratings for Help content.\n\nIf you enable this policy setting, ratings controls are not added to Help content.\n\nIf you disable or do not configure this policy setting, ratings controls are added to Help topics.\n\nUsers can use the control to provide feedback on the quality and usefulness of the Help and Support content.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Assistance\\Client\\1.0" ], "ValueName": "NoExplicitFeedback", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "HelpAndSupport.admx", "CategoryName": "InternetManagement_Settings", "PolicyName": "HPImplicitFeedback", "Class": "User", "NameSpace": "Microsoft.Policies.HelpAndSupport", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn off Help Experience Improvement Program", "ExplainText": "This policy setting specifies whether users can participate in the Help Experience Improvement program. The Help Experience Improvement program collects information about how customers use Windows Help so that Microsoft can improve it.\n\nIf you enable this policy setting, users cannot participate in the Help Experience Improvement program.\n\nIf you disable or do not configure this policy setting, users can turn on the Help Experience Improvement program feature from the Help and Support settings page.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Assistance\\Client\\1.0" ], "ValueName": "NoImplicitFeedback", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "HelpAndSupport.admx", "CategoryName": "InternetManagement_Settings", "PolicyName": "HPOnlineAssistance", "Class": "User", "NameSpace": "Microsoft.Policies.HelpAndSupport", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn off Windows Online", "ExplainText": "This policy setting specifies whether users can search and view content from Windows Online in Help and Support. Windows Online provides the most up-to-date Help content for Windows.\n\nIf you enable this policy setting, users are prevented from accessing online assistance content from Windows Online.\n\nIf you disable or do not configure this policy setting, users can access online assistance if they have a connection to the Internet and have not disabled Windows Online from the Help and Support Options page.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Assistance\\Client\\1.0" ], "ValueName": "NoOnlineAssist", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "hotspotauth.admx", "CategoryName": "HotspotAuth_Category", "PolicyName": "HotspotAuth_Enable", "Class": "Machine", "NameSpace": "Microsoft.Policies.HotspotAuthentication", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Enable Hotspot Authentication", "ExplainText": "This policy setting defines whether WLAN hotspots are probed for Wireless Internet Service Provider roaming (WISPr) protocol support.\n\nIf a WLAN hotspot supports the WISPr protocol, users can submit credentials when manually connecting to the network. If authentication is successful, users will be connected automatically on subsequent attempts. Credentials can also be configured by network operators.\n\nIf you enable this policy setting, or if you do not configure this policy setting, WLAN hotspots are automatically probed for WISPR protocol support.\n\nIf you disable this policy setting, WLAN hotspots are not probed for WISPr protocol support, and users can only authenticate with WLAN hotspots using a web browser.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\HotspotAuthentication" ], "ValueName": "Enabled", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ICM.admx", "CategoryName": "InternetManagement", "PolicyName": "InternetManagement_RestrictCommunication_1", "Class": "User", "NameSpace": "Microsoft.Policies.InternetCommunicationManagement", "Supported": "WindowsXPSP2 - At least Windows XP Professional with SP2", "DisplayName": "Restrict Internet communication", "ExplainText": "This policy setting specifies whether Windows can access the Internet to accomplish tasks that require Internet resources.\n\nIf you enable this setting, all of the the policy settings listed in the \"Internet Communication settings\" section are set such that their respective features cannot access the Internet.\n\nIf you disable this policy setting, all of the the policy settings listed in the \"Internet Communication settings\" section are set such that their respective features can access the Internet.\n\nIf you do not configure this policy setting, all of the the policy settings in the \"Internet Communication settings\" section are set to not configured.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\InternetManagement" ], "ValueName": "RestrictCommunication", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" }, { "Type": "EnabledList", "ValueName": "NoPublishingWizard", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "NoWebServices", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "NoGenTicket", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "AllowWindowsEntitlementReactivation", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "NoOnlinePrintsWizard", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "CEIP", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Messenger\\Client" ], "Data": "2" }, { "Type": "EnabledList", "ValueName": "NoInternetOpenWith", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "DisableHTTPPrinting", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows NT\\Printers" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "DisableWebPnPDownload", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows NT\\Printers" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "PreventHandwritingErrorReports", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\HandwritingErrorReports" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "PreventHandwritingDataSharing", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\TabletPC" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "NoOnlineAssist", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Assistance\\Client\\1.0" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "NoExplicitFeedback", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Assistance\\Client\\1.0" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "NoImplicitFeedback", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Assistance\\Client\\1.0" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "WebHelp", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\WindowsMovieMaker" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "CodecDownload", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\WindowsMovieMaker" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "WebPublish", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\WindowsMovieMaker" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "NoPublishingWizard", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "NoWebServices", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "NoGenTicket", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "AllowWindowsEntitlementReactivation", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "NoOnlinePrintsWizard", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "CEIP", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Messenger\\Client" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "NoInternetOpenWith", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "DisableHTTPPrinting", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows NT\\Printers" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "DisableWebPnPDownload", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows NT\\Printers" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "PreventHandwritingErrorReports", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\HandwritingErrorReports" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "PreventHandwritingDataSharing", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\TabletPC" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "NoOnlineAssist", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Assistance\\Client\\1.0" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "NoExplicitFeedback", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Assistance\\Client\\1.0" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "NoImplicitFeedback", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Assistance\\Client\\1.0" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "WebHelp", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\WindowsMovieMaker" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "CodecDownload", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\WindowsMovieMaker" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "WebPublish", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\WindowsMovieMaker" ], "Data": "0" } ] }, { "File": "ICM.admx", "CategoryName": "InternetManagement", "PolicyName": "InternetManagement_RestrictCommunication_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.InternetCommunicationManagement", "Supported": "WindowsXPSP2 - At least Windows XP Professional with SP2", "DisplayName": "Restrict Internet communication", "ExplainText": "This policy setting specifies whether Windows can access the Internet to accomplish tasks that require Internet resources.\n\nIf you enable this setting, all of the the policy settings listed in the \"Internet Communication settings\" section are set such that their respective features cannot access the Internet.\n\nIf you disable this policy setting, all of the the policy settings listed in the \"Internet Communication settings\" section are set such that their respective features can access the Internet.\n\nIf you do not configure this policy setting, all of the the policy settings in the \"Internet Communication settings\" section are set to not configured.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\InternetManagement" ], "ValueName": "RestrictCommunication", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" }, { "Type": "EnabledList", "ValueName": "NoPublishingWizard", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "NoWebServices", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "NoGenTicket", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "AllowWindowsEntitlementReactivation", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "NoOnlinePrintsWizard", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "CEIP", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Messenger\\Client" ], "Data": "2" }, { "Type": "EnabledList", "ValueName": "Headlines", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\PCHealth\\HelpSvc" ], "Data": "0" }, { "Type": "EnabledList", "ValueName": "MicrosoftKBSearch", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\PCHealth\\HelpSvc" ], "Data": "0" }, { "Type": "EnabledList", "ValueName": "DoReport", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\PCHealth\\ErrorReporting" ], "Data": "0" }, { "Type": "EnabledList", "ValueName": "Disabled", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Windows Error Reporting" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "NoInternetOpenWith", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "ExitOnMSICW", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Internet Connection Wizard" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftEventVwrDisableLinks", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\EventViewer" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "DisableRootAutoUpdate", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\AuthRoot" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "NoRegistration", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Registration Wizard Control" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "DisableContentFileUpdates", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\SearchCompanion" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "DisableHTTPPrinting", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "DisableWebPnPDownload", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "DontSearchWindowsUpdate", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DriverSearching" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "DisableWindowsUpdateAccess", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "PreventHandwritingErrorReports", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\HandwritingErrorReports" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "PreventHandwritingDataSharing", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\TabletPC" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "WebHelp", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\WindowsMovieMaker" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "CodecDownload", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\WindowsMovieMaker" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "WebPublish", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\WindowsMovieMaker" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "CEIPEnable", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\SQMClient\\Windows" ], "Data": "0" }, { "Type": "EnabledList", "ValueName": "NoActiveProbe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\NetworkConnectivityStatusIndicator" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "NoPublishingWizard", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "NoWebServices", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "NoGenTicket", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "AllowWindowsEntitlementReactivation", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "NoOnlinePrintsWizard", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "CEIP", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Messenger\\Client" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "Headlines", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\PCHealth\\HelpSvc" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftKBSearch", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\PCHealth\\HelpSvc" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "DoReport", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\PCHealth\\ErrorReporting" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "Disabled", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Windows Error Reporting" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "NoInternetOpenWith", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "NoAutoUpdate", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "ExitOnMSICW", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Internet Connection Wizard" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftEventVwrDisableLinks", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\EventViewer" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "DisableRootAutoUpdate", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\AuthRoot" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "NoRegistration", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Registration Wizard Control" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "DisableContentFileUpdates", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\SearchCompanion" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "DisableHTTPPrinting", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "DisableWebPnPDownload", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "DontSearchWindowsUpdate", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DriverSearching" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "DisableWindowsUpdateAccess", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "PreventHandwritingErrorReports", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\HandwritingErrorReports" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "PreventHandwritingDataSharing", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\TabletPC" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "WebHelp", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\WindowsMovieMaker" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "CodecDownload", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\WindowsMovieMaker" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "WebPublish", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\WindowsMovieMaker" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "CEIPEnable", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\SQMClient\\Windows" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "NoActiveProbe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\NetworkConnectivityStatusIndicator" ], "Data": "0" } ] }, { "File": "ICM.admx", "CategoryName": "InternetManagement_Settings", "PolicyName": "CertMgr_DisableAutoRootUpdates", "Class": "Machine", "NameSpace": "Microsoft.Policies.InternetCommunicationManagement", "Supported": "WindowsXPSP2_Or_WindowsNETSP1 - At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2", "DisplayName": "Turn off Automatic Root Certificates Update", "ExplainText": "This policy setting specifies whether to automatically update root certificates using the Windows Update website.\n\nTypically, a certificate is used when you use a secure website or when you send and receive secure email. Anyone can issue certificates, but to have transactions that are as secure as possible, certificates must be issued by a trusted certificate authority (CA). Microsoft has included a list in Windows XP and other products of companies and organizations that it considers trusted authorities.\n\nIf you enable this policy setting, when you are presented with a certificate issued by an untrusted root authority, your computer will not contact the Windows Update website to see if Microsoft has added the CA to its list of trusted authorities.\n\nIf you disable or do not configure this policy setting, your computer will contact the Windows Update website.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\SystemCertificates\\AuthRoot" ], "ValueName": "DisableRootAutoUpdate", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ICM.admx", "CategoryName": "InternetManagement_Settings", "PolicyName": "DisableHTTPPrinting_1", "Class": "User", "NameSpace": "Microsoft.Policies.InternetCommunicationManagement", "Supported": "WindowsXPSP2 - At least Windows XP Professional with SP2", "DisplayName": "Turn off printing over HTTP", "ExplainText": "This policy setting specifies whether to allow printing over HTTP from this client.\n\nPrinting over HTTP allows a client to print to printers on the intranet as well as the Internet.\n\nNote: This policy setting affects the client side of Internet printing only. It does not prevent this computer from acting as an Internet Printing server and making its shared printers available via HTTP.\n\nIf you enable this policy setting, it prevents this client from printing to Internet printers over HTTP.\n\nIf you disable or do not configure this policy setting, users can choose to print to Internet printers over HTTP.\n\nAlso, see the \"Web-based printing\" policy setting in Computer Configuration/Administrative Templates/Printers.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows NT\\Printers" ], "ValueName": "DisableHTTPPrinting", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ICM.admx", "CategoryName": "InternetManagement_Settings", "PolicyName": "DisableHTTPPrinting_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.InternetCommunicationManagement", "Supported": "WindowsXPSP2_Or_WindowsNETSP1 - At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2", "DisplayName": "Turn off printing over HTTP", "ExplainText": "This policy setting specifies whether to allow printing over HTTP from this client.\n\nPrinting over HTTP allows a client to print to printers on the intranet as well as the Internet.\n\nNote: This policy setting affects the client side of Internet printing only. It does not prevent this computer from acting as an Internet Printing server and making its shared printers available via HTTP.\n\nIf you enable this policy setting, it prevents this client from printing to Internet printers over HTTP.\n\nIf you disable or do not configure this policy setting, users can choose to print to Internet printers over HTTP.\n\nAlso, see the \"Web-based printing\" policy setting in Computer Configuration/Administrative Templates/Printers.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers" ], "ValueName": "DisableHTTPPrinting", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ICM.admx", "CategoryName": "InternetManagement_Settings", "PolicyName": "DisableWebPnPDownload_1", "Class": "User", "NameSpace": "Microsoft.Policies.InternetCommunicationManagement", "Supported": "WindowsXPSP2 - At least Windows XP Professional with SP2", "DisplayName": "Turn off downloading of print drivers over HTTP", "ExplainText": "This policy setting specifies whether to allow this client to download print driver packages over HTTP.\n\nTo set up HTTP printing, non-inbox drivers need to be downloaded over HTTP.\n\nNote: This policy setting does not prevent the client from printing to printers on the Intranet or the Internet over HTTP. It only prohibits downloading drivers that are not already installed locally.\n\nIf you enable this policy setting, print drivers cannot be downloaded over HTTP.\n\nIf you disable or do not configure this policy setting, users can download print drivers over HTTP.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows NT\\Printers" ], "ValueName": "DisableWebPnPDownload", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ICM.admx", "CategoryName": "InternetManagement_Settings", "PolicyName": "DisableWebPnPDownload_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.InternetCommunicationManagement", "Supported": "WindowsXPSP2_Or_WindowsNETSP1 - At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2", "DisplayName": "Turn off downloading of print drivers over HTTP", "ExplainText": "This policy setting specifies whether to allow this client to download print driver packages over HTTP.\n\nTo set up HTTP printing, non-inbox drivers need to be downloaded over HTTP.\n\nNote: This policy setting does not prevent the client from printing to printers on the Intranet or the Internet over HTTP. It only prohibits downloading drivers that are not already installed locally.\n\nIf you enable this policy setting, print drivers cannot be downloaded over HTTP.\n\nIf you disable or do not configure this policy setting, users can download print drivers over HTTP.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers" ], "ValueName": "DisableWebPnPDownload", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ICM.admx", "CategoryName": "InternetManagement_Settings", "PolicyName": "DriverSearchPlaces_DontSearchWindowsUpdate", "Class": "Machine", "NameSpace": "Microsoft.Policies.InternetCommunicationManagement", "Supported": "WindowsVistaToXPSP2 - Windows Server 2008, Windows Server 2003, Windows Vista, and Windows XP SP2", "DisplayName": "Turn off Windows Update device driver searching", "ExplainText": "This policy setting specifies whether Windows searches Windows Update for device drivers when no local drivers for a device are present.\n\nIf you enable this policy setting, Windows Update is not searched when a new device is installed.\n\nIf you disable this policy setting, Windows Update is always searched for drivers when no local drivers are present.\n\nIf you do not configure this policy setting, searching Windows Update is optional when installing a device.\n\nAlso see \"Turn off Windows Update device driver search prompt\" in \"Administrative Templates/System,\" which governs whether an administrator is prompted before searching Windows Update for device drivers if a driver is not found locally.\n\nNote: This policy setting is replaced by \"Specify Driver Source Search Order\" in \"Administrative Templates/System/Device Installation\" on newer versions of Windows.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\DriverSearching" ], "ValueName": "DontSearchWindowsUpdate", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ICM.admx", "CategoryName": "InternetManagement_Settings", "PolicyName": "EventViewer_DisableLinks", "Class": "Machine", "NameSpace": "Microsoft.Policies.InternetCommunicationManagement", "Supported": "WindowsXPSP2_Or_WindowsNETSP1 - At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2", "DisplayName": "Turn off Event Viewer \"Events.asp\" links", "ExplainText": "This policy setting specifies whether \"Events.asp\" hyperlinks are available for events within the Event Viewer application.\n\nThe Event Viewer normally makes all HTTP(S) URLs into hyperlinks that activate the Internet browser when clicked. In addition, \"More Information\" is placed at the end of the description text if the event is created by a Microsoft component. This text contains a link (URL) that, if clicked, sends information about the event to Microsoft, and allows users to learn more about why that event occurred.\n\nIf you enable this policy setting, event description hyperlinks are not activated and the text \"More Information\" is not displayed at the end of the description.\n\nIf you disable or do not configure this policy setting, the user can click the hyperlink, which prompts the user and then sends information about the event over the Internet to Microsoft. Also, see \"Events.asp URL\", \"Events.asp program\", and \"Events.asp Program Command Line Parameters\" settings in \"Administrative Templates/Windows Components/Event Viewer\".", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\EventViewer" ], "ValueName": "MicrosoftEventVwrDisableLinks", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ICM.admx", "CategoryName": "InternetManagement_Settings", "PolicyName": "HSS_HeadlinesPolicy", "Class": "Machine", "NameSpace": "Microsoft.Policies.InternetCommunicationManagement", "Supported": "WindowsXPSP2_Or_WindowsNETSP1 - At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2", "DisplayName": "Turn off Help and Support Center \"Did you know?\" content", "ExplainText": "This policy setting specifies whether to show the \"Did you know?\" section of Help and Support Center.\n\nThis content is dynamically updated when users who are connected to the Internet open Help and Support Center, and provides up-to-date information about Windows and the computer.\n\nIf you enable this policy setting, the Help and Support Center no longer retrieves nor displays \"Did you know?\" content.\n\nIf you disable or do not configure this policy setting, the Help and Support Center retrieves and displays \"Did you know?\" content.\n\nYou might want to enable this policy setting for users who do not have Internet access, because the content in the \"Did you know?\" section will remain static indefinitely without an Internet connection.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\PCHealth\\HelpSvc" ], "ValueName": "Headlines", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "ICM.admx", "CategoryName": "InternetManagement_Settings", "PolicyName": "HSS_KBSearchPolicy", "Class": "Machine", "NameSpace": "Microsoft.Policies.InternetCommunicationManagement", "Supported": "WindowsXPSP2_Or_WindowsNETSP1 - At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2", "DisplayName": "Turn off Help and Support Center Microsoft Knowledge Base search", "ExplainText": "This policy setting specifies whether users can perform a Microsoft Knowledge Base search from the Help and Support Center.\n\nThe Knowledge Base is an online source of technical support information and self-help tools for Microsoft products, and is searched as part of all Help and Support Center searches with the default search options.\n\nIf you enable this policy setting, it removes the Knowledge Base section from the Help and Support Center \"Set search options\" page, and only Help content on the local computer is searched.\n\nIf you disable or do not configure this policy setting, the Knowledge Base is searched if the user has a connection to the Internet and has not disabled the Knowledge Base search from the Search Options page.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\PCHealth\\HelpSvc" ], "ValueName": "MicrosoftKBSearch", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "ICM.admx", "CategoryName": "InternetManagement_Settings", "PolicyName": "NC_ExitOnISP", "Class": "Machine", "NameSpace": "Microsoft.Policies.InternetCommunicationManagement", "Supported": "WindowsXPSP2_Or_WindowsNETSP1 - At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2", "DisplayName": "Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com", "ExplainText": "This policy setting specifies whether the Internet Connection Wizard can connect to Microsoft to download a list of Internet Service Providers (ISPs).\n\nIf you enable this policy setting, the \"Choose a list of Internet Service Providers\" path in the Internet Connection Wizard causes the wizard to exit. This prevents users from retrieving the list of ISPs, which resides on Microsoft servers.\n\nIf you disable or do not configure this policy setting, users can connect to Microsoft to download a list of ISPs for their area.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Internet Connection Wizard" ], "ValueName": "ExitOnMSICW", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ICM.admx", "CategoryName": "InternetManagement_Settings", "PolicyName": "NC_NoRegistration", "Class": "Machine", "NameSpace": "Microsoft.Policies.InternetCommunicationManagement", "Supported": "WindowsXPSP2_Or_WindowsNETSP1 - At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2", "DisplayName": "Turn off Registration if URL connection is referring to Microsoft.com", "ExplainText": "This policy setting specifies whether the Windows Registration Wizard connects to Microsoft.com for online registration.\n\nIf you enable this policy setting, it blocks users from connecting to Microsoft.com for online registration and users cannot register their copy of Windows online.\n\nIf you disable or do not configure this policy setting, users can connect to Microsoft.com to complete the online Windows Registration.\n\nNote that registration is optional and involves submitting some personal information to Microsoft. However, Windows Product Activation is required but does not involve submitting any personal information (except the country/region you live in).", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Registration Wizard Control" ], "ValueName": "NoRegistration", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ICM.admx", "CategoryName": "InternetManagement_Settings", "PolicyName": "PCH_DoNotReport", "Class": "Machine", "NameSpace": "Microsoft.Policies.InternetCommunicationManagement", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Turn off Windows Error Reporting", "ExplainText": "This policy setting controls whether or not errors are reported to Microsoft.\n\nError Reporting is used to report information about a system or application that has failed or has stopped responding and is used to improve the quality of the product.\n\nIf you enable this policy setting, users are not given the option to report errors.\n\nIf you disable or do not configure this policy setting, the errors may be reported to Microsoft via the Internet or to a corporate file share.\n\nThis policy setting overrides any user setting made from the Control Panel for error reporting.\n\nAlso see the \"Configure Error Reporting\", \"Display Error Notification\" and \"Disable Windows Error Reporting\" policy settings under Computer Configuration/Administrative Templates/Windows Components/Windows Error Reporting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\PCHealth\\ErrorReporting" ], "Elements": [ { "Type": "EnabledList", "ValueName": "DoReport", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\PCHealth\\ErrorReporting" ], "Data": "0" }, { "Type": "EnabledList", "ValueName": "Disabled", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Windows Error Reporting" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "DoReport", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\PCHealth\\ErrorReporting" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "Disabled", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Windows Error Reporting" ], "Data": "0" } ] }, { "File": "ICM.admx", "CategoryName": "InternetManagement_Settings", "PolicyName": "RemoveWindowsUpdate_ICM", "Class": "Machine", "NameSpace": "Microsoft.Policies.InternetCommunicationManagement", "Supported": "WindowsUpdate - At least Windows Server 2003 operating systems, Windows XP Professional Service Pack 1, or Windows 2000 Service Pack 3", "DisplayName": "Turn off access to all Windows Update features", "ExplainText": "This policy setting allows you to remove access to Windows Update.\n\nIf you enable this policy setting, all Windows Update features are removed. This includes blocking access to the Windows Update website at http://windowsupdate.microsoft.com, from the Windows Update hyperlink on the Start menu, and also on the Tools menu in Internet Explorer. Windows automatic updating is also disabled; you will neither be notified about nor will you receive critical updates from Windows Update. This policy setting also prevents Device Manager from automatically installing driver updates from the Windows Update website.\n\nIf you disable or do not configure this policy setting, users can access the Windows Update website and enable automatic updating to receive notifications and critical updates from Windows Update.\n\nNote: This policy applies only when this PC is configured to connect to an intranet update service using the \"Specify intranet Microsoft update service location\" policy.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate" ], "ValueName": "DisableWindowsUpdateAccess", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ICM.admx", "CategoryName": "InternetManagement_Settings", "PolicyName": "SearchCompanion_DisableFileUpdates", "Class": "Machine", "NameSpace": "Microsoft.Policies.InternetCommunicationManagement", "Supported": "WindowsXPSP2_Or_WindowsNETSP1 - At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2", "DisplayName": "Turn off Search Companion content file updates", "ExplainText": "This policy setting specifies whether Search Companion should automatically download content updates during local and Internet searches.\n\nWhen users search the local computer or the Internet, Search Companion occasionally connects to Microsoft to download an updated privacy policy and additional content files used to format and display results.\n\nIf you enable this policy setting, Search Companion does not download content updates during searches.\n\nIf you disable or do not configure this policy setting, Search Companion downloads content updates unless the user is using Classic Search.\n\nNote: Internet searches still send the search text and information about the search to Microsoft and the chosen search provider. Choosing Classic Search turns off the Search Companion feature completely.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\SearchCompanion" ], "ValueName": "DisableContentFileUpdates", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ICM.admx", "CategoryName": "InternetManagement_Settings", "PolicyName": "ShellNoUseInternetOpenWith_1", "Class": "User", "NameSpace": "Microsoft.Policies.InternetCommunicationManagement", "Supported": "Windows7ToXP - Windows Server 2008, Windows Server 2003, Windows 7, Windows Vista, and Windows XP", "DisplayName": "Turn off Internet File Association service", "ExplainText": "This policy setting specifies whether to use the Microsoft Web service for finding an application to open a file with an unhandled file association.\n\nWhen a user opens a file that has an extension that is not associated with any applications on the computer, the user is given the choice to select a local application or use the Web service to find an application.\n\nIf you enable this policy setting, the link and the dialog for using the Web service to open an unhandled file association are removed.\n\nIf you disable or do not configure this policy setting, the user is allowed to use the Web service.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoInternetOpenWith", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ICM.admx", "CategoryName": "InternetManagement_Settings", "PolicyName": "ShellNoUseInternetOpenWith_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.InternetCommunicationManagement", "Supported": "Windows7ToXP - Windows Server 2008, Windows Server 2003, Windows 7, Windows Vista, and Windows XP", "DisplayName": "Turn off Internet File Association service", "ExplainText": "This policy setting specifies whether to use the Microsoft Web service for finding an application to open a file with an unhandled file association.\n\nWhen a user opens a file that has an extension that is not associated with any applications on the computer, the user is given the choice to select a local application or use the Web service to find an application.\n\nIf you enable this policy setting, the link and the dialog for using the Web service to open an unhandled file association are removed.\n\nIf you disable or do not configure this policy setting, the user is allowed to use the Web service.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoInternetOpenWith", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ICM.admx", "CategoryName": "InternetManagement_Settings", "PolicyName": "ShellNoUseStoreOpenWith_1", "Class": "User", "NameSpace": "Microsoft.Policies.InternetCommunicationManagement", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Turn off access to the Store", "ExplainText": "This policy setting specifies whether to use the Store service for finding an application to open a file with an unhandled file type or protocol association.\n\nWhen a user opens a file type or protocol that is not associated with any applications on the computer, the user is given the choice to select a local application or use the Store service to find an application.\n\nIf you enable this policy setting, the \"Look for an app in the Store\" item in the Open With dialog is removed.\n\nIf you disable or do not configure this policy setting, the user is allowed to use the Store service and the Store item is available in the Open With dialog.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "NoUseStoreOpenWith", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ICM.admx", "CategoryName": "InternetManagement_Settings", "PolicyName": "ShellNoUseStoreOpenWith_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.InternetCommunicationManagement", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Turn off access to the Store", "ExplainText": "This policy setting specifies whether to use the Store service for finding an application to open a file with an unhandled file type or protocol association.\n\nWhen a user opens a file type or protocol that is not associated with any applications on the computer, the user is given the choice to select a local application or use the Store service to find an application.\n\nIf you enable this policy setting, the \"Look for an app in the Store\" item in the Open With dialog is removed.\n\nIf you disable or do not configure this policy setting, the user is allowed to use the Store service and the Store item is available in the Open With dialog.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "NoUseStoreOpenWith", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ICM.admx", "CategoryName": "InternetManagement_Settings", "PolicyName": "ShellPreventWPWDownload_1", "Class": "User", "NameSpace": "Microsoft.Policies.InternetCommunicationManagement", "Supported": "WindowsXPSP2_Or_WindowsNET - At least Windows Server 2003 operating systems or Windows XP Professional with SP2", "DisplayName": "Turn off Internet download for Web publishing and online ordering wizards", "ExplainText": "This policy setting specifies whether Windows should download a list of providers for the web publishing and online ordering wizards.\n\nThese wizards allow users to select from a list of companies that provide services such as online storage and photographic printing. By default, Windows displays providers downloaded from a Windows website in addition to providers specified in the registry.\n\nIf you enable this policy setting, Windows does not download providers, and only the service providers that are cached in the local registry are displayed.\n\nIf you disable or do not configure this policy setting, a list of providers are downloaded when the user uses the web publishing or online ordering wizards.\n\nSee the documentation for the web publishing and online ordering wizards for more information, including details on specifying service providers in the registry.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoWebServices", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ICM.admx", "CategoryName": "InternetManagement_Settings", "PolicyName": "ShellPreventWPWDownload_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.InternetCommunicationManagement", "Supported": "WindowsXPSP2_Or_WindowsNET - At least Windows Server 2003 operating systems or Windows XP Professional with SP2", "DisplayName": "Turn off Internet download for Web publishing and online ordering wizards", "ExplainText": "This policy setting specifies whether Windows should download a list of providers for the web publishing and online ordering wizards.\n\nThese wizards allow users to select from a list of companies that provide services such as online storage and photographic printing. By default, Windows displays providers downloaded from a Windows website in addition to providers specified in the registry.\n\nIf you enable this policy setting, Windows does not download providers, and only the service providers that are cached in the local registry are displayed.\n\nIf you disable or do not configure this policy setting, a list of providers are downloaded when the user uses the web publishing or online ordering wizards.\n\nSee the documentation for the web publishing and online ordering wizards for more information, including details on specifying service providers in the registry.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoWebServices", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ICM.admx", "CategoryName": "InternetManagement_Settings", "PolicyName": "ShellRemoveOrderPrints_1", "Class": "User", "NameSpace": "Microsoft.Policies.InternetCommunicationManagement", "Supported": "WindowsXPSP2_Or_WindowsNET - At least Windows Server 2003 operating systems or Windows XP Professional with SP2", "DisplayName": "Turn off the \"Order Prints\" picture task", "ExplainText": "This policy setting specifies whether the \"Order Prints Online\" task is available from Picture Tasks in Windows folders.\n\nThe Order Prints Online Wizard is used to download a list of providers and allow users to order prints online.\n\nIf you enable this policy setting, the task \"Order Prints Online\" is removed from Picture Tasks in File Explorer folders.\n\nIf you disable or do not configure this policy setting, the task is displayed.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoOnlinePrintsWizard", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ICM.admx", "CategoryName": "InternetManagement_Settings", "PolicyName": "ShellRemoveOrderPrints_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.InternetCommunicationManagement", "Supported": "WindowsXPSP2_Or_WindowsNET - At least Windows Server 2003 operating systems or Windows XP Professional with SP2", "DisplayName": "Turn off the \"Order Prints\" picture task", "ExplainText": "This policy setting specifies whether the \"Order Prints Online\" task is available from Picture Tasks in Windows folders.\n\nThe Order Prints Online Wizard is used to download a list of providers and allow users to order prints online.\n\nIf you enable this policy setting, the task \"Order Prints Online\" is removed from Picture Tasks in File Explorer folders.\n\nIf you disable or do not configure this policy setting, the task is displayed.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoOnlinePrintsWizard", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ICM.admx", "CategoryName": "InternetManagement_Settings", "PolicyName": "ShellRemovePublishToWeb_1", "Class": "User", "NameSpace": "Microsoft.Policies.InternetCommunicationManagement", "Supported": "WindowsXPSP2_Or_WindowsNET - At least Windows Server 2003 operating systems or Windows XP Professional with SP2", "DisplayName": "Turn off the \"Publish to Web\" task for files and folders", "ExplainText": "This policy setting specifies whether the tasks \"Publish this file to the Web,\" \"Publish this folder to the Web,\" and \"Publish the selected items to the Web\" are available from File and Folder Tasks in Windows folders.\n\nThe Web Publishing Wizard is used to download a list of providers and allow users to publish content to the web.\n\nIf you enable this policy setting, these tasks are removed from the File and Folder tasks in Windows folders.\n\nIf you disable or do not configure this policy setting, the tasks are shown.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoPublishingWizard", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ICM.admx", "CategoryName": "InternetManagement_Settings", "PolicyName": "ShellRemovePublishToWeb_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.InternetCommunicationManagement", "Supported": "WindowsXPSP2_Or_WindowsNET - At least Windows Server 2003 operating systems or Windows XP Professional with SP2", "DisplayName": "Turn off the \"Publish to Web\" task for files and folders", "ExplainText": "This policy setting specifies whether the tasks \"Publish this file to the Web,\" \"Publish this folder to the Web,\" and \"Publish the selected items to the Web\" are available from File and Folder Tasks in Windows folders.\n\nThe Web Publishing Wizard is used to download a list of providers and allow users to publish content to the web.\n\nIf you enable this policy setting, these tasks are removed from the File and Folder tasks in Windows folders.\n\nIf you disable or do not configure this policy setting, the tasks are shown.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoPublishingWizard", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ICM.admx", "CategoryName": "InternetManagement_Settings", "PolicyName": "WinMSG_NoInstrumentation_1", "Class": "User", "NameSpace": "Microsoft.Policies.InternetCommunicationManagement", "Supported": "WindowsXPSP2_Or_WindowsNET - At least Windows Server 2003 operating systems or Windows XP Professional with SP2", "DisplayName": "Turn off the Windows Messenger Customer Experience Improvement Program", "ExplainText": "This policy setting specifies whether Windows Messenger collects anonymous information about how Windows Messenger software and service is used.\n\nWith the Customer Experience Improvement program, users can allow Microsoft to collect anonymous information about how the product is used. This information is used to improve the product in future releases.\n\nIf you enable this policy setting, Windows Messenger does not collect usage information, and the user settings to enable the collection of usage information are not shown.\n\nIf you disable this policy setting, Windows Messenger collects anonymous usage information, and the setting is not shown.\n\nIf you do not configure this policy setting, users have the choice to opt in and allow information to be collected.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Messenger\\Client" ], "ValueName": "CEIP", "Elements": [ { "Type": "EnabledValue", "Data": "2" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "ICM.admx", "CategoryName": "InternetManagement_Settings", "PolicyName": "WinMSG_NoInstrumentation_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.InternetCommunicationManagement", "Supported": "WindowsXPSP2_Or_WindowsNET - At least Windows Server 2003 operating systems or Windows XP Professional with SP2", "DisplayName": "Turn off the Windows Messenger Customer Experience Improvement Program", "ExplainText": "This policy setting specifies whether Windows Messenger collects anonymous information about how Windows Messenger software and service is used.\n\nWith the Customer Experience Improvement program, users can allow Microsoft to collect anonymous information about how the product is used. This information is used to improve the product in future releases.\n\nIf you enable this policy setting, Windows Messenger does not collect usage information, and the user settings to enable the collection of usage information are not shown.\n\nIf you disable this policy setting, Windows Messenger collects anonymous usage information, and the setting is not shown.\n\nIf you do not configure this policy setting, users have the choice to opt in and allow information to be collected.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Messenger\\Client" ], "ValueName": "CEIP", "Elements": [ { "Type": "EnabledValue", "Data": "2" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "ICM.admx", "CategoryName": "InternetManagement_Settings", "PolicyName": "CEIPEnable", "Class": "Machine", "NameSpace": "Microsoft.Policies.InternetCommunicationManagement", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn off Windows Customer Experience Improvement Program", "ExplainText": "This policy setting turns off the Windows Customer Experience Improvement Program. The Windows Customer Experience Improvement Program collects information about your hardware configuration and how you use our software and services to identify trends and usage patterns. Microsoft will not collect your name, address, or any other personally identifiable information. There are no surveys to complete, no salesperson will call, and you can continue working without interruption. It is simple and user-friendly.\n\nIf you enable this policy setting, all users are opted out of the Windows Customer Experience Improvement Program.\n\nIf you disable this policy setting, all users are opted into the Windows Customer Experience Improvement Program.\n\nIf you do not configure this policy setting, the administrator can use the Problem Reports and Solutions component in Control Panel to enable Windows Customer Experience Improvement Program for all users.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\SQMClient\\Windows" ], "ValueName": "CEIPEnable", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "ICM.admx", "CategoryName": "InternetManagement_Settings", "PolicyName": "NoActiveProbe", "Class": "Machine", "NameSpace": "Microsoft.Policies.InternetCommunicationManagement", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn off Windows Network Connectivity Status Indicator active tests", "ExplainText": "This policy setting turns off the active tests performed by the Windows Network Connectivity Status Indicator (NCSI) to determine whether your computer is connected to the Internet or to a more limited network.\n\nAs part of determining the connectivity level, NCSI performs one of two active tests: downloading a page from a dedicated Web server or making a DNS request for a dedicated address.\n\nIf you enable this policy setting, NCSI does not run either of the two active tests. This may reduce the ability of NCSI, and of other components that use NCSI, to determine Internet access.\n\nIf you disable or do not configure this policy setting, NCSI runs one of the two active tests.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\NetworkConnectivityStatusIndicator" ], "ValueName": "NoActiveProbe", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "IIS.admx", "CategoryName": "IIS", "PolicyName": "PreventIISInstall", "Class": "Machine", "NameSpace": "Microsoft.Policies.IIS", "Supported": "WindowsNETOnly - Windows Server 2003 only", "DisplayName": "Prevent IIS installation", "ExplainText": "\"This policy setting prevents installation of Internet Information Services (IIS) on this computer. If you enable this policy setting, Internet Information Services (IIS) cannot be installed, and you will not be able to install Windows components or applications that require IIS. Users installing Windows components or applications that require IIS might not receive a warning that IIS cannot be installed because of this Group Policy setting. Enabling this setting will not have any effect on IIS if IIS is already installed on the computer. If you disable or do not configure this policy setting, IIS can be installed, as well as all the programs and applications that require IIS to run.\"", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\IIS" ], "ValueName": "PreventIISInstall", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "AdminApproved", "PolicyName": "Audio_Video_Player", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Audio/Video Player", "ExplainText": "Designates the Audio/Video Player ActiveX control as administrator-approved.\n\nThis control is used for playing sounds, videos, and other media.\n\nIf you enable this policy, this control can be run in security zones in which you specify that administrator-approved controls can be run.\n\nIf you disable this policy or do not configure it, this control will not be designated as administrator-approved.\n\nTo specify how administrator-approved controls are handled for each security zone, carry out the following steps:\n\n1. In Group Policy, click User Configuration, click Internet Explorer Maintenance, and then click Security.\n\n2. Double-click Security Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings.\n\n3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level.\n\n4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\AllowedControls" ], "Elements": [ { "Type": "Boolean", "ValueName": "{05589FA1-C356-11CE-BF01-00AA0055595A}", "TrueValue": "0", "FalseValue": "1" }, { "Type": "Boolean", "ValueName": "{22D6F312-B0F6-11D0-94AB-0080C74C7E95}", "TrueValue": "0", "FalseValue": "1" } ] }, { "File": "inetres.admx", "CategoryName": "AdminApproved", "PolicyName": "Carpoint", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Carpoint", "ExplainText": "Designates the Microsoft Network (MSN) Carpoint automatic pricing control as administrator-approved.\n\nThis control enables enhanced pricing functionality on the Carpoint Web site, where users can shop for and obtain information about vehicles.\n\nIf you enable this policy, this control can be run in security zones in which you specify that administrator-approved controls can be run.\n\nIf you disable this policy or do not configure it, this control will not be designated as administrator-approved.\n\nTo specify how administrator-approved controls are handled for each security zone, carry out the following steps:\n\n1. In Group Policy, click User Configuration, click Internet Explorer Maintenance, and then click Security.\n\n2. Double-click Security Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings.\n\n3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level.\n\n4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\AllowedControls" ], "Elements": [ { "Type": "Boolean", "ValueName": "{DED22F57-FEE2-11D0-953B-00C04FD9152D}", "TrueValue": "0", "FalseValue": "1" } ] }, { "File": "inetres.admx", "CategoryName": "AdminApproved", "PolicyName": "DHTMLEdit", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "DHTML Edit Control", "ExplainText": "This ActiveX control enables users to edit HTML text and see a faithful rendition of how the text would look in the browser. There are two versions of the control: a more powerful version that cannot be invoked by a web site because it includes file access and other features, and a \"safe for scripting\" version that has restricted functionality and is intended for use by web sites.\n\nIf you enable this policy, this control will be available as an administrator approved control and can be run if the user specifies to run administrator-approved Active-X controls and plug-ins under security zones.\n\nIf you disable this policy or do not configure it, this control will not be designated as administrator-approved.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\AllowedControls" ], "Elements": [ { "Type": "Boolean", "ValueName": "{2D360201-FFF5-11D1-8D03-00A0C959BC0A}", "TrueValue": "0", "FalseValue": "1" } ] }, { "File": "inetres.admx", "CategoryName": "AdminApproved", "PolicyName": "Flash", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Shockwave Flash", "ExplainText": "Designates Shockwave flash as an administrator approved control.\n\nIf you enable this policy, this control can be run in security zones in which you specify that administrator-approved controls can be run.\n\nIf you disable this policy or do not configure it, this control will not be designated as administrator-approved.\n\nTo specify how administrator-approved controls are handled for each security zone, carry out the following steps:\n1. In Group Policy, click User Configuration, click Internet Explorer Maintenance, and then click Security.\n2. Double-click Security Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings.\n3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level.\n4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\AllowedControls" ], "Elements": [ { "Type": "Boolean", "ValueName": "{D27CDB6E-AE6D-11CF-96B8-444553540000}", "TrueValue": "0", "FalseValue": "1" } ] }, { "File": "inetres.admx", "CategoryName": "AdminApproved", "PolicyName": "Investor", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Investor", "ExplainText": "Designates a set of Microsoft Network (MSN) Investor controls as administrator-approved.\n\nThese controls enable users to view updated lists of stocks on their Web pages.\n\nIf you enable this policy, these controls can be run in security zones in which you specify that administrator-approved controls can be run.\n\nIf you disable this policy or do not configure it, these controls will not be designated as administrator-approved.\n\nSelect the check boxes for the controls that you want to designate as administrator-approved.\n\nTo specify how administrator-approved controls are handled for each security zone, carry out the following steps:\n\n1. In Group Policy, click User Configuration, click Internet Explorer Maintenance, and then click Security.\n\n2. Double-click Security Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings.\n\n3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level.\n\n4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\AllowedControls" ], "Elements": [ { "Type": "Boolean", "ValueName": "{9276B91A-E780-11d2-8A8D-00C04FA31D93}", "TrueValue": "0", "FalseValue": "1" }, { "Type": "Boolean", "ValueName": "{52ADE293-85E8-11D2-BB22-00104B0EA281}", "TrueValue": "0", "FalseValue": "1" } ] }, { "File": "inetres.admx", "CategoryName": "AdminApproved", "PolicyName": "Menu_Controls", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Menu Controls", "ExplainText": "Designates a set of Microsoft ActiveX controls used to manipulate pop-up menus in the browser as administrator-approved.\n\nIf you enable this policy, these controls can be run in security zones in which you specify that administrator-approved controls can be run.\n\nIf you disable this policy or do not configure it, these controls will not be designated as administrator-approved.\n\nTo specify a control as administrator-approved, click Enabled, and then select the check box for the control:\n\n-- MCSiMenu - enables Web authors to control the placement and appearance of Windows pop-up menus on Web pages\n-- Popup Menu Object - enables Web authors to add pop-up menus to Web pages\n\nTo specify how administrator-approved controls are handled for each security zone, carry out the following steps:\n\n1. In Group Policy, click User Configuration, click Internet Explorer Maintenance, and then click Security.\n\n2. Double-click Security Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings.\n\n3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level.\n\n4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\AllowedControls" ], "Elements": [ { "Type": "Boolean", "ValueName": "{275E2FE0-7486-11D0-89D6-00A0C90C9B67}", "TrueValue": "0", "FalseValue": "1" }, { "Type": "Boolean", "ValueName": "{7823A620-9DD9-11CF-A662-00AA00C066D2}", "TrueValue": "0", "FalseValue": "1" }, { "Type": "Boolean", "ValueName": "{F5131C24-E56D-11CF-B78A-444553540000}", "TrueValue": "0", "FalseValue": "1" } ] }, { "File": "inetres.admx", "CategoryName": "AdminApproved", "PolicyName": "Microsoft_Agent", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Microsoft Agent", "ExplainText": "Designates the Microsoft Agent ActiveX control as administrator-approved.\n\nMicrosoft Agent is a set of software services that supports the presentation of software agents as interactive personalities within the Microsoft Windows interface.\n\nIf you enable this policy, this control can be run in security zones in which you specify that administrator-approved controls can be run.\n\nIf you disable this policy or do not configure it, these controls will not be designated as administrator-approved.\n\nTo specify how administrator-approved controls are handled for each security zone, carry out the following steps:\n\n1. In Group Policy, click User Configuration, click Internet Explorer Maintenance, and then click Security.\n\n2. Double-click Security Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings.\n\n3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level.\n\n4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\AllowedControls" ], "Elements": [ { "Type": "Boolean", "ValueName": "{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}", "TrueValue": "0", "FalseValue": "1" } ] }, { "File": "inetres.admx", "CategoryName": "AdminApproved", "PolicyName": "Microsoft_Chat", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Microsoft Chat", "ExplainText": "Designates the Microsoft Chat ActiveX control as administrator-approved.\n\nThis control is used by Web authors to build text-based and graphical-based Chat communities for real-time conversations on the Web.\n\nIf you enable this policy, this control can be run in security zones in which you specify that administrator-approved controls can be run.\n\nIf you disable this policy or do not configure it, this control will not be designated as administrator-approved.\n\nTo specify how administrator-approved controls are handled for each security zone, carry out the following steps:\n\n1. In Group Policy, click User Configuration, click Internet Explorer Maintenance, and then click Security.\n\n2. Double-click Security Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings.\n\n3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level.\n\n4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\AllowedControls" ], "Elements": [ { "Type": "Boolean", "ValueName": "{D6526FE0-E651-11CF-99CB-00C04FD64497}", "TrueValue": "0", "FalseValue": "1" } ] }, { "File": "inetres.admx", "CategoryName": "AdminApproved", "PolicyName": "MSNBC", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "MSNBC", "ExplainText": "Designates a set of MSNBC controls as administrator-approved.\n\nThese controls enable enhanced browsing of news reports on the MSNBC Web site.\n\nIf you enable this policy, these controls can be run in security zones in which you specify that administrator-approved controls can be run.\n\nIf you disable this policy or do not configure it, these controls will not be designated as administrator-approved.\n\nSelect the check boxes for the controls that you want to designate as administrator-approved.\n\nTo specify how administrator-approved controls are handled for each security zone, carry out the following steps:\n\n1. In Group Policy, click User Configuration, click Internet Explorer Maintenance, and then click Security.\n\n2. Double-click Security Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings.\n\n3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level.\n\n4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\AllowedControls" ], "Elements": [ { "Type": "Boolean", "ValueName": "{2FF18E10-DE11-11D1-8161-00A0C90DD90C}", "TrueValue": "0", "FalseValue": "1" } ] }, { "File": "inetres.admx", "CategoryName": "AdminApproved", "PolicyName": "NetShowFile", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "NetShow File Transfer Control", "ExplainText": "Designates NetShow File Transfer Control as an administrator approved control.\n\nIf you enable this policy, this control can be run in security zones in which you specify that administrator-approved controls can be run.\n\nIf you disable this policy or do not configure it, this control will not be designated as administrator-approved.\n\nTo specify how administrator-approved controls are handled for each security zone, carry out the following steps:\n1. In Group Policy, click User Configuration, click Internet Explorer Maintenance, and then click Security.\n2. Double-click Security Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings.\n3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level.\n4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\AllowedControls" ], "Elements": [ { "Type": "Boolean", "ValueName": "{26F24A93-1DA2-11D0-A334-00AA004A5FC5}", "TrueValue": "0", "FalseValue": "1" } ] }, { "File": "inetres.admx", "CategoryName": "AdminApproved", "PolicyName": "Scriptlet", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Microsoft Scriptlet Component", "ExplainText": "Designates Microsoft Scriptlet Component as an administrator approved control. It is an Active X control which is used to render HTML pages.\n\nIf you enable this policy, this control can be run in security zones in which you specify that administrator-approved controls can be run.\n\nIf you disable this policy or do not configure it, this control will not be designated as administrator-approved.\n\nTo specify how administrator-approved controls are handled for each security zone, carry out the following steps:\n1. In Group Policy, click User Configuration, click Internet Explorer Maintenance, and then click Security.\n2. Double-click Security Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings.\n3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level.\n4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\AllowedControls" ], "Elements": [ { "Type": "Boolean", "ValueName": "{AE24FDAE-03C6-11D1-8B76-0080C744F389}", "TrueValue": "0", "FalseValue": "1" } ] }, { "File": "inetres.admx", "CategoryName": "AdminApproved", "PolicyName": "Survey", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Microsoft Survey Control", "ExplainText": "Designates Microsoft Survey Control as an administrator approved control.\n\nIf you enable this policy, this control can be run in security zones in which you specify that administrator-approved controls can be run.\n\nIf you disable this policy or do not configure it, this control will not be designated as administrator-approved.\n\nTo specify how administrator-approved controls are handled for each security zone, carry out the following steps:\n1. In Group Policy, click User Configuration, click Internet Explorer Maintenance, and then click Security.\n2. Double-click Security Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings.\n3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level.\n4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\AllowedControls" ], "Elements": [ { "Type": "Boolean", "ValueName": "{BD1F006E-174F-11D2-95C0-00C04F9A8CFA}", "TrueValue": "0", "FalseValue": "1" } ] }, { "File": "inetres.admx", "CategoryName": "AdvancedPage", "PolicyName": "Advanced_DisableFlipAhead", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE10WIN8 - At least Internet Explorer 10.0 on Windows 8", "DisplayName": "Turn off the flip ahead with page prediction feature", "ExplainText": "This policy setting determines whether a user can swipe across a screen or click Forward to go to the next pre-loaded page of a website.\n\nMicrosoft collects your browsing history to improve how flip ahead with page prediction works. This feature isn't available for Internet Explorer for the desktop.\n\nIf you enable this policy setting, flip ahead with page prediction is turned off and the next webpage isn't loaded into the background.\n\nIf you disable this policy setting, flip ahead with page prediction is turned on and the next webpage is loaded into the background.\n\nIf you don't configure this setting, users can turn this behavior on or off, using the Settings charm.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\FlipAhead", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\FlipAhead" ], "ValueName": "Enabled", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "inetres.admx", "CategoryName": "AdvancedPage", "PolicyName": "Advanced_DisablePrefetchPrerender", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11 - At least Internet Explorer 11.0", "DisplayName": "Turn off loading websites and content in the background to optimize performance", "ExplainText": "This policy setting determines whether Internet Explorer preemptively loads websites and content in the background, speeding up performance such that when the user clicks a hyperlink, the background page seamlessly switches into view.\n\nIf you enable this policy setting, Internet Explorer doesn't load any websites or content in the background.\n\nIf you disable this policy setting, Internet Explorer preemptively loads websites and content in the background.\n\nIf you don't configure this policy setting, users can turn this behavior on or off, using Internet Explorer settings. This feature is turned on by default", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\PrefetchPrerender", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\PrefetchPrerender" ], "ValueName": "Enabled", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "inetres.admx", "CategoryName": "AdvancedPage", "PolicyName": "Advanced_CDUnlock", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow active content from CDs to run on user machines", "ExplainText": "This policy setting allows you to manage whether users receive a dialog requesting permission for active content on a CD to run.\n\nIf you enable this policy setting, active content on a CD will run without a prompt.\n\nIf you disable this policy setting, active content on a CD will always prompt before running.\n\nIf you do not configure this policy, users can choose whether to be prompted before running active content on a CD.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN\\Settings", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN\\Settings" ], "ValueName": "LOCALMACHINE_CD_UNLOCK", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "AdvancedPage", "PolicyName": "Advanced_CertificateRevocation", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SRVSP1 - At least Internet Explorer 6.0 in Windows 2003 Service Pack 1", "DisplayName": "Check for server certificate revocation", "ExplainText": "This policy setting allows you to manage whether Internet Explorer will check revocation status of servers' certificates. Certificates are revoked when they have been compromised or are no longer valid, and this option protects users from submitting confidential data to a site that may be fraudulent or not secure.\n\nIf you enable this policy setting, Internet Explorer will check to see if server certificates have been revoked.\n\nIf you disable this policy setting, Internet Explorer will not check server certificates to see if they have been revoked.\n\nIf you do not configure this policy setting, Internet Explorer will not check server certificates to see if they have been revoked.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings" ], "ValueName": "CertificateRevocation", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "AdvancedPage", "PolicyName": "Advanced_DisableClearType", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn off ClearType", "ExplainText": "This policy setting prevents the text on the screen from being rendered through the ClearType technology that enhances the readability of text on LCD displays.\n\nIf you enable this policy setting, applications that host MSHTML do not render text by using the Microsoft ClearType rendering engine.\n\nIf you disable or do not configure this policy setting, applications that host MSHTML render text by using the Microsoft ClearType rendering engine.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "ValueName": "UseClearType", "Elements": [ { "Type": "EnabledValue", "Data": "no" }, { "Type": "DisabledValue", "Data": "yes" } ] }, { "File": "inetres.admx", "CategoryName": "AdvancedPage", "PolicyName": "Advanced_EnableCaretBrowsing", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Turn on Caret Browsing support", "ExplainText": "This policy setting allows you to turn Caret Browsing on or off. Caret Browsing allows users to browse to a webpage by using the keyboard to move the cursor. Caret Browsing supports standard text-editor functionality, such as using the Shift key to select text and copying a selection to the clipboard. This policy setting is particularly useful to users who do not use a mouse.\n\nIf you enable this policy setting, Caret Browsing is turned on.\n\nIf you disable this policy setting, Caret Browsing is turned off.\n\nIf you do not configure this policy setting, Caret Browsing support can be turned on or off through the registry.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\CaretBrowsing", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\CaretBrowsing" ], "ValueName": "EnableOnStartup", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "AdvancedPage", "PolicyName": "Advanced_EnableEnhancedProtectedMode", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE10 - At least Internet Explorer 10.0", "DisplayName": "Turn on Enhanced Protected Mode", "ExplainText": "Enhanced Protected Mode provides additional protection against malicious websites by using 64-bit processes on 64-bit versions of Windows. For computers running at least Windows 8, Enhanced Protected Mode also limits the locations Internet Explorer can read from in the registry and the file system.\n\nIf you enable this policy setting, Enhanced Protected Mode will be turned on. Any zone that has Protected Mode enabled will use Enhanced Protected Mode. Users will not be able to disable Enhanced Protected Mode.\n\nIf you disable this policy setting, Enhanced Protected Mode will be turned off. Any zone that has Protected Mode enabled will use the version of Protected Mode introduced in Internet Explorer 7 for Windows Vista.\n\nIf you do not configure this policy, users will be able to turn on or turn off Enhanced Protected Mode on the Advanced tab of the Internet Options dialog.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "ValueName": "Isolation", "Elements": [ { "Type": "EnabledValue", "Data": "PMEM" }, { "Type": "DisabledValue", "Data": "PMIL" } ] }, { "File": "inetres.admx", "CategoryName": "AdvancedPage", "PolicyName": "Advanced_EnableEnhancedProtectedMode64Bit", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11 - At least Internet Explorer 11.0", "DisplayName": "Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows", "ExplainText": "This policy setting determines whether Internet Explorer 11 uses 64-bit processes (for greater security) or 32-bit processes (for greater compatibility) when running in Enhanced Protected Mode on 64-bit versions of Windows.\n\nImportant: Some ActiveX controls and toolbars may not be available when 64-bit processes are used.\n\nIf you enable this policy setting, Internet Explorer 11 will use 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows.\n\nIf you disable this policy setting, Internet Explorer 11 will use 32-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows.\n\nIf you don't configure this policy setting, users can turn this feature on or off using Internet Explorer settings. This feature is turned off by default.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "ValueName": "Isolation64Bit", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "AdvancedPage", "PolicyName": "Advanced_DisableEPMCompat", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE10 - At least Internet Explorer 10.0", "DisplayName": "Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled", "ExplainText": "This policy setting prevents ActiveX controls from running in Protected Mode when Enhanced Protected Mode is enabled. When a user has an ActiveX control installed that is not compatible with Enhanced Protected Mode and a website attempts to load the control, Internet Explorer notifies the user and gives the option to run the website in regular Protected Mode. This policy setting disables this notification and forces all websites to run in Enhanced Protected Mode.\n\nEnhanced Protected Mode provides additional protection against malicious websites by using 64-bit processes on 64-bit versions of Windows. For computers running at least Windows 8, Enhanced Protected Mode also limits the locations Internet Explorer can read from in the registry and the file system.\n\nWhen Enhanced Protected Mode is enabled, and a user encounters a website that attempts to load an ActiveX control that is not compatible with Enhanced Protected Mode, Internet Explorer notifies the user and gives the option to disable Enhanced Protected Mode for that particular website.\n\nIf you enable this policy setting, Internet Explorer will not give the user the option to disable Enhanced Protected Mode. All Protected Mode websites will run in Enhanced Protected Mode.\n\nIf you disable or do not configure this policy setting, Internet Explorer notifies users and provides an option to run websites with incompatible ActiveX controls in regular Protected Mode. This is the default behavior.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "ValueName": "DisableEPMCompat", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "AdvancedPage", "PolicyName": "Advanced_AlwaysSendDoNotTrack", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE10 - At least Internet Explorer 10.0", "DisplayName": "Always send Do Not Track header", "ExplainText": "This policy setting allows you to configure how Internet Explorer sends the Do Not Track (DNT) header.\n\nIf you enable this policy setting, Internet Explorer sends a DNT:1 header with all HTTP and HTTPS requests. The DNT:1 header signals to the servers not to track the user.\n\nFor Internet Explorer 9 and 10:\nIf you disable this policy setting, Internet Explorer only sends the Do Not Track header if a Tracking Protection List is enabled or inPrivate Browsing mode is used.\n\nFor at least Internet Explorer 11:\nIf you disable this policy setting, Internet Explorer only sends the Do Not Track header if inPrivate Browsing mode is used.\n\nIf you don't configure the policy setting, users can select the Always send Do Not Track header option, in Internet Explorer settings. By selecting this option, Internet Explorer sends a DNT:1 header with all HTTP and HTTPS requests; unless the user grants a site-specific exception. Internet Explorer sends a DNT:0 header to any sites granted an exception. By default, this option is turned on.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "ValueName": "DoNotTrack", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "AdvancedPage", "PolicyName": "Advanced_EnableHttp1_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Use HTTP 1.1", "ExplainText": "This policy setting allows you to manage whether Internet Explorer uses HTTP 1.1.\n\nIf you enable this policy setting, Internet Explorer uses HTTP 1.1.\n\nIf you disable this policy setting, Internet Explorer does not use HTTP 1.1.\n\nIf you do not configure this policy setting, users can configure Internet Explorer to use or not use HTTP 1.1.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings" ], "ValueName": "EnableHttp1_1", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "AdvancedPage", "PolicyName": "Advanced_ProxyHttp1_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Use HTTP 1.1 through proxy connections", "ExplainText": "This policy setting allows you to manage whether Internet Explorer uses HTTP 1.1 through proxy connections.\n\nIf you enable this policy setting, Internet Explorer uses HTTP 1.1 through proxy connections.\n\nIf you disable this policy setting, Internet Explorer does not use HTTP 1.1 through proxy connections.\n\nIf you do not configure this policy setting, users can configure Internet Explorer to use or not use HTTP 1.1 through proxy connections.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings" ], "ValueName": "ProxyHttp1.1", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "AdvancedPage", "PolicyName": "Advanced_EnableSPDY3_0", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11WIN8ONLY - Only Internet Explorer 11.0 on Windows 8.1", "DisplayName": "Allow Internet Explorer to use the SPDY/3 network protocol", "ExplainText": "This policy setting determines whether Internet Explorer uses the SPDY/3 network protocol. SPDY/3 works with HTTP requests to optimize the latency of network requests through compression, multiplexing and prioritization.\n\nIf you enable this policy setting, Internet Explorer uses the SPDY/3 network protocol.\n\nIf you disable this policy setting, Internet Explorer won't use the SPDY/3 network protocol.\n\nIf you don't configure this policy setting, users can turn this behavior on or off, using Internet Explorer Advanced Internet Options settings. The default is on.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings" ], "ValueName": "EnableSPDY3_0", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "AdvancedPage", "PolicyName": "Advanced_EnableHTTP2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11WIN10 - At least Internet Explorer 11.0 on Windows 10", "DisplayName": "Allow Internet Explorer to use the HTTP2 network protocol", "ExplainText": "This policy setting determines whether Internet Explorer uses the HTTP2 network protocol. HTTP2 requests help optimize the latency of network requests through compression, multiplexing, and prioritization.\n\nIf you enable this policy setting, Internet Explorer uses the HTTP2 network protocol.\n\nIf you disable this policy setting, Internet Explorer won't use the HTTP2 network protocol.\n\nIf you don't configure this policy setting, users can turn this behavior on or off, using Internet Explorer Advanced Internet Options settings. The default is on.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings" ], "ValueName": "EnableHTTP2", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "SecurityFeatures", "PolicyName": "Advanced_EnableSSL3Fallback", "Class": "Machine", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow fallback to SSL 3.0 (Internet Explorer)", "ExplainText": "This policy setting allows you to block an insecure fallback to SSL 3.0. When this policy is enabled, Internet Explorer will attempt to connect to sites using SSL 3.0 or below when TLS 1.0 or greater fails.\n\nWe recommend that you do not allow insecure fallback in order to prevent a man-in-the-middle attack.\n\nThis policy does not affect which security protocols are enabled.\n\nIf you disable this policy, system defaults will be used.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings" ], "Elements": [ { "Type": "Enum", "ValueName": "EnableSSL3Fallback", "Items": [ { "DisplayName": "No Sites", "Data": "0" }, { "DisplayName": "Non-Protected Mode Sites", "Data": "1" }, { "DisplayName": "All Sites", "Data": "3" } ], "Required": false } ] }, { "File": "inetres.admx", "CategoryName": "AdvancedPage", "PolicyName": "Advanced_SetWinInetProtocols", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Turn off encryption support", "ExplainText": "This policy setting allows you to turn off support for Transport Layer Security (TLS) 1.0, TLS 1.1, TLS 1.2, Secure Sockets Layer (SSL) 2.0, or SSL 3.0 in the browser. TLS and SSL are protocols that help protect communication between the browser and the target server. When the browser attempts to set up a protected communication with the target server, the browser and server negotiate which protocol and version to use. The browser and server attempt to match each other\u2019s list of supported protocols and versions, and they select the most preferred match.\n\nIf you enable this policy setting, the browser negotiates or does not negotiate an encryption tunnel by using the encryption methods that you select from the drop-down list.\n\nIf you disable or do not configure this policy setting, the user can select which encryption method the browser supports.\n\nNote: SSL 2.0 is off by default and is no longer supported starting with Windows 10 Version 1607. SSL 2.0 is an outdated security protocol, and enabling SSL 2.0 impairs the performance and functionality of TLS 1.0.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings" ], "Elements": [ { "Type": "Enum", "ValueName": "SecureProtocols", "Items": [ { "DisplayName": "Use no secure protocols", "Data": "0" }, { "DisplayName": "[Obsolete] Only use SSL 2.0", "Data": "8" }, { "DisplayName": "Only use SSL 3.0", "Data": "32" }, { "DisplayName": "[Obsolete] Use SSL 2.0 and SSL 3.0", "Data": "40" }, { "DisplayName": "Only use TLS 1.0", "Data": "128" }, { "DisplayName": "[Obsolete] Use SSL 2.0 and TLS 1.0", "Data": "136" }, { "DisplayName": "Use SSL 3.0 and TLS 1.0", "Data": "160" }, { "DisplayName": "[Obsolete] Use SSL 2.0, SSL 3.0, and TLS 1.0", "Data": "168" }, { "DisplayName": "Only use TLS 1.1", "Data": "512" }, { "DisplayName": "[Obsolete] Use SSL 2.0 and TLS 1.1", "Data": "520" }, { "DisplayName": "Use SSL 3.0 and TLS 1.1", "Data": "544" }, { "DisplayName": "[Obsolete] Use SSL 2.0, SSL 3.0, and TLS 1.1", "Data": "552" }, { "DisplayName": "Use TLS 1.0 and TLS 1.1", "Data": "640" }, { "DisplayName": "[Obsolete] Use SSL 2.0, TLS 1.0, and TLS 1.1", "Data": "648" }, { "DisplayName": "Use SSL 3.0, TLS 1.0, and TLS 1.1", "Data": "672" }, { "DisplayName": "[Obsolete] Use SSL 2.0, SSL 3.0, TLS 1.0, and TLS 1.1", "Data": "680" }, { "DisplayName": "Only use TLS 1.2", "Data": "2048" }, { "DisplayName": "[Obsolete] Use SSL 2.0 and TLS 1.2", "Data": "2056" }, { "DisplayName": "Use SSL 3.0 and TLS 1.2", "Data": "2080" }, { "DisplayName": "[Obsolete] Use SSL 2.0, SSL 3.0, and TLS 1.2", "Data": "2088" }, { "DisplayName": "Use TLS 1.0 and TLS 1.2", "Data": "2176" }, { "DisplayName": "[Obsolete] Use SSL 2.0, TLS 1.0, and TLS 1.2", "Data": "2184" }, { "DisplayName": "Use SSL 3.0, TLS 1.0, and TLS 1.2", "Data": "2208" }, { "DisplayName": "[Obsolete] Use SSL 2.0, SSL 3.0, TLS 1.0, and TLS 1.2", "Data": "2216" }, { "DisplayName": "Use TLS 1.1 and TLS 1.2", "Data": "2560" }, { "DisplayName": "[Obsolete] Use SSL 2.0, TLS 1.1, and TLS 1.2", "Data": "2568" }, { "DisplayName": "Use SSL 3.0, TLS 1.1, and TLS 1.2", "Data": "2592" }, { "DisplayName": "[Obsolete] Use SSL 2.0, SSL 3.0, TLS 1.1, and TLS 1.2", "Data": "2600" }, { "DisplayName": "Use TLS 1.0, TLS 1.1, and TLS 1.2", "Data": "2688" }, { "DisplayName": "[Obsolete] Use SSL 2.0, TLS 1.0, TLS 1.1, and TLS 1.2", "Data": "2696" }, { "DisplayName": "Use SSL 3.0, TLS 1.0, TLS 1.1, and TLS 1.2", "Data": "2720" }, { "DisplayName": "[Obsolete] Use SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1, and TLS 1.2", "Data": "2728" }, { "DisplayName": "Only use TLS 1.3", "Data": "8192" }, { "DisplayName": "Use TLS 1.2 and TLS 1.3", "Data": "10240" }, { "DisplayName": "Use TLS 1.1, TLS 1.2, and TLS 1.3", "Data": "10752" }, { "DisplayName": "Use TLS 1.0, TLS 1.1, TLS 1.2, and TLS 1.3", "Data": "10880" }, { "DisplayName": "Use SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2, and TLS 1.3", "Data": "10912" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "AdvancedPage", "PolicyName": "Advanced_DisableRIED", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Do not allow resetting Internet Explorer settings", "ExplainText": "This policy setting prevents the user from using the Reset Internet Explorer Settings feature. Reset Internet Explorer Settings allows the user to reset all settings changed since installation, delete browsing history, and disable add-ons that are not preapproved.\n\nIf you enable this policy setting, the user cannot use Reset Internet Explorer Settings.\n\nIf you disable or do not configure this policy setting, the user can use Reset Internet Explorer Settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel" ], "ValueName": "DisableRIED", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "AdvancedPage", "PolicyName": "Advanced_DownloadSignatures", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SRVSP1 - At least Internet Explorer 6.0 in Windows 2003 Service Pack 1", "DisplayName": "Check for signatures on downloaded programs", "ExplainText": "This policy setting allows you to manage whether Internet Explorer checks for digital signatures (which identifies the publisher of signed software and verifies it hasn't been modified or tampered with) on user computers before downloading executable programs.\n\nIf you enable this policy setting, Internet Explorer will check the digital signatures of executable programs and display their identities before downloading them to user computers.\n\nIf you disable this policy setting, Internet Explorer will not check the digital signatures of executable programs or display their identities before downloading them to user computers.\n\nIf you do not configure this policy, Internet Explorer will not check the digital signatures of executable programs or display their identities before downloading them to user computers.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Download", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Download" ], "ValueName": "CheckExeSignatures", "Elements": [ { "Type": "EnabledValue", "Data": "yes" }, { "Type": "DisabledValue", "Data": "no" } ] }, { "File": "inetres.admx", "CategoryName": "AdvancedPage", "PolicyName": "Advanced_EnableBrowserExtensions", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SRVSP1 - At least Internet Explorer 6.0 in Windows 2003 Service Pack 1", "DisplayName": "Allow third-party browser extensions", "ExplainText": "This policy setting allows you to manage whether Internet Explorer will launch COM add-ons known as browser helper objects, such as toolbars. Browser helper objects may contain flaws such as buffer overruns which impact Internet Explorer's performance or stability.\n\nIf you enable this policy setting, Internet Explorer automatically launches any browser helper objects that are installed on the user's computer.\n\nIf you disable this policy setting, browser helper objects do not launch.\n\nIf you do not configure this policy, Internet Explorer automatically launches any browser helper objects that are installed on the user's computer.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "ValueName": "Enable Browser Extensions", "Elements": [ { "Type": "EnabledValue", "Data": "yes" }, { "Type": "DisabledValue", "Data": "no" } ] }, { "File": "inetres.admx", "CategoryName": "AdvancedPage", "PolicyName": "Advanced_InstallOnDemand_IE", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SRVSP1ONLY - Only Internet Explorer 6.0 in Windows 2003 Service Pack 1", "DisplayName": "Allow Install On Demand (Internet Explorer)", "ExplainText": "This policy setting allows you to manage whether users can automatically download and install Web components (such as fonts) that can installed by Internet Explorer Active Setup. For example, if you open a Web page that requires Japanese-text display support, Internet Explorer could prompt the user to download the Japanese Language Pack component if it is not already installed.\n\nIf you enable this policy setting, Web components such as fonts will be automatically installed as necessary.\n\nIf you disable this policy setting, users will be prompted when Web Components such as fonts would be downloaded.\n\nIf you do not configure this policy, users will be prompted when Web Components such as fonts would be downloaded.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "ValueName": "NoJITSetup", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "inetres.admx", "CategoryName": "AdvancedPage", "PolicyName": "Advanced_InstallOnDemand_Other", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SRVSP1ONLY - Only Internet Explorer 6.0 in Windows 2003 Service Pack 1", "DisplayName": "Allow Install On Demand (except Internet Explorer)", "ExplainText": "This policy setting allows you to manage whether users can download and install self-installing program files (non-Internet Explorer components) that are registered with Internet Explorer (such as Macromedia and Java) that are required in order to view web pages as intended.\n\nIf you enable this policy setting, non-Internet Explorer components will be automatically installed as necessary.\n\nIf you disable this policy setting, users will be prompted when non-Internet Explorer components would be installed.\n\nIf you do not configure this policy setting, non-Internet Explorer components will be automatically installed as necessary.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "ValueName": "NoWebJITSetup", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "inetres.admx", "CategoryName": "AdvancedPage", "PolicyName": "Advanced_InternetExplorerUpdates", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SRVSP1_NONVISTA - At least Internet Explorer 6.0 in Windows 2003 Service Pack 1. Not supported on Windows Vista", "DisplayName": "Automatically check for Internet Explorer updates", "ExplainText": "This policy setting allows you to manage whether Internet Explorer checks the Internet for newer versions. When Internet Explorer is set to do this, the checks occur approximately every 30 days, and users are prompted to install new versions as they become available.\n\nIf you enable this policy setting, Internet Explorer checks the Internet for a new version approximately every 30 days and prompts the user to download new versions when they are available.\n\nIf you disable this policy setting, Internet Explorer does not check the Internet for new versions of the browser, so does not prompt users to install them.\n\nIf you do not configure this policy setting, Internet Explorer does not check the Internet for new versions of the browser, so does not prompt users to install them.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "ValueName": "NoUpdateCheck", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "inetres.admx", "CategoryName": "AdvancedPage", "PolicyName": "Advanced_InvalidSignatureBlock", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow software to run or install even if the signature is invalid", "ExplainText": "This policy setting allows you to manage whether software, such as ActiveX controls and file downloads, can be installed or run by the user even though the signature is invalid. An invalid signature might indicate that someone has tampered with the file.\n\nIf you enable this policy setting, users will be prompted to install or run files with an invalid signature.\n\nIf you disable this policy setting, users cannot run or install files with an invalid signature.\n\nIf you do not configure this policy, users can choose to run or install files with an invalid signature.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Download", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Download" ], "ValueName": "RunInvalidSignatures", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "AdvancedPage", "PolicyName": "Advanced_PlayAnimations", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SRVSP1 - At least Internet Explorer 6.0 in Windows 2003 Service Pack 1", "DisplayName": "Play animations in web pages", "ExplainText": "This policy setting allows you to manage whether Internet Explorer will display animated pictures found in Web content. Generally only animated GIF files are affected by this setting; active Web content such as java applets are not.\n\nIf you enable this policy setting, Internet Explorer will play animated pictures found in Web content.\n\nIf you disable this policy setting, Internet Explorer will not play or download animated pictures, helping pages display more quickly.\n\nIf you do not configure this policy setting, Internet Explorer will play animated pictures found in Web content.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "ValueName": "Play_Animations", "Elements": [ { "Type": "EnabledValue", "Data": "yes" }, { "Type": "DisabledValue", "Data": "no" } ] }, { "File": "inetres.admx", "CategoryName": "AdvancedPage", "PolicyName": "Advanced_PlaySounds", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SRVSP1 - At least Internet Explorer 6.0 in Windows 2003 Service Pack 1", "DisplayName": "Play sounds in web pages", "ExplainText": "This policy setting allows you to manage whether Internet Explorer will play sounds found in web content. Generally only sound files such as MIDI files are affected by this setting; active Web content such as java applets are not.\n\nIf you enable this policy setting, Internet Explorer will play sounds found in Web content.\n\nIf you disable this policy setting, Internet Explorer will not play or download sounds in Web content, helping pages display more quickly.\n\nIf you enable this policy setting, Internet Explorer will play sounds found in Web content.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "ValueName": "Play_Background_Sounds", "Elements": [ { "Type": "EnabledValue", "Data": "yes" }, { "Type": "DisabledValue", "Data": "no" } ] }, { "File": "inetres.admx", "CategoryName": "AdvancedPage", "PolicyName": "Advanced_PlayVideos", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SRVSP1ONLY - Only Internet Explorer 6.0 in Windows 2003 Service Pack 1", "DisplayName": "Play videos in web pages", "ExplainText": "This policy setting allows you to manage whether Internet Explorer will display videos found in Web content. Generally only embedded video files are affected by this setting; active Web content such as java applets are not.\n\nIf you enable this policy setting, Internet Explorer will play videos found in Web content.\n\nIf you disable this policy setting, Internet Explorer will not play or download videos, helping pages display more quickly.\n\nIf you do not configure this policy setting, Internet Explorer will play videos found in Web content.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "ValueName": "Display Inline Videos", "Elements": [ { "Type": "EnabledValue", "Data": "yes" }, { "Type": "DisabledValue", "Data": "no" } ] }, { "File": "inetres.admx", "CategoryName": "AdvancedPage", "PolicyName": "Advanced_ProfileAssistant", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SRVSP1ONLY - Only Internet Explorer 6.0 in Windows 2003 Service Pack 1", "DisplayName": "Turn off Profile Assistant", "ExplainText": "This policy setting specifies whether you will accept requests from Web sites for Profile Assistant information.\n\nIf you enable this policy setting, Profile Assistant information will not be provided, and users will not be prompted to provide information.\n\nIf you disable this policy setting, then when a Web site requests Profile Assistant information, users will be prompted to choose which information to share. At that time, users can also choose to allow this information to be shared with the Web site in the future without being prompted.\n\nIf you do not configure this policy setting, a user will have the freedom to accept requests from Web sites for Profile Assistant information.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Security\\P3Global", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Security\\P3Global" ], "ValueName": "Enabled", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "inetres.admx", "CategoryName": "AdvancedPage", "PolicyName": "Advanced_SaveEncryptedPages", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SRVSP1 - At least Internet Explorer 6.0 in Windows 2003 Service Pack 1", "DisplayName": "Do not save encrypted pages to disk", "ExplainText": "This policy setting allows you to manage whether Internet Explorer will save encrypted pages that contain secure (HTTPS) information such as passwords and credit card numbers to the Internet Explorer cache, which may be insecure.\n\nIf you enable this policy setting, Internet Explorer will not save encrypted pages containing secure (HTTPS) information to the cache.\n\nIf you disable this policy setting, Internet Explorer will save encrypted pages containing secure (HTTPS) information to the cache.\n\nIf you do not configure this policy, Internet Explorer will save encrypted pages containing secure (HTTPS) information to the cache.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings" ], "ValueName": "DisableCachingOfSSLPages", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "AdvancedPage", "PolicyName": "Advanced_TemporaryInternetFiles", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SRVSP1 - At least Internet Explorer 6.0 in Windows 2003 Service Pack 1", "DisplayName": "Empty Temporary Internet Files folder when browser is closed", "ExplainText": "This policy setting allows you to manage whether Internet Explorer deletes the contents of the Temporary Internet Files folder after all browser windows are closed. This protects against storing dangerous files on the computer, or storing sensitive files that other users could see, in addition to managing total disk space usage.\n\nIf you enable this policy setting, Internet Explorer will delete the contents of the user's Temporary Internet Files folder when all browser windows are closed.\n\nIf you disable this policy setting, Internet Explorer will not delete the contents of the user's Temporary Internet Files folder when browser windows are closed.\n\nIf you do not configure this policy, Internet Explorer will not delete the contents of the Temporary Internet Files folder when browser windows are closed.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Cache", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Cache" ], "ValueName": "Persistent", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "inetres.admx", "CategoryName": "InternetCPL_Content", "PolicyName": "Content_ShowContentAdvisor", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE10 - At least Internet Explorer 10.0", "DisplayName": "Show Content Advisor on Internet Options", "ExplainText": "This policy setting shows the Content Advisor setting on the Content tab of the Internet Options dialog box.\n\nIf you enable this policy setting, Internet Explorer displays the Content Advisor setting on the Content tab of the Internet Options dialog box. Users can change Content Advisor settings.\n\nIf you disable or do not configure this policy setting, Internet Explorer does not display the Content Advisor setting on the Content tab of the Internet Options dialog box.\n\nNote: This policy is no longer supported starting with Windows 10 Version 1607.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "ValueName": "ShowContentAdvisor", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "AutoCompleteCat", "PolicyName": "AutoComplete", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn on inline AutoComplete", "ExplainText": "This policy setting allows you to turn on inline AutoComplete in Internet Explorer and File Explorer. The AutoComplete feature provides suggestions for what the user types by automatically completing the address or command with the closest match.\n\nIf you enable this policy setting, inline AutoComplete is turned on. The user cannot turn it off.\n\nIf you disable this policy setting, inline AutoComplete is turned off. The user cannot turn it on.\n\nIf you do not configure this policy setting, the user can turn on or turn off inline AutoComplete.\n\nBy default, inline AutoComplete is turned off for Windows Vista, Windows 7, Internet Explorer 7, and Internet Explorer 8. By default, inline AutoComplete is turned on for Internet Explorer 9.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoComplete" ], "ValueName": "Append Completion", "Elements": [ { "Type": "EnabledValue", "Data": "yes" }, { "Type": "DisabledValue", "Data": "no" } ] }, { "File": "inetres.admx", "CategoryName": "AutoCompleteCat", "PolicyName": "AutoCompleteIntegrated", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE4ONLY - Only Internet Explorer 4.0", "DisplayName": "Turn off inline AutoComplete in File Explorer", "ExplainText": "This policy setting let you turn off Inline AutoComplete in File Explorer. Inline AutoComplete provides suggestions for what you type by automatically completing the command inline with the closest match. By default, this functionality is turned on in File Explorer.\n\nIf you enable this policy setting, Inline AutoComplete for File Explorer is turned off. The user cannot turn it on.\n\nIf you disable this policy setting, Inline AutoComplete for File Explorer is turned on. The user cannot turn it off.\n\nIf you do not configure this policy setting, a user will have the freedom to turn on or off Inline AutoComplete for File Explorer.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoComplete" ], "ValueName": "Use AutoComplete", "Elements": [ { "Type": "EnabledValue", "Data": "no" }, { "Type": "DisabledValue", "Data": "yes" } ] }, { "File": "inetres.admx", "CategoryName": "Browsing", "PolicyName": "UseIntranetSiteForOneWordEntry", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE9 - At least Internet Explorer 9.0", "DisplayName": "Go to an intranet site for a one-word entry in the Address bar", "ExplainText": "This policy allows the user to go directly to an intranet site for a one-word entry in the Address bar.\n\nIf you enable this policy setting, Internet Explorer goes directly to an intranet site for a one-word entry in the Address bar, if it is available.\n\nIf you disable or do not configure this policy setting, Internet Explorer does not go directly to an intranet site for a one-word entry in the Address bar.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "ValueName": "GotoIntranetSiteForSingleWordEntry", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "Browsing", "PolicyName": "DisableDebugger", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn on script debugging", "ExplainText": "This policy setting allows you to turn on your script debugger, if one is installed. Website developers use script debuggers to test programs and scripts on their webpages. You can use the script debugger to browse, edit, and debug .htm and .asp files that contain Microsoft Visual Basic Scripting Edition (VBScript) or Microsoft JScript.\n\nIf you enable this policy setting, script debugging is turned on. The user cannot turn off script debugging.\n\nIf you disable this policy setting, script debugging is turned off. The user cannot turn on script debugging.\n\nIf you do not configure this policy setting, the user can turn on or turn off script debugging.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "ValueName": "Disable Script Debugger", "Elements": [ { "Type": "EnabledValue", "Data": "no" }, { "Type": "DisabledValue", "Data": "yes" } ] }, { "File": "inetres.admx", "CategoryName": "Browsing", "PolicyName": "FriendlyErrorText", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn off details in messages about Internet connection problems", "ExplainText": "This policy setting specifies whether, when there is a problem connecting with an Internet server, to provide a detailed description with hints about how to correct the problem. If you clear this check box, the user sees only the error code and the name of the error.\n\nIf you enable this policy setting, when there is a problem connecting with an Internet server, the user does not see a detailed description or hints about how to correct the problem. The user cannot change this policy setting.\n\nIf you disable this policy setting, when there is a problem connecting with an Internet server, the user sees a detailed description with hints about how to correct the problem. The user cannot change this policy setting.\n\nIf you do not configure this policy setting, the user can turn on or turn off details in these error messages.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "ValueName": "Friendly http errors", "Elements": [ { "Type": "EnabledValue", "Data": "no" }, { "Type": "DisabledValue", "Data": "yes" } ] }, { "File": "inetres.admx", "CategoryName": "Browsing", "PolicyName": "PageTransitions", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5_8 - Only Internet Explorer 5.0 through Internet Explorer 8.0", "DisplayName": "Turn off page transitions", "ExplainText": "This policy setting specifies if, as you move from one Web page to another, Internet Explorer fades out of the page you are leaving and fades into the page to which you are going.\n\nIf you enable this policy setting, page transitions will be turned off. The user cannot change this behavior.\n\nIf you disable this policy setting, page transitions will be turned on. The user cannot change this behavior.\n\nIf you do not configure this policy setting, the user can turn on or off page transitions.\n\nThis feature only applies to versions of Internet Explorer up to and including Internet Explorer 8.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "ValueName": "Page_Transitions", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "inetres.admx", "CategoryName": "Browsing", "PolicyName": "ScriptErrorCache", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn on the display of script errors", "ExplainText": "This policy setting specifies whether to display script errors when a page does not appear properly because of problems with its scripting. This feature is off by default, but it is useful to developers when they are testing webpages.\n\nIf you enable this policy setting, the user is shown script errors when a page does not appear properly because of problems with its scripting. The user cannot change this policy setting.\n\nIf you disable this policy setting, the user is not shown script errors when a page does not appear properly because of problems with its scripting. The user cannot change this policy setting.\n\nIf you do not configure this policy setting, the user can turn on or turn off the display of script errors.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "ValueName": "Error Dlg Displayed On Every Error", "Elements": [ { "Type": "EnabledValue", "Data": "yes" }, { "Type": "DisabledValue", "Data": "no" } ] }, { "File": "inetres.admx", "CategoryName": "Browsing", "PolicyName": "SmoothScrolling", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn off smooth scrolling", "ExplainText": "This policy setting specifies whether smooth scrolling is used to display content at a predefined speed.\n\nIf you enable this policy setting, smooth scrolling is turned off. The user cannot turn on smooth scrolling.\n\nIf you disable this policy setting, smooth scrolling is turned on. The user cannot turn off smooth scrolling.\n\nIf you do not configure this policy setting, the user can hide or show the button to open Microsoft Edge from Internet Explorer.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "ValueName": "SmoothScroll", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "inetres.admx", "CategoryName": "Browsing", "PolicyName": "HideNewEdgeButton", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11WIN10_1703 - At least Internet Explorer 11.0 on Windows 10, version 1703 or later", "DisplayName": "Hide the button (next to the New Tab button) that opens Microsoft Edge", "ExplainText": "This policy setting allows you to manage if users can see the button (next to the New Tab button) that opens Microsoft Edge.\n\nIf you enable this policy setting, the button to open Microsoft Edge from Internet Explorer will be hidden.\n\nIf you disable this policy setting, the button to open Microsoft Edge from Internet Explorer will be shown.\n\nIf you do not configure this policy setting, the button to open Microsoft Edge from Internet Explorer can be configured by the user.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "ValueName": "HideNewEdgeButton", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "Browsing", "PolicyName": "UnderlineLinksPol", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn off configuring underline links", "ExplainText": "This policy setting specifies how you want links on webpages to be underlined.\n\nIf you enable this policy setting, a user cannot choose when to underline links. You must specify when to underline links:\n\u2022 Always\n\u2022 Never\n\u2022 Hover (when the mouse pointer pauses on a link)\n\nIf you disable or do not configure this policy setting, the user can choose when to underline links.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "Elements": [ { "Type": "Enum", "ValueName": "Anchor Underline", "Items": [ { "DisplayName": "Always", "Data": "yes" }, { "DisplayName": "Never", "Data": "no" }, { "DisplayName": "Hover", "Data": "hover" } ] } ] }, { "File": "inetres.admx", "CategoryName": "Browsing", "PolicyName": "TurnOffFormatDetectionPhone", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11 - At least Internet Explorer 11.0", "DisplayName": "Turn off phone number detection", "ExplainText": "This policy setting determines whether phone numbers are recognized and turned into hyperlinks, which can be used to invoke the default phone application on the system.\n\nIf you enable this policy setting, phone number detection is turned off. Users won't be able to modify this setting.\n\nIf you disable this policy setting, phone number detection is turned on. Users won't be able to modify this setting.\n\nIf you don't configure this policy setting, users can turn this behavior on or off, using Internet Explorer settings. The default is on.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FormatDetection", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FormatDetection" ], "ValueName": "PhoneNumberEnabled", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "inetres.admx", "CategoryName": "Channels", "PolicyName": "MaxSubscription", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5_6 - Only Internet Explorer 5.0 and Internet Explorer 6.0", "DisplayName": "Subscription Limits", "ExplainText": "Restricts the amount of information downloaded for offline viewing.\n\nIf you enable this policy, you can set limits to the size and number of pages that users can download. If users attempt to exceed the number of subscriptions, a prompt will appear that states that they cannot set up more Web sites for offline viewing.\n\nIf you disable this policy or do not configure it, then users can determine the amount of content that is searched for new information and downloaded.\n\nCaution: Although the Maximum Number of Offline Pages option determines how many levels of a Web site are searched for new information, it does not change the user interface in the Offline Favorites wizard.\n\nNote: The begin and end times for downloading are measured in minutes after midnight. The Maximum Offline Page Crawl Depth setting specifies how many levels of a Web site are searched for new information.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Infodelivery\\Restrictions" ], "Elements": [ { "Type": "Decimal", "ValueName": "MaxSubscriptionSize", "MinValue": "0", "MaxValue": null }, { "Type": "Decimal", "ValueName": "MaxSubscriptionCount", "MinValue": "0", "MaxValue": null }, { "Type": "Decimal", "ValueName": "MinUpdateInterval", "MinValue": "0", "MaxValue": null }, { "Type": "Decimal", "ValueName": "UpdateExcludeBegin", "MinValue": "0", "MaxValue": "1440" }, { "Type": "Decimal", "ValueName": "UpdateExcludeEnd", "MinValue": "0", "MaxValue": "1440" }, { "Type": "Enum", "ValueName": "MaxWebcrawlLevels", "Items": [ { "DisplayName": "0", "Data": "1" }, { "DisplayName": "1", "Data": "2" }, { "DisplayName": "2", "Data": "3" }, { "DisplayName": "3", "Data": "4" } ] } ] }, { "File": "inetres.admx", "CategoryName": "Channels", "PolicyName": "NoAddingChannels", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5_6 - Only Internet Explorer 5.0 and Internet Explorer 6.0", "DisplayName": "Disable adding channels", "ExplainText": "Prevents users from adding channels to Internet Explorer.\n\nChannels are Web sites that are updated automatically on your computer, according to a schedule specified by the channel provider.\n\nIf you enable this policy, the Add Active Channel button, which appears on a channel that users haven't yet subscribed to, will be disabled. Users also cannot add content that is based on a channel, such as some of the Active Desktop items from Microsoft's Active Desktop Gallery, to their desktop.\n\nIf you disable this policy or do not configure it, users can add channels to the Channel bar or to their desktop.\n\nNote: Most channel providers use the words Add Active Channel for this option; however, a few use different words, such as Subscribe.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Infodelivery\\Restrictions" ], "ValueName": "NoAddingChannels", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "Channels", "PolicyName": "NoAddingSubscriptions", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5_6 - Only Internet Explorer 5.0 and Internet Explorer 6.0", "DisplayName": "Disable adding schedules for offline pages", "ExplainText": "Prevents users from specifying that Web pages can be downloaded for viewing offline. When users make Web pages available for offline viewing, they can view the content when their computer is not connected to the Internet.\n\nIf you enable this policy, users cannot add new schedules for downloading offline content. The Make Available Offline check box will be dimmed in the Add Favorite dialog box.\n\nIf you disable this policy or do not configure it, users can add new offline content schedules.\n\nThis policy is intended for organizations that are concerned about server load for downloading content.\n\nThe \"Hide Favorites menu\" policy (located in User Configuration\\Administrative Templates\\Windows Components\\Internet Explorer) takes precedence over this policy. If it is enabled, this policy is ignored.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Infodelivery\\Restrictions" ], "ValueName": "NoAddingSubscriptions", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "Channels", "PolicyName": "NoChannelLogging", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5_6 - Only Internet Explorer 5.0 and Internet Explorer 6.0", "DisplayName": "Disable offline page hit logging", "ExplainText": "Prevents channel providers from recording information about when their channel pages are viewed by users who are working offline.\n\nIf you enable this policy, it disables any channel logging settings set by channel providers in the channel definition format (.cdf) file. The .cdf file determines the schedule and other settings for downloading Web content.\n\nIf you disable this policy or do not configure it, channel providers can record information about when their channel pages are viewed by users who are working offline.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Infodelivery\\Restrictions" ], "ValueName": "NoChannelLogging", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "Channels", "PolicyName": "NoChannelUI", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5_6 - Only Internet Explorer 5.0 and Internet Explorer 6.0", "DisplayName": "Disable channel user interface completely", "ExplainText": "Prevents users from viewing the Channel bar interface. Channels are Web sites that are automatically updated on their computer according to a schedule specified by the channel provider.\n\nIf you enable this policy, the Channel bar interface will be disabled, and users cannot select the Internet Explorer Channel Bar check box on the Web tab in the Display Properties dialog box.\n\nIf you disable this policy or do not configure it, users can view and subscribe to channels from the Channel bar interface.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Infodelivery\\Restrictions" ], "ValueName": "NoChannelUI", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "Channels", "PolicyName": "NoEditingScheduleGroups", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5_6 - Only Internet Explorer 5.0 and Internet Explorer 6.0", "DisplayName": "Disable editing and creating of schedule groups", "ExplainText": "Prevents users from adding, editing, or removing schedules for offline viewing of Web pages and groups of Web pages that users have subscribed to.\n\nA subscription group is a favorite Web page plus the Web pages it links to.\n\nIf you enable this policy, the Add, Remove, and Edit buttons on the Schedule tab in the Web page Properties dialog box are dimmed. To display this tab, users click the Tools menu, click Synchronize, select a Web page, click the Properties button, and then click the Schedule tab.\n\nIf you disable this policy or do not configure it, users can add, remove, and edit schedules for Web sites and groups of Web sites.\n\nThe \"Disable editing schedules for offline pages\" policy and the \"Hide Favorites menu\" policy (located in User Configuration\\Administrative Templates\\Windows Components\\Internet Explorer) take precedence over this policy. If either policy is enabled, this policy is ignored.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Infodelivery\\Restrictions" ], "ValueName": "NoEditingScheduleGroups", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "Channels", "PolicyName": "NoEditingSubscriptions", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5_6 - Only Internet Explorer 5.0 and Internet Explorer 6.0", "DisplayName": "Disable editing schedules for offline pages", "ExplainText": "Prevents users from editing an existing schedule for downloading Web pages for offline viewing.\n\nWhen users make Web pages available for offline viewing, they can view content when their computer is not connected to the Internet.\n\nIf you enable this policy, users cannot display the schedule properties of pages that have been set up for offline viewing. If users click the Tools menu, click Synchronize, select a Web page, and then click the Properties button, no properties are displayed. Users do not receive an alert stating that the command is unavailable.\n\nIf you disable this policy or do not configure it, users can edit an existing schedule for downloading Web content for offline viewing.\n\nThis policy is intended for organizations that are concerned about server load for downloading content.\n\nThe \"Hide Favorites menu\" policy (located in User Configuration\\Administrative Templates\\Windows Components\\Internet Explorer) takes precedence over this policy. If it is enabled, this policy is ignored.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Infodelivery\\Restrictions" ], "ValueName": "NoEditingSubscriptions", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "Channels", "PolicyName": "NoRemovingChannels", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5_6 - Only Internet Explorer 5.0 and Internet Explorer 6.0", "DisplayName": "Disable removing channels", "ExplainText": "Prevents users from disabling channel synchronization in Microsoft Internet Explorer.\n\nChannels are Web sites that are automatically updated on your computer according to a schedule specified by the channel provider.\n\nIf you enable this policy, users cannot prevent channels from being synchronized.\n\nIf you disable this policy or do not configure it, users can disable the synchronization of channels.\n\nThis policy is intended to help administrators ensure that users' computers are being updated uniformly across their organization.\n\nNote: This policy does not prevent users from removing active content from the desktop interface.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Infodelivery\\Restrictions" ], "ValueName": "NoRemovingChannels", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "Channels", "PolicyName": "NoRemovingSubscriptions", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5_6 - Only Internet Explorer 5.0 and Internet Explorer 6.0", "DisplayName": "Disable removing schedules for offline pages", "ExplainText": "Prevents users from clearing the preconfigured settings for Web pages to be downloaded for offline viewing.\n\nWhen users make Web pages available for offline viewing, they can view content when their computer is not connected to the Internet.\n\nIf you enable this policy, the Make Available Offline check box in the Organize Favorites Favorite dialog box and the Make This Page Available Offline check box will be selected but dimmed. To display the Make This Page Available Offline check box, users click the Tools menu, click Synchronize, and then click the Properties button.\n\nIf you disable this policy or do not configure it, users can remove the preconfigured settings for pages to be downloaded for offline viewing.\n\nThis policy is intended for organizations that are concerned about server load for downloading content.\n\nThe \"Hide Favorites menu\" policy (located in User Configuration\\Administrative Templates\\Windows Components\\Internet Explorer) takes precedence over this policy. If it is enabled, this policy is ignored.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Infodelivery\\Restrictions" ], "ValueName": "NoRemovingSubscriptions", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "Channels", "PolicyName": "NoScheduledUpdates", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5_6 - Only Internet Explorer 5.0 and Internet Explorer 6.0", "DisplayName": "Disable all scheduled offline pages", "ExplainText": "Disables existing schedules for downloading Web pages for offline viewing.\n\nWhen users make Web pages available for offline viewing, they can view content when their computer is not connected to the Internet.\n\nIf you enable this policy, the check boxes for schedules on the Schedule tab of the Web page properties are cleared and users cannot select them. To display this tab, users click the Tools menu, click Synchronize, select a Web page, click the Properties button, and then click the Schedule tab.\n\nIf you disable this policy, then Web pages can be updated on the schedules specified on the Schedule tab.\n\nThis policy is intended for organizations that are concerned about server load for downloading content.\n\nThe \"Hide Favorites menu\" policy (located in User Configuration\\Administrative Templates\\Windows Components\\Internet Explorer) takes precedence over this policy. If it is enabled, this policy is ignored.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Infodelivery\\Restrictions" ], "ValueName": "NoScheduledUpdates", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "Channels", "PolicyName": "NoSubscriptionContent", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5_6 - Only Internet Explorer 5.0 and Internet Explorer 6.0", "DisplayName": "Disable downloading of site subscription content", "ExplainText": "Prevents content from being downloaded from Web sites that users have subscribed to.\n\nWhen users make Web pages available for offline viewing, they can view content when their computer is not connected to the Internet.\n\nIf you enable this policy, content will not be downloaded from Web sites that users have subscribed to. However, synchronization with the Web pages will still occur to determine if any content has been updated since the last time the user synchronized with or visited the page.\n\nIf you disable this policy or do not configure it, content will not be prevented from being downloaded.\n\nThe \"Disable downloading of site subscription content\" policy and the \"Hide Favorites menu\" policy (located in User Configuration\\Administrative Templates\\Windows Components\\Internet Explorer) take precedence over this policy. If either policy is enabled, this policy is ignored.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Infodelivery\\Restrictions" ], "ValueName": "NoSubscriptionContent", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "CodeDownload", "PolicyName": "CodeDownloadPol", "Class": "Machine", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Prevent specifying the code download path for each computer", "ExplainText": "This policy setting prevents the user from specifying the code download path for each computer. The Internet Component Download service exposes a function that is called by an application to download, verify, and install code for an Object Linking and Embedding (OLE) component.\n\nIf you enable this policy setting, the user cannot specify the download path for the code. You must specify the download path.\n\nIf you disable or do not configure this policy setting, the user can specify the download path for the code.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings" ], "Elements": [ { "Type": "Text", "ValueName": "CodeBaseSearchPath" } ] }, { "File": "inetres.admx", "CategoryName": "DisplaySettings", "PolicyName": "FontSize", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Prevent choosing default text size", "ExplainText": "This policy setting prevents the user from choosing the default text size in Internet Explorer.\n\nIf you enable this policy setting, the user cannot choose the default text size in Internet Explorer. You must specify the default text size:\n\u2022 Largest\n\u2022 Larger\n\u2022 Medium\n\u2022 Smaller\n\u2022 Smallest\n\nIf you disable or do not configure this policy setting, the user can choose the default text size in Internet Explorer.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions" ], "ValueName": "NoDefaultTextSize", "Elements": [ { "Type": "Enum", "ValueName": "IEFontSize", "Items": [ { "DisplayName": "Largest", "Data": "4" }, { "DisplayName": "Larger", "Data": "3" }, { "DisplayName": "Medium", "Data": "2" }, { "DisplayName": "Smaller", "Data": "1" }, { "DisplayName": "Smallest", "Data": "0" } ], "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\International\\Scripts" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "EnabledList", "ValueName": "ResetTextSizeOnStartup", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Zoom" ], "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "InternetCPL", "PolicyName": "ControlPanel_RestrictAdvancedTab", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Disable the Advanced page", "ExplainText": "Removes the Advanced tab from the interface in the Internet Options dialog box.\n\nIf you enable this policy, users are prevented from seeing and changing advanced Internet settings, such as security, multimedia, and printing.\n\nIf you disable this policy or do not configure it, users can see and change these settings.\n\nWhen you set this policy, you do not need to set the \"Disable changing Advanced page settings\" policy (located in \\User Configuration\\Administrative Templates\\Windows Components\\Internet Explorer\\), because this policy removes the Advanced tab from the interface.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel" ], "ValueName": "AdvancedTab", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "InternetCPL", "PolicyName": "ControlPanel_RestrictConnectionsTab", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Disable the Connections page", "ExplainText": "Removes the Connections tab from the interface in the Internet Options dialog box.\n\nIf you enable this policy, users are prevented from seeing and changing connection and proxy settings.\n\nIf you disable this policy or do not configure it, users can see and change these settings.\n\nWhen you set this policy, you do not need to set the following policies for the Content tab, because this policy removes the Connections tab from the interface:\n\n\"Disable Internet Connection Wizard\"\n\n\"Disable changing connection settings\"\n\n\"Prevent changing proxy settings\"\n\n\"Disable changing Automatic Configuration settings\"", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel" ], "ValueName": "ConnectionsTab", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "InternetCPL", "PolicyName": "ControlPanel_RestrictContentTab", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Disable the Content page", "ExplainText": "If you enable this policy setting, users are prevented from seeing and changing ratings, certificates, AutoComplete, Wallet, and Profile Assistant settings.\n\nIf you disable this policy or do not configure it, users can see and change these settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel" ], "ValueName": "ContentTab", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "InternetCPL", "PolicyName": "ControlPanel_RestrictGeneralTab", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Disable the General page", "ExplainText": "Removes the General tab from the interface in the Internet Options dialog box.\n\nIf you enable this policy, users are unable to see and change settings for the home page, the cache, history, Web page appearance, and accessibility.\n\nIf you disable this policy or do not configure it, users can see and change these settings.\n\nWhen you set this policy, you do not need to set the following Internet Explorer policies (located in \\User Configuration\\Administrative Templates\\Windows Components\\Internet Explorer\\), because this policy removes the General tab from the interface:\n\n\"Disable changing home page settings\"\n\n\"Disable changing Temporary Internet files settings\"\n\n\"Disable changing history settings\"\n\n\"Disable changing color settings\"\n\n\"Disable changing link color settings\"\n\n\"Disable changing font settings\"\n\n\"Disable changing language settings\"\n\n\"Disable changing accessibility settings\"", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel" ], "ValueName": "GeneralTab", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "InternetCPL", "PolicyName": "ControlPanel_RestrictPrivacyTab", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Disable the Privacy page", "ExplainText": "Removes the Privacy tab from the interface in the Internet Options dialog box.\n\nIf you enable this policy, users are prevented from seeing and changing default settings for privacy.\n\nIf you disable this policy or do not configure it, users can see and change these settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel" ], "ValueName": "PrivacyTab", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "InternetCPL", "PolicyName": "ControlPanel_RestrictProgramsTab", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Disable the Programs page", "ExplainText": "Removes the Programs tab from the interface in the Internet Options dialog box.\n\nIf you enable this policy, users are prevented from seeing and changing default settings for Internet programs.\n\nIf you disable this policy or do not configure it, users can see and change these settings.\n\nWhen you set this policy, you do not need to set the following policies for the Programs tab, because this policy removes the Programs tab from the interface:\n\n\"Disable changing Messaging settings\"\n\n\"Disable changing Calendar and Contact settings\"\n\n\"Disable the Reset Web Settings feature\"\n\n\"Disable changing default browser check\"", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel" ], "ValueName": "ProgramsTab", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "InternetCPL", "PolicyName": "ControlPanel_RestrictSecurityTab", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Disable the Security page", "ExplainText": "Removes the Security tab from the interface in the Internet Options dialog box.\n\nIf you enable this policy, it prevents users from seeing and changing settings for security zones, such as scripting, downloads, and user authentication.\n\nIf you disable this policy or do not configure it, users can see and change these settings.\n\nWhen you set this policy, you do not need to set the following Internet Explorer policies, because this policy removes the Security tab from the interface:\n\n\"Security zones: Do not allow users to change policies\"\n\n\"Security zones: Do not allow users to add/delete sites\"", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel" ], "ValueName": "SecurityTab", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "InternetCPL", "PolicyName": "ControlPanel_SendIDNNames", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Send internationalized domain names", "ExplainText": "This policy setting allows you to manage whether Internet Explorer converts Unicode domain names to internationalized domain name (IDN) format (Punycode) before sending them to Domain Name System (DNS) servers or to proxy servers.\n\nIf you enable this policy setting, you must specify when IDN server names should be sent:\n0) Unicode domain names are never converted to IDN format.\n1) Unicode domain names are converted to IDN format only for addresses that are not in the Intranet zone.\n2) Unicode domain names are converted to IDN format only for addresses that are in the Intranet zone.\n3) Unicode domain names are always converted to IDN format.\n\nIf you disable or do not configure this policy setting, the user can control this setting by using Advanced Options in Internet Control Panel. By default, domain names are converted to IDN format only for addresses that are not in the Intranet zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings" ], "Elements": [ { "Type": "Enum", "ValueName": "EnablePunyCode", "Items": [ { "DisplayName": "Never convert to IDN format", "Data": "0" }, { "DisplayName": "Convert non-Intranet addresses to IDN format", "Data": "1" }, { "DisplayName": "Convert Intranet addresses to IDN format", "Data": "2" }, { "DisplayName": "Always convert to IDN format", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "AdvancedPage", "PolicyName": "ControlPanel_UTF8URLQuery", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11 - At least Internet Explorer 11.0", "DisplayName": "Turn off sending UTF-8 query strings for URLs", "ExplainText": "This policy setting determines whether Internet Explorer uses 8-bit Unicode Transformation Format (UTF-8) to encode query strings in URLs before sending them to servers or to proxy servers.\n\nIf you enable this policy setting, you must specify when to use UTF-8 to encode query strings:\n0) Never encode query strings.\n1) Only encode query strings for URLs that aren't in the Intranet zone.\n2) Only encode query strings for URLs that are in the Intranet zone.\n3) Always encode query strings.\n\nIf you disable or don't configure this policy setting, users can turn this behavior on or off, using Internet Explorer Advanced Options settings. The default is to encode all query strings in UTF-8.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel" ], "Elements": [ { "Type": "Enum", "ValueName": "UTF8URLQuery", "Items": [ { "DisplayName": "Never encode query strings in UTF-8", "Data": "0" }, { "DisplayName": "Encode query strings in UTF-8 only in non-Intranet URLs", "Data": "1" }, { "DisplayName": "Encode query strings in UTF-8 only in Intranet URLs", "Data": "2" }, { "DisplayName": "Always encode query strings in UTF-8", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "InternetCPL", "PolicyName": "ControlPanel_SendUTF8Query", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Use UTF-8 for mailto links", "ExplainText": "This policy setting allows you to manage whether Internet Explorer uses 8-bit Unicode Transformation Format (UTF-8) for mailto links.\n\nIf you enable this policy setting, Internet Explorer encodes mailto links in UTF-8.\n\nIf you disable or do not configure this policy setting, Internet Explorer sends mailto links encoded through the user's code page. This behavior matches the behavior of Internet Explorer 6 and earlier. The user can change this behavior on the Internet Explorer Tools menu: Click Internet Options, click the Advanced tab, and then under International, select the \"Use UTF-8 for mailto links\" check box.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Protocols\\Mailto", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Protocols\\Mailto" ], "ValueName": "UTF8Encoding", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "InternetCPL", "PolicyName": "NoCertError", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Prevent ignoring certificate errors", "ExplainText": "This policy setting prevents the user from ignoring Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate errors that interrupt browsing (such as \"expired\", \"revoked\", or \"name mismatch\" errors) in Internet Explorer.\n\nIf you enable this policy setting, the user cannot continue browsing.\n\nIf you disable or do not configure this policy setting, the user can choose to ignore certificate errors and continue browsing.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings" ], "ValueName": "PreventIgnoreCertErrors", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "Encoding", "PolicyName": "UTF8", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn off sending URL path as UTF-8", "ExplainText": "This policy setting specifies whether to use 8-bit Unicode Transformation Format (UTF-8), a standard that defines characters so they are readable in any language. By using UTF-8, you can exchange Internet addresses (URLs) that contain characters from any language.\n\nIf you enable this policy setting, Internet Explorer does not allow sending the path portion of URLs as UTF-8. The user cannot change this policy setting.\n\nIf you disable this policy setting, Internet Explorer allows sending the path portion of URLs as UTF-8. The user cannot change this policy setting.\n\nIf you do not configure this policy setting, the user can allow or prevent the sending of the path portion of URLs as UTF-8.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings" ], "ValueName": "UrlEncoding", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "GeneralColors", "PolicyName": "BackgroundColorPol", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Prevent specifying background color", "ExplainText": "This policy setting prevents the user from specifying the background color in Internet Explorer.\n\nIf you enable this policy setting, the user cannot specify the background color in Internet Explorer. You must specify the background color (for example: 192,192,192).\n\nIf you disable or do not configure this policy setting, the user can specify the background color in Internet Explorer.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Settings" ], "Elements": [ { "Type": "Text", "ValueName": "Background Color" } ] }, { "File": "inetres.admx", "CategoryName": "GeneralColors", "PolicyName": "TextColorPol", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Prevent specifying text color", "ExplainText": "This policy setting prevents the user from specifying the text color in Internet Explorer.\n\nIf you enable this policy setting, the user cannot specify the text color in Internet Explorer. You must specify the text color (for example: 192,192,192).\n\nIf you disable or do not configure this policy setting, the user can specify the text color in Internet Explorer.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Settings" ], "Elements": [ { "Type": "Text", "ValueName": "Text Color" } ] }, { "File": "inetres.admx", "CategoryName": "GeneralColors", "PolicyName": "UseWindowsColors", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Prevent the use of Windows colors", "ExplainText": "This policy setting prevents the user from using Windows colors as a part of the display settings.\n\nIf you enable this policy setting, Windows colors are turned off. The user cannot turn them on.\n\nIf you disable this policy setting, Windows colors are turned on. The user cannot turn them off.\n\nIf you do not configure this policy setting, the user can turn on or turn off Windows colors for display.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "ValueName": "Use_DlgBox_Colors", "Elements": [ { "Type": "EnabledValue", "Data": "no" }, { "Type": "DisabledValue", "Data": "yes" } ] }, { "File": "inetres.admx", "CategoryName": "HelpAbout128", "PolicyName": "HelpAbout128Pol", "Class": "Machine", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Prevent specifying cipher strength update information URLs", "ExplainText": "This policy setting prevents the user from specifying a URL that contains update information about cipher strength. When the user logs on to a secure page, the page cannot grant access unless the Internet browser connects with a prespecified encryption. To ensure that the browser meets this requirement, this policy setting allows you to specify the URL to update the browser security setting.\n\nIf you enable this policy setting, the user cannot specify the cipher strength update information URL. You must specify the cipher strength update information URL.\n\nIf you disable or do not configure this policy setting, the user can specify the cipher strength update information URL.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "Elements": [ { "Type": "Text", "ValueName": "IEAKUpdateUrl", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion" ] } ] }, { "File": "inetres.admx", "CategoryName": "ICWSettings", "PolicyName": "ICWComplete", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7_NONVISTA - At least Internet Explorer 7.0. Not supported on Windows Vista", "DisplayName": "Start the Internet Connection Wizard automatically", "ExplainText": "This policy setting determines whether the Internet Connection Wizard was completed. If the Internet Connection Wizard was not completed, this policy setting starts the wizard automatically.\n\nIf you enable this policy setting, the Internet Connection Wizard starts automatically if it was not completed before. The user cannot prevent the wizard from starting.\n\nIf you disable this policy setting, the Internet Connection Wizard does not start automatically. The user can start the wizard manually.\n\nIf you do not configure this policy setting, the user can decide whether the Internet Connection Wizard should start automatically.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Connection Wizard" ], "ValueName": "DisableICW", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_AddOnManagement", "PolicyName": "VerMgmtAuditModeEnable", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Turn on ActiveX control logging in Internet Explorer", "ExplainText": "This policy setting determines whether Internet Explorer saves log information for ActiveX controls.\n\nIf you enable this policy setting, Internet Explorer logs ActiveX control information (including the source URI that loaded the control and whether it was blocked) to a local file.\n\nIf you disable or don't configure this policy setting, Internet Explorer won't log ActiveX control information.\n\nNote that you can turn this policy setting on or off regardless of the \"Turn off blocking of outdated ActiveX controls for Internet Explorer\" or \"Turn off blocking of outdated ActiveX controls for Internet Explorer on specific domains\" policy settings.\n\nFor more information, see \"Outdated ActiveX Controls\" in the Internet Explorer TechNet library.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Ext", "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Ext" ], "ValueName": "AuditModeEnabled", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_AddOnManagement", "PolicyName": "VersionListAutomaticDownloadDisable", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Turn off automatic download of the ActiveX VersionList", "ExplainText": "This setting determines whether IE automatically downloads updated versions of Microsoft\u2019s VersionList.XML. IE uses this file to determine whether an ActiveX control should be stopped from loading.\n\nIf you enable this setting, IE stops downloading updated versions of VersionList.XML. Turning off this automatic download breaks the out-of-date ActiveX control blocking feature by not letting the version list update with newly outdated controls, potentially compromising the security of your computer.\n\nIf you disable or don't configure this setting, IE continues to download updated versions of VersionList.XML.\n\nFor more information, see \"Out-of-date ActiveX control blocking\" in the Internet Explorer TechNet library.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Internet Explorer\\VersionManager" ], "ValueName": "DownloadVersionList", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_AddOnManagement", "PolicyName": "VerMgmtDisableRunThisTime", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Remove \"Run this time\" button for outdated ActiveX controls in Internet Explorer", "ExplainText": "This policy setting allows you to stop users from seeing the \"Run this time\" button and from running specific outdated ActiveX controls in Internet Explorer.\n\nIf you enable this policy setting, users won't see the \"Run this time\" button on the warning message that appears when Internet Explorer blocks an outdated ActiveX control.\n\nIf you disable or don't configure this policy setting, users will see the \"Run this time\" button on the warning message that appears when Internet Explorer blocks an outdated ActiveX control. Clicking this button lets the user run the outdated ActiveX control once.\n\nFor more information, see \"Outdated ActiveX Controls\" in the Internet Explorer TechNet library.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Ext", "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Ext" ], "ValueName": "RunThisTimeEnabled", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_AddOnManagement", "PolicyName": "VerMgmtDomainAllowlist", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Turn off blocking of outdated ActiveX controls for Internet Explorer on specific domains", "ExplainText": "This policy setting allows you to manage a list of domains on which Internet Explorer will stop blocking outdated ActiveX controls. Outdated ActiveX controls are never blocked in the Intranet Zone.\n\nIf you enable this policy setting, you can enter a custom list of domains for which outdated ActiveX controls won't be blocked in Internet Explorer. Each domain entry must be formatted like one of the following:\n\n1. \"domain.name.TLD\". For example, if you want to include *.contoso.com/*, use \"contoso.com\"\n2. \"hostname\". For example, if you want to include http://example, use \"example\"\n3. \"file:///path/filename.htm\". For example, use \"file:///C:/Users/contoso/Desktop/index.htm\"\n\nIf you disable or don't configure this policy setting, the list is deleted and Internet Explorer continues to block specific outdated ActiveX controls on all domains in the Internet Zone.\n\nFor more information, see \"Outdated ActiveX Controls\" in the Internet Explorer TechNet library.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Ext", "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Ext" ], "ValueName": "ListBox_DomainAllowlist", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Ext\\Domain", "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Ext\\Domain" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_AddOnManagement", "PolicyName": "VerMgmtDisable", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Turn off blocking of outdated ActiveX controls for Internet Explorer", "ExplainText": "This policy setting determines whether Internet Explorer blocks specific outdated ActiveX controls. Outdated ActiveX controls are never blocked in the Intranet Zone.\n\nIf you enable this policy setting, Internet Explorer stops blocking outdated ActiveX controls.\n\nIf you disable or don't configure this policy setting, Internet Explorer continues to block specific outdated ActiveX controls.\n\nFor more information, see \"Outdated ActiveX Controls\" in the Internet Explorer TechNet library.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Ext", "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Ext" ], "ValueName": "VersionCheckEnabled", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_AddOnManagement", "PolicyName": "AddonManagement_AddOnList", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Add-on List", "ExplainText": "This policy setting allows you to manage a list of add-ons to be allowed or denied by Internet Explorer. Add-ons in this case are controls like ActiveX Controls, Toolbars, and Browser Helper Objects (BHOs) which are specifically written to extend or enhance the functionality of the browser or web pages.\n\nThis list can be used with the 'Deny all add-ons unless specifically allowed in the Add-on List' policy setting, which defines whether add-ons not listed here are assumed to be denied.\n\nIf you enable this policy setting, you can enter a list of add-ons to be allowed or denied by Internet Explorer. For each entry that you add to the list, enter the following information:\n\nName of the Value - the CLSID (class identifier) for the add-on you wish to add to the list. The CLSID should be in brackets for example, \u2018{000000000-0000-0000-0000-0000000000000}'. The CLSID for an add-on can be obtained by reading the OBJECT tag from a Web page on which the add-on is referenced.\n\nValue - A number indicating whether Internet Explorer should deny or allow the add-on to be loaded. To specify that an add-on should be denied enter a 0 (zero) into this field. To specify that an add-on should be allowed, enter a 1 (one) into this field. To specify that an add-on should be allowed and also permit the user to manage the add-on through Add-on Manager, enter a 2 (two) into this field.\n\nIf you disable this policy setting, the list is deleted. The 'Deny all add-ons unless specifically allowed in the Add-on List' policy setting will still determine whether add-ons not in this list are assumed to be denied.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Ext", "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Ext" ], "ValueName": "ListBox_Support_CLSID", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Ext\\CLSID", "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Ext\\CLSID" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_AddOnManagement", "PolicyName": "AddonManagement_ManagementMode", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Deny all add-ons unless specifically allowed in the Add-on List", "ExplainText": "This policy setting allows you to ensure that any Internet Explorer add-ons not listed in the 'Add-on List' policy setting are denied. Add-ons in this case are controls like ActiveX Controls, Toolbars, and Browser Helper Objects (BHOs) which are specifically written to extend or enhance the functionality of the browser or web pages.\n\nBy default, the 'Add-on List' policy setting defines a list of add-ons to be allowed or denied through Group Policy. However, users can still use the Add-on Manager within Internet Explorer to manage add-ons not listed within the 'Add-on List' policy setting. This policy setting effectively removes this option from users - all add-ons are assumed to be denied unless they are specifically allowed through the 'Add-on List' policy setting.\n\nIf you enable this policy setting, Internet Explorer only allows add-ons that are specifically listed (and allowed) through the 'Add-on List' policy setting.\n\nIf you disable or do not configure this policy setting, users may use Add-on Manager to allow or deny any add-ons that are not included in the 'Add-on List' policy setting.\n\nNote: If an add-on is listed in the 'Add-on List' policy setting, the user cannot change its state through Add-on Manager (unless its value has been set to allow user management - see the 'Add-on List' policy for more details).", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Ext", "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Ext" ], "ValueName": "RestrictToList", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_AddOnManagement", "PolicyName": "IESF_PolicyAllProcesses_13", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "All Processes", "ExplainText": "This policy setting allows you to manage whether processes respect add-on management user preferences (as reflected by Add-on Manager) or policy settings. By default, any process other than the Internet Explorer processes or those listed in the 'Process List' policy setting ignore add-on management user preferences and policy settings.\n\nIf you enable this policy setting, all processes will respect add-on management user preferences and policy settings.\n\nIf you disable or do not configure this policy setting, all processes will not respect add-on management user preferences or policy settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ADDON_MANAGEMENT", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ADDON_MANAGEMENT" ], "ValueName": "*", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_AddOnManagement", "PolicyName": "IESF_PolicyProcessList_13", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Process List", "ExplainText": "This policy setting allows you to manage whether the listed processes respect add-on management user preferences (as entered into Add-on Manager) or policy settings. By default, only Internet Explorer processes use the add-on management user preferences and policy settings. This policy setting allows you to extend support for these user preferences and policy settings to specific processes listed in the process list.\n\nIf you enable this policy setting and enter a Value of 1, the process entered will respect the add-on management user preferences and policy settings. If you enter a Value of 0, the add-on management user preferences and policy settings are ignored by the specified process. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.\n\nDo not enter Internet Explorer processes in this list because these processes always respect add-on management user preferences and policy settings. If the All Processes policy setting is enabled, the processes configured in this policy setting take precedence over that setting.\n\nIf you do not configure this policy, processes other than the Internet Explorer processes will not be affected by add-on management user preferences or policy settings (unless \"All Processes\" is enabled).", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl" ], "ValueName": "ListBox_Support_FEATURE_ADDON_MANAGEMENT", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ADDON_MANAGEMENT", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ADDON_MANAGEMENT" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_CategoryBinaryBehaviorSecurityRestriction", "PolicyName": "IESF_Policy_BinaryBehaviorAdminAllow", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Admin-approved behaviors", "ExplainText": "For each zone, the Binary and Scripted Behavior security restrictions may be configured to allow only a list of admin-approved behaviors. This list may be configured here, and applies to all processes which have opted in to the behavior, and to all zones. (Behaviors are components that encapsulate specific functionality or behavior on a page.)\n\nIf you enable this policy setting, this sets the list of behaviors permitted in each zone for which Script and Binary Behaviors is set to 'admin-approved'. Behaviors must be entered in #package#behavior notation, e.g., #default#vml.\n\nIf you disable this policy setting, no behaviors will be allowed in zones set to 'admin-approved', just as if those zones were set to 'disable'.\n\nIf you do not configure this policy setting, only VML will be allowed in zones set to 'admin-approved'.\n\nNote. If this policy is set in both Computer Configuration and User Configuration, both lists of behaviors will be allowed as appropriate.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings" ], "ValueName": "ListBox_Support_AllowedBehaviors", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\AllowedBehaviors", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\AllowedBehaviors" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_CategoryBinaryBehaviorSecurityRestriction", "PolicyName": "IESF_ENABLE_MD2_MD4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE9 - At least Internet Explorer 9.0", "DisplayName": "Install binaries signed by MD2 and MD4 signing technologies", "ExplainText": "This policy setting allows you to manage whether Internet Explorer 9 can install ActiveX controls and other binaries signed with MD2 and MD4 signing technologies. Internet Explorer 9 does not support MD2 and MD4 signing technologies by default, because they are not as secure as other technologies.\n\nIf you enable this policy setting, Internet Explorer 9 installs binaries signed by MD2 and MD4 signing technologies.\n\nIf you disable or do not configure this policy setting, Internet Explorer 9 does not install binaries signed by MD2 and MD4 signing technologies.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Security", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Security" ], "ValueName": "ENABLE_MD2_MD4", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_CategoryBinaryBehaviorSecurityRestriction", "PolicyName": "IESF_PolicyAllProcesses_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "All Processes", "ExplainText": "Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elements to which they are attached. This policy setting controls whether the Binary Behavior Security Restriction setting is prevented or allowed.\n\nIf you enable this policy setting, binary behaviors are prevented for all processes. Any use of binary behaviors for HTML rendering is blocked.\n\nIf you disable or do not configure this policy setting, binary behaviors are allowed for all processes.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_BEHAVIORS", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_BEHAVIORS" ], "ValueName": "*", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_CategoryBinaryBehaviorSecurityRestriction", "PolicyName": "IESF_PolicyExplorerProcesses_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Internet Explorer Processes", "ExplainText": "Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elements to which they are attached. This policy setting controls whether the Binary Behavior Security Restriction setting is prevented or allowed.\n\nIf you enable this policy setting, binary behaviors are prevented for the File Explorer and Internet Explorer processes.\n\nIf you disable this policy setting, binary behaviors are allowed for the File Explorer and Internet Explorer processes.\n\nIf you do not configure this policy setting, binary behaviors are prevented for the File Explorer and Internet Explorer processes.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_BEHAVIORS", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_BEHAVIORS" ], "Elements": [ { "Type": "EnabledList", "ValueName": "(Reserved)", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_BEHAVIORS", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_BEHAVIORS" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "explorer.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_BEHAVIORS", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_BEHAVIORS" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "iexplore.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_BEHAVIORS", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_BEHAVIORS" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "(Reserved)", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_BEHAVIORS", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_BEHAVIORS" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "explorer.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_BEHAVIORS", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_BEHAVIORS" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "iexplore.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_BEHAVIORS", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_BEHAVIORS" ], "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_CategoryBinaryBehaviorSecurityRestriction", "PolicyName": "IESF_PolicyProcessList_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Process List", "ExplainText": "Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elements to which they are attached. This policy setting controls whether the Binary Behavior Security Restriction setting is prevented or allowed.\n\nThis policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed.\n\nIf you enable this policy setting and enter a Value of 1 binary behaviors are prevented. If you enter a Value of 0 binary behaviors are allowed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.\n\nDo not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.\n\nIf you disable or do not configure this policy setting, the security feature is allowed.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl" ], "ValueName": "ListBox_Support_FEATURE_BEHAVIORS", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_BEHAVIORS", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_BEHAVIORS" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_CategoryConsistentMimeHandling", "PolicyName": "IESF_PolicyAllProcesses_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "All Processes", "ExplainText": "Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server.\n\nThis policy setting determines whether Internet Explorer requires that all file-type information provided by Web servers be consistent. For example, if the MIME type of a file is text/plain but the MIME sniff indicates that the file is really an executable file, Internet Explorer renames the file by saving it in the Internet Explorer cache and changing its extension.\n\nIf you enable this policy setting, Consistent Mime Handling is enabled for all processes.\n\nIf you disable or do not configure this policy setting, Consistent Mime Handling is prevented for all processes.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_HANDLING", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_HANDLING" ], "ValueName": "*", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_CategoryConsistentMimeHandling", "PolicyName": "IESF_PolicyExplorerProcesses_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Internet Explorer Processes", "ExplainText": "Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server.\n\nThis policy setting determines whether Internet Explorer requires that all file-type information provided by Web servers be consistent. For example, if the MIME type of a file is text/plain but the MIME sniff indicates that the file is really an executable file, Internet Explorer renames the file by saving it in the Internet Explorer cache and changing its extension.\n\nIf you enable this policy setting, Internet Explorer requires consistent MIME data for all received files.\n\nIf you disable this policy setting, Internet Explorer will not require consistent MIME data for all received files.\n\nIf you do not configure this policy setting, Internet Explorer requires consistent MIME data for all received files.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_HANDLING", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_HANDLING" ], "Elements": [ { "Type": "EnabledList", "ValueName": "(Reserved)", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_HANDLING", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_HANDLING" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "explorer.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_HANDLING", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_HANDLING" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "iexplore.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_HANDLING", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_HANDLING" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "(Reserved)", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_HANDLING", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_HANDLING" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "explorer.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_HANDLING", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_HANDLING" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "iexplore.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_HANDLING", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_HANDLING" ], "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_CategoryConsistentMimeHandling", "PolicyName": "IESF_PolicyProcessList_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Process List", "ExplainText": "Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server.\n\nThis policy setting determines whether Internet Explorer requires that all file-type information provided by Web servers be consistent. For example, if the MIME type of a file is text/plain but the MIME sniff indicates that the file is really an executable file, Internet Explorer renames the file by saving it in the Internet Explorer cache and changing its extension.\n\nThis policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed.\n\nIf you enable this policy setting and enter a Value of 1, MIME handling is in effect. If you enter a Value of 0 file-type information is allowed to be inconsistent. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.\n\nDo not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.\n\nIf you disable or do not configure this policy setting, the security feature is allowed.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl" ], "ValueName": "ListBox_Support_FEATURE_MIME_HANDLING", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_HANDLING", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_HANDLING" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_CategoryInformationBar", "PolicyName": "IESF_PolicyAllProcesses_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "All Processes", "ExplainText": "This policy setting allows you to manage whether the Notification bar is displayed for processes other than the Internet Explorer processes when file or code installs are restricted. By default, the Notification bar is not displayed for any process when file or code installs are restricted (except for the Internet Explorer Processes, for which the Notification bar is displayed by default).\n\nIf you enable this policy setting, the Notification bar will be displayed for all processes.\n\nIf you disable or do not configure this policy setting, the Notification bar will not be displayed for all processes other than Internet Explorer or those listed in the Process List.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_SECURITYBAND", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_SECURITYBAND" ], "ValueName": "*", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_CategoryInformationBar", "PolicyName": "IESF_PolicyExplorerProcesses_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Internet Explorer Processes", "ExplainText": "This policy setting allows you to manage whether the Notification bar is displayed for Internet Explorer processes when file or code installs are restricted. By default, the Notification bar is displayed for Internet Explorer processes.\n\nIf you enable this policy setting, the Notification bar will be displayed for Internet Explorer Processes.\n\nIf you disable this policy setting, the Notification bar will not be displayed for Internet Explorer processes.\n\nIf you do not configure this policy setting, the Notification bar will be displayed for Internet Explorer Processes.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_SECURITYBAND", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_SECURITYBAND" ], "Elements": [ { "Type": "EnabledList", "ValueName": "(Reserved)", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_SECURITYBAND", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_SECURITYBAND" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "explorer.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_SECURITYBAND", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_SECURITYBAND" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "iexplore.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_SECURITYBAND", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_SECURITYBAND" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "(Reserved)", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_SECURITYBAND", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_SECURITYBAND" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "explorer.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_SECURITYBAND", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_SECURITYBAND" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "iexplore.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_SECURITYBAND", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_SECURITYBAND" ], "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_CategoryInformationBar", "PolicyName": "IESF_PolicyProcessList_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Process List", "ExplainText": "This policy setting allows you to manage whether the Notification bar is displayed for specific processes when file or code installs are restricted. By default, the Notification bar is not displayed for any process when file or code installs are restricted (except for the Internet Explorer Processes, for which the Notification bar is displayed by default).\n\nIf you enable this policy setting and enter a Value of 1, the Notification bar is displayed. If you enter a Value of 0 the Notification bar is not displayed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.\n\nDo not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable for IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.\n\nIf you disable or do not configure this policy setting, the Notification bar is not displayed for the specified processes.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl" ], "ValueName": "ListBox_Support_FEATURE_SECURITYBAND", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_SECURITYBAND", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_SECURITYBAND" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_CategoryLocalMachineZoneLockdownSecurity", "PolicyName": "IESF_PolicyAllProcesses_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "All Processes", "ExplainText": "Internet Explorer places zone restrictions on each Web page it opens, which are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, etc.). Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone.\n\nLocal Machine zone security applies to all local files and content. This feature helps to mitigate attacks where the Local Machine zone is used as an attack vector to load malicious HTML code.\n\nIf you enable this policy setting, the Local Machine zone security applies to all local files and content processed by any process other than Internet Explorer or those defined in a process list.\n\nIf you disable or do not configure this policy setting, Local Machine zone security is not applied to local files or content processed by any process other than Internet Explorer or those defined in a process list.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN" ], "ValueName": "*", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_CategoryLocalMachineZoneLockdownSecurity", "PolicyName": "IESF_PolicyExplorerProcesses_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Internet Explorer Processes", "ExplainText": "Internet Explorer places zone restrictions on each Web page it opens, which are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, etc.). Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone.\n\nLocal Machine zone security applies to all local files and content processed by Internet Explorer. This feature helps to mitigate attacks where the Local Machine zone is used as an attack vector to load malicious HTML code.\n\nIf you enable this policy setting, the Local Machine zone security applies to all local files and content processed by Internet Explorer.\n\nIf you disable this policy setting, Local Machine zone security is not applied to local files or content processed by Internet Explorer.\n\nIf you do not configure this policy setting, the Local Machine zone security applies to all local files and content processed by Internet Explorer.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN" ], "Elements": [ { "Type": "EnabledList", "ValueName": "(Reserved)", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "explorer.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "iexplore.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "(Reserved)", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "explorer.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "iexplore.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN" ], "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_CategoryLocalMachineZoneLockdownSecurity", "PolicyName": "IESF_PolicyProcessList_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Process List", "ExplainText": "Internet Explorer places zone restrictions on each Web page it opens, which are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, and so on). Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone.\n\nLocal Machine zone security applies to all local files and content. This feature helps to mitigate attacks where the Local Machine zone is used as an attack vector to load malicious HTML code.\n\nIf you enable this policy setting and enter a value of 1, Local Machine Zone security applies. If you enter a value of 0, Local Machine Zone security does not apply. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.\n\nDo not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.\n\nIf you disable or do not configure this policy setting, the security feature is allowed.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl" ], "ValueName": "ListBox_Support_FEATURE_LOCALMACHINE_LOCKDOWN", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_CategoryMimeSniffingSafetyFeature", "PolicyName": "IESF_PolicyAllProcesses_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "All Processes", "ExplainText": "This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type.\n\nIf you enable this policy setting, the Mime Sniffing Safety Feature is enabled for all processes.\n\nIf you disable or do not configure this policy setting, the Mime Sniffing Safety Feature is disabled for all processes.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_SNIFFING", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_SNIFFING" ], "ValueName": "*", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_CategoryMimeSniffingSafetyFeature", "PolicyName": "IESF_PolicyExplorerProcesses_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Internet Explorer Processes", "ExplainText": "This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type.\n\nIf you enable this policy setting, MIME sniffing will never promote a file of one type to a more dangerous file type.\n\nIf you disable this policy setting, Internet Explorer processes will allow a MIME sniff promoting a file of one type to a more dangerous file type.\n\nIf you do not configure this policy setting, MIME sniffing will never promote a file of one type to a more dangerous file type.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_SNIFFING", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_SNIFFING" ], "Elements": [ { "Type": "EnabledList", "ValueName": "(Reserved)", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_SNIFFING", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_SNIFFING" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "explorer.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_SNIFFING", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_SNIFFING" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "iexplore.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_SNIFFING", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_SNIFFING" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "(Reserved)", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_SNIFFING", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_SNIFFING" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "explorer.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_SNIFFING", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_SNIFFING" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "iexplore.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_SNIFFING", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_SNIFFING" ], "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_CategoryMimeSniffingSafetyFeature", "PolicyName": "IESF_PolicyProcessList_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Process List", "ExplainText": "This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type.\n\nThis policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed.\n\nIf you enable this policy setting and enter a Value of 1, this protection will be in effect. If you enter a Value of 0, any file may be promoted to more dangerous file types. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.\n\nDo not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.\n\nIf you disable or do not configure this policy setting, the security feature is allowed.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl" ], "ValueName": "ListBox_Support_FEATURE_MIME_SNIFFING", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_SNIFFING", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_SNIFFING" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_CategoryMKProtocolSecurityRestriction", "PolicyName": "IESF_PolicyAllProcesses_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "All Processes", "ExplainText": "The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hosted on the MK protocol will fail.\n\nIf you enable this policy setting, the MK Protocol is disabled for all processes. Any use of the MK Protocol is blocked.\n\nIf you disable or do not configure this policy setting, the MK Protocol is enabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_DISABLE_MK_PROTOCOL", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_DISABLE_MK_PROTOCOL" ], "ValueName": "*", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_CategoryMKProtocolSecurityRestriction", "PolicyName": "IESF_PolicyExplorerProcesses_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Internet Explorer Processes", "ExplainText": "The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hosted on the MK protocol will fail.\n\nIf you enable this policy setting, the MK Protocol is prevented for File Explorer and Internet Explorer, and resources hosted on the MK protocol will fail.\n\nIf you disable this policy setting, applications can use the MK protocol API. Resources hosted on the MK protocol will work for the File Explorer and Internet Explorer processes.\n\nIf you do not configure this policy setting, the MK Protocol is prevented for File Explorer and Internet Explorer, and resources hosted on the MK protocol will fail.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_DISABLE_MK_PROTOCOL", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_DISABLE_MK_PROTOCOL" ], "Elements": [ { "Type": "EnabledList", "ValueName": "(Reserved)", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_DISABLE_MK_PROTOCOL", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_DISABLE_MK_PROTOCOL" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "explorer.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_DISABLE_MK_PROTOCOL", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_DISABLE_MK_PROTOCOL" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "iexplore.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_DISABLE_MK_PROTOCOL", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_DISABLE_MK_PROTOCOL" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "(Reserved)", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_DISABLE_MK_PROTOCOL", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_DISABLE_MK_PROTOCOL" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "explorer.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_DISABLE_MK_PROTOCOL", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_DISABLE_MK_PROTOCOL" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "iexplore.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_DISABLE_MK_PROTOCOL", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_DISABLE_MK_PROTOCOL" ], "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_CategoryMKProtocolSecurityRestriction", "PolicyName": "IESF_PolicyProcessList_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Process List", "ExplainText": "The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hosted on the MK protocol will fail.\n\nThis policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed.\n\nIf you enable this policy setting and enter a Value of 1, use of the MK protocol is prevented. If you enter a Value of 0, use of the MK protocol is allowed. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.\n\nDo not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.\n\nIf you disable or do not configure this policy setting, the policy setting is ignored.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl" ], "ValueName": "ListBox_Support_FEATURE_DISABLE_MK_PROTOCOL", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_DISABLE_MK_PROTOCOL", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_DISABLE_MK_PROTOCOL" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_CategoryNetworkProtocolLockdown", "PolicyName": "IESF_PolicyAllProcesses_14", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "All Processes", "ExplainText": "Internet Explorer may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner. This policy setting controls whether restricting content obtained through restricted protocols is prevented or allowed.\n\nIf you enable this policy setting, restricting content obtained through restricted protocols is allowed for all processes other than File Explorer or Internet Explorer.\n\nIf you disable this policy setting, restricting content obtained through restricted protocols is prevented for all processes other than File Explorer or Internet Explorer.\n\nIf you do not configure this policy setting, no policy is enforced for processes other than File Explorer and Internet Explorer.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_PROTOCOL_LOCKDOWN", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_PROTOCOL_LOCKDOWN" ], "ValueName": "*", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_CategoryNetworkProtocolLockdown", "PolicyName": "IESF_PolicyExplorerProcesses_13", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Internet Explorer Processes", "ExplainText": "File Explorer and Internet Explorer may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner. This policy setting controls whether restricting content obtained through restricted protocols is prevented or allowed.\n\nIf you enable this policy setting, restricting content obtained through restricted protocols is allowed for File Explorer and Internet Explorer processes. For example, you can restrict active content from pages served over the http and https protocols by adding the value names http and https.\n\nIf you disable this policy setting, restricting content obtained through restricted protocols is prevented for File Explorer and Internet Explorer processes.\n\nIf you do not configure this policy setting, the policy setting is ignored.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_PROTOCOL_LOCKDOWN", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_PROTOCOL_LOCKDOWN" ], "Elements": [ { "Type": "EnabledList", "ValueName": "(Reserved)", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_PROTOCOL_LOCKDOWN", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_PROTOCOL_LOCKDOWN" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "explorer.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_PROTOCOL_LOCKDOWN", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_PROTOCOL_LOCKDOWN" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "iexplore.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_PROTOCOL_LOCKDOWN", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_PROTOCOL_LOCKDOWN" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "(Reserved)", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_PROTOCOL_LOCKDOWN", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_PROTOCOL_LOCKDOWN" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "explorer.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_PROTOCOL_LOCKDOWN", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_PROTOCOL_LOCKDOWN" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "iexplore.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_PROTOCOL_LOCKDOWN", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_PROTOCOL_LOCKDOWN" ], "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_CategoryNetworkProtocolLockdown", "PolicyName": "IESF_PolicyProcessList_14", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Process List", "ExplainText": "Internet Explorer may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner. This policy setting controls whether restricting content obtained through restricted protocols is prevented or allowed.\n\nThis policy setting allows administrators to define applications for which they want restricting content obtained through restricted protocols to be prevented or allowed.\n\nIf you enable this policy setting and enter a Value of 1, restricting content obtained through restricted protocols is allowed. If you enter a Value of 0, restricting content obtained through restricted protocols is blocked. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.\n\nDo not enter the File Explorer or Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable these processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.\n\nIf you disable or do not configure this policy setting, the security feature is allowed.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl" ], "ValueName": "ListBox_Support_FEATURE_PROTOCOL_LOCKDOWN", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_PROTOCOL_LOCKDOWN", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_PROTOCOL_LOCKDOWN" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_CategoryObjectCachingProtection", "PolicyName": "IESF_PolicyAllProcesses_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "All Processes", "ExplainText": "This policy setting defines whether a reference to an object is accessible when the user navigates within the same domain or to a new domain.\n\nIf you enable this policy setting, object reference is no longer accessible when navigating within or across domains for all processes.\n\nIf you disable or do not configure this policy setting, object reference is retained when navigating within or across domains in the Restricted Zone sites.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_OBJECT_CACHING", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_OBJECT_CACHING" ], "ValueName": "*", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_CategoryObjectCachingProtection", "PolicyName": "IESF_PolicyExplorerProcesses_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Internet Explorer Processes", "ExplainText": "This policy setting defines whether a reference to an object is accessible when the user navigates within the same domain or to a new domain.\n\nIf you enable this policy setting, an object reference is no longer accessible when navigating within or across domains for Internet Explorer processes.\n\nIf you disable this policy setting, an object reference is retained when navigating within or across domains for Internet Explorer processes.\n\nIf you do not configure this policy setting, an object reference is no longer accessible when navigating within or across domains for Internet Explorer processes.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_OBJECT_CACHING", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_OBJECT_CACHING" ], "Elements": [ { "Type": "EnabledList", "ValueName": "(Reserved)", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_OBJECT_CACHING", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_OBJECT_CACHING" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "explorer.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_OBJECT_CACHING", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_OBJECT_CACHING" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "iexplore.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_OBJECT_CACHING", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_OBJECT_CACHING" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "(Reserved)", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_OBJECT_CACHING", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_OBJECT_CACHING" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "explorer.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_OBJECT_CACHING", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_OBJECT_CACHING" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "iexplore.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_OBJECT_CACHING", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_OBJECT_CACHING" ], "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_CategoryObjectCachingProtection", "PolicyName": "IESF_PolicyProcessList_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Process List", "ExplainText": "This policy setting defines whether a reference to an object is accessible when the user navigates within the same domain or to a new domain.\n\nThis policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed.\n\nIf you enable this policy setting and enter a Value of 1, references to objects are inaccessible after navigation. If you enter a Value of 0, references to objects are still accessible after navigation. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.\n\nDo not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.\n\nIf you disable or do not configure this policy setting, the security feature is allowed.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl" ], "ValueName": "ListBox_Support_FEATURE_OBJECT_CACHING", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_OBJECT_CACHING", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_OBJECT_CACHING" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_CategoryProtectionFromZoneElevation", "PolicyName": "IESF_PolicyAllProcesses_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "All Processes", "ExplainText": "Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, and so on). For example, Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone, making the Local Machine security zone a prime target for malicious users.\n\nIf you enable this policy setting, any zone can be protected from zone elevation for all processes.\n\nIf you disable or do not configure this policy setting, processes other than Internet Explorer or those listed in the Process List receive no such protection.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ZONE_ELEVATION", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ZONE_ELEVATION" ], "ValueName": "*", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_CategoryProtectionFromZoneElevation", "PolicyName": "IESF_PolicyExplorerProcesses_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Internet Explorer Processes", "ExplainText": "Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, etc.). Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone, making the Local Machine security zone a prime target for malicious users. Zone Elevation also disables JavaScript navigation if there is no security context.\n\nIf you enable this policy setting, any zone can be protected from zone elevation by Internet Explorer processes.\n\nIf you disable this policy setting, no zone receives such protection for Internet Explorer processes.\n\nIf you do not configure this policy setting, any zone can be protected from zone elevation by Internet Explorer processes.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ZONE_ELEVATION", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ZONE_ELEVATION" ], "Elements": [ { "Type": "EnabledList", "ValueName": "(Reserved)", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ZONE_ELEVATION", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ZONE_ELEVATION" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "explorer.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ZONE_ELEVATION", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ZONE_ELEVATION" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "iexplore.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ZONE_ELEVATION", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ZONE_ELEVATION" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "(Reserved)", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ZONE_ELEVATION", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ZONE_ELEVATION" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "explorer.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ZONE_ELEVATION", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ZONE_ELEVATION" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "iexplore.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ZONE_ELEVATION", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ZONE_ELEVATION" ], "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_CategoryProtectionFromZoneElevation", "PolicyName": "IESF_PolicyProcessList_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Process List", "ExplainText": "Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, and so on). Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone, making the Local Machine security zone a prime target for malicious users. Zone Elevation also disables JavaScript navigation if there is no security context.\n\nThis policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed.\n\nIf you enable this policy setting and enter a Value of 1, elevation to more privileged zones can be prevented. If you enter a Value of 0, elevation to any zone is allowed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.\n\nDo not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.\n\nIf you disable or do not configure this policy setting, the security feature is allowed.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl" ], "ValueName": "ListBox_Support_FEATURE_ZONE_ELEVATION", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ZONE_ELEVATION", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ZONE_ELEVATION" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_CategoryRestrictActiveXInstall", "PolicyName": "IESF_PolicyAllProcesses_11", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "All Processes", "ExplainText": "This policy setting enables applications hosting the Web Browser Control to block automatic prompting of ActiveX control installation.\n\nIf you enable this policy setting, the Web Browser Control will block automatic prompting of ActiveX control installation for all processes.\n\nIf you disable or do not configure this policy setting, the Web Browser Control will not block automatic prompting of ActiveX control installation for all processes.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_ACTIVEXINSTALL", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_ACTIVEXINSTALL" ], "ValueName": "*", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_CategoryRestrictActiveXInstall", "PolicyName": "IESF_PolicyExplorerProcesses_11", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Internet Explorer Processes", "ExplainText": "This policy setting enables blocking of ActiveX control installation prompts for Internet Explorer processes.\n\nIf you enable this policy setting, prompting for ActiveX control installations will be blocked for Internet Explorer processes.\n\nIf you disable this policy setting, prompting for ActiveX control installations will not be blocked for Internet Explorer processes.\n\nIf you do not configure this policy setting, the user's preference will be used to determine whether to block ActiveX control installations for Internet Explorer processes.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_ACTIVEXINSTALL", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_ACTIVEXINSTALL" ], "Elements": [ { "Type": "EnabledList", "ValueName": "(Reserved)", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_ACTIVEXINSTALL", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_ACTIVEXINSTALL" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "explorer.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_ACTIVEXINSTALL", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_ACTIVEXINSTALL" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "iexplore.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_ACTIVEXINSTALL", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_ACTIVEXINSTALL" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "(Reserved)", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_ACTIVEXINSTALL", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_ACTIVEXINSTALL" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "explorer.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_ACTIVEXINSTALL", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_ACTIVEXINSTALL" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "iexplore.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_ACTIVEXINSTALL", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_ACTIVEXINSTALL" ], "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_CategoryRestrictActiveXInstall", "PolicyName": "IESF_PolicyProcessList_11", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Process List", "ExplainText": "This policy setting enables applications hosting the Web Browser Control to block automatic prompting of ActiveX control installation.\n\nIf you enable this policy setting and enter a Value of 1, automatic prompting of ActiveX control installation is blocked. If you enter a Value of 0, automatic prompting of ActiveX control installation is allowed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.\n\nDo not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.\n\nIf you disable or do not configure this policy setting, the security feature is allowed.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl" ], "ValueName": "ListBox_Support_FEATURE_RESTRICT_ACTIVEXINSTALL", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_ACTIVEXINSTALL", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_ACTIVEXINSTALL" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_CategoryRestrictFileDownload", "PolicyName": "IESF_PolicyAllProcesses_12", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "All Processes", "ExplainText": "This policy setting enables applications hosting the Web Browser Control to block automatic prompting of file downloads that are not user initiated.\n\nIf you enable this policy setting, the Web Browser Control will block automatic prompting of file downloads that are not user initiated for all processes.\n\nIf you disable this policy setting, the Web Browser Control will not block automatic prompting of file downloads that are not user initiated for all processes.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_FILEDOWNLOAD", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_FILEDOWNLOAD" ], "ValueName": "*", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_CategoryRestrictFileDownload", "PolicyName": "IESF_PolicyExplorerProcesses_12", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Internet Explorer Processes", "ExplainText": "This policy setting enables blocking of file download prompts that are not user initiated.\n\nIf you enable this policy setting, file download prompts that are not user initiated will be blocked for Internet Explorer processes.\n\nIf you disable this policy setting, prompting will occur for file downloads that are not user initiated for Internet Explorer processes.\n\nIf you do not configure this policy setting, the user's preference determines whether to prompt for file downloads that are not user initiated for Internet Explorer processes.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_FILEDOWNLOAD", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_FILEDOWNLOAD" ], "Elements": [ { "Type": "EnabledList", "ValueName": "(Reserved)", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_FILEDOWNLOAD", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_FILEDOWNLOAD" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "explorer.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_FILEDOWNLOAD", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_FILEDOWNLOAD" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "iexplore.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_FILEDOWNLOAD", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_FILEDOWNLOAD" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "(Reserved)", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_FILEDOWNLOAD", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_FILEDOWNLOAD" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "explorer.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_FILEDOWNLOAD", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_FILEDOWNLOAD" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "iexplore.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_FILEDOWNLOAD", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_FILEDOWNLOAD" ], "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_CategoryRestrictFileDownload", "PolicyName": "IESF_PolicyProcessList_12", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Process List", "ExplainText": "This policy setting enables applications hosting the Web Browser Control to block automatic prompting of file downloads that are not user initiated.\n\nIf you enable this policy setting and enter a Value of 1, automatic prompting of non-initiated file downloads is blocked. If you enter a Value of 0, automatic prompting of non-initiated file downloads is allowed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.\n\nDo not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.\n\nIf you disable or do not configure this policy setting, the security feature is allowed.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl" ], "ValueName": "ListBox_Support_FEATURE_RESTRICT_FILEDOWNLOAD", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_FILEDOWNLOAD", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_FILEDOWNLOAD" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_CategoryScriptedWindowSecurityRestrictions", "PolicyName": "IESF_PolicyAllProcesses_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "All Processes", "ExplainText": "Internet Explorer allows scripts to programmatically open, resize, and reposition windows of various types. The Window Restrictions security feature restricts popup windows and prohibits scripts from displaying windows in which the title and status bars are not visible to the user or obfuscate other Windows' title and status bars.\n\nIf you enable this policy setting, scripted windows are restricted for all processes.\n\nIf you disable or do not configure this policy setting, scripted windows are not restricted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_WINDOW_RESTRICTIONS", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_WINDOW_RESTRICTIONS" ], "ValueName": "*", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_CategoryScriptedWindowSecurityRestrictions", "PolicyName": "IESF_PolicyExplorerProcesses_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Internet Explorer Processes", "ExplainText": "Internet Explorer allows scripts to programmatically open, resize, and reposition windows of various types. The Window Restrictions security feature restricts popup windows and prohibits scripts from displaying windows in which the title and status bars are not visible to the user or obfuscate other Windows' title and status bars.\n\nIf you enable this policy setting, popup windows and other restrictions apply for File Explorer and Internet Explorer processes.\n\nIf you disable this policy setting, scripts can continue to create popup windows and windows that obfuscate other windows.\n\nIf you do not configure this policy setting, popup windows and other restrictions apply for File Explorer and Internet Explorer processes.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_WINDOW_RESTRICTIONS", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_WINDOW_RESTRICTIONS" ], "Elements": [ { "Type": "EnabledList", "ValueName": "(Reserved)", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_WINDOW_RESTRICTIONS", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_WINDOW_RESTRICTIONS" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "explorer.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_WINDOW_RESTRICTIONS", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_WINDOW_RESTRICTIONS" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "iexplore.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_WINDOW_RESTRICTIONS", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_WINDOW_RESTRICTIONS" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "(Reserved)", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_WINDOW_RESTRICTIONS", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_WINDOW_RESTRICTIONS" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "explorer.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_WINDOW_RESTRICTIONS", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_WINDOW_RESTRICTIONS" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "iexplore.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_WINDOW_RESTRICTIONS", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_WINDOW_RESTRICTIONS" ], "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_CategoryScriptedWindowSecurityRestrictions", "PolicyName": "IESF_PolicyProcessList_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Process List", "ExplainText": "Internet Explorer allows scripts to programmatically open, resize, and reposition windows of various types. The Window Restrictions security feature restricts popup windows and prohibits scripts from displaying windows in which the title and status bars are not visible to the user or obfuscate other Windows' title and status bars.\n\nThis policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed.\n\nIf you enable this policy setting and enter a Value of 1, such windows may not be opened. If you enter a Value of 0, windows have none of these restrictions. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.\n\nDo not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.\n\nIf you disable or do not configure this policy setting, the security feature is allowed.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl" ], "ValueName": "ListBox_Support_FEATURE_WINDOW_RESTRICTIONS", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_WINDOW_RESTRICTIONS", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_WINDOW_RESTRICTIONS" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_NPLRest_Category", "PolicyName": "IESF_NPLRest_InternetZone", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Internet Zone Restricted Protocols", "ExplainText": "For each zone, the Network Protocol Lockdown security restriction may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner, either by prompting the user, or simply disabling the content. For each zone, this list of protocols may be configured here, and applies to all processes which have opted in to the security restriction.\n\nIf you enable this policy setting for a zone, this sets the list of protocols to be restricted if that zone is set to Prompt or Disable for \"Allow active content over restricted protocols to access my computer.\"\n\nIf you disable or do not configure this policy setting for a zone, no protocols are restricted for that zone, regardless of the setting for \"Allow active content over restricted protocols to access my computer.\"\n\nNote. If policy for a zone is set in both Computer Configuration and User Configuration, both lists of protocols will be restricted for that zone.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\RestrictedProtocols", "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\RestrictedProtocols" ], "ValueName": "ListBox_Support_3", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\RestrictedProtocols\\3", "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\RestrictedProtocols\\3" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_NPLRest_Category", "PolicyName": "IESF_NPLRest_IntranetZone", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Intranet Zone Restricted Protocols", "ExplainText": "For each zone, the Network Protocol Lockdown security restriction may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner, either by prompting the user, or simply disabling the content. For each zone, this list of protocols may be configured here, and applies to all processes which have opted in to the security restriction.\n\nIf you enable this policy setting for a zone, this sets the list of protocols to be restricted if that zone is set to Prompt or Disable for \"Allow active content over restricted protocols to access my computer.\"\n\nIf you disable or do not configure this policy setting for a zone, no protocols are restricted for that zone, regardless of the setting for \"Allow active content over restricted protocols to access my computer.\"\n\nNote. If policy for a zone is set in both Computer Configuration and User Configuration, both lists of protocols will be restricted for that zone.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\RestrictedProtocols", "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\RestrictedProtocols" ], "ValueName": "ListBox_Support_1", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\RestrictedProtocols\\1", "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\RestrictedProtocols\\1" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_NPLRest_Category", "PolicyName": "IESF_NPLRest_LocalMachineZone", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Local Machine Zone Restricted Protocols", "ExplainText": "For each zone, the Network Protocol Lockdown security restriction may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner, either by prompting the user, or simply disabling the content. For each zone, this list of protocols may be configured here, and applies to all processes which have opted in to the security restriction.\n\nIf you enable this policy setting for a zone, this sets the list of protocols to be restricted if that zone is set to Prompt or Disable for \"Allow active content over restricted protocols to access my computer.\"\n\nIf you disable or do not configure this policy setting for a zone, no protocols are restricted for that zone, regardless of the setting for \"Allow active content over restricted protocols to access my computer.\"\n\nNote. If policy for a zone is set in both Computer Configuration and User Configuration, both lists of protocols will be restricted for that zone.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\RestrictedProtocols", "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\RestrictedProtocols" ], "ValueName": "ListBox_Support_0", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\RestrictedProtocols\\0", "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\RestrictedProtocols\\0" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_NPLRest_Category", "PolicyName": "IESF_NPLRest_RestrictedSitesZone", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Restricted Sites Zone Restricted Protocols", "ExplainText": "For each zone, the Network Protocol Lockdown security restriction may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner, either by prompting the user, or simply disabling the content. For each zone, this list of protocols may be configured here, and applies to all processes which have opted in to the security restriction.\n\nIf you enable this policy setting for a zone, this sets the list of protocols to be restricted if that zone is set to Prompt or Disable for \"Allow active content over restricted protocols to access my computer.\"\n\nIf you disable or do not configure this policy setting for a zone, no protocols are restricted for that zone, regardless of the setting for \"Allow active content over restricted protocols to access my computer.\"\n\nNote. If policy for a zone is set in both Computer Configuration and User Configuration, both lists of protocols will be restricted for that zone.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\RestrictedProtocols", "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\RestrictedProtocols" ], "ValueName": "ListBox_Support_4", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\RestrictedProtocols\\4", "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\RestrictedProtocols\\4" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_NPLRest_Category", "PolicyName": "IESF_NPLRest_TrustedSitesZone", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Trusted Sites Zone Restricted Protocols", "ExplainText": "For each zone, the Network Protocol Lockdown security restriction may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner, either by prompting the user, or simply disabling the content. For each zone, this list of protocols may be configured here, and applies to all processes which have opted in to the security restriction.\n\nIf you enable this policy setting for a zone, this sets the list of protocols to be restricted if that zone is set to Prompt or Disable for \"Allow active content over restricted protocols to access my computer.\"\n\nIf you disable or do not configure this policy setting for a zone, no protocols are restricted for that zone, regardless of the setting for \"Allow active content over restricted protocols to access my computer.\"\n\nNote. If policy for a zone is set in both Computer Configuration and User Configuration, both lists of protocols will be restricted for that zone.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\RestrictedProtocols", "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\RestrictedProtocols" ], "ValueName": "ListBox_Support_2", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\RestrictedProtocols\\2", "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\RestrictedProtocols\\2" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "AddonManagement_RestrictCrashDetection", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Turn off Crash Detection", "ExplainText": "This policy setting allows you to manage the crash detection feature of add-on Management.\n\nIf you enable this policy setting, a crash in Internet Explorer will exhibit behavior found in Windows XP Professional Service Pack 1 and earlier, namely to invoke Windows Error Reporting. All policy settings for Windows Error Reporting continue to apply.\n\nIf you disable or do not configure this policy setting, the crash detection feature for add-on management will be functional.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions" ], "ValueName": "NoCrashDetection", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "AllowServicePoweredQSA", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11 - At least Internet Explorer 11.0", "DisplayName": "Allow Microsoft services to provide enhanced suggestions as the user types in the Address bar", "ExplainText": "This policy setting allows Internet Explorer to provide enhanced suggestions as the user types in the Address bar. To provide enhanced suggestions, the user's keystrokes are sent to Microsoft through Microsoft services.\n\nIf you enable this policy setting, users receive enhanced suggestions while typing in the Address bar. In addition, users won't be able to change the Suggestions setting on the Settings charm.\n\nIf you disable this policy setting, users won't receive enhanced suggestions while typing in the Address bar. In addition, users won't be able to change the Suggestions setting on the Settings charm.\n\nIf you don't configure this policy setting, users can change the Suggestions setting on the Settings charm.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer" ], "ValueName": "AllowServicePoweredQSA", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "DisableACRPrompt", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Turn off Automatic Crash Recovery", "ExplainText": "This policy setting turns off Automatic Crash Recovery.\n\nIf you enable this policy setting, Automatic Crash Recovery does not prompt the user to recover his or her data after a program stops responding.\n\nIf you disable or do not configure this policy setting, Automatic Crash Recovery prompts the user to recover his or her data after a program stops responding.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Recovery", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Recovery" ], "ValueName": "AutoRecover", "Elements": [ { "Type": "EnabledValue", "Data": "2" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "DisableReopenLastBrowsingSession", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Turn off Reopen Last Browsing Session", "ExplainText": "This policy setting allows you to manage whether a user has access to the Reopen Last Browsing Session feature in Internet Explorer.\n\nIf you enable this policy setting, the user cannot use the Reopen Last Browsing Session feature.\n\nIf you disable or do not configure this policy setting, the user can use the Reopen Last Browsing Session feature.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Recovery", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Recovery" ], "ValueName": "NoReopenLastSession", "Elements": [ { "Type": "EnabledValue", "Data": "1" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "AddonManagement_RestrictExtensionManagement", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Do not allow users to enable or disable add-ons", "ExplainText": "This policy setting allows you to manage whether users have the ability to allow or deny add-ons through Add-On Manager.\n\nIf you enable this policy setting, users cannot enable or disable add-ons through Add-On Manager.\n\nIf you disable or do not configure this policy setting, the appropriate controls in the Add-On Manager will be available to the user.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions" ], "ValueName": "NoExtensionManagement", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "AddSearchProvider", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Add a specific list of search providers to the user's list of search providers", "ExplainText": "This policy setting allows you to add a specific list of search providers to the user's default list of search providers. Normally, search providers can be added from third-party toolbars or in Setup. The user can also add a search provider from the provider's website.\n\nIf you enable this policy setting, the user can add and remove search providers, but only from the set of search providers specified in the list of policy keys for search providers (found under [HKCU or HKLM\\Software\\policies\\Microsoft\\Internet Explorer\\SearchScopes]). Note: This list can be created from a custom administrative template file. For information about creating this custom administrative template file, see the Internet Explorer documentation on search providers.\n\nIf you disable or do not configure this policy setting, the user can configure their list of search providers unless another policy setting restricts such configuration.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Infodelivery\\Restrictions", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Infodelivery\\Restrictions" ], "ValueName": "AddPolicySearchProviders", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "AlwaysShowMenu", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn on menu bar by default", "ExplainText": "This policy setting allows you to turn on or turn off the earlier menus (for example, File, Edit, and View) in Internet Explorer.\n\nIf you enable this policy setting, the menu bar appears in Internet Explorer by default, and the user cannot turn it off.\n\nIf you disable this policy setting, the menu bar appears in Internet Explorer by default, and the user cannot turn it on.\n\nIf you do not configure this policy setting, the menu bar is turned off by default. The user can turn on or turn off the menu bar.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "ValueName": "AlwaysShowMenus", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "DisableFavoritesBar", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Turn off Favorites bar", "ExplainText": "This policy setting allows you to manage whether a user has access to the Favorites bar in Internet Explorer.\n\nIf you enable this policy setting, the Favorites bar is turned off.\n\nIf you disable this policy setting, the Favorites bar is turned on.\n\nIf you do not configure this policy setting, the user can turn on or turn off the Favorites bar.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\LinksBar", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\LinksBar" ], "ValueName": "Enabled", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "AutoProxyCache", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Disable caching of Auto-Proxy scripts", "ExplainText": "Prevents automatic proxy scripts, which interact with a server to automatically configure users' proxy settings, from being stored in the users' cache.\n\nIf you enable this policy, automatic proxy scripts will not be stored temporarily on the users' computer.\n\nIf you disable this policy or do not configure it, automatic proxy scripts can be stored in the users' cache.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings" ], "ValueName": "EnableAutoProxyResultCache", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "Branding_NoExternalBranding", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Disable external branding of Internet Explorer", "ExplainText": "Prevents branding of Internet programs, such as customization of Internet Explorer and Outlook Express logos and title bars, by another party.\n\nIf you enable this policy, it prevents customization of the browser by another party, such as an Internet service provider or Internet content provider.\n\nIf you disable this policy or do not configure it, users could install customizations from another party-for example, when signing up for Internet services.\n\nThis policy is intended for administrators who want to maintain a consistent browser across an organization.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions" ], "ValueName": "NoExternalBranding", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "ControlPanel_RestrictAdvanced", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Disable changing Advanced page settings", "ExplainText": "Prevents users from changing settings on the Advanced tab in the Internet Options dialog box.\n\nIf you enable this policy, users are prevented from changing advanced Internet settings, such as security, multimedia, and printing. Users cannot select or clear the check boxes on the Advanced tab.\n\nIf you disable this policy or do not configure it, users can select or clear settings on the Advanced tab.\n\nIf you set the \"Disable the Advanced page\" policy (located in \\User Configuration\\Administrative Templates\\Windows Components\\Internet Explorer\\Internet Control Panel), you do not need to set this policy, because the \"Disable the Advanced page\" policy removes the Advanced tab from the interface.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel" ], "ValueName": "Advanced", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "Customized_UserAgent_String", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Customize user agent string", "ExplainText": "This policy setting allows you to customize the Internet Explorer version string as reported to web servers in the HTTP User Agent header.\n\nIf you enable this policy setting, Internet Explorer sends the specified custom string in the version portion of the User Agent header.\n\nIf you disable or do not configure this policy setting, Internet Explorer sends the current Internet Explorer version in the User Agent header (for example, \"MSIE 7.0\").", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent" ], "Elements": [ { "Type": "Text", "ValueName": "Version", "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "DialupSettings", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Use Automatic Detection for dial-up connections", "ExplainText": "Specifies that Automatic Detection will be used to configure dial-up settings for users.\n\nAutomatic Detection uses a DHCP (Dynamic Host Configuration Protocol) or DNS server to customize the browser the first time it is started.\n\nIf you enable this policy, users' dial-up settings will be configured by Automatic Detection.\n\nIf you disable this policy or do not configure it, dial-up settings will not be configured by Automatic Detection, unless specified by the user.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings" ], "ValueName": "DialupAutodetect", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "Disable_Fix_Security_Settings", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Prevent \"Fix settings\" functionality", "ExplainText": "This policy setting prevents the user from using the \"Fix settings\" functionality related to Security Settings Check.\n\nIf you enable this policy setting, the user cannot use the \"Fix settings\" functionality.\n\nIf you disable or do not configure this policy setting, the user can use the \"Fix settings\" functionality.\n\nNote: When this policy setting is enabled, the \"Fix settings\" command on the Notification bar shortcut menu should be disabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Security", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Security" ], "ValueName": "DisableFixSecuritySettings", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "Disable_Managing_Phishing_Filter", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7ONLY - Only Internet Explorer 7.0", "DisplayName": "Prevent managing the phishing filter", "ExplainText": "This policy setting prevents the user from managing a filter that warns the user if the website being visited is known for fraudulent attempts to gather personal information through \"phishing.\"\n\nIf you enable this policy setting, the user is not prompted to enable the phishing filter. You must specify which mode the phishing filter uses: manual, automatic, or off.\n\nIf you select manual mode, the phishing filter performs only local analysis, and the user is prompted to permit any data to be sent to Microsoft. If the feature is fully enabled, all website addresses that are not on the filter's allow list are sent automatically to Microsoft without prompting the user.\n\nIf you disable or do not configure this policy setting, the user is prompted to decide the mode of operation for the phishing filter.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\PhishingFilter", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\PhishingFilter" ], "Elements": [ { "Type": "Enum", "ValueName": "Enabled", "Items": [ { "DisplayName": "Off", "Data": "0" }, { "DisplayName": "Manual", "Data": "1" }, { "DisplayName": "Automatic", "Data": "2" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "Disable_Managing_Safety_Filter_IE8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8ONLY - Only Internet Explorer 8.0", "DisplayName": "Turn off Managing SmartScreen Filter for Internet Explorer 8", "ExplainText": "This policy setting allows the user to enable the SmartScreen Filter, which warns the user if the website being visited is known for fraudulent attempts to gather personal information through \"phishing,\" or is known to host malware.\n\nIf you enable this policy setting, the user is not prompted to turn on SmartScreen Filter. You must specify which mode the SmartScreen Filter uses: on, or off.All website addresses that are not on the filter's allow list are sent automatically to Microsoft without prompting the user.\n\nIf you disable or do not configure this policy setting, the user is prompted to decide whether to turn on the SmartScreen Filter during the first-run experience.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\PhishingFilter", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\PhishingFilter" ], "Elements": [ { "Type": "Enum", "ValueName": "EnabledV8", "Items": [ { "DisplayName": "Off", "Data": "0" }, { "DisplayName": "On", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "Disable_Managing_Safety_Filter_IE9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE9 - At least Internet Explorer 9.0", "DisplayName": "Prevent managing SmartScreen Filter", "ExplainText": "This policy setting prevents the user from managing SmartScreen Filter, which warns the user if the website being visited is known for fraudulent attempts to gather personal information through \"phishing,\" or is known to host malware.\n\nIf you enable this policy setting, the user is not prompted to turn on SmartScreen Filter. All website addresses that are not on the filter's allow list are sent automatically to Microsoft without prompting the user.\n\nIf you disable or do not configure this policy setting, the user is prompted to decide whether to turn on SmartScreen Filter during the first-run experience.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\PhishingFilter", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\PhishingFilter" ], "Elements": [ { "Type": "Enum", "ValueName": "EnabledV9", "Items": [ { "DisplayName": "Off", "Data": "0" }, { "DisplayName": "On", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "DisableSafetyFilterOverride", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Prevent bypassing SmartScreen Filter warnings", "ExplainText": "This policy setting determines whether the user can bypass warnings from SmartScreen Filter. SmartScreen Filter prevents the user from browsing to or downloading from sites that are known to host malicious content. SmartScreen Filter also prevents the execution of files that are known to be malicious.\n\nIf you enable this policy setting, SmartScreen Filter warnings block the user.\n\nIf you disable or do not configure this policy setting, the user can bypass SmartScreen Filter warnings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\PhishingFilter", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\PhishingFilter" ], "ValueName": "PreventOverride", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "DisableSafetyFilterOverrideForAppRepUnknown", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE9 - At least Internet Explorer 9.0", "DisplayName": "Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet", "ExplainText": "This policy setting determines whether the user can bypass warnings from SmartScreen Filter. SmartScreen Filter warns the user about executable files that Internet Explorer users do not commonly download from the Internet.\n\nIf you enable this policy setting, SmartScreen Filter warnings block the user.\n\nIf you disable or do not configure this policy setting, the user can bypass SmartScreen Filter warnings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\PhishingFilter", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\PhishingFilter" ], "ValueName": "PreventOverrideAppRepUnknown", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "Disable_Security_Settings_Check", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn off the Security Settings Check feature", "ExplainText": "This policy setting turns off the Security Settings Check feature, which checks Internet Explorer security settings to determine when the settings put Internet Explorer at risk.\n\nIf you enable this policy setting, the feature is turned off.\n\nIf you disable or do not configure this policy setting, the feature is turned on.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Security", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Security" ], "ValueName": "DisableSecuritySettingsCheck", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "DisableInterchangingMenuBarNavBar", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7_8 - Only Internet Explorer 7.0 and Internet Explorer 8.0", "DisplayName": "Position the menu bar above the navigation bar", "ExplainText": "This policy setting positions the menu bar above the navigation bar. The navigation bar contains icons for a variety of features, including browsing web pages, searching the web by using a selection of search tools, accessing and managing favorites, viewing a history of visited pages, printing, and accessing email and newsgroups. The menu bar contains menus that open lists of commands. The commands include options for printing, customizing Internet Explorer, copying and pasting text, managing favorites, and accessing Help.\n\nIf you enable this policy setting, the menu bar is above the navigation bar. The user cannot interchange the positions of the menu bar and the navigation bar.\n\nIf you disable this policy setting, the menu bar is below the navigation bar. The user cannot interchange the positions of the menu bar and the navigation bar.\n\nIf you do not configure this policy setting, the user can interchange the positions of the menu bar and the navigation bar.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Toolbar\\WebBrowser" ], "ValueName": "ITBar7Position", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "DisablePopupFilterLevel", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Prevent changing pop-up filter level", "ExplainText": "This policy setting prevents the user from changing the level of pop-up filtering. The available levels are as follows:\nHigh: Block all pop-ups.\nMedium: Block most automatic pop-ups.\nLow: Allow pop-ups from secure sites.\n\nIf you enable this policy setting, the user cannot change the filter level. You can specify the filter level by importing Privacy settings from your computer under Internet Explorer Maintenance.\n\nIf you disable or do not configure this policy setting, the user can manage pop-ups by changing the filter level.\n\nYou may also want to enable the \"Prevent managing pop-up exception list\" and \"Turn off pop-up management\" policy settings to prevent the user from configuring pop-up behavior.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions" ], "ValueName": "DisablePopupFilterLevel", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "DisplayScriptFailureUI", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Display error message on proxy script download failure", "ExplainText": "Specifies that error messages will be displayed to users if problems occur with proxy scripts.\n\nIf you enable this policy, error messages will be displayed when the browser does not download or run a script to set proxy settings.\n\nIf you disable this policy or do not configure it, error messages will not be displayed when problems occur with proxy scripts.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings" ], "ValueName": "DisplayScriptDownloadFailureUI", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "Enable_Compat_Logging", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn on compatibility logging", "ExplainText": "This policy setting logs information that is blocked by new features in Internet Explorer. The logged compatibility information is displayed in the Windows Event Viewer.\n\nIf you enable this policy setting, the user can log information that is blocked by new Internet Explorer features. The user cannot turn off logging.\n\nIf you disable this policy setting, the user cannot log information that is blocked by new Internet Explorer features. The user cannot turn on logging.\n\nIf you do not configure this policy setting, the user can change the logging settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\Feature_Enable_Compat_logging", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\Feature_Enable_Compat_logging" ], "ValueName": "iexplore.exe", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "EnforceFullscreen", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Enforce full-screen mode", "ExplainText": "This policy setting allows you to enforce full-screen mode, which disables the navigation bar, the menu bar, and the Command bar. Starting with Windows 8, this policy only applies to Internet Explorer on the desktop.\n\nThe navigation bar includes features for browsing webpages, searching the web by using a selection of search tools, viewing a history of visited pages, printing, and accessing email and newsgroups. The menu bar contains menus that open lists of commands for printing, customizing Internet Explorer, copying and pasting text, managing favorites, and accessing Help. The Command bar enables the user to access and manage favorites, feeds, shortcuts to home page, and more. Full-screen mode disables not only these three bars, but also the shortcuts to these bars.\n\nIf you enable this policy setting, the navigation bar, the menu bar, and the Command bar are not visible, and the user cannot access them.\n\nIf you disable or do not configure this policy setting, the user can view and access the navigation bar, the menu bar, and the Command bar.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "ValueName": "AlwaysShowMenus", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "EnabledList", "ValueName": "NoNavBar", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Toolbars\\Restrictions", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Toolbars\\Restrictions" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "NoCommandBar", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Toolbars\\Restrictions", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Toolbars\\Restrictions" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "NoNavBar", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Toolbars\\Restrictions", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Toolbars\\Restrictions" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "NoCommandBar", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Toolbars\\Restrictions", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Toolbars\\Restrictions" ], "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "FavImportExport", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Disable Import/Export Settings wizard", "ExplainText": "This policy settings disables the Import/Export Settings wizard. This wizard allows you to import settings from another browser, import settings from a file, or export settings to a file. Importing settings from another browser allows the user to import favorites and feeds from other browsers. Importing settings from a file allows the user to import favorites, feeds and cookies from a file. Exporting settings to a file allows the user to export favorites, feeds and cookies to a file.\n\nIf you enable this policy setting, the user will not be able to use the Import/Export Settings wizard.\n\nIf you disable or do not configure this policy setting, the user will be able to use the Import/Export Settings wizard.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer" ], "ValueName": "DisableImportExportFavorites", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "GeolocationDisable", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE9 - At least Internet Explorer 9.0", "DisplayName": "Turn off browser geolocation", "ExplainText": "This policy setting allows you to disable browser geolocation support. This will prevent websites from requesting location data about the user.\n\nIf you enable this policy setting, browser geolocation support is turned off.\n\nIf you disable this policy setting, browser geolocation support is turned on.\n\nIf you do not configure this policy setting, browser geolocation support can be turned on or off in Internet Options on the Privacy tab.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Geolocation", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Geolocation" ], "ValueName": "PolicyDisableGeolocation", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_AddOnManagement", "PolicyName": "DisableFlashInIE", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE10WIN8 - At least Internet Explorer 10.0 on Windows 8", "DisplayName": "Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects", "ExplainText": "This policy setting turns off Adobe Flash in Internet Explorer and prevents applications from using Internet Explorer technology to instantiate Flash objects.\n\nIf you enable this policy setting, Flash is turned off for Internet Explorer, and applications cannot use Internet Explorer technology to instantiate Flash objects. In the Manage Add-ons dialog box, the Flash status will be 'Disabled', and users cannot enable Flash. If you enable this policy setting, Internet Explorer will ignore settings made for Adobe Flash through the \"Add-on List\" and \"Deny all add-ons unless specifically allowed in the Add-on List\" policy settings.\n\nIf you disable, or do not configure this policy setting, Flash is turned on for Internet Explorer, and applications can use Internet Explorer technology to instantiate Flash objects. Users can enable or disable Flash in the Manage Add-ons dialog box.\n\nNote that Adobe Flash can still be disabled through the \"Add-on List\" and \"Deny all add-ons unless specifically allowed in the Add-on List\" policy settings, even if this policy setting is disabled, or not configured. However, if Adobe Flash is disabled through the \"Add-on List\" and \"Deny all add-ons unless specifically allowed in the Add-on List\" policy settings and not through this policy setting, all applications that use Internet Explorer technology to instantiate Flash object can still do so. For more information, see \"Group Policy Settings in Internet Explorer 10\" in the Internet Explorer TechNet library.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer" ], "ValueName": "DisableFlashInIE", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "General_Zooming", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn off page-zooming functionality", "ExplainText": "This policy setting prevents the user from zooming in to or out of a page to better see the content.\n\nIf you enable this policy setting, applications that host MSHTML do not respond to user input that causes the content to be re-rendered at a scaled size.\n\nIf you disable or do not configure this policy setting, applications that host MSHTML respond to user input that causes the content to be re-rendered at a scaled size.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\ZOOM", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\ZOOM" ], "ValueName": "ZoomDisabled", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "Identities", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5_6 - Only Internet Explorer 5.0 and Internet Explorer 6.0", "DisplayName": "Identity Manager: Prevent users from using Identities", "ExplainText": "Prevents users from configuring unique identities by using Identity Manager.\n\nIdentity Manager enables users to create multiple accounts, such as e-mail accounts, on the same computer. Each user has a unique identity, with a different password and different program preferences.\n\nIf you enable this policy, users will not be able to create new identities, manage existing identities, or switch identities. The Switch Identity option will be removed from the File menu in Address Book.\n\nIf you disable this policy or do not configure it, users can set up and change identities.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Identities" ], "ValueName": "Locked Down", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "AddonManagement_IgnoreAddonApprovalStatus", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE9 - At least Internet Explorer 9.0", "DisplayName": "Automatically activate newly installed add-ons", "ExplainText": "This policy setting allows you to configure whether newly installed add-ons are automatically activated in the Internet Explorer 9 browser. Any add-ons that were activated in a previous version of Internet Explorer are considered to be the same as newly installed add-ons and are not activated when the user upgrades to Internet Explorer 9.\n\nIn Internet Explorer 9, add-ons are defined as toolbars, Browser Helper Objects, or Explorer bars. ActiveX controls are referred to as plug-ins and are not part of this definition.\n\nIf you enable this policy setting, newly installed add-ons are automatically activated in the browser.\n\nIf you disable or do not configure this policy setting, newly installed add-ons are not automatically activated in the browser. Internet Explorer notifies the user when newly installed add-ons are ready for use. The user must choose to activate them by responding to the notification, using Manage Add-ons, or using other methods.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Ext", "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Ext" ], "ValueName": "IgnoreFrameApprovalCheck", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "AddonManagement_DisableAddonLoadTimePerformanceNotifications", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE9 - At least Internet Explorer 9.0", "DisplayName": "Turn off add-on performance notifications", "ExplainText": "This policy setting prevents Internet Explorer from displaying a notification when the average time to load all the user's enabled add-ons exceeds the threshold. The notification informs the user that add-ons are slowing his or her browsing and displays a button that opens the Disable Add-ons dialog box. The Disable Add-ons dialog box displays the load time for each group of add-ons enabled in the browser. It allows the user to disable add-ons and configure the threshold.\n\nIf you enable this policy setting, users are not notified when the average time to load all the user's enabled add-ons exceeds the threshold.\n\nIf you disable or do not configure this policy setting, users are notified when the average time to load all the user's enabled add-ons exceeds the threshold. This is the default.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Ext", "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Ext" ], "ValueName": "DisableAddonLoadTimePerformanceNotifications", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "TurnOnActiveXFiltering", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE9 - At least Internet Explorer 9.0", "DisplayName": "Turn on ActiveX Filtering", "ExplainText": "This policy setting controls the ActiveX Filtering feature for websites that are running ActiveX controls. The user can choose to turn off ActiveX Filtering for specific websites so that ActiveX controls can run properly.\n\nIf you enable this policy setting, ActiveX Filtering is enabled by default for the user. The user cannot turn off ActiveX Filtering, although they may add per-site exceptions.\n\nIf you disable or do not configure this policy setting, ActiveX Filtering is not enabled by default for the user. The user can turn ActiveX Filtering on or off.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Safety\\ActiveXFiltering", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Safety\\ActiveXFiltering" ], "ValueName": "IsEnabled", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "MediaSettings", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6ONLY - Only Internet Explorer 6.0", "DisplayName": "Configure Media Explorer Bar", "ExplainText": "Allows Administrators to enable and disable the Media Explorer Bar and set the auto-play default.\n\nThe Media Explorer Bar plays music and video content from the Internet.\n\nIf you disable the Media explorer bar, users cannot display the Media Explorer Bar. The auto-play feature is also disabled. When users click on a link within Internet Explorer, the content will be played by the default media client on their system.\n\nIf you enable the Media Explorer Bar or do not configure it, users can show and hide the Media Explorer Bar.\n\nAdministrators also have the ability to turn the auto-play feature on or off. This setting only applies if the Media Explorer Bar is enabled.\n\nIf checked, the Media Explorer Bar will automatically display and play the media content when the user clicks on a media link.\n\nIf unchecked, the content will be played by the default media client on their system.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel" ], "Elements": [ { "Type": "Boolean", "ValueName": "No_LaunchMediaBar", "TrueValue": "1", "FalseValue": "0", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions" ] }, { "Type": "Boolean", "ValueName": "Autoplay", "TrueValue": "yes", "FalseValue": "no", "KeyPath": [ "HKCU\\Software\\Microsoft\\Internet Explorer\\media" ] } ] }, { "File": "inetres.admx", "CategoryName": "DeleteBrowsingHistory", "PolicyName": "NoDelBrowsingHistory", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Prevent access to Delete Browsing History", "ExplainText": "This policy setting prevents the user from performing actions which will delete browsing history. For more information on browsing history Group Policy settings, see \"Group Policies Settings in Internet Explorer 10\" in the TechNet technical library.\n\nIf you enable this policy setting, the user cannot access the Delete Browsing History dialog box. Starting with Windows 8, users cannot click the Delete Browsing History button on the Settings charm.\n\nIf you disable or do not configure this policy setting, the user can access the Delete Browsing History dialog box. Starting with Windows 8, users can click the Delete Browsing History button on the Settings charm.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel" ], "ValueName": "DisableDeleteBrowsingHistory", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "DeleteBrowsingHistory", "PolicyName": "NoDelForms", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Prevent deleting form data", "ExplainText": "This policy setting prevents the user from deleting form data. This feature is available in the Delete Browsing History dialog box.\n\nIf you enable this policy setting, form data is preserved when the user clicks Delete.\n\nIf you disable this policy setting, form data is deleted when the user clicks Delete.\n\nIf you do not configure this policy setting, the user can choose whether to delete or preserve form data when he or she clicks Delete.\n\nIf the \"Prevent access to Delete Browsing History\" policy setting is enabled, this policy setting is enabled by default.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel" ], "ValueName": "DisableDeleteForms", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "DeleteBrowsingHistory", "PolicyName": "NoDelPasswords", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Prevent deleting passwords", "ExplainText": "This policy setting prevents users from deleting passwords. This feature is available in the Delete Browsing History dialog box.\n\nIf you enable this policy setting, passwords are preserved when the user clicks Delete.\n\nIf you disable this policy setting, passwords are deleted when the user clicks Delete.\n\nIf you do not configure this policy setting, the user can choose whether to delete or preserve passwords when he or she clicks Delete.\n\nIf the \"Prevent access to Delete Browsing History\" policy setting is enabled, this policy setting is enabled by default.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel" ], "ValueName": "DisableDeletePasswords", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "DeleteBrowsingHistory", "PolicyName": "DBHDisableDeleteCookies", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Prevent deleting cookies", "ExplainText": "This policy setting prevents the user from deleting cookies. This feature is available in the Delete Browsing History dialog box.\n\nIf you enable this policy setting, cookies are preserved when the user clicks Delete.\n\nIf you disable this policy setting, cookies are deleted when the user clicks Delete.\n\nIf you do not configure this policy setting, the user can choose whether to delete or preserve cookies when he or she clicks Delete.\n\nIf the \"Prevent access to Delete Browsing History\" policy setting is enabled, this policy setting is enabled by default.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Privacy", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Privacy" ], "ValueName": "CleanCookies", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "inetres.admx", "CategoryName": "DeleteBrowsingHistory", "PolicyName": "DBHDisableDeleteHistory", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Prevent deleting websites that the user has visited", "ExplainText": "This policy setting prevents the user from deleting the history of websites that he or she has visited. This feature is available in the Delete Browsing History dialog box.\n\nIf you enable this policy setting, websites that the user has visited are preserved when he or she clicks Delete.\n\nIf you disable this policy setting, websites that the user has visited are deleted when he or she clicks Delete.\n\nIf you do not configure this policy setting, the user can choose whether to delete or preserve visited websites when he or she clicks Delete.\n\nIf the \"Prevent access to Delete Browsing History\" policy setting is enabled, this policy setting is enabled by default.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Privacy", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Privacy" ], "ValueName": "CleanHistory", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "inetres.admx", "CategoryName": "DeleteBrowsingHistory", "PolicyName": "DBHDisableDeleteDownloadHistory", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE9 - At least Internet Explorer 9.0", "DisplayName": "Prevent deleting download history", "ExplainText": "This policy setting prevents the user from deleting his or her download history. This feature is available in the Delete Browsing History dialog box.\n\nIf you enable this policy setting, download history is preserved when the user clicks Delete.\n\nIf you disable this policy setting, download history is deleted when the user clicks Delete.\n\nIf you do not configure this policy setting, the user can choose whether to delete or preserve download history when he or she clicks Delete.\n\nIf the \"Prevent access to Delete Browsing History\" policy setting is enabled, this policy setting is enabled by default.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Privacy", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Privacy" ], "ValueName": "CleanDownloadHistory", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "inetres.admx", "CategoryName": "DeleteBrowsingHistory", "PolicyName": "DBHDisableDeleteTIF", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Prevent deleting temporary Internet files", "ExplainText": "This policy setting prevents the user from deleting temporary Internet files. This feature is available in the Delete Browsing History dialog box.\n\nIf you enable this policy setting, temporary Internet files are preserved when the user clicks Delete.\n\nIf you disable this policy setting, temporary Internet files are deleted when the user clicks Delete.\n\nIf you do not configure this policy setting, the user can choose whether to delete or preserve temporary Internet files when he or she clicks Delete.\n\nIf the \"Prevent access to Delete Browsing History\" policy setting is enabled, this policy setting is enabled by default.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Privacy", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Privacy" ], "ValueName": "CleanTIF", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "inetres.admx", "CategoryName": "DeleteBrowsingHistory", "PolicyName": "DBHDisableDeleteInPrivateDataV8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8ONLY - Only Internet Explorer 8.0", "DisplayName": "Prevent deleting InPrivate Filtering data", "ExplainText": "This policy setting prevents the user from deleting InPrivate Filtering data. Internet Explorer collects InPrivate Filtering data during browser sessions other than InPrivate Browsing sessions to determine which third-party items should be blocked when InPrivate Filtering is enabled. This feature is available in the Delete Browsing History dialog box.\n\nIf you enable this policy setting, InPrivate Filtering data is preserved when the user clicks Delete.\n\nIf you disable this policy setting, InPrivate Filtering data is deleted when the user clicks Delete.\n\nIf you do not configure this policy setting, the user can choose whether to delete or preserve InPrivate Filtering data when he or she clicks Delete.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Privacy", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Privacy" ], "ValueName": "CleanInPrivateBlocking", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "inetres.admx", "CategoryName": "DeleteBrowsingHistory", "PolicyName": "DBHDisableDeleteInPrivateDataV9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE9 - At least Internet Explorer 9.0", "DisplayName": "Prevent deleting ActiveX Filtering, Tracking Protection, and Do Not Track data", "ExplainText": "In Internet Explorer 9 and Internet Explorer 10:\nThis policy setting prevents users from deleting ActiveX Filtering and Tracking Protection data, which includes the list of websites for which the user has chosen to disable ActiveX Filtering or Tracking Protection. In addition, Tracking Protection data is also collected if users turn on the Personalized Tracking Protection List, which blocks third-party items while the user is browsing.\n\nWith at least Internet Explorer 11:\nThis policy setting prevents users from deleting ActiveX Filtering data, Tracking Protection data, and Do Not Track exceptions stored for visited websites.\n\nThis feature is available in the Delete Browsing History dialog box.\n\nIf you enable this policy setting, ActiveX Filtering, Tracking Protection and Do Not Track data is preserved when the user clicks Delete.\n\nIf you disable this policy setting, ActiveX Filtering, Tracking Protection and Do Not Track data is deleted when the user clicks Delete.\n\nIf you don't configure this policy setting, users can turn this feature on and off, determining whether to delete ActiveX Filtering, Tracking Protection, and Do Not Track data when clicking Delete.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Privacy", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Privacy" ], "ValueName": "CleanTrackingProtection", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "inetres.admx", "CategoryName": "DeleteBrowsingHistory", "PolicyName": "DBHDisableKeepFavorites", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Prevent deleting favorites site data", "ExplainText": "This policy setting prevents the user from deleting favorites site data. This feature is available in the Delete Browsing History dialog box.\n\nIf you enable this policy setting, favorites site data is preserved when the user clicks Delete.\n\nIf you disable this policy setting, favorites site data is deleted when the user clicks Delete.\n\nIf you do not configure this policy setting, the user can choose whether to delete or preserve favorites site data when he or she clicks Delete.\n\nIf the \"Prevent access to Delete Browsing History\" policy setting is enabled, this policy setting has no effect.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Privacy", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Privacy" ], "ValueName": "UseAllowList", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "DeleteBrowsingHistory", "PolicyName": "DBHDisableDeleteOnExit", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Allow deleting browsing history on exit", "ExplainText": "This policy setting allows the automatic deletion of specified items when the last browser window closes. The preferences selected in the Delete Browsing History dialog box (such as deleting temporary Internet files, cookies, history, form data, and passwords) are applied, and those items are deleted.\n\nIf you enable this policy setting, deleting browsing history on exit is turned on.\n\nIf you disable this policy setting, deleting browsing history on exit is turned off.\n\nIf you do not configure this policy setting, it can be configured on the General tab in Internet Options.\n\nIf the \"Prevent access to Delete Browsing History\" policy setting is enabled, this policy setting has no effect.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Privacy", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Privacy" ], "ValueName": "ClearBrowsingHistoryOnExit", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "NoFirstRunCustomise", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Prevent running First Run wizard", "ExplainText": "This policy setting prevents Internet Explorer from running the First Run wizard the first time a user starts the browser after installing Internet Explorer or Windows.\n\nIf you enable this policy setting, you must make one of the following choices:\n\u2022 Skip the First Run wizard, and go directly to the user's home page.\n\u2022 Skip the First Run wizard, and go directly to the \"Welcome to Internet Explorer\" webpage.\n\nStarting with Windows 8, the \"Welcome to Internet Explorer\" webpage is not available. The user's home page will display regardless of which option is chosen.\n\nIf you disable or do not configure this policy setting, Internet Explorer may run the First Run wizard the first time the browser is started after installation.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "Elements": [ { "Type": "Enum", "ValueName": "DisableFirstRunCustomize", "Items": [ { "DisplayName": "Go directly to home page", "Data": "1" }, { "DisplayName": "Go directly to \"Welcome To IE\" page", "Data": "2" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "NoHelpMenu", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Prevent access to Internet Explorer Help", "ExplainText": "This policy setting prevents the user from accessing Help in Internet Explorer.\n\nIf you enable this policy setting, the following occur:\n\u2022 The Help menu on the menu bar is not functional.\n\u2022 Help is removed from the Command bar.\n\u2022 The shortcut key F1 does not make Help appear.\n\u2022 Help cannot be accessed from the Settings charm (starting with Internet Explorer 10 on Windows 8).\n\nIf you disable or do not configure this policy setting, the Internet Explorer Help menu is available to the user. The user can also use the Command bar and F1 to access Help.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions" ], "ValueName": "NoHelpMenu", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "NoIESearchBox", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7_8 - Only Internet Explorer 7.0 and Internet Explorer 8.0", "DisplayName": "Prevent Internet Explorer Search box from appearing", "ExplainText": "This policy setting prevents the Search box from appearing in Internet Explorer. When the Search box is available, it includes all installed search providers and a link to search settings.\n\nIf you enable this policy setting, the Search box does not appear in the Internet Explorer frame.\n\nIf you disable or do not configure this policy setting, the Search box appears by default in the Internet Explorer frame.\n\nNote: If you enable this policy setting, Internet Explorer does not enumerate search providers for the Accelerators infrastructure. If Accelerators are turned on, users can install search providers as Accelerators to include them on the Accelerator menu.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Infodelivery\\Restrictions", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Infodelivery\\Restrictions" ], "ValueName": "NoSearchBox", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "SearchDisableUserSuggestions", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Turn off suggestions for all user-installed providers", "ExplainText": "This policy setting allows you to turn off suggestions for all user-installed search providers.\n\nIf you enable this policy setting, the user cannot view suggestions for user-installed search providers.\n\nIf you disable or do not configure this policy setting, the user can choose to view suggestions for all user-installed search providers that offer suggestions.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\SearchScopes", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\SearchScopes" ], "ValueName": "ShowSearchSuggestionsGlobal", "Elements": [ { "Type": "EnabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "SearchTurnOffQuickPick", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8ONLY - Only Internet Explorer 8.0", "DisplayName": "Turn off the quick pick menu", "ExplainText": "This policy setting allows you to prevent the quick pick menu from appearing when a user clicks in the Search box.\n\nIf you enable this policy setting, when a user clicks in the Search box, the quick pick menu does not appear until the user starts typing.\n\nIf you disable or do not configure this policy setting, when a user clicks in the Search box, the quick pick menu appears.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\SearchScopes", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\SearchScopes" ], "ValueName": "DisplayQuickPick", "Elements": [ { "Type": "EnabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "NoJITSetup", "Class": "Machine", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5_6 - Only Internet Explorer 5.0 and Internet Explorer 6.0", "DisplayName": "Disable Automatic Install of Internet Explorer components", "ExplainText": "Prevents Internet Explorer from automatically installing components.\n\nIf you enable this policy, it prevents Internet Explorer from downloading a component when users browse to a Web site that needs that component.\n\nIf you disable this policy or do not configure it, users will be prompted to download and install a component when visiting a Web site that uses that component.\n\nThis policy is intended to help the administrator control which components the user installs.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Infodelivery\\Restrictions" ], "ValueName": "NoJITSetup", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "TabProcGrowth", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Set tab process growth", "ExplainText": "This policy setting allows you to set the rate at which Internet Explorer creates new tab processes. There are two algorithms that Internet Explorer uses.\n\nThe default algorithm has four settings: low, medium, high, or default. Low creates very few tab processes; medium creates a moderate amount of tab processes; and high allows the tab process to grow very quickly and is intended only for computers that have ample physical memory. The default setting creates the optimal number of tab processes based on the operating system and amount of physical memory. We recommend the default setting.\n\nThe second algorithm must be explicitly enabled through the creation of an integer setting. In this case, each Internet Explorer isolation setting will quickly grow to use the specified integer number of tab processes, regardless of the physical memory on the computer or how many Internet Explorer isolation settings are running.\n\nIf you enable this policy setting, you set the rate at which Internet Explorer creates new tab processes to low, medium, or high, or to an integer.\n\nIf you disable or do not configure this policy setting, the tab process growth is set to the default. The user can change this value by using the registry key. Note: On Terminal Server, the default value is the integer \"1\".", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "Elements": [ { "Type": "Text", "ValueName": "TabProcGrowth", "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "FastShutdownOnUnload", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE9 - At least Internet Explorer 9.0", "DisplayName": "Allow Internet Explorer 8 shutdown behavior", "ExplainText": "This policy setting allows you to revert to the Internet Explorer 8 behavior of allowing OnUnLoad script handlers to display UI during shutdown. This policy setting may be needed to fix compatibility problems with particular web applications.\n\nIf you enable this policy setting, OnUnLoad script handlers display UI during shutdown.\n\nIf you disable or do not configure this policy setting, OnUnLoad script handlers do not display UI during shutdown (default behavior in Internet Explorer 9).", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "ValueName": "ShutdownWaitForOnUnload", "Elements": [ { "Type": "EnabledValue", "Data": "1" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "NewTabAction", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Specify default behavior for a new tab", "ExplainText": "This policy setting allows you to specify what is displayed when the user opens a new tab.\n\nIf you enable this policy setting, you can choose which page to display when the user opens a new tab: blank page (about:blank), the first home page, the new tab page or the new tab page with my news feed.\n\nIf you disable or do not configure this policy setting, the user can select his or her preference for this behavior.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\TabbedBrowsing", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\TabbedBrowsing" ], "Elements": [ { "Type": "Enum", "ValueName": "NewTabPageShow", "Items": [ { "DisplayName": "New tab page with my news feed", "Data": "3" }, { "DisplayName": "about:blank", "Data": "0" }, { "DisplayName": "New tab page", "Data": "2" }, { "DisplayName": "Home page", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "DisableTabGrouping", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Turn off Tab Grouping", "ExplainText": "This policy setting allows you to manage whether the user has access to Tab Grouping in Internet Explorer.\n\nIf you enable this policy setting, Tab Grouping is turned off.\n\nIf you disable this policy setting, Tab Grouping is turned on.\n\nIf you do not configure this policy setting, the user can turn on or turn off Tab Grouping.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\TabbedBrowsing" ], "ValueName": "Groups", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "NoQuickTabs", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7_10 - Internet Explorer 7.0 to Internet Explorer 10.0", "DisplayName": "Turn off Quick Tabs functionality", "ExplainText": "This policy setting allows you to turn off the Quick Tabs functionality in Internet Explorer.\n\nIf you enable this policy setting, the entry points to Quick Tabs are removed from the Internet Explorer user interface.\n\nIf you disable or do not configure this policy setting, Quick Tabs is turned on.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\TabbedBrowsing", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\TabbedBrowsing" ], "ValueName": "QuickTabsThreshold", "Elements": [ { "Type": "EnabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "NoSearchProvider", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Prevent changing the default search provider", "ExplainText": "This policy setting prevents the user from changing the default search provider for the Address bar and the toolbar Search box.\n\nIf you enable this policy setting, the user cannot change the default search provider.\n\nIf you disable or do not configure this policy setting, the user can change the default search provider.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Infodelivery\\Restrictions", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Infodelivery\\Restrictions" ], "ValueName": "NoChangeDefaultSearchProvider", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "NoSplash", "Class": "Machine", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5ONLY - Only Internet Explorer 5.0", "DisplayName": "Disable showing the splash screen", "ExplainText": "Prevents the Internet Explorer splash screen from appearing when users start the browser.\n\nIf you enable this policy, the splash screen, which displays the program name, licensing, and copyright information, is not displayed.\n\nIf you disable this policy or do not configure it, the splash screen will be displayed when users start their browsers.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Infodelivery\\Restrictions" ], "ValueName": "NoSplash", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "NoTabBrowsing_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7_10 - Internet Explorer 7.0 to Internet Explorer 10.0", "DisplayName": "Turn off tabbed browsing", "ExplainText": "This policy setting allows you to turn off tabbed browsing and related entry points from the Internet Explorer user interface. Starting with Windows 8, this policy only applies to Internet Explorer on the desktop.\n\nIf you enable this policy setting, tabbed browsing and related entry points are turned off for Internet Explorer, and the user cannot turn them on.\n\nIf you disable this policy setting, tabbed browsing and related entry points appear on the user interface for Internet Explorer, and the user cannot turn them off.\n\nIf you do not configure this policy setting, the user can turn on or turn off tabbed browsing.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\TabbedBrowsing", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\TabbedBrowsing" ], "ValueName": "Enabled", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "NoTabBrowsingPopups", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn off configuration of pop-up windows in tabbed browsing", "ExplainText": "This policy setting allows you to define the user experience related to how pop-up windows appear in tabbed browsing in Internet Explorer.\n\nIf you enable this policy setting, the user cannot configure pop-up windows in tabbed browsing. You must specify one of the following values:\n0: Let Internet Explorer decide.\n1: Force pop-up windows to open in new windows.\n2: Force pop-up windows to open on new tabs.\n\nIf you disable or do not configure this policy setting, Internet Explorer uses the user's setting for pop-up windows in tabbed browsing.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\TabbedBrowsing", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\TabbedBrowsing" ], "Elements": [ { "Type": "Enum", "ValueName": "PopupsUseNewWindow", "Items": [ { "DisplayName": "Let Internet Explorer decide", "Data": "0" }, { "DisplayName": "Force pop-ups to open in a new window", "Data": "1" }, { "DisplayName": "Force pop-ups to open in a new tab", "Data": "2" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "NoUpdateCheck", "Class": "Machine", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5_6 - Only Internet Explorer 5.0 and Internet Explorer 6.0", "DisplayName": "Disable Periodic Check for Internet Explorer software updates", "ExplainText": "Prevents Internet Explorer from checking whether a new version of the browser is available.\n\nIf you enable this policy, it prevents Internet Explorer from checking to see whether it is the latest available browser version and notifying users if a new version is available.\n\nIf you disable this policy or do not configure it, Internet Explorer checks every 30 days by default, and then notifies users if a new version is available.\n\nThis policy is intended to help the administrator maintain version control for Internet Explorer by preventing users from being notified about new versions of the browser.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Infodelivery\\Restrictions" ], "ValueName": "NoUpdateCheck", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "NoWindowReuse", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Prevent configuration of how windows open", "ExplainText": "This policy setting allows you to configure how windows open in Internet Explorer when the user clicks links from other applications.\n\nIf you enable this policy setting, the user cannot configure how windows open in Internet Explorer when he or she clicks links from other applications. You must specify one of the following:\n\u2022 Open in an existing Internet Explorer window. If tabbed browsing is enabled, a new tab is created in this scenario.\n\u2022 Open a new Internet Explorer window.\n\nIf you disable or do not configure this policy setting, the user can configure how windows open when he or she clicks links from other applications.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "Elements": [ { "Type": "Enum", "ValueName": "AllowWindowReuse", "Items": [ { "DisplayName": "Open in existing Internet Explorer window", "Data": "1" }, { "DisplayName": "Open in a new Internet Explorer window", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "OESettings", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6ONLY - Only Internet Explorer 6.0", "DisplayName": "Configure Outlook Express", "ExplainText": "Allows Administrators to enable and disable the ability for Outlook Express users to save or open attachments that can potentially contain a virus.\n\nIf you check the block attachments setting, users will be unable to open or save attachments that could potentially contain a virus. Users will not be able to disable the blocking of attachments in options.\n\nIf the block attachments setting is not checked, the user can specify to enable or disable the blocking of attachments in options.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel" ], "Elements": [ { "Type": "Boolean", "ValueName": "BlockExeAttachments", "TrueValue": "1", "FalseValue": "0", "KeyPath": [ "HKCU\\Software\\Microsoft\\Outlook Express" ] } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "PopupBlocker_AllowList", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Pop-up allow list", "ExplainText": "This policy setting allows you to specify a list of web sites that will be allowed to open pop-up windows regardless of the Internet Explorer process's Pop-Up Blocker settings.\n\nIf you enable this policy setting, you can enter a list of sites which will be allowed to open pop-up windows regardless of user settings. Only the domain name is allowed, so www.contoso.com is valid, but not http://www.contoso.com. Wildcards are allowed, so *.contoso.com is also valid.\n\nIf you disable this or do not configure this policy setting, you will not be able to provide a default Pop-up Blocker exception list.\n\nNote: You can disable users from adding or removing websites to the exception list by enabling \"Turn off Managing Pop-up Allow list\" policy.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\New Windows", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\New Windows" ], "ValueName": "ListBox_Support_Allow", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\New Windows\\Allow", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\New Windows\\Allow" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "RestrictAccessibility", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Disable changing accessibility settings", "ExplainText": "If you enable this policy, the user cannot modify the Accessibility options. All options in the \"Accessibility\" window on the General Tab in the Internet Options dialog box appear dimmed.\n\nIf you disable this policy or do not configure it, users can change accessibility settings, such as overriding fonts and colors on Web pages.\n\nIf you set the \"Disable the General page\" policy (located in \\User Configuration\\Administrative Templates\\Windows Components\\Internet Explorer\\Internet Control Panel), you do not need to set this policy, because the \"Disable the General page\" policy removes the General tab from the interface.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel" ], "ValueName": "Accessibility", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "RestrictAutoconfig", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Disable changing Automatic Configuration settings", "ExplainText": "This setting specifies to automatically detect the proxy server settings used to connect to the Internet and customize Internet Explorer. This setting specifies that Internet explorer use the configuration settings provided in a file by the system administrator.\n\nIf you enable this policy setting, the user will not be able to do automatic configuration. You can import your current connection settings from your machine using Internet Explorer Maintenance under Admin Templates using group policy editor.\n\nIf you disable or do no configure this policy setting, the user will have the freedom to automatically configure these settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel" ], "ValueName": "Autoconfig", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "RestrictCache", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Disable changing Temporary Internet files settings", "ExplainText": "Prevents users from changing the browser cache settings, such as the location and amount of disk space to use for the Temporary Internet Files folder.\n\nIf you enable this policy, the browser cache settings appear dimmed. These settings are found in the dialog box that appears when users click the General tab and then click the Settings button in the Internet Options dialog box.\n\nIf you disable this policy or do not configure it, users can change their cache settings.\n\nIf you set the \"Disable the General page\" policy (located in \\User Configuration\\Administrative Templates\\Windows Components\\Internet Explorer\\Internet Control Panel), you do not need to set this policy, because the \"Disable the General page\" policy removes the General tab from the interface.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel" ], "ValueName": "Cache", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "RestrictCalendarContact", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5_NONVISTA - At least Internet Explorer 5.0. Not supported on Windows Vista", "DisplayName": "Disable changing Calendar and Contact settings", "ExplainText": "Prevents users from changing the default programs for managing schedules and contacts.\n\nIf you enable this policy, the Calendar and Contact combo boxes appear dimmed in the Internet Programs area. To display these options, users open the Internet Options dialog box, and then click the Programs tab.\n\nIf you disable this policy or do not configure it, users can determine which programs to use for managing schedules and contacts, if programs that perform these tasks are installed.\n\nThis \"Disable the Programs Page\" policy (located in \\User Configuration\\Administrative Templates\\Windows Components\\Internet Explorer\\Internet Control Panel) takes precedence over this policy. If it is enabled, this policy is ignored.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel" ], "ValueName": "CalendarContact", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "RestrictCertificates", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Disable changing certificate settings", "ExplainText": "Prevents users from changing certificate settings in Internet Explorer. Certificates are used to verify the identity of software publishers.\n\nIf you enable this policy, the settings in the Certificates area on the Content tab in the Internet Options dialog box appear dimmed.\n\nIf you disable this policy or do not configure it, users can import new certificates, remove approved publishers, and change settings for certificates that have already been accepted.\n\nThe \"Disable the Content page\" policy (located in \\User Configuration\\Administrative Templates\\Windows Components\\Internet Explorer\\Internet Control Panel), which removes the Content tab from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored.\n\nCaution: If you enable this policy, users can still run the Certificate Manager Import Wizard by double-clicking a software publishing certificate (.spc) file. This wizard enables users to import and configure settings for certificates from software publishers that haven't already been configured for Internet Explorer.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel" ], "ValueName": "Certificates", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "RestrictCheckBrowser", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5_9 - Only Internet Explorer 5.0 through Internet Explorer 9.0", "DisplayName": "Disable changing default browser check", "ExplainText": "Prevents Microsoft Internet Explorer from checking to see whether it is the default browser.\n\nIf you enable this policy, the Internet Explorer Should Check to See Whether It Is the Default Browser check box on the Programs tab in the Internet Options dialog box appears dimmed.\n\nIf you disable this policy or do not configure it, users can determine whether Internet Explorer will check to see if it is the default browser. When Internet Explorer performs this check, it prompts the user to specify which browser to use as the default.\n\nThis policy is intended for organizations that do not want users to determine which browser should be their default.\n\nThe \"Disable the Programs page\" policy (located in \\User Configuration\\Administrative Templates\\Windows Components\\Internet Explorer\\Internet Control Panel), which removes the Programs tab from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel" ], "ValueName": "Check_If_Default", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "NotifyNotDefaultBrowser", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE10 - At least Internet Explorer 10.0", "DisplayName": "Notify users if Internet Explorer is not the default web browser", "ExplainText": "This policy setting allows you to choose whether users will be notified if Internet Explorer is not the default web browser.\n\nIf you enable this policy setting, users will be notified if Internet Explorer is not the default web browser. Users cannot change the setting.\n\nIf you disable this policy setting, users will not be notified if Internet Explorer is not the default web browser. Users cannot change the setting.\n\nIf you do not configure this policy setting, users can choose whether to be notified that Internet Explorer is not the default web browser through the Tell me if Internet Explorer is not the default web browser check box on the Programs tab in the Internet Options dialog box. Note that starting with Internet Explorer 10 on Windows 8, the check box is located on the Advanced tab in the Internet Options dialog box. For more information, see \"Group Policy Settings in Internet Explorer 10\" in the Internet Explorer TechNet library.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "ValueName": "Check_Associations", "Elements": [ { "Type": "EnabledValue", "Data": "yes" }, { "Type": "DisabledValue", "Data": "no" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "RestrictColors", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Disable changing color settings", "ExplainText": "Prevents users from changing the default Web page colors.\n\nIf you enable this policy, the color settings for Web pages appear dimmed. The settings are located in the Colors area in the dialog box that appears when the user clicks the General tab and then clicks the Colors button in the Internet Options dialog box.\n\nIf you disable this policy or do not configure it, users can change the default background and text color of Web pages.\n\nIf you set the \"Disable the General page\" policy (located in \\User Configuration\\Administrative Templates\\Windows Components\\Internet Explorer\\Internet Control Panel), you do not need to set this policy, because the \"Disable the General page\" policy removes the General tab from the interface.\n\nNote: The default Web page colors are ignored on Web pages in which the author has specified the background and text colors.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel" ], "ValueName": "Colors", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "RestrictConnectionSettings_1", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Disable changing connection settings", "ExplainText": "Prevents users from changing dial-up settings.\n\nIf you enable this policy, the Settings button on the Connections tab in the Internet Options dialog box appears dimmed.\n\nIf you disable this policy or do not configure it, users can change their settings for dial-up connections.\n\nIf you set the \"Disable the Connections page\" policy (located in \\User Configuration\\Administrative Templates\\Windows Components\\Internet Explorer\\Internet Control Panel), you do not need to set this policy, because the \"Disable the Connections page\" policy removes the Connections tab from the interface.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel" ], "ValueName": "Connection Settings", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "RestrictConnectionSettings_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Disable changing connection settings", "ExplainText": "Prevents users from changing dial-up settings.\n\nIf you enable this policy, the Settings button on the Connections tab in the Internet Options dialog box appears dimmed.\n\nIf you disable this policy or do not configure it, users can change their settings for dial-up connections.\n\nIf you set the \"Disable the Connections page\" policy (located in \\User Configuration\\Administrative Templates\\Windows Components\\Internet Explorer\\Internet Control Panel), you do not need to set this policy, because the \"Disable the Connections page\" policy removes the Connections tab from the interface.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel" ], "Elements": [ { "Type": "EnabledList", "ValueName": "Connection Settings", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "Connwiz Admin Lock", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel" ], "Data": "1" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "RestrictConnectionWizard", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Disable Internet Connection wizard", "ExplainText": "Prevents users from running the Internet Connection Wizard.\n\nIf you enable this policy, the Setup button on the Connections tab in the Internet Options dialog box appears dimmed.\n\nUsers will also be prevented from running the wizard by clicking the Connect to the Internet icon on the desktop or by clicking Start, pointing to Programs, pointing to Accessories, pointing to Communications, and then clicking Internet Connection Wizard.\n\nIf you disable this policy or do not configure it, users can change their connection settings by running the Internet Connection Wizard.\n\nNote: This policy overlaps with the \"Disable the Connections page\" policy (located in \\User Configuration\\Administrative Templates\\Windows Components\\Internet Explorer\\Internet Control Panel), which removes the Connections tab from the interface. Removing the Connections tab from the interface, however, does not prevent users from running the Internet Connection Wizard from the desktop or the Start menu.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel" ], "ValueName": "Connwiz Admin Lock", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "RestrictFonts", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Disable changing font settings", "ExplainText": "Prevents users from changing font settings.\n\nIf you enable this policy, users will not be able to change font settings for viewing Web pages. All font settings visible after pressing the \"Fonts\" button on the General Tab in the Internet Options dialog box will be disabled.\n\nIf you disable this policy or do not configure it, users can change the default fonts for viewing Web pages.\n\nIf you set the \"Disable the General page\" policy (located in \\User Configuration\\Administrative Templates\\Windows Components\\Internet Explorer\\Internet Control Panel), you do not need to set this policy, because the \"Disable the General page\" policy removes the General tab from the interface.\n\nNote: The default font settings colors are ignored in cases in which the Web page author has specified the font attributes.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel" ], "ValueName": "Fonts", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "RestrictFormSuggest", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Disable AutoComplete for forms", "ExplainText": "This AutoComplete feature suggests possible matches when users are filling up forms.\n\nIf you enable this setting, the user is not suggested matches when filling forms. The user cannot change it.\n\nIf you disable this setting, the user is suggested possible matches when filling forms. The user cannot change it.\n\nIf you do not configure this setting, the user has the freedom to turn on the auto-complete feature for forms.\n\nTo display this option, the users open the Internet Options dialog box, click the Contents Tab and click the Settings button.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "ValueName": "Use FormSuggest", "Elements": [ { "Type": "EnabledValue", "Data": "no" }, { "Type": "DisabledValue", "Data": "yes" }, { "Type": "EnabledList", "ValueName": "FormSuggest", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "FormSuggest", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel" ], "Data": "1" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "RestrictFormSuggestPW", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Turn on the auto-complete feature for user names and passwords on forms", "ExplainText": "This AutoComplete feature can remember and suggest User names and passwords on Forms.\n\nIf you enable this setting, the user cannot change \"User name and passwords on forms\" or \"prompt me to save passwords\". The Auto Complete feature for User names and passwords on Forms will be turned on. You have to decide whether to select \"prompt me to save passwords\".\n\nIf you disable this setting the user cannot change \"User name and passwords on forms\" or \"prompt me to save passwords\". The Auto Complete feature for User names and passwords on Forms is turned off. The user also cannot opt to be prompted to save passwords.\n\nIf you do not configure this setting, the user has the freedom of turning on Auto complete for User name and passwords on forms and the option of prompting to save passwords. To display this option, the users open the Internet Options dialog box, click the Contents Tab and click the Settings button.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "ValueName": "FormSuggest Passwords", "Elements": [ { "Type": "Boolean", "ValueName": "FormSuggest PW Ask", "TrueValue": "yes", "FalseValue": "no" }, { "Type": "EnabledValue", "Data": "yes" }, { "Type": "DisabledValue", "Data": "no" }, { "Type": "EnabledList", "ValueName": "FormSuggest Passwords", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "FormSuggest Passwords", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel" ], "Data": "1" } ] }, { "File": "inetres.admx", "CategoryName": "DeleteBrowsingHistory", "PolicyName": "RestrictHistory", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Disable \"Configuring History\"", "ExplainText": "This setting specifies the number of days that Internet Explorer tracks views of pages in the History List. To access the Temporary Internet Files and History Settings dialog box, from the Menu bar, on the Tools menu, click Internet Options, click the General tab, and then click Settings under Browsing history.\n\nIf you enable this policy setting, a user cannot set the number of days that Internet Explorer tracks views of the pages in the History List. You must specify the number of days that Internet Explorer tracks views of pages in the History List. Users can not delete browsing history.\n\nIf you disable or do not configure this policy setting, a user can set the number of days that Internet Explorer tracks views of pages in the History list. Users can delete browsing history.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel\\History", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel\\History" ], "Elements": [ { "Type": "Decimal", "ValueName": "DaysToKeep", "MinValue": "0", "MaxValue": "999", "Required": true, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Url History", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Url History" ] } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "RestrictHomePage", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Disable changing home page settings", "ExplainText": "The Home page specified on the General tab of the Internet Options dialog box is the default Web page that Internet Explorer loads whenever it is run.\n\nIf you enable this policy setting, a user cannot set a custom default home page. You must specify which default home page should load on the user machine. For machines with at least Internet Explorer 7, the home page can be set within this policy to override other home page policies.\n\nIf you disable or do not configure this policy setting, the Home page box is enabled and users can choose their own home page.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel\\HomePage" ], "Elements": [ { "Type": "Text", "ValueName": "Start Page", "Required": true, "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ] } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "SecondaryHomePages", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Disable changing secondary home page settings", "ExplainText": "Secondary home pages are the default Web pages that Internet Explorer loads in separate tabs from the home page whenever the browser is run. This policy setting allows you to set default secondary home pages.\n\nIf you enable this policy setting, you can specify which default home pages should load as secondary home pages. The user cannot set custom default secondary home pages.\n\nIf you disable or do not configure this policy setting, the user can add secondary home pages.\n\nNote: If the \"Disable Changing Home Page Settings\" policy is enabled, the user cannot add secondary home pages.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "ValueName": "SecondaryStartPages", "Elements": [ { "Type": "List", "ValueName": null } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "RestrictLanguages", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Disable changing language settings", "ExplainText": "Prevents users from changing language preference settings.\n\nIf you enable this policy, users will not be able to set language preferences to read websites. Language preference settings visible after pressing the \"Languages\" button on the General Tab in the Internet Options dialog box will be disabled.\n\nIf you disable this policy or do not configure it, users can change the language preference settings for viewing Web sites for languages in which the character set has been installed.\n\nIf you set the \"Disable the General page\" policy (located in \\User Configuration\\Administrative Templates\\Windows Components\\Internet Explorer\\Internet Control Panel), you do not need to set this policy, because the \"Disable the General page\" policy removes the General tab from the interface.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel" ], "ValueName": "Languages", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "RestrictLinks", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Disable changing link color settings", "ExplainText": "Prevents users from changing the colors of links on Web pages.\n\nIf you enable this policy, the color settings for links appear dimmed. The settings are located in the Links area of the dialog box that appears when users click the General tab and then click the Colors button in the Internet Options dialog box.\n\nIf you disable this policy or do not configure it, users can change the default color of links on Web pages.\n\nIf you set the \"Disable the General page\" policy (located in \\User Configuration\\Administrative Templates\\Windows Components\\Internet Explorer\\Internet Control Panel), you do not need to set this policy, because the \"Disable the General page\" policy removes the General tab from the interface.\n\nNote: The default link colors are ignored on Web pages on which the author has specified link colors.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel" ], "ValueName": "links", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "RestrictMessaging", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5_NONVISTA - At least Internet Explorer 5.0. Not supported on Windows Vista", "DisplayName": "Disable changing Messaging settings", "ExplainText": "Prevents users from changing the default programs for messaging tasks.\n\nIf you enable this policy, the E-mail, Newsgroups, and Internet Call options in the Internet Programs area appear dimmed. To display these options, users open the Internet Options dialog box, and then click the Programs tab.\n\nIf you disable this policy or do not configure it, users can determine which programs to use for sending mail, viewing newsgroups, and placing Internet calls, if programs that perform these tasks are installed.\n\nThe \"Disable the Programs page\" policy (located in \\User Configuration\\Administrative Templates\\Windows Components\\Internet Explorer\\Internet Control Panel), which removes the Programs tab from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel" ], "ValueName": "Messaging", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "RestrictPopupExceptionList", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Prevent managing pop-up exception list", "ExplainText": "You can allow pop-ups from specific websites by adding the sites to the exception list.\n\nIf you enable this policy setting, the user cannot add websites to or remove websites from the exception list.\n\nIf you disable or do not configure this policy setting, the user can add websites to or remove websites from the exception list.\n\nNote: You can allow a default list of sites that can open pop-up windows regardless of the Internet Explorer process's Pop-Up Blocker settings by enabling the \"Specify pop-up allow list\" policy setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions" ], "ValueName": "RestrictPopupExceptionList", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "RestrictPopupManagement", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Turn off pop-up management", "ExplainText": "This policy setting allows you to manage pop-up management functionality in Internet Explorer.\n\nIf you enable this policy setting, the Control Panel information relating to pop-up management will be unavailable (grayed out) and all other pop-up manager controls, notifications, and dialog boxes will not appear. Pop-up windows will continue to function as they did in Windows XP Service Pack 1 or earlier, although windows launched off screen will continue to be re-positioned onscreen.\n\nIf you disable or do not configure this policy setting, the popup management feature will be functional.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions" ], "ValueName": "NoPopupManagement", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "RestrictProfiles", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5_6 - Only Internet Explorer 5.0 and Internet Explorer 6.0", "DisplayName": "Disable changing Profile Assistant settings", "ExplainText": "Prevents users from changing Profile Assistant settings.\n\nIf you enable this policy, the My Profile button appears dimmed in the Personal Information area on the Content tab in the Internet Options dialog box.\n\nIf you disable this policy or do not configure it, users can change their profile information, such as their street and e-mail addresses.\n\nThe \"Disable the Content page\" policy (located in \\User Configuration\\Administrative Templates\\Windows Components\\Internet Explorer\\Internet Control Panel), which removes the Content tab from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel" ], "ValueName": "Profiles", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "RestrictProxy", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Prevent changing proxy settings", "ExplainText": "This policy setting specifies if a user can change proxy settings.\n\nIf you enable this policy setting, the user will not be able to configure proxy settings.\n\nIf you disable or do not configure this policy setting, the user can configure proxy settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel" ], "ValueName": "Proxy", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "RestrictRatings", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Disable changing ratings settings", "ExplainText": "Prevents users from changing ratings that help control the type of Internet content that can be viewed.\n\nIf you enable this policy, the settings in the Content Advisor area on the Content tab in the Internet Options dialog box appear dimmed.\n\nIf you disable this policy or do not configure it, users can change their ratings settings.\n\nThe \"Disable the Ratings page\" policy (located in \\User Configuration\\Administrative Templates\\Windows Components\\Internet Explorer\\Internet Control Panel), which removes the Ratings tab from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel" ], "ValueName": "Ratings", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "RestrictResetWebSettings", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5_6 - Only Internet Explorer 5.0 and Internet Explorer 6.0", "DisplayName": "Disable the Reset Web Settings feature", "ExplainText": "Prevents users from restoring default settings for home and search pages.\n\nIf you enable this policy, the Reset Web Settings button on the Programs tab in the Internet Options dialog box appears dimmed.\n\nIf you disable this policy or do not configure it, users can restore the default settings for home and search pages.\n\nThe \"Disable the Programs page\" policy (located in \\User Configuration\\Administrative Templates\\Windows Components\\Internet Explorer\\Internet Control Panel), which removes the Programs tab from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel" ], "ValueName": "ResetWebSettings", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "DeleteBrowsingHistory", "PolicyName": "RestrictSettings", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5_7 - Only Internet Explorer 5.0 through Internet Explorer 7.0", "DisplayName": "Prevent the deletion of temporary Internet files and cookies", "ExplainText": "This policy setting is used to manage temporary Internet files and cookies associated with your Internet browsing history, available by clicking Tools, Internet Options, and then Delete Browsing History in Internet Explorer.\n\nIf you enable this policy setting, users will not be able to delete temporary Internet files and cookies.\n\nIf you disable or do not configure this policy setting, users will be able to delete temporary Internet files and cookies.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel" ], "ValueName": "Settings", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "RestrictWebAddressSuggest", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Turn off the auto-complete feature for web addresses", "ExplainText": "This AutoComplete feature suggests possible matches when users are entering Web addresses in the browser address bar.\n\nIf you enable this policy setting, user will not be suggested matches when entering Web addresses. The user cannot change the auto-complete for web-address setting.\n\nIf you disable this policy setting, user will be suggested matches when entering Web addresses. The user cannot change the auto-complete for web-address setting.\n\nIf you do not configure this policy setting, a user will have the freedom to choose to turn the auto-complete setting for web-addresses on or off.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoComplete", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoComplete" ], "ValueName": "AutoSuggest", "Elements": [ { "Type": "EnabledValue", "Data": "no" }, { "Type": "DisabledValue", "Data": "yes" } ] }, { "File": "inetres.admx", "CategoryName": "AutoCompleteCat", "PolicyName": "RestrictWSAutoComplete", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Turn off Windows Search AutoComplete", "ExplainText": "This policy setting allows you to prevent Windows Search AutoComplete from providing results in the Internet Explorer Address bar.\n\nWindows Search AutoComplete suggests possible matches when a user is entering a web address in the browser Address bar. This feature provides more relevant results in the browser Address bar.\n\nIf you enable this policy setting, Internet Explorer does not use Windows Search AutoComplete for providing relevant results in the Address bar. The user cannot change this setting.\n\nIf you disable this policy setting, Internet Explorer uses Windows Search AutoComplete to provide relevant results in the Address bar. The user cannot change this setting.\n\nIf you do not configure this policy setting, the user can choose to turn the Use Windows Search setting on or off.\n\nNote: If you enable this policy setting, feeds do not appear in the Address bar. This does not affect subscribing to feeds and interacting with them through the Favorites Center.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\WindowsSearch", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\WindowsSearch" ], "ValueName": "EnabledScopes", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "5" } ] }, { "File": "inetres.admx", "CategoryName": "AutoCompleteCat", "PolicyName": "RestrictDomainSuggestion", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE10 - At least Internet Explorer 10.0", "DisplayName": "Turn off URL Suggestions", "ExplainText": "This policy setting turns off URL Suggestions. URL Suggestions allow users to autocomplete URLs in the address bar based on common URLs. The list of common URLs is stored locally and is updated once a month. No user data is sent over the internet by this feature.\n\nIf you enable this policy setting, URL Suggestions will be turned off. Users will not be able to turn on URL Suggestions.\n\nIf you disable this policy setting, URL Suggestions will be turned on. Users will not be able to turn off URL Suggestions.\n\nIf you do not configure this policy setting, URL Suggestions will be turned on. Users will be able to turn on or turn off URL Suggestions in the Internet Options dialog. By default, URL Suggestions are turned on.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\DomainSuggestion", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\DomainSuggestion" ], "ValueName": "Enabled", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "Search_NoFindFiles", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5_6 - Only Internet Explorer 5.0 and Internet Explorer 6.0", "DisplayName": "Search: Disable Find Files via F3 within the browser", "ExplainText": "Disables using the F3 key to search in Internet Explorer and File Explorer.\n\nIf you enable this policy, the search functionality of the F3 key is disabled. Users cannot press F3 to search the Internet (from Internet Explorer) or to search the hard disk (from File Explorer). If the user presses F3, a prompt appears that informs the user that this feature has been disabled.\n\nIf you disable this policy or do not configure it, users can press F3 to search the Internet (from Internet Explorer) or the hard disk (from File Explorer).\n\nThis policy is intended for situations in which administrators do not want users to explore the Internet or the hard disk.\n\nThis policy can be used in coordination with the \"File Menu: Disable Open menu option\" policy (located in \\User Configuration\\Administrative Templates\\Windows Components\\Internet Explorer\\Browser Menus), which prevents users from opening files by using the browser.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions" ], "ValueName": "NoFindFiles", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "Search_NoSearchCustomization", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5_6 - Only Internet Explorer 5.0 and Internet Explorer 6.0", "DisplayName": "Search: Disable Search Customization", "ExplainText": "Makes the Customize button in the Search Assistant appear dimmed.\n\nThe Search Assistant is a tool that appears in the Search bar to help users search the Internet.\n\nIf you enable this policy, users cannot change their Search Assistant settings, such as setting default search engines for specific tasks.\n\nIf you disable this policy or do not configure it, users can change their settings for the Search Assistant.\n\nThis policy is designed to help administrators maintain consistent settings for searching across an organization.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Infodelivery\\Restrictions" ], "ValueName": "NoSearchCustomization", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "Security_HKLM_only", "Class": "Machine", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Security Zones: Use only machine settings", "ExplainText": "Applies security zone information to all users of the same computer. A security zone is a group of Web sites with the same security level.\n\nIf you enable this policy, changes that the user makes to a security zone will apply to all users of that computer.\n\nIf you disable this policy or do not configure it, users of the same computer can establish their own security zone settings.\n\nThis policy is intended to ensure that security zone settings apply uniformly to the same computer and do not vary from user to user.\n\nAlso, see the \"Security zones: Do not allow users to change policies\" policy.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings" ], "ValueName": "Security_HKLM_only", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "Security_options_edit", "Class": "Machine", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Security Zones: Do not allow users to change policies", "ExplainText": "Prevents users from changing security zone settings. A security zone is a group of Web sites with the same security level.\n\nIf you enable this policy, the Custom Level button and security-level slider on the Security tab in the Internet Options dialog box are disabled.\n\nIf you disable this policy or do not configure it, users can change the settings for security zones.\n\nThis policy prevents users from changing security zone settings established by the administrator.\n\nNote: The \"Disable the Security page\" policy (located in \\User Configuration\\Administrative Templates\\Windows Components\\Internet Explorer\\Internet Control Panel), which removes the Security tab from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored.\n\nAlso, see the \"Security zones: Use only machine settings\" policy.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings" ], "ValueName": "Security_options_edit", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "Security_zones_map_edit", "Class": "Machine", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Security Zones: Do not allow users to add/delete sites", "ExplainText": "Prevents users from adding or removing sites from security zones. A security zone is a group of Web sites with the same security level.\n\nIf you enable this policy, the site management settings for security zones are disabled. (To see the site management settings for security zones, in the Internet Options dialog box, click the Security tab, and then click the Sites button.)\n\nIf you disable this policy or do not configure it, users can add Web sites to or remove sites from the Trusted Sites and Restricted Sites zones, and alter settings for the Local Intranet zone.\n\nThis policy prevents users from changing site management settings for security zones established by the administrator.\n\nNote: The \"Disable the Security page\" policy (located in \\User Configuration\\Administrative Templates\\Windows Components\\Internet Explorer\\Internet Control Panel), which removes the Security tab from the interface, takes precedence over this policy. If it is enabled, this policy is ignored.\n\nAlso, see the \"Security zones: Use only machine settings\" policy.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings" ], "ValueName": "Security_zones_map_edit", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "ShellNotifications", "Class": "Machine", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5_6 - Only Internet Explorer 5.0 and Internet Explorer 6.0", "DisplayName": "Disable software update shell notifications on program launch", "ExplainText": "Specifies that programs using the Microsoft Software Distribution Channel will not notify users when they install new components. The Software Distribution Channel is a means of updating software dynamically on users' computers by using Open Software Distribution (.osd) technologies.\n\nIf you enable this policy, users will not be notified if their programs are updated using Software Distribution Channels.\n\nIf you disable this policy or do not configure it, users will be notified before their programs are updated.\n\nThis policy is intended for administrators who want to use Software Distribution Channels to update their users' programs without user intervention.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoMSAppLogo5ChannelNotify", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "SpecificSearchProvider", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Restrict search providers to a specific list", "ExplainText": "This policy setting allows you to restrict the search providers that appear in the Search box in Internet Explorer to those defined in the list of policy keys for search providers (found under [HKCU or HKLM\\Software\\policies\\Microsoft\\Internet Explorer\\SearchScopes]). Normally, search providers can be added from third-party toolbars or in Setup, but the user can also add them from a search provider's website.\n\nIf you enable this policy setting, the user cannot configure the list of search providers on his or her computer, and any default providers installed do not appear (including providers installed from other applications). The only providers that appear are those in the list of policy keys for search providers. Note: This list can be created through a custom administrative template file. For information about creating this custom administrative template file, see the Internet Explorer documentation on search providers.\n\nIf you disable or do not configure this policy setting, the user can configure his or her list of search providers.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Infodelivery\\Restrictions", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Infodelivery\\Restrictions" ], "ValueName": "UsePolicySearchProvidersOnly", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "SQM_DisableCEIP", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7_NONVISTA - At least Internet Explorer 7.0. Not supported on Windows Vista", "DisplayName": "Prevent participation in the Customer Experience Improvement Program", "ExplainText": "This policy setting prevents the user from participating in the Customer Experience Improvement Program (CEIP).\n\nIf you enable this policy setting, the user cannot participate in the CEIP, and the Customer Feedback Options command does not appear on the Help menu.\n\nIf you disable this policy setting, the user must participate in the CEIP, and the Customer Feedback Options command does not appear on the Help menu.\n\nIf you do not configure this policy setting, the user can choose to participate in the CEIP.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\SQM", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\SQM" ], "ValueName": "DisableCustomerImprovementProgram", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "TabOpenInFgndBgnd", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Prevent configuration of new tab creation", "ExplainText": "This policy setting allows you to configure how new tabs are created by default in Internet Explorer.\n\nIf you enable this policy setting, the user cannot configure how new tabs are created by default. You must specify whether tabs should open in the foreground or in the background. The user cannot open the tabs in the background by pressing Ctrl+Shift+Select or open the tabs in the foreground by pressing Ctrl+Shift+Select.\n\nIf you disable or do not configure this policy setting, the user can configure how new tabs are created by default.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\TabbedBrowsing", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\TabbedBrowsing" ], "Elements": [ { "Type": "Enum", "ValueName": "OpenInForeground", "Items": [ { "DisplayName": "Foreground", "Data": "1" }, { "DisplayName": "Background", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "UserProxy", "Class": "Machine", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Make proxy settings per-machine (rather than per-user)", "ExplainText": "Applies proxy settings to all users of the same computer.\n\nIf you enable this policy, users cannot set user-specific proxy settings. They must use the zones created for all users of the computer.\n\nIf you disable this policy or do not configure it, users of the same computer can establish their own proxy settings.\n\nThis policy is intended to ensure that proxy settings apply uniformly to the same computer and do not vary from user to user.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings" ], "ValueName": "ProxySettingsPerUser", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_Policy_AddressStatusBar_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow websites to open windows without status bar or Address bar", "ExplainText": "This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.\n\nIf you enable this policy setting, websites can open new Internet Explorer windows that have no status bar or Address bar.\n\nIf you disable this policy setting, websites cannot open new Internet Explorer windows that have no status bar or Address bar.\n\nIf you do not configure this policy setting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "2104", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_Policy_AllowDynsrcPlayback_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow video and animation on a webpage that uses an older media player", "ExplainText": "This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed, because this involves external controls or media players.\n\nThe dynsrc attribute on the img tag specifies an older media player. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files.\n\nIf you enable this policy setting, video and animation can be played through older media players in specified zones.\n\nIf you disable this policy setting, video and animation cannot be played through older media players.\n\nIf you do not configure this policy setting, video and animation can be played through older media players in specified zones.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "120A", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_Policy_AllowScriptlets_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow scriptlets", "ExplainText": "This policy setting allows you to manage whether the user can run scriptlets.\n\nIf you enable this policy setting, the user can run scriptlets.\n\nIf you disable this policy setting, the user cannot run scriptlets.\n\nIf you do not configure this policy setting, the user can enable or disable scriptlets.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1209", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_Policy_FirstRunOptIn_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn off first-run prompt", "ExplainText": "This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer, he or she may be prompted to approve the control. This policy setting determines whether the user is prompted.\n\nIf you enable this policy setting, the first-run prompt is turned off in the corresponding zone.\n\nIf you disable this policy setting, the first-run prompt is turned on in the corresponding zone.\n\nIf you do not configure this policy setting, the first-run prompt is turned off by default.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1208", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_Policy_LocalPathForUpload_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Include local path when user is uploading files to a server", "ExplainText": "This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent, some information may be unintentionally revealed to the server. For instance, files sent from the user's desktop may contain the user name as a part of the path.\n\nIf you enable this policy setting, path information is sent when the user is uploading a file via an HTML form.\n\nIf you disable this policy setting, path information is removed when the user is uploading a file via an HTML form.\n\nIf you do not configure this policy setting, the user can choose whether path information is sent when he or she is uploading a file via an HTML form. By default, path information is sent.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "160A", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_Policy_Phishing_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn on SmartScreen Filter scan", "ExplainText": "This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.\n\nIf you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.\n\nIf you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.\n\nIf you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.\n\nNote: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "2301", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_Policy_ScriptPrompt_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow websites to prompt for information by using scripted windows", "ExplainText": "This policy setting determines whether scripted windows are automatically displayed.\n\nIf you enable this policy setting, scripted windows are displayed.\n\nIf you disable this policy setting, the user must choose to display any scripted windows by using the Notification bar.\n\nIf you do not configure this policy setting, the user can enable or disable the Notification bar behavior.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "2105", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_Policy_ScriptStatusBar_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow updates to status bar via script", "ExplainText": "This policy setting allows you to manage whether script is allowed to update the status bar within the zone.\n\nIf you enable this policy setting, script is allowed to update the status bar.\n\nIf you disable or do not configure this policy setting, script is not allowed to update the status bar.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "2103", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_Policy_TurnOnProtectedMode_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7VISTA - At least Internet Explorer 7.0 in Windows Vista", "DisplayName": "Turn on Protected Mode", "ExplainText": "This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.\n\nIf you enable this policy setting, Protected Mode is turned on. The user cannot turn off Protected Mode.\n\nIf you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode.\n\nIf you do not configure this policy setting, the user can turn on or turn off Protected Mode.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "2500", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_Policy_UnsafeFiles_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Show security warning for potentially unsafe files", "ExplainText": "This policy setting controls whether or not the \"Open File - Security Warning\" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer, for example).\n\nIf you enable this policy setting and set the drop-down box to Enable, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open.\n\nIf you disable this policy setting, these files do not open.\n\nIf you do not configure this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zones.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1806", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_Policy_WebBrowserApps_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow loading of XAML Browser Applications", "ExplainText": "This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOnce-deployed applications built via WinFX. These applications run in a security sandbox and take advantage of the Windows Presentation Foundation platform for the web.\n\nIf you enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs.\n\nIf you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this behavior.\n\nIf you do not configure this policy setting, the user can decide whether to load XBAPs inside Internet Explorer.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "2400", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_Policy_WebBrowserControl_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow scripting of Internet Explorer WebBrowser controls", "ExplainText": "This policy setting determines whether a page can control embedded WebBrowser controls via script.\n\nIf you enable this policy setting, script access to the WebBrowser control is allowed.\n\nIf you disable this policy setting, script access to the WebBrowser control is not allowed.\n\nIf you do not configure this policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control is allowed only in the Local Machine and Intranet zones.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1206", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_Policy_WinFXRuntimeComponent_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn off .NET Framework Setup", "ExplainText": "This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.\n\nIf you enable this policy setting, .NET Framework Setup is turned off. The user cannot change this behavior.\n\nIf you disable this policy setting, .NET Framework Setup is turned on. The user cannot change this behavior.\n\nIf you do not configure this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "2600", "Items": [ { "DisplayName": "Enable", "Data": "3" }, { "DisplayName": "Disable", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_Policy_XAML_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow loading of XAML files", "ExplainText": "This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.\n\nIf you enable this policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files.\n\nIf you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this behavior.\n\nIf you do not configure this policy setting, the user can decide whether to load XAML files inside Internet Explorer.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "2402", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_Policy_XPS_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow loading of XPS files", "ExplainText": "This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms, devices, and applications.\n\nIf you enable this policy setting and set the drop-down box to Enable, XPS files are automatically loaded inside Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS files.\n\nIf you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot change this behavior.\n\nIf you do not configure this policy setting, the user can decide whether to load XPS files inside Internet Explorer.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "2401", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_PolicyAccessDataSourcesAcrossDomains_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Access data sources across domains", "ExplainText": "This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).\n\nIf you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.\n\nIf you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.\n\nIf you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1406", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_PolicyActiveScripting_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow active scripting", "ExplainText": "This policy setting allows you to manage whether script code on pages in the zone is run.\n\nIf you enable this policy setting, script code on pages in the zone can run automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow script code on pages in the zone to run.\n\nIf you disable this policy setting, script code on pages in the zone is prevented from running.\n\nIf you do not configure this policy setting, script code on pages in the zone can run automatically.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1400", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_LocalMachine", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Allow only approved domains to use ActiveX controls without prompt", "ExplainText": "This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.\n\nIf you enable this policy setting, the user is prompted before ActiveX controls can run from websites in this zone. The user can choose to allow the control to run from the current site or from all sites.\n\nIf you disable this policy setting, the user does not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "120b", "Items": [ { "DisplayName": "Enable", "Data": "3" }, { "DisplayName": "Disable", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Intranet", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Allow only approved domains to use ActiveX controls without prompt", "ExplainText": "This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.\n\nIf you enable this policy setting, the user is prompted before ActiveX controls can run from websites in this zone. The user can choose to allow the control to run from the current site or from all sites.\n\nIf you disable this policy setting, the user does not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "120b", "Items": [ { "DisplayName": "Enable", "Data": "3" }, { "DisplayName": "Disable", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Trusted", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Allow only approved domains to use ActiveX controls without prompt", "ExplainText": "This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.\n\nIf you enable this policy setting, the user is prompted before ActiveX controls can run from websites in this zone. The user can choose to allow the control to run from the current site or from all sites.\n\nIf you disable this policy setting, the user does not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "120b", "Items": [ { "DisplayName": "Enable", "Data": "3" }, { "DisplayName": "Disable", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Internet", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Allow only approved domains to use ActiveX controls without prompt", "ExplainText": "This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.\n\nIf you enable this policy setting, the user is prompted before ActiveX controls can run from websites in this zone. The user can choose to allow the control to run from the current site or from all sites.\n\nIf you disable this policy setting, the user does not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "120b", "Items": [ { "DisplayName": "Enable", "Data": "3" }, { "DisplayName": "Disable", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Restricted", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Allow only approved domains to use ActiveX controls without prompt", "ExplainText": "This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.\n\nIf you enable this policy setting, the user is prompted before ActiveX controls can run from websites in this zone. The user can choose to allow the control to run from the current site or from all sites.\n\nIf you disable this policy setting, the user does not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "120b", "Items": [ { "DisplayName": "Enable", "Data": "3" }, { "DisplayName": "Disable", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_LocalMachineLockdown", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Allow only approved domains to use ActiveX controls without prompt", "ExplainText": "This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.\n\nIf you enable this policy setting, the user is prompted before ActiveX controls can run from websites in this zone. The user can choose to allow the control to run from the current site or from all sites.\n\nIf you disable this policy setting, the user does not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "120b", "Items": [ { "DisplayName": "Enable", "Data": "3" }, { "DisplayName": "Disable", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_IntranetLockdown", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Allow only approved domains to use ActiveX controls without prompt", "ExplainText": "This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.\n\nIf you enable this policy setting, the user is prompted before ActiveX controls can run from websites in this zone. The user can choose to allow the control to run from the current site or from all sites.\n\nIf you disable this policy setting, the user does not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "120b", "Items": [ { "DisplayName": "Enable", "Data": "3" }, { "DisplayName": "Disable", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_TrustedLockdown", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Allow only approved domains to use ActiveX controls without prompt", "ExplainText": "This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.\n\nIf you enable this policy setting, the user is prompted before ActiveX controls can run from websites in this zone. The user can choose to allow the control to run from the current site or from all sites.\n\nIf you disable this policy setting, the user does not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "120b", "Items": [ { "DisplayName": "Enable", "Data": "3" }, { "DisplayName": "Disable", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_InternetLockdown", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Allow only approved domains to use ActiveX controls without prompt", "ExplainText": "This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.\n\nIf you enable this policy setting, the user is prompted before ActiveX controls can run from websites in this zone. The user can choose to allow the control to run from the current site or from all sites.\n\nIf you disable this policy setting, the user does not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "120b", "Items": [ { "DisplayName": "Enable", "Data": "3" }, { "DisplayName": "Disable", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_RestrictedLockdown", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Allow only approved domains to use ActiveX controls without prompt", "ExplainText": "This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.\n\nIf you enable this policy setting, the user is prompted before ActiveX controls can run from websites in this zone. The user can choose to allow the control to run from the current site or from all sites.\n\nIf you disable this policy setting, the user does not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "120b", "Items": [ { "DisplayName": "Enable", "Data": "3" }, { "DisplayName": "Disable", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_PolicyAllowTDCControl_Both_LocalMachine", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11WIN10_1607 - At least Internet Explorer 11.0 on Windows 10, vertion 1607 or later", "DisplayName": "Allow only approved domains to use the TDC ActiveX control", "ExplainText": "This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites.\n\nIf you enable this policy setting, the TDC ActiveX control will not run from websites in this zone.\n\nIf you disable this policy setting, the TDC Active X control will run from all sites in this zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "120c", "Items": [ { "DisplayName": "Enable", "Data": "3" }, { "DisplayName": "Disable", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_PolicyAllowTDCControl_Both_Intranet", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11WIN10_1607 - At least Internet Explorer 11.0 on Windows 10, vertion 1607 or later", "DisplayName": "Allow only approved domains to use the TDC ActiveX control", "ExplainText": "This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites.\n\nIf you enable this policy setting, the TDC ActiveX control will not run from websites in this zone.\n\nIf you disable this policy setting, the TDC Active X control will run from all sites in this zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "120c", "Items": [ { "DisplayName": "Enable", "Data": "3" }, { "DisplayName": "Disable", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_PolicyAllowTDCControl_Both_Trusted", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11WIN10_1607 - At least Internet Explorer 11.0 on Windows 10, vertion 1607 or later", "DisplayName": "Allow only approved domains to use the TDC ActiveX control", "ExplainText": "This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites.\n\nIf you enable this policy setting, the TDC ActiveX control will not run from websites in this zone.\n\nIf you disable this policy setting, the TDC Active X control will run from all sites in this zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "120c", "Items": [ { "DisplayName": "Enable", "Data": "3" }, { "DisplayName": "Disable", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_PolicyAllowTDCControl_Both_Internet", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11WIN10_1607 - At least Internet Explorer 11.0 on Windows 10, vertion 1607 or later", "DisplayName": "Allow only approved domains to use the TDC ActiveX control", "ExplainText": "This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites.\n\nIf you enable this policy setting, the TDC ActiveX control will not run from websites in this zone.\n\nIf you disable this policy setting, the TDC Active X control will run from all sites in this zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "120c", "Items": [ { "DisplayName": "Enable", "Data": "3" }, { "DisplayName": "Disable", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_PolicyAllowTDCControl_Both_Restricted", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11WIN10_1607 - At least Internet Explorer 11.0 on Windows 10, vertion 1607 or later", "DisplayName": "Allow only approved domains to use the TDC ActiveX control", "ExplainText": "This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites.\n\nIf you enable this policy setting, the TDC ActiveX control will not run from websites in this zone.\n\nIf you disable this policy setting, the TDC Active X control will run from all sites in this zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "120c", "Items": [ { "DisplayName": "Enable", "Data": "3" }, { "DisplayName": "Disable", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_PolicyAllowTDCControl_Both_LocalMachineLockdown", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11WIN10_1607 - At least Internet Explorer 11.0 on Windows 10, vertion 1607 or later", "DisplayName": "Allow only approved domains to use the TDC ActiveX control", "ExplainText": "This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites.\n\nIf you enable this policy setting, the TDC ActiveX control will not run from websites in this zone.\n\nIf you disable this policy setting, the TDC Active X control will run from all sites in this zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "120c", "Items": [ { "DisplayName": "Enable", "Data": "3" }, { "DisplayName": "Disable", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_PolicyAllowTDCControl_Both_IntranetLockdown", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11WIN10_1607 - At least Internet Explorer 11.0 on Windows 10, vertion 1607 or later", "DisplayName": "Allow only approved domains to use the TDC ActiveX control", "ExplainText": "This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites.\n\nIf you enable this policy setting, the TDC ActiveX control will not run from websites in this zone.\n\nIf you disable this policy setting, the TDC Active X control will run from all sites in this zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "120c", "Items": [ { "DisplayName": "Enable", "Data": "3" }, { "DisplayName": "Disable", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_PolicyAllowTDCControl_Both_TrustedLockdown", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11WIN10_1607 - At least Internet Explorer 11.0 on Windows 10, vertion 1607 or later", "DisplayName": "Allow only approved domains to use the TDC ActiveX control", "ExplainText": "This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites.\n\nIf you enable this policy setting, the TDC ActiveX control will not run from websites in this zone.\n\nIf you disable this policy setting, the TDC Active X control will run from all sites in this zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "120c", "Items": [ { "DisplayName": "Enable", "Data": "3" }, { "DisplayName": "Disable", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_PolicyAllowTDCControl_Both_InternetLockdown", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11WIN10_1607 - At least Internet Explorer 11.0 on Windows 10, vertion 1607 or later", "DisplayName": "Allow only approved domains to use the TDC ActiveX control", "ExplainText": "This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites.\n\nIf you enable this policy setting, the TDC ActiveX control will not run from websites in this zone.\n\nIf you disable this policy setting, the TDC Active X control will run from all sites in this zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "120c", "Items": [ { "DisplayName": "Enable", "Data": "3" }, { "DisplayName": "Disable", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_PolicyAllowTDCControl_Both_RestrictedLockdown", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11WIN10_1607 - At least Internet Explorer 11.0 on Windows 10, vertion 1607 or later", "DisplayName": "Allow only approved domains to use the TDC ActiveX control", "ExplainText": "This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites.\n\nIf you enable this policy setting, the TDC ActiveX control will not run from websites in this zone.\n\nIf you disable this policy setting, the TDC Active X control will run from all sites in this zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "120c", "Items": [ { "DisplayName": "Enable", "Data": "3" }, { "DisplayName": "Disable", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_PolicyAllowMETAREFRESH_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow META REFRESH", "ExplainText": "This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.\n\nIf you enable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page.\n\nIf you disable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page.\n\nIf you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1608", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_PolicyAllowPasteViaScript_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow cut, copy or paste operations from the clipboard via script", "ExplainText": "This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region.\n\nIf you enable this policy setting, a script can perform a clipboard operation.\n\nIf you select Prompt in the drop-down box, users are queried as to whether to perform clipboard operations.\n\nIf you disable this policy setting, a script cannot perform a clipboard operation.\n\nIf you do not configure this policy setting, a script can perform a clipboard operation.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1407", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_PolicyBinaryBehaviors_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow binary and script behaviors", "ExplainText": "This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.\n\nIf you enable this policy setting, binary and script behaviors are available. If you select Administrator approved in the drop-down box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.\n\nIf you disable this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager.\n\nIf you do not configure this policy setting, binary and script behaviors are available.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "2000", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Administrator approved", "Data": "65536" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_PolicyBlockPopupWindows_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Use Pop-up Blocker", "ExplainText": "This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.\n\nIf you enable this policy setting, most unwanted pop-up windows are prevented from appearing.\n\nIf you disable this policy setting, pop-up windows are not prevented from appearing.\n\nIf you do not configure this policy setting, most unwanted pop-up windows are prevented from appearing.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1809", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_PolicyDisplayMixedContent_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Display mixed content", "ExplainText": "This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.\n\nIf you enable this policy setting, and the drop-down box is set to Enable, the user does not receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure items?) and nonsecure content can be displayed.\n\nIf the drop-down box is set to Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content.\n\nIf you disable this policy setting, users cannot receive the security information message and nonsecure content cannot be displayed.\n\nIf you do not configure this policy setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1609", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_PolicyDownloadSignedActiveX_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Download signed ActiveX controls", "ExplainText": "This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.\n\nIf you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.\n\nIf you disable the policy setting, signed controls cannot be downloaded.\n\nIf you do not configure this policy setting, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1001", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_PolicyDownloadUnsignedActiveX_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Download unsigned ActiveX controls", "ExplainText": "This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.\n\nIf you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run.\n\nIf you disable this policy setting, users cannot run unsigned controls.\n\nIf you do not configure this policy setting, users cannot run unsigned controls.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1004", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_PolicyDropOrPasteFiles_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow drag and drop or copy and paste files", "ExplainText": "This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.\n\nIf you enable this policy setting, users can drag files or copy and paste files from this zone automatically. If you select Prompt in the drop-down box, users are queried to choose whether to drag or copy files from this zone.\n\nIf you disable this policy setting, users are prevented from dragging files or copying and pasting files from this zone.\n\nIf you do not configure this policy setting, users can drag files or copy and paste files from this zone automatically.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1802", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_PolicyRenderLegacyFilters_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE10 - At least Internet Explorer 10.0", "DisplayName": "Render legacy filters", "ExplainText": "This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.\n\nIf you enable this policy setting, you can control whether or not Internet Explorer renders legacy filters by selecting Enable, or Disable, under Options in Group Policy Editor.\n\nIf you disable, or do not configure this policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Internet Options dialog box. Filters are not rendered by default in this zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "270B", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_PolicyFileDownload_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow file downloads", "ExplainText": "This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download, not the zone from which the file is delivered.\n\nIf you enable this policy setting, files can be downloaded from the zone.\n\nIf you disable this policy setting, files are prevented from being downloaded from the zone.\n\nIf you do not configure this policy setting, files can be downloaded from the zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1803", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_PolicyFontDownload_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow font downloads", "ExplainText": "This policy setting allows you to manage whether pages of the zone may download HTML fonts.\n\nIf you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.\n\nIf you disable this policy setting, HTML fonts are prevented from downloading.\n\nIf you do not configure this policy setting, HTML fonts can be downloaded automatically.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1604", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_PolicyInstallDesktopItems_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2_IE8 - Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive", "DisplayName": "Allow installation of desktop items", "ExplainText": "This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting, users can install desktop items from this zone automatically.\n\nIf you select Prompt in the drop-down box, users are queried to choose whether to install desktop items from this zone.\n\nIf you disable this policy setting, users are prevented from installing desktop items from this zone.\n\nIf you do not configure this policy setting, users are queried to choose whether to install desktop items from this zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1800", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_PolicyJavaPermissions_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Java permissions", "ExplainText": "This policy setting allows you to manage permissions for Java applets.\n\nIf you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.\n\nLow Safety enables applets to perform all operations.\n\nMedium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.\n\nHigh Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.\n\nIf you disable this policy setting, Java applets cannot run.\n\nIf you do not configure this policy setting, the permission is set to High Safety.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1C00", "Items": [ { "DisplayName": "High safety", "Data": "65536" }, { "DisplayName": "Medium safety", "Data": "131072" }, { "DisplayName": "Low safety", "Data": "196608" }, { "DisplayName": "Custom", "Data": "8388608" }, { "DisplayName": "Disable Java", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_PolicyLaunchAppsAndFilesInIFRAME_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Launching applications and files in an IFRAME", "ExplainText": "This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.\n\nIf you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.\n\nIf you disable this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.\n\nIf you do not configure this policy setting, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1804", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_PolicyLogon_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Logon options", "ExplainText": "This policy setting allows you to manage settings for logon options.\n\nIf you enable this policy setting, you can choose from the following logon options.\n\nAnonymous logon to disable HTTP authentication and use the guest account only for the Common Internet File System (CIFS) protocol.\n\nPrompt for user name and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder of the session.\n\nAutomatic logon only in Intranet zone to query users for user IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session.\n\nAutomatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supported by the server, the user is queried to provide the user name and password.\n\nIf you disable this policy setting, logon is set to Automatic logon only in Intranet zone.\n\nIf you do not configure this policy setting, logon is set to Automatic logon only in Intranet zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1A00", "Items": [ { "DisplayName": "Anonymous logon", "Data": "196608" }, { "DisplayName": "Automatic logon only in Intranet zone", "Data": "131072" }, { "DisplayName": "Automatic logon with current username and password", "Data": "0" }, { "DisplayName": "Prompt for user name and password", "Data": "65536" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_PolicyMimeSniffingURLaction_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Enable MIME Sniffing", "ExplainText": "This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.\n\nIf you enable this policy setting, the MIME Sniffing Safety Feature will not apply in this zone. The security zone will run without the added layer of security provided by this feature.\n\nIf you disable this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process.\n\nIf you do not configure this policy setting, the MIME Sniffing Safety Feature will not apply in this zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "2100", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Internet", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Enable dragging of content from different domains within a window", "ExplainText": "This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.\n\nIf you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting.\n\nIf you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog.\n\nIn Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialog.\n\nIn Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "2708", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Internet", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Enable dragging of content from different domains across windows", "ExplainText": "This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.\n\nIf you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting.\n\nIf you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain when both the source and destination are in different windows. Users cannot change this setting.\n\nIn Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are in different windows. Users can change this setting in the Internet Options dialog.\n\nIn Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "2709", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_PolicyNavigateSubframesAcrossDomains_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Navigate windows and frames across different domains", "ExplainText": "This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.\n\nIf you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.\n\nIf you disable this policy setting, users cannot open windows and frames to access applications from different domains.\n\nIf you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1607", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_PolicyNetworkProtocolLockdown_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow active content over restricted protocols to access my computer", "ExplainText": "This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script, ActiveX, Java and Binary Behaviors. The list of restricted protocols may be set in the Intranet Zone Restricted Protocols section under Network Protocol Lockdown policy.\n\nIf you enable this policy setting, no Intranet Zone content accessed is affected, even for protocols on the restricted list. If you select Prompt from the drop-down box, the Notification bar will appear to allow control over questionable content accessed over any restricted protocols; content over other protocols is unaffected.\n\nIf you disable this policy setting, all attempts to access such content over the restricted protocols is blocked.\n\nIf you do not configure this policy setting, the Notification bar will appear to allow control over questionable content accessed over any restricted protocols when the Network Protocol Lockdown security feature is enabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "2300", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_PolicyNoPromptForOneOrNoClientCertificate_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Do not prompt for client certificate selection when no certificates or only one certificate exists.", "ExplainText": "This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.\n\nIf you enable this policy setting, Internet Explorer does not prompt users with a \"Client Authentication\" message when they connect to a Web site that has no certificate or only one certificate.\n\nIf you disable this policy setting, Internet Explorer prompts users with a \"Client Authentication\" message when they connect to a Web site that has no certificate or only one certificate.\n\nIf you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1A04", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_PolicyNotificationBarActiveXURLaction_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Automatic prompting for ActiveX controls", "ExplainText": "This policy setting manages whether users will be automatically prompted for ActiveX control installations.\n\nIf you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.\n\nIf you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.\n\nIf you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "2201", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_PolicyNotificationBarDownloadURLaction_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Automatic prompting for file downloads", "ExplainText": "This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.\n\nIf you enable this setting, users will receive a file download dialog for automatic download attempts.\n\nIf you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "2200", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_PolicyRunActiveXControls_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Run ActiveX controls and plugins", "ExplainText": "This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.\n\nIf you enable this policy setting, controls and plug-ins can run without user intervention.\n\nIf you selected Prompt in the drop-down box, users are asked to choose whether to allow the controls or plug-in to run.\n\nIf you disable this policy setting, controls and plug-ins are prevented from running.\n\nIf you do not configure this policy setting, controls and plug-ins can run without user intervention.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1200", "Items": [ { "DisplayName": "Administrator approved", "Data": "65536" }, { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_PolicyScriptActiveXMarkedSafe_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Script ActiveX controls marked safe for scripting", "ExplainText": "This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.\n\nIf you enable this policy setting, script interaction can occur automatically without user intervention.\n\nIf you select Prompt in the drop-down box, users are queried to choose whether to allow script interaction.\n\nIf you disable this policy setting, script interaction is prevented from occurring.\n\nIf you do not configure this policy setting, script interaction can occur automatically without user intervention.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1405", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_PolicyAntiMalwareCheckingOfActiveXControls_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11 - At least Internet Explorer 11.0", "DisplayName": "Don't run antimalware programs against ActiveX controls", "ExplainText": "This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.\n\nIf you enable this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.\n\nIf you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.\n\nIf you don't configure this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "270C", "Items": [ { "DisplayName": "Enable", "Data": "3" }, { "DisplayName": "Disable", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_PolicyScriptActiveXNotMarkedSafe_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Initialize and script ActiveX controls not marked as safe", "ExplainText": "This policy setting allows you to manage ActiveX controls not marked as safe.\n\nIf you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.\n\nIf you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.\n\nIf you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.\n\nIf you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1201", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_PolicyScriptingOfJavaApplets_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Scripting of Java applets", "ExplainText": "This policy setting allows you to manage whether applets are exposed to scripts within the zone.\n\nIf you enable this policy setting, scripts can access applets automatically without user intervention.\n\nIf you select Prompt in the drop-down box, users are queried to choose whether to allow scripts to access applets.\n\nIf you disable this policy setting, scripts are prevented from accessing applets.\n\nIf you do not configure this policy setting, scripts can access applets automatically without user intervention.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1402", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_PolicySignedFrameworkComponentsURLaction_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Run .NET Framework-reliant components signed with Authenticode", "ExplainText": "This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.\n\nIf you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components.\n\nIf you disable this policy setting, Internet Explorer will not execute signed managed components.\n\nIf you do not configure this policy setting, Internet Explorer will execute signed managed components.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "2001", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_PolicySoftwareChannelPermissions_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2_IE7 - Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive", "DisplayName": "Software channel permissions", "ExplainText": "This policy setting allows you to manage software channel permissions.\n\nIf you enable this policy setting, you can choose the following options from the drop-down box.\n\nLow safety to allow users to be notified of software updates by e-mail, software packages to be automatically downloaded to users' computers, and software packages to be automatically installed on users' computers.\n\nMedium safety to allow users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' computers.\n\nHigh safety to prevent users from being notified of software updates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatically installed on users' computers.\n\nIf you disable this policy setting, permissions are set to high safety.\n\nIf you do not configure this policy setting, permissions are set to Medium safety.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1E05", "Items": [ { "DisplayName": "High safety", "Data": "65536" }, { "DisplayName": "Medium safety", "Data": "131072" }, { "DisplayName": "Low safety", "Data": "196608" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_PolicySubmitNonencryptedFormData_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Submit non-encrypted form data", "ExplainText": "This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.\n\nIf you enable this policy setting, information using HTML forms on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted.\n\nIf you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted.\n\nIf you do not configure this policy setting, users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1601", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_PolicyTurnOnXSSFilter_Both_LocalMachine", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Turn on Cross-Site Scripting Filter", "ExplainText": "This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.\n\nIf you enable this policy setting, the XSS Filter is turned on for sites in this zone, and the XSS Filter attempts to block cross-site script injections.\n\nIf you disable this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1409", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_PolicyTurnOnXSSFilter_Both_Intranet", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Turn on Cross-Site Scripting Filter", "ExplainText": "This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.\n\nIf you enable this policy setting, the XSS Filter is turned on for sites in this zone, and the XSS Filter attempts to block cross-site script injections.\n\nIf you disable this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1409", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_PolicyTurnOnXSSFilter_Both_Trusted", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Turn on Cross-Site Scripting Filter", "ExplainText": "This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.\n\nIf you enable this policy setting, the XSS Filter is turned on for sites in this zone, and the XSS Filter attempts to block cross-site script injections.\n\nIf you disable this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1409", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_PolicyTurnOnXSSFilter_Both_Internet", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Turn on Cross-Site Scripting Filter", "ExplainText": "This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.\n\nIf you enable this policy setting, the XSS Filter is turned on for sites in this zone, and the XSS Filter attempts to block cross-site script injections.\n\nIf you disable this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1409", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_PolicyTurnOnXSSFilter_Both_Restricted", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Turn on Cross-Site Scripting Filter", "ExplainText": "This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.\n\nIf you enable this policy setting, the XSS Filter is turned on for sites in this zone, and the XSS Filter attempts to block cross-site script injections.\n\nIf you disable this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1409", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_PolicyTurnOnXSSFilter_Both_LocalMachineLockdown", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Turn on Cross-Site Scripting Filter", "ExplainText": "This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.\n\nIf you enable this policy setting, the XSS Filter is turned on for sites in this zone, and the XSS Filter attempts to block cross-site script injections.\n\nIf you disable this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1409", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_PolicyTurnOnXSSFilter_Both_IntranetLockdown", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Turn on Cross-Site Scripting Filter", "ExplainText": "This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.\n\nIf you enable this policy setting, the XSS Filter is turned on for sites in this zone, and the XSS Filter attempts to block cross-site script injections.\n\nIf you disable this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1409", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_PolicyTurnOnXSSFilter_Both_TrustedLockdown", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Turn on Cross-Site Scripting Filter", "ExplainText": "This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.\n\nIf you enable this policy setting, the XSS Filter is turned on for sites in this zone, and the XSS Filter attempts to block cross-site script injections.\n\nIf you disable this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1409", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_PolicyTurnOnXSSFilter_Both_InternetLockdown", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Turn on Cross-Site Scripting Filter", "ExplainText": "This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.\n\nIf you enable this policy setting, the XSS Filter is turned on for sites in this zone, and the XSS Filter attempts to block cross-site script injections.\n\nIf you disable this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1409", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_PolicyTurnOnXSSFilter_Both_RestrictedLockdown", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Turn on Cross-Site Scripting Filter", "ExplainText": "This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.\n\nIf you enable this policy setting, the XSS Filter is turned on for sites in this zone, and the XSS Filter attempts to block cross-site script injections.\n\nIf you disable this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1409", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_PolicyUnsignedFrameworkComponentsURLaction_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Run .NET Framework-reliant components not signed with Authenticode", "ExplainText": "This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.\n\nIf you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.\n\nIf you disable this policy setting, Internet Explorer will not execute unsigned managed components.\n\nIf you do not configure this policy setting, Internet Explorer will execute unsigned managed components.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "2004", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_PolicyUserdataPersistence_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Userdata persistence", "ExplainText": "This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.\n\nIf you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.\n\nIf you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.\n\nIf you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1606", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_PolicyWindowsRestrictionsURLaction_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow script-initiated windows without size or position constraints", "ExplainText": "This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.\n\nIf you enable this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature.\n\nIf you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.\n\nIf you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "2102", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_PolicyZoneElevationURLaction_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Web sites in less privileged Web content zones can navigate into this zone", "ExplainText": "This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone.\n\nIf you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.\n\nIf you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.\n\nIf you do not configure this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "2101", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_PolicyAllowVBScript_1", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11 - At least Internet Explorer 11.0", "DisplayName": "Allow VBScript to run in Internet Explorer", "ExplainText": "This policy setting allows you to manage whether VBScript can be run on pages from the specified zone in Internet Explorer.\n\nIf you selected Enable in the drop-down box, VBScript can run without user intervention.\n\nIf you selected Prompt in the drop-down box, users are asked to choose whether to allow VBScript to run.\n\nIf you selected Disable in the drop-down box, VBScript is prevented from running.\n\nIf you do not configure or disable this policy setting, VBScript is prevented from running.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "140C", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_Policy_AddressStatusBar_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow websites to open windows without status bar or Address bar", "ExplainText": "This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.\n\nIf you enable this policy setting, websites can open new Internet Explorer windows that have no status bar or Address bar.\n\nIf you disable this policy setting, websites cannot open new Internet Explorer windows that have no status bar or Address bar.\n\nIf you do not configure this policy setting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "2104", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_Policy_AllowDynsrcPlayback_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow video and animation on a webpage that uses an older media player", "ExplainText": "This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed, because this involves external controls or media players.\n\nThe dynsrc attribute on the img tag specifies an older media player. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files.\n\nIf you enable this policy setting, video and animation can be played through older media players in specified zones.\n\nIf you disable this policy setting, video and animation cannot be played through older media players.\n\nIf you do not configure this policy setting, video and animation can be played through older media players in specified zones.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "120A", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_Policy_AllowScriptlets_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow scriptlets", "ExplainText": "This policy setting allows you to manage whether the user can run scriptlets.\n\nIf you enable this policy setting, the user can run scriptlets.\n\nIf you disable this policy setting, the user cannot run scriptlets.\n\nIf you do not configure this policy setting, the user can enable or disable scriptlets.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1209", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_Policy_FirstRunOptIn_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn off first-run prompt", "ExplainText": "This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer, he or she may be prompted to approve the control. This policy setting determines whether the user is prompted.\n\nIf you enable this policy setting, the first-run prompt is turned off in the corresponding zone.\n\nIf you disable this policy setting, the first-run prompt is turned on in the corresponding zone.\n\nIf you do not configure this policy setting, the first-run prompt is turned off by default.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1208", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_Policy_LocalPathForUpload_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Include local path when user is uploading files to a server", "ExplainText": "This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent, some information may be unintentionally revealed to the server. For instance, files sent from the user's desktop may contain the user name as a part of the path.\n\nIf you enable this policy setting, path information is sent when the user is uploading a file via an HTML form.\n\nIf you disable this policy setting, path information is removed when the user is uploading a file via an HTML form.\n\nIf you do not configure this policy setting, the user can choose whether path information is sent when he or she is uploading a file via an HTML form. By default, path information is sent.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "160A", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_Policy_Phishing_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn on SmartScreen Filter scan", "ExplainText": "This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.\n\nIf you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.\n\nIf you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.\n\nIf you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.\n\nNote: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "2301", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_Policy_ScriptPrompt_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow websites to prompt for information by using scripted windows", "ExplainText": "This policy setting determines whether scripted windows are automatically displayed.\n\nIf you enable this policy setting, scripted windows are displayed.\n\nIf you disable this policy setting, the user must choose to display any scripted windows by using the Notification bar.\n\nIf you do not configure this policy setting, the user can enable or disable the Notification bar behavior.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "2105", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_Policy_ScriptStatusBar_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow updates to status bar via script", "ExplainText": "This policy setting allows you to manage whether script is allowed to update the status bar within the zone.\n\nIf you enable this policy setting, script is allowed to update the status bar.\n\nIf you disable or do not configure this policy setting, script is not allowed to update the status bar.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "2103", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_Policy_TurnOnProtectedMode_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7VISTA - At least Internet Explorer 7.0 in Windows Vista", "DisplayName": "Turn on Protected Mode", "ExplainText": "This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.\n\nIf you enable this policy setting, Protected Mode is turned on. The user cannot turn off Protected Mode.\n\nIf you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode.\n\nIf you do not configure this policy setting, the user can turn on or turn off Protected Mode.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "2500", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_Policy_UnsafeFiles_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Show security warning for potentially unsafe files", "ExplainText": "This policy setting controls whether or not the \"Open File - Security Warning\" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer, for example).\n\nIf you enable this policy setting and set the drop-down box to Enable, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open.\n\nIf you disable this policy setting, these files do not open.\n\nIf you do not configure this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zones.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1806", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_Policy_WebBrowserApps_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow loading of XAML Browser Applications", "ExplainText": "This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOnce-deployed applications built via WinFX. These applications run in a security sandbox and take advantage of the Windows Presentation Foundation platform for the web.\n\nIf you enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs.\n\nIf you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this behavior.\n\nIf you do not configure this policy setting, the user can decide whether to load XBAPs inside Internet Explorer.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "2400", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_Policy_WebBrowserControl_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow scripting of Internet Explorer WebBrowser controls", "ExplainText": "This policy setting determines whether a page can control embedded WebBrowser controls via script.\n\nIf you enable this policy setting, script access to the WebBrowser control is allowed.\n\nIf you disable this policy setting, script access to the WebBrowser control is not allowed.\n\nIf you do not configure this policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control is allowed only in the Local Machine and Intranet zones.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1206", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_Policy_WinFXRuntimeComponent_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn off .NET Framework Setup", "ExplainText": "This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.\n\nIf you enable this policy setting, .NET Framework Setup is turned off. The user cannot change this behavior.\n\nIf you disable this policy setting, .NET Framework Setup is turned on. The user cannot change this behavior.\n\nIf you do not configure this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "2600", "Items": [ { "DisplayName": "Enable", "Data": "3" }, { "DisplayName": "Disable", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_Policy_XAML_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow loading of XAML files", "ExplainText": "This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.\n\nIf you enable this policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files.\n\nIf you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this behavior.\n\nIf you do not configure this policy setting, the user can decide whether to load XAML files inside Internet Explorer.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "2402", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_Policy_XPS_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow loading of XPS files", "ExplainText": "This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms, devices, and applications.\n\nIf you enable this policy setting and set the drop-down box to Enable, XPS files are automatically loaded inside Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS files.\n\nIf you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot change this behavior.\n\nIf you do not configure this policy setting, the user can decide whether to load XPS files inside Internet Explorer.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "2401", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_PolicyAccessDataSourcesAcrossDomains_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Access data sources across domains", "ExplainText": "This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).\n\nIf you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.\n\nIf you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.\n\nIf you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1406", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_PolicyActiveScripting_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow active scripting", "ExplainText": "This policy setting allows you to manage whether script code on pages in the zone is run.\n\nIf you enable this policy setting, script code on pages in the zone can run automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow script code on pages in the zone to run.\n\nIf you disable this policy setting, script code on pages in the zone is prevented from running.\n\nIf you do not configure this policy setting, users are queried to choose whether to allow script code on pages in the Local Machine zone to run.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1400", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_PolicyAllowMETAREFRESH_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow META REFRESH", "ExplainText": "This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.\n\nIf you enable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page.\n\nIf you disable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page.\n\nIf you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1608", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_PolicyAllowPasteViaScript_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow cut, copy or paste operations from the clipboard via script", "ExplainText": "This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region.\n\nIf you enable this policy setting, a script can perform a clipboard operation.\n\nIf you select Prompt in the drop-down box, users are queried as to whether to perform clipboard operations.\n\nIf you disable this policy setting, a script cannot perform a clipboard operation.\n\nIf you do not configure this policy setting, a script can perform a clipboard operation.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1407", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_PolicyBinaryBehaviors_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow binary and script behaviors", "ExplainText": "This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.\n\nIf you enable this policy setting, binary and script behaviors are available. If you select Administrator approved in the drop-down box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.\n\nIf you disable this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager.\n\nIf you do not configure this policy setting, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "2000", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Administrator approved", "Data": "65536" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_PolicyBlockPopupWindows_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Use Pop-up Blocker", "ExplainText": "This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.\n\nIf you enable this policy setting, most unwanted pop-up windows are prevented from appearing.\n\nIf you disable this policy setting, pop-up windows are not prevented from appearing.\n\nIf you do not configure this policy setting, most unwanted pop-up windows are prevented from appearing.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1809", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_PolicyDisplayMixedContent_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Display mixed content", "ExplainText": "This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.\n\nIf you enable this policy setting, and the drop-down box is set to Enable, the user does not receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure items?) and nonsecure content can be displayed.\n\nIf the drop-down box is set to Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content.\n\nIf you disable this policy setting, users cannot receive the security information message and nonsecure content cannot be displayed.\n\nIf you do not configure this policy setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1609", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_PolicyDownloadSignedActiveX_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Download signed ActiveX controls", "ExplainText": "This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.\n\nIf you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.\n\nIf you disable the policy setting, signed controls cannot be downloaded.\n\nIf you do not configure this policy setting, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1001", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_PolicyDownloadUnsignedActiveX_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Download unsigned ActiveX controls", "ExplainText": "This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.\n\nIf you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run.\n\nIf you disable this policy setting, users cannot run unsigned controls.\n\nIf you do not configure this policy setting, users cannot run unsigned controls.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1004", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_PolicyDropOrPasteFiles_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow drag and drop or copy and paste files", "ExplainText": "This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.\n\nIf you enable this policy setting, users can drag files or copy and paste files from this zone automatically. If you select Prompt in the drop-down box, users are queried to choose whether to drag or copy files from this zone.\n\nIf you disable this policy setting, users are prevented from dragging files or copying and pasting files from this zone.\n\nIf you do not configure this policy setting, users can drag files or copy and paste files from this zone automatically.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1802", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_PolicyRenderLegacyFilters_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE10 - At least Internet Explorer 10.0", "DisplayName": "Render legacy filters", "ExplainText": "This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.\n\nIf you enable this policy setting, you can control whether or not Internet Explorer renders legacy filters by selecting Enable, or Disable, under Options in Group Policy Editor.\n\nIf you disable, or do not configure this policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Internet Options dialog box. Filters are not rendered by default in this zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "270B", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_PolicyFileDownload_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow file downloads", "ExplainText": "This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download, not the zone from which the file is delivered.\n\nIf you enable this policy setting, files can be downloaded from the zone.\n\nIf you disable this policy setting, files are prevented from being downloaded from the zone.\n\nIf you do not configure this policy setting, files can be downloaded from the zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1803", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_PolicyFontDownload_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow font downloads", "ExplainText": "This policy setting allows you to manage whether pages of the zone may download HTML fonts.\n\nIf you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.\n\nIf you disable this policy setting, HTML fonts are prevented from downloading.\n\nIf you do not configure this policy setting, HTML fonts can be downloaded automatically.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1604", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_PolicyInstallDesktopItems_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2_IE8 - Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive", "DisplayName": "Allow installation of desktop items", "ExplainText": "This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting, users can install desktop items from this zone automatically.\n\nIf you select Prompt in the drop-down box, users are queried to choose whether to install desktop items from this zone.\n\nIf you disable this policy setting, users are prevented from installing desktop items from this zone.\n\nIf you do not configure this policy setting, users are queried to choose whether to install desktop items from this zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1800", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_PolicyJavaPermissions_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Java permissions", "ExplainText": "This policy setting allows you to manage permissions for Java applets.\n\nIf you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.\n\nLow Safety enables applets to perform all operations.\n\nMedium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.\n\nHigh Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.\n\nIf you disable this policy setting, Java applets cannot run.\n\nIf you do not configure this policy setting, Java applets are disabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1C00", "Items": [ { "DisplayName": "High safety", "Data": "65536" }, { "DisplayName": "Medium safety", "Data": "131072" }, { "DisplayName": "Low safety", "Data": "196608" }, { "DisplayName": "Custom", "Data": "8388608" }, { "DisplayName": "Disable Java", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_PolicyLaunchAppsAndFilesInIFRAME_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Launching applications and files in an IFRAME", "ExplainText": "This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.\n\nIf you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.\n\nIf you disable this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.\n\nIf you do not configure this policy setting, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1804", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_PolicyLogon_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Logon options", "ExplainText": "This policy setting allows you to manage settings for logon options.\n\nIf you enable this policy setting, you can choose from the following logon options.\n\nAnonymous logon to disable HTTP authentication and use the guest account only for the Common Internet File System (CIFS) protocol.\n\nPrompt for user name and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder of the session.\n\nAutomatic logon only in Intranet zone to query users for user IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session.\n\nAutomatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supported by the server, the user is queried to provide the user name and password.\n\nIf you disable this policy setting, logon is set to Automatic logon only in Intranet zone.\n\nIf you do not configure this policy setting, logon is set to Automatic logon only in Intranet zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1A00", "Items": [ { "DisplayName": "Anonymous logon", "Data": "196608" }, { "DisplayName": "Automatic logon only in Intranet zone", "Data": "131072" }, { "DisplayName": "Automatic logon with current username and password", "Data": "0" }, { "DisplayName": "Prompt for user name and password", "Data": "65536" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_PolicyMimeSniffingURLaction_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Enable MIME Sniffing", "ExplainText": "This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.\n\nIf you enable this policy setting, the MIME Sniffing Safety Feature will not apply in this zone. The security zone will run without the added layer of security provided by this feature.\n\nIf you disable this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process.\n\nIf you do not configure this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "2100", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_InternetLockdown", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Enable dragging of content from different domains within a window", "ExplainText": "This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.\n\nIf you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting.\n\nIf you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog.\n\nIn Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialog.\n\nIn Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "2708", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_InternetLockdown", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Enable dragging of content from different domains across windows", "ExplainText": "This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.\n\nIf you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting.\n\nIf you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain when both the source and destination are in different windows. Users cannot change this setting.\n\nIn Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are in different windows. Users can change this setting in the Internet Options dialog.\n\nIn Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "2709", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_PolicyNavigateSubframesAcrossDomains_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Navigate windows and frames across different domains", "ExplainText": "This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.\n\nIf you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.\n\nIf you disable this policy setting, users cannot open windows and frames to access applications from different domains.\n\nIf you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1607", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_PolicyNoPromptForOneOrNoClientCertificate_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Do not prompt for client certificate selection when no certificates or only one certificate exists.", "ExplainText": "This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.\n\nIf you enable this policy setting, Internet Explorer does not prompt users with a \"Client Authentication\" message when they connect to a Web site that has no certificate or only one certificate.\n\nIf you disable this policy setting, Internet Explorer prompts users with a \"Client Authentication\" message when they connect to a Web site that has no certificate or only one certificate.\n\nIf you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1A04", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_PolicyNotificationBarActiveXURLaction_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Automatic prompting for ActiveX controls", "ExplainText": "This policy setting manages whether users will be automatically prompted for ActiveX control installations.\n\nIf you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.\n\nIf you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.\n\nIf you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "2201", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_PolicyNotificationBarDownloadURLaction_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Automatic prompting for file downloads", "ExplainText": "This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.\n\nIf you enable this setting, users will receive a file download dialog for automatic download attempts.\n\nIf you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "2200", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_PolicyRunActiveXControls_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Run ActiveX controls and plugins", "ExplainText": "This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.\n\nIf you enable this policy setting, controls and plug-ins can run without user intervention.\n\nIf you selected Prompt in the drop-down box, users are asked to choose whether to allow the controls or plug-in to run.\n\nIf you disable this policy setting, controls and plug-ins are prevented from running.\n\nIf you do not configure this policy setting, controls and plug-ins are prevented from running.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1200", "Items": [ { "DisplayName": "Administrator approved", "Data": "65536" }, { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_PolicyScriptActiveXMarkedSafe_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Script ActiveX controls marked safe for scripting", "ExplainText": "This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.\n\nIf you enable this policy setting, script interaction can occur automatically without user intervention.\n\nIf you select Prompt in the drop-down box, users are queried to choose whether to allow script interaction.\n\nIf you disable this policy setting, script interaction is prevented from occurring.\n\nIf you do not configure this policy setting, script interaction can occur automatically without user intervention.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1405", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_PolicyAntiMalwareCheckingOfActiveXControls_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11 - At least Internet Explorer 11.0", "DisplayName": "Don't run antimalware programs against ActiveX controls", "ExplainText": "This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.\n\nIf you enable this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.\n\nIf you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.\n\nIf you don't configure this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "270C", "Items": [ { "DisplayName": "Enable", "Data": "3" }, { "DisplayName": "Disable", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_PolicyScriptActiveXNotMarkedSafe_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Initialize and script ActiveX controls not marked as safe", "ExplainText": "This policy setting allows you to manage ActiveX controls not marked as safe.\n\nIf you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.\n\nIf you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.\n\nIf you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.\n\nIf you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1201", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_PolicyScriptingOfJavaApplets_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Scripting of Java applets", "ExplainText": "This policy setting allows you to manage whether applets are exposed to scripts within the zone.\n\nIf you enable this policy setting, scripts can access applets automatically without user intervention.\n\nIf you select Prompt in the drop-down box, users are queried to choose whether to allow scripts to access applets.\n\nIf you disable this policy setting, scripts are prevented from accessing applets.\n\nIf you do not configure this policy setting, scripts can access applets automatically without user intervention.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1402", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_PolicySignedFrameworkComponentsURLaction_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Run .NET Framework-reliant components signed with Authenticode", "ExplainText": "This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.\n\nIf you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components.\n\nIf you disable this policy setting, Internet Explorer will not execute signed managed components.\n\nIf you do not configure this policy setting, Internet Explorer will not execute signed managed components.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "2001", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_PolicySoftwareChannelPermissions_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2_IE7 - Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive", "DisplayName": "Software channel permissions", "ExplainText": "This policy setting allows you to manage software channel permissions.\n\nIf you enable this policy setting, you can choose the following options from the drop-down box.\n\nLow safety to allow users to be notified of software updates by e-mail, software packages to be automatically downloaded to users' computers, and software packages to be automatically installed on users' computers.\n\nMedium safety to allow users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' computers.\n\nHigh safety to prevent users from being notified of software updates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatically installed on users' computers.\n\nIf you disable this policy setting, permissions are set to high safety.\n\nIf you do not configure this policy setting, permissions are set to Low safety.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1E05", "Items": [ { "DisplayName": "High safety", "Data": "65536" }, { "DisplayName": "Medium safety", "Data": "131072" }, { "DisplayName": "Low safety", "Data": "196608" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_PolicySubmitNonencryptedFormData_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Submit non-encrypted form data", "ExplainText": "This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.\n\nIf you enable this policy setting, information using HTML forms on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted.\n\nIf you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted.\n\nIf you do not configure this policy setting, users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1601", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_PolicyUnsignedFrameworkComponentsURLaction_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Run .NET Framework-reliant components not signed with Authenticode", "ExplainText": "This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.\n\nIf you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.\n\nIf you disable this policy setting, Internet Explorer will not execute unsigned managed components.\n\nIf you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "2004", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_PolicyUserdataPersistence_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Userdata persistence", "ExplainText": "This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.\n\nIf you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.\n\nIf you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.\n\nIf you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "1606", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_PolicyWindowsRestrictionsURLaction_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow script-initiated windows without size or position constraints", "ExplainText": "This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.\n\nIf you enable this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature.\n\nIf you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.\n\nIf you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "2102", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_PolicyZoneElevationURLaction_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Web sites in less privileged Web content zones can navigate into this zone", "ExplainText": "This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.\n\nIf you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.\n\nIf you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.\n\nIf you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "2101", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_PolicyAllowVBScript_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11 - At least Internet Explorer 11.0", "DisplayName": "Allow VBScript to run in Internet Explorer", "ExplainText": "This policy setting allows you to manage whether VBScript can be run on pages from the specified zone in Internet Explorer.\n\nIf you selected Enable in the drop-down box, VBScript can run without user intervention.\n\nIf you selected Prompt in the drop-down box, users are asked to choose whether to allow VBScript to run.\n\nIf you selected Disable in the drop-down box, VBScript is prevented from running.\n\nIf you do not configure or disable this policy setting, VBScript is prevented from running.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Elements": [ { "Type": "Enum", "ValueName": "140C", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_Policy_AddressStatusBar_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow websites to open windows without status bar or Address bar", "ExplainText": "This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.\n\nIf you enable this policy setting, websites can open new Internet Explorer windows that have no status bar or Address bar.\n\nIf you disable this policy setting, websites cannot open new Internet Explorer windows that have no status bar or Address bar.\n\nIf you do not configure this policy setting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "2104", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_Policy_AllowDynsrcPlayback_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow video and animation on a webpage that uses an older media player", "ExplainText": "This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed, because this involves external controls or media players.\n\nThe dynsrc attribute on the img tag specifies an older media player. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files.\n\nIf you enable this policy setting, video and animation can be played through older media players in specified zones.\n\nIf you disable this policy setting, video and animation cannot be played through older media players.\n\nIf you do not configure this policy setting, video and animation can be played through older media players in specified zones.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "120A", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_Policy_AllowScriptlets_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow scriptlets", "ExplainText": "This policy setting allows you to manage whether the user can run scriptlets.\n\nIf you enable this policy setting, the user can run scriptlets.\n\nIf you disable this policy setting, the user cannot run scriptlets.\n\nIf you do not configure this policy setting, the user can enable or disable scriptlets.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1209", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_Policy_FirstRunOptIn_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn off first-run prompt", "ExplainText": "This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer, he or she may be prompted to approve the control. This policy setting determines whether the user is prompted.\n\nIf you enable this policy setting, the first-run prompt is turned off in the corresponding zone.\n\nIf you disable this policy setting, the first-run prompt is turned on in the corresponding zone.\n\nIf you do not configure this policy setting, the first-run prompt is turned on by default.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1208", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_Policy_LocalPathForUpload_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Include local path when user is uploading files to a server", "ExplainText": "This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent, some information may be unintentionally revealed to the server. For instance, files sent from the user's desktop may contain the user name as a part of the path.\n\nIf you enable this policy setting, path information is sent when the user is uploading a file via an HTML form.\n\nIf you disable this policy setting, path information is removed when the user is uploading a file via an HTML form.\n\nIf you do not configure this policy setting, the user can choose whether path information is sent when he or she is uploading a file via an HTML form. By default, path information is sent.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "160A", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_Policy_Phishing_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn on SmartScreen Filter scan", "ExplainText": "This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.\n\nIf you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.\n\nIf you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.\n\nIf you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.\n\nNote: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "2301", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_Policy_ScriptPrompt_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow websites to prompt for information by using scripted windows", "ExplainText": "This policy setting determines whether scripted windows are automatically displayed.\n\nIf you enable this policy setting, scripted windows are displayed.\n\nIf you disable this policy setting, the user must choose to display any scripted windows by using the Notification bar.\n\nIf you do not configure this policy setting, the user can enable or disable the Notification bar behavior.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "2105", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_Policy_ScriptStatusBar_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow updates to status bar via script", "ExplainText": "This policy setting allows you to manage whether script is allowed to update the status bar within the zone.\n\nIf you enable this policy setting, script is allowed to update the status bar.\n\nIf you disable or do not configure this policy setting, script is allowed to update the status bar.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "2103", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_Policy_TurnOnProtectedMode_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7VISTA - At least Internet Explorer 7.0 in Windows Vista", "DisplayName": "Turn on Protected Mode", "ExplainText": "This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.\n\nIf you enable this policy setting, Protected Mode is turned on. The user cannot turn off Protected Mode.\n\nIf you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode.\n\nIf you do not configure this policy setting, the user can turn on or turn off Protected Mode.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "2500", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_Policy_UnsafeFiles_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Show security warning for potentially unsafe files", "ExplainText": "This policy setting controls whether or not the \"Open File - Security Warning\" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer, for example).\n\nIf you enable this policy setting and set the drop-down box to Enable, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open.\n\nIf you disable this policy setting, these files do not open.\n\nIf you do not configure this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zones.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1806", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_Policy_WebBrowserApps_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow loading of XAML Browser Applications", "ExplainText": "This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOnce-deployed applications built via WinFX. These applications run in a security sandbox and take advantage of the Windows Presentation Foundation platform for the web.\n\nIf you enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs.\n\nIf you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this behavior.\n\nIf you do not configure this policy setting, the user can decide whether to load XBAPs inside Internet Explorer.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "2400", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_Policy_WebBrowserControl_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow scripting of Internet Explorer WebBrowser controls", "ExplainText": "This policy setting determines whether a page can control embedded WebBrowser controls via script.\n\nIf you enable this policy setting, script access to the WebBrowser control is allowed.\n\nIf you disable this policy setting, script access to the WebBrowser control is not allowed.\n\nIf you do not configure this policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control is allowed only in the Local Machine and Intranet zones.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1206", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_Policy_WinFXRuntimeComponent_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn off .NET Framework Setup", "ExplainText": "This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.\n\nIf you enable this policy setting, .NET Framework Setup is turned off. The user cannot change this behavior.\n\nIf you disable this policy setting, .NET Framework Setup is turned on. The user cannot change this behavior.\n\nIf you do not configure this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "2600", "Items": [ { "DisplayName": "Enable", "Data": "3" }, { "DisplayName": "Disable", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_Policy_XAML_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow loading of XAML files", "ExplainText": "This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.\n\nIf you enable this policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files.\n\nIf you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this behavior.\n\nIf you do not configure this policy setting, the user can decide whether to load XAML files inside Internet Explorer.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "2402", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_Policy_XPS_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow loading of XPS files", "ExplainText": "This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms, devices, and applications.\n\nIf you enable this policy setting and set the drop-down box to Enable, XPS files are automatically loaded inside Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS files.\n\nIf you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot change this behavior.\n\nIf you do not configure this policy setting, the user can decide whether to load XPS files inside Internet Explorer.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "2401", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_PolicyAccessDataSourcesAcrossDomains_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Access data sources across domains", "ExplainText": "This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).\n\nIf you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.\n\nIf you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.\n\nIf you do not configure this policy setting, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1406", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_PolicyActiveScripting_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow active scripting", "ExplainText": "This policy setting allows you to manage whether script code on pages in the zone is run.\n\nIf you enable this policy setting, script code on pages in the zone can run automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow script code on pages in the zone to run.\n\nIf you disable this policy setting, script code on pages in the zone is prevented from running.\n\nIf you do not configure this policy setting, script code on pages in the zone can run automatically.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1400", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_PolicyAllowMETAREFRESH_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow META REFRESH", "ExplainText": "This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.\n\nIf you enable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page.\n\nIf you disable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page.\n\nIf you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1608", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_PolicyAllowPasteViaScript_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow cut, copy or paste operations from the clipboard via script", "ExplainText": "This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region.\n\nIf you enable this policy setting, a script can perform a clipboard operation.\n\nIf you select Prompt in the drop-down box, users are queried as to whether to perform clipboard operations.\n\nIf you disable this policy setting, a script cannot perform a clipboard operation.\n\nIf you do not configure this policy setting, a script can perform a clipboard operation.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1407", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_PolicyBinaryBehaviors_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow binary and script behaviors", "ExplainText": "This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.\n\nIf you enable this policy setting, binary and script behaviors are available. If you select Administrator approved in the drop-down box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.\n\nIf you disable this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager.\n\nIf you do not configure this policy setting, binary and script behaviors are available.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "2000", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Administrator approved", "Data": "65536" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_PolicyBlockPopupWindows_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Use Pop-up Blocker", "ExplainText": "This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.\n\nIf you enable this policy setting, most unwanted pop-up windows are prevented from appearing.\n\nIf you disable this policy setting, pop-up windows are not prevented from appearing.\n\nIf you do not configure this policy setting, pop-up windows are not prevented from appearing.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1809", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_PolicyDisplayMixedContent_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Display mixed content", "ExplainText": "This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.\n\nIf you enable this policy setting, and the drop-down box is set to Enable, the user does not receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure items?) and nonsecure content can be displayed.\n\nIf the drop-down box is set to Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content.\n\nIf you disable this policy setting, users cannot receive the security information message and nonsecure content cannot be displayed.\n\nIf you do not configure this policy setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1609", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_PolicyDownloadSignedActiveX_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Download signed ActiveX controls", "ExplainText": "This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.\n\nIf you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.\n\nIf you disable the policy setting, signed controls cannot be downloaded.\n\nIf you do not configure this policy setting, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1001", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_PolicyDownloadUnsignedActiveX_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Download unsigned ActiveX controls", "ExplainText": "This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.\n\nIf you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run.\n\nIf you disable this policy setting, users cannot run unsigned controls.\n\nIf you do not configure this policy setting, users cannot run unsigned controls.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1004", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_PolicyDropOrPasteFiles_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow drag and drop or copy and paste files", "ExplainText": "This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.\n\nIf you enable this policy setting, users can drag files or copy and paste files from this zone automatically. If you select Prompt in the drop-down box, users are queried to choose whether to drag or copy files from this zone.\n\nIf you disable this policy setting, users are prevented from dragging files or copying and pasting files from this zone.\n\nIf you do not configure this policy setting, users can drag files or copy and paste files from this zone automatically.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1802", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_PolicyRenderLegacyFilters_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE10 - At least Internet Explorer 10.0", "DisplayName": "Render legacy filters", "ExplainText": "This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.\n\nIf you enable this policy setting, you can control whether or not Internet Explorer renders legacy filters by selecting Enable, or Disable, under Options in Group Policy Editor.\n\nIf you disable, or do not configure this policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Internet Options dialog box. Filters are rendered by default in this zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "270B", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_PolicyFileDownload_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow file downloads", "ExplainText": "This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download, not the zone from which the file is delivered.\n\nIf you enable this policy setting, files can be downloaded from the zone.\n\nIf you disable this policy setting, files are prevented from being downloaded from the zone.\n\nIf you do not configure this policy setting, files can be downloaded from the zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1803", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_PolicyFontDownload_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow font downloads", "ExplainText": "This policy setting allows you to manage whether pages of the zone may download HTML fonts.\n\nIf you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.\n\nIf you disable this policy setting, HTML fonts are prevented from downloading.\n\nIf you do not configure this policy setting, HTML fonts can be downloaded automatically.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1604", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_PolicyInstallDesktopItems_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2_IE8 - Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive", "DisplayName": "Allow installation of desktop items", "ExplainText": "This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting, users can install desktop items from this zone automatically.\n\nIf you select Prompt in the drop-down box, users are queried to choose whether to install desktop items from this zone.\n\nIf you disable this policy setting, users are prevented from installing desktop items from this zone.\n\nIf you do not configure this policy setting, users are queried to choose whether to install desktop items from this zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1800", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_PolicyJavaPermissions_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Java permissions", "ExplainText": "This policy setting allows you to manage permissions for Java applets.\n\nIf you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.\n\nLow Safety enables applets to perform all operations.\n\nMedium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.\n\nHigh Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.\n\nIf you disable this policy setting, Java applets cannot run.\n\nIf you do not configure this policy setting, the permission is set to Medium Safety.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1C00", "Items": [ { "DisplayName": "High safety", "Data": "65536" }, { "DisplayName": "Medium safety", "Data": "131072" }, { "DisplayName": "Low safety", "Data": "196608" }, { "DisplayName": "Custom", "Data": "8388608" }, { "DisplayName": "Disable Java", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_PolicyLaunchAppsAndFilesInIFRAME_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Launching applications and files in an IFRAME", "ExplainText": "This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.\n\nIf you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.\n\nIf you disable this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.\n\nIf you do not configure this policy setting, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1804", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_PolicyLogon_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Logon options", "ExplainText": "This policy setting allows you to manage settings for logon options.\n\nIf you enable this policy setting, you can choose from the following logon options.\n\nAnonymous logon to disable HTTP authentication and use the guest account only for the Common Internet File System (CIFS) protocol.\n\nPrompt for user name and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder of the session.\n\nAutomatic logon only in Intranet zone to query users for user IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session.\n\nAutomatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supported by the server, the user is queried to provide the user name and password.\n\nIf you disable this policy setting, logon is set to Automatic logon only in Intranet zone.\n\nIf you do not configure this policy setting, logon is set to Automatic logon only in Intranet zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1A00", "Items": [ { "DisplayName": "Anonymous logon", "Data": "196608" }, { "DisplayName": "Automatic logon only in Intranet zone", "Data": "131072" }, { "DisplayName": "Automatic logon with current username and password", "Data": "0" }, { "DisplayName": "Prompt for user name and password", "Data": "65536" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_PolicyMimeSniffingURLaction_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Enable MIME Sniffing", "ExplainText": "This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.\n\nIf you enable this policy setting, the MIME Sniffing Safety Feature will not apply in this zone. The security zone will run without the added layer of security provided by this feature.\n\nIf you disable this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process.\n\nIf you do not configure this policy setting, the MIME Sniffing Safety Feature will not apply in this zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "2100", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Intranet", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Enable dragging of content from different domains within a window", "ExplainText": "This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.\n\nIf you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting.\n\nIf you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog.\n\nIn Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialog.\n\nIn Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "2708", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Intranet", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Enable dragging of content from different domains across windows", "ExplainText": "This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.\n\nIf you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting.\n\nIf you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain when both the source and destination are in different windows. Users cannot change this setting.\n\nIn Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are in different windows. Users can change this setting in the Internet Options dialog.\n\nIn Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "2709", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_PolicyNavigateSubframesAcrossDomains_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Navigate windows and frames across different domains", "ExplainText": "This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.\n\nIf you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.\n\nIf you disable this policy setting, users cannot open windows and frames to access applications from different domains.\n\nIf you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1607", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_PolicyNetworkProtocolLockdown_2", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow active content over restricted protocols to access my computer", "ExplainText": "This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script, ActiveX, Java and Binary Behaviors. The list of restricted protocols may be set in the Intranet Zone Restricted Protocols section under Network Protocol Lockdown policy.\n\nIf you enable this policy setting, no Intranet Zone content accessed is affected, even for protocols on the restricted list. If you select Prompt from the drop-down box, the Notification bar will appear to allow control over questionable content accessed over any restricted protocols; content over other protocols is unaffected.\n\nIf you disable this policy setting, all attempts to access such content over the restricted protocols is blocked.\n\nIf you do not configure this policy setting, the Notification bar will appear to allow control over questionable content accessed over any restricted protocols when the Network Protocol Lockdown security feature is enabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "2300", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_PolicyNoPromptForOneOrNoClientCertificate_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Do not prompt for client certificate selection when no certificates or only one certificate exists.", "ExplainText": "This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.\n\nIf you enable this policy setting, Internet Explorer does not prompt users with a \"Client Authentication\" message when they connect to a Web site that has no certificate or only one certificate.\n\nIf you disable this policy setting, Internet Explorer prompts users with a \"Client Authentication\" message when they connect to a Web site that has no certificate or only one certificate.\n\nIf you do not configure this policy setting, Internet Explorer does not prompt users with a \"Client Authentication\" message when they connect to a Web site that has no certificate or only one certificate.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1A04", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_PolicyNotificationBarActiveXURLaction_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Automatic prompting for ActiveX controls", "ExplainText": "This policy setting manages whether users will be automatically prompted for ActiveX control installations.\n\nIf you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.\n\nIf you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.\n\nIf you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "2201", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_PolicyNotificationBarDownloadURLaction_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Automatic prompting for file downloads", "ExplainText": "This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.\n\nIf you enable this setting, users will receive a file download dialog for automatic download attempts.\n\nIf you disable or do not configure this setting, users will receive a file download dialog for automatic download attempts.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "2200", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_PolicyRunActiveXControls_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Run ActiveX controls and plugins", "ExplainText": "This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.\n\nIf you enable this policy setting, controls and plug-ins can run without user intervention.\n\nIf you selected Prompt in the drop-down box, users are asked to choose whether to allow the controls or plug-in to run.\n\nIf you disable this policy setting, controls and plug-ins are prevented from running.\n\nIf you do not configure this policy setting, controls and plug-ins can run without user intervention.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1200", "Items": [ { "DisplayName": "Administrator approved", "Data": "65536" }, { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_PolicyScriptActiveXMarkedSafe_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Script ActiveX controls marked safe for scripting", "ExplainText": "This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.\n\nIf you enable this policy setting, script interaction can occur automatically without user intervention.\n\nIf you select Prompt in the drop-down box, users are queried to choose whether to allow script interaction.\n\nIf you disable this policy setting, script interaction is prevented from occurring.\n\nIf you do not configure this policy setting, script interaction can occur automatically without user intervention.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1405", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_PolicyAntiMalwareCheckingOfActiveXControls_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11 - At least Internet Explorer 11.0", "DisplayName": "Don't run antimalware programs against ActiveX controls", "ExplainText": "This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.\n\nIf you enable this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.\n\nIf you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.\n\nIf you don't configure this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "270C", "Items": [ { "DisplayName": "Enable", "Data": "3" }, { "DisplayName": "Disable", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_PolicyScriptActiveXNotMarkedSafe_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Initialize and script ActiveX controls not marked as safe", "ExplainText": "This policy setting allows you to manage ActiveX controls not marked as safe.\n\nIf you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.\n\nIf you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.\n\nIf you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.\n\nIf you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1201", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_PolicyScriptingOfJavaApplets_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Scripting of Java applets", "ExplainText": "This policy setting allows you to manage whether applets are exposed to scripts within the zone.\n\nIf you enable this policy setting, scripts can access applets automatically without user intervention.\n\nIf you select Prompt in the drop-down box, users are queried to choose whether to allow scripts to access applets.\n\nIf you disable this policy setting, scripts are prevented from accessing applets.\n\nIf you do not configure this policy setting, scripts can access applets automatically without user intervention.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1402", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_PolicySignedFrameworkComponentsURLaction_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Run .NET Framework-reliant components signed with Authenticode", "ExplainText": "This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.\n\nIf you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components.\n\nIf you disable this policy setting, Internet Explorer will not execute signed managed components.\n\nIf you do not configure this policy setting, Internet Explorer will execute signed managed components.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "2001", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_PolicySoftwareChannelPermissions_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2_IE7 - Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive", "DisplayName": "Software channel permissions", "ExplainText": "This policy setting allows you to manage software channel permissions.\n\nIf you enable this policy setting, you can choose the following options from the drop-down box.\n\nLow safety to allow users to be notified of software updates by e-mail, software packages to be automatically downloaded to users' computers, and software packages to be automatically installed on users' computers.\n\nMedium safety to allow users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' computers.\n\nHigh safety to prevent users from being notified of software updates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatically installed on users' computers.\n\nIf you disable this policy setting, permissions are set to high safety.\n\nIf you do not configure this policy setting, permissions are set to Medium safety.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1E05", "Items": [ { "DisplayName": "High safety", "Data": "65536" }, { "DisplayName": "Medium safety", "Data": "131072" }, { "DisplayName": "Low safety", "Data": "196608" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_PolicySubmitNonencryptedFormData_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Submit non-encrypted form data", "ExplainText": "This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.\n\nIf you enable this policy setting, information using HTML forms on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted.\n\nIf you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted.\n\nIf you do not configure this policy setting, information using HTML forms on pages in this zone can be submitted automatically.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1601", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_PolicyUnsignedFrameworkComponentsURLaction_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Run .NET Framework-reliant components not signed with Authenticode", "ExplainText": "This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.\n\nIf you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.\n\nIf you disable this policy setting, Internet Explorer will not execute unsigned managed components.\n\nIf you do not configure this policy setting, Internet Explorer will execute unsigned managed components.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "2004", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_PolicyUserdataPersistence_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Userdata persistence", "ExplainText": "This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.\n\nIf you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.\n\nIf you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.\n\nIf you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1606", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_PolicyWindowsRestrictionsURLaction_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow script-initiated windows without size or position constraints", "ExplainText": "This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.\n\nIf you enable this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature.\n\nIf you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.\n\nIf you do not configure this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "2102", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_PolicyZoneElevationURLaction_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Web sites in less privileged Web content zones can navigate into this zone", "ExplainText": "This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone.\n\nIf you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.\n\nIf you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.\n\nIf you do not configure this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "2101", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_PolicyAllowVBScript_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11 - At least Internet Explorer 11.0", "DisplayName": "Allow VBScript to run in Internet Explorer", "ExplainText": "This policy setting allows you to manage whether VBScript can be run on pages from the specified zone in Internet Explorer.\n\nIf you selected Enable in the drop-down box, VBScript can run without user intervention.\n\nIf you selected Prompt in the drop-down box, users are asked to choose whether to allow VBScript to run.\n\nIf you selected Disable in the drop-down box, VBScript is prevented from running.\n\nIf you do not configure or disable this policy setting, VBScript will run without user intervention.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "140C", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_Policy_AddressStatusBar_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow websites to open windows without status bar or Address bar", "ExplainText": "This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.\n\nIf you enable this policy setting, websites can open new Internet Explorer windows that have no status bar or Address bar.\n\nIf you disable this policy setting, websites cannot open new Internet Explorer windows that have no status bar or Address bar.\n\nIf you do not configure this policy setting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "2104", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_Policy_AllowDynsrcPlayback_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow video and animation on a webpage that uses an older media player", "ExplainText": "This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed, because this involves external controls or media players.\n\nThe dynsrc attribute on the img tag specifies an older media player. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files.\n\nIf you enable this policy setting, video and animation can be played through older media players in specified zones.\n\nIf you disable this policy setting, video and animation cannot be played through older media players.\n\nIf you do not configure this policy setting, video and animation can be played through older media players in specified zones.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "120A", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_Policy_AllowScriptlets_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow scriptlets", "ExplainText": "This policy setting allows you to manage whether the user can run scriptlets.\n\nIf you enable this policy setting, the user can run scriptlets.\n\nIf you disable this policy setting, the user cannot run scriptlets.\n\nIf you do not configure this policy setting, the user can enable or disable scriptlets.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1209", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_Policy_FirstRunOptIn_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn off first-run prompt", "ExplainText": "This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer, he or she may be prompted to approve the control. This policy setting determines whether the user is prompted.\n\nIf you enable this policy setting, the first-run prompt is turned off in the corresponding zone.\n\nIf you disable this policy setting, the first-run prompt is turned on in the corresponding zone.\n\nIf you do not configure this policy setting, the first-run prompt is turned off by default.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1208", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_Policy_LocalPathForUpload_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Include local path when user is uploading files to a server", "ExplainText": "This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent, some information may be unintentionally revealed to the server. For instance, files sent from the user's desktop may contain the user name as a part of the path.\n\nIf you enable this policy setting, path information is sent when the user is uploading a file via an HTML form.\n\nIf you disable this policy setting, path information is removed when the user is uploading a file via an HTML form.\n\nIf you do not configure this policy setting, the user can choose whether path information is sent when he or she is uploading a file via an HTML form. By default, path information is sent.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "160A", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_Policy_Phishing_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn on SmartScreen Filter scan", "ExplainText": "This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.\n\nIf you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.\n\nIf you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.\n\nIf you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.\n\nNote: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "2301", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_Policy_ScriptPrompt_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow websites to prompt for information by using scripted windows", "ExplainText": "This policy setting determines whether scripted windows are automatically displayed.\n\nIf you enable this policy setting, scripted windows are displayed.\n\nIf you disable this policy setting, the user must choose to display any scripted windows by using the Notification bar.\n\nIf you do not configure this policy setting, the user can enable or disable the Notification bar behavior.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "2105", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_Policy_ScriptStatusBar_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow updates to status bar via script", "ExplainText": "This policy setting allows you to manage whether script is allowed to update the status bar within the zone.\n\nIf you enable this policy setting, script is allowed to update the status bar.\n\nIf you disable or do not configure this policy setting, script is not allowed to update the status bar.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "2103", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_Policy_TurnOnProtectedMode_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7VISTA - At least Internet Explorer 7.0 in Windows Vista", "DisplayName": "Turn on Protected Mode", "ExplainText": "This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.\n\nIf you enable this policy setting, Protected Mode is turned on. The user cannot turn off Protected Mode.\n\nIf you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode.\n\nIf you do not configure this policy setting, the user can turn on or turn off Protected Mode.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "2500", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_Policy_UnsafeFiles_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Show security warning for potentially unsafe files", "ExplainText": "This policy setting controls whether or not the \"Open File - Security Warning\" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer, for example).\n\nIf you enable this policy setting and set the drop-down box to Enable, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open.\n\nIf you disable this policy setting, these files do not open.\n\nIf you do not configure this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zones.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1806", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_Policy_WebBrowserApps_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow loading of XAML Browser Applications", "ExplainText": "This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOnce-deployed applications built via WinFX. These applications run in a security sandbox and take advantage of the Windows Presentation Foundation platform for the web.\n\nIf you enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs.\n\nIf you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this behavior.\n\nIf you do not configure this policy setting, the user can decide whether to load XBAPs inside Internet Explorer.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "2400", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_Policy_WebBrowserControl_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow scripting of Internet Explorer WebBrowser controls", "ExplainText": "This policy setting determines whether a page can control embedded WebBrowser controls via script.\n\nIf you enable this policy setting, script access to the WebBrowser control is allowed.\n\nIf you disable this policy setting, script access to the WebBrowser control is not allowed.\n\nIf you do not configure this policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control is allowed only in the Local Machine and Intranet zones.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1206", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_Policy_WinFXRuntimeComponent_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn off .NET Framework Setup", "ExplainText": "This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.\n\nIf you enable this policy setting, .NET Framework Setup is turned off. The user cannot change this behavior.\n\nIf you disable this policy setting, .NET Framework Setup is turned on. The user cannot change this behavior.\n\nIf you do not configure this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "2600", "Items": [ { "DisplayName": "Enable", "Data": "3" }, { "DisplayName": "Disable", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_Policy_XAML_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow loading of XAML files", "ExplainText": "This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.\n\nIf you enable this policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files.\n\nIf you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this behavior.\n\nIf you do not configure this policy setting, the user can decide whether to load XAML files inside Internet Explorer.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "2402", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_Policy_XPS_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow loading of XPS files", "ExplainText": "This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms, devices, and applications.\n\nIf you enable this policy setting and set the drop-down box to Enable, XPS files are automatically loaded inside Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS files.\n\nIf you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot change this behavior.\n\nIf you do not configure this policy setting, the user can decide whether to load XPS files inside Internet Explorer.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "2401", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_PolicyAccessDataSourcesAcrossDomains_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Access data sources across domains", "ExplainText": "This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).\n\nIf you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.\n\nIf you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.\n\nIf you do not configure this policy setting, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1406", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_PolicyActiveScripting_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow active scripting", "ExplainText": "This policy setting allows you to manage whether script code on pages in the zone is run.\n\nIf you enable this policy setting, script code on pages in the zone can run automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow script code on pages in the zone to run.\n\nIf you disable this policy setting, script code on pages in the zone is prevented from running.\n\nIf you do not configure this policy setting, users are queried to choose whether to allow script code on pages in the Local Machine zone to run.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1400", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_PolicyAllowMETAREFRESH_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow META REFRESH", "ExplainText": "This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.\n\nIf you enable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page.\n\nIf you disable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page.\n\nIf you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1608", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_PolicyAllowPasteViaScript_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow cut, copy or paste operations from the clipboard via script", "ExplainText": "This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region.\n\nIf you enable this policy setting, a script can perform a clipboard operation.\n\nIf you select Prompt in the drop-down box, users are queried as to whether to perform clipboard operations.\n\nIf you disable this policy setting, a script cannot perform a clipboard operation.\n\nIf you do not configure this policy setting, a script can perform a clipboard operation.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1407", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_PolicyBinaryBehaviors_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow binary and script behaviors", "ExplainText": "This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.\n\nIf you enable this policy setting, binary and script behaviors are available. If you select Administrator approved in the drop-down box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.\n\nIf you disable this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager.\n\nIf you do not configure this policy setting, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "2000", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Administrator approved", "Data": "65536" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_PolicyBlockPopupWindows_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Use Pop-up Blocker", "ExplainText": "This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.\n\nIf you enable this policy setting, most unwanted pop-up windows are prevented from appearing.\n\nIf you disable this policy setting, pop-up windows are not prevented from appearing.\n\nIf you do not configure this policy setting, pop-up windows are not prevented from appearing.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1809", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_PolicyDisplayMixedContent_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Display mixed content", "ExplainText": "This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.\n\nIf you enable this policy setting, and the drop-down box is set to Enable, the user does not receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure items?) and nonsecure content can be displayed.\n\nIf the drop-down box is set to Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content.\n\nIf you disable this policy setting, users cannot receive the security information message and nonsecure content cannot be displayed.\n\nIf you do not configure this policy setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1609", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_PolicyDownloadSignedActiveX_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Download signed ActiveX controls", "ExplainText": "This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.\n\nIf you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.\n\nIf you disable the policy setting, signed controls cannot be downloaded.\n\nIf you do not configure this policy setting, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1001", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_PolicyDownloadUnsignedActiveX_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Download unsigned ActiveX controls", "ExplainText": "This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.\n\nIf you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run.\n\nIf you disable this policy setting, users cannot run unsigned controls.\n\nIf you do not configure this policy setting, users cannot run unsigned controls.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1004", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_PolicyDropOrPasteFiles_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow drag and drop or copy and paste files", "ExplainText": "This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.\n\nIf you enable this policy setting, users can drag files or copy and paste files from this zone automatically. If you select Prompt in the drop-down box, users are queried to choose whether to drag or copy files from this zone.\n\nIf you disable this policy setting, users are prevented from dragging files or copying and pasting files from this zone.\n\nIf you do not configure this policy setting, users can drag files or copy and paste files from this zone automatically.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1802", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_PolicyRenderLegacyFilters_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE10 - At least Internet Explorer 10.0", "DisplayName": "Render legacy filters", "ExplainText": "This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.\n\nIf you enable this policy setting, you can control whether or not Internet Explorer renders legacy filters by selecting Enable, or Disable, under Options in Group Policy Editor.\n\nIf you disable, or do not configure this policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Internet Options dialog box. Filters are rendered by default in this zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "270B", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_PolicyFileDownload_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow file downloads", "ExplainText": "This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download, not the zone from which the file is delivered.\n\nIf you enable this policy setting, files can be downloaded from the zone.\n\nIf you disable this policy setting, files are prevented from being downloaded from the zone.\n\nIf you do not configure this policy setting, files can be downloaded from the zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1803", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_PolicyFontDownload_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow font downloads", "ExplainText": "This policy setting allows you to manage whether pages of the zone may download HTML fonts.\n\nIf you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.\n\nIf you disable this policy setting, HTML fonts are prevented from downloading.\n\nIf you do not configure this policy setting, HTML fonts can be downloaded automatically.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1604", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_PolicyInstallDesktopItems_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2_IE8 - Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive", "DisplayName": "Allow installation of desktop items", "ExplainText": "This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting, users can install desktop items from this zone automatically.\n\nIf you select Prompt in the drop-down box, users are queried to choose whether to install desktop items from this zone.\n\nIf you disable this policy setting, users are prevented from installing desktop items from this zone.\n\nIf you do not configure this policy setting, users are queried to choose whether to install desktop items from this zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1800", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_PolicyJavaPermissions_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Java permissions", "ExplainText": "This policy setting allows you to manage permissions for Java applets.\n\nIf you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.\n\nLow Safety enables applets to perform all operations.\n\nMedium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.\n\nHigh Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.\n\nIf you disable this policy setting, Java applets cannot run.\n\nIf you do not configure this policy setting, Java applets are disabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1C00", "Items": [ { "DisplayName": "High safety", "Data": "65536" }, { "DisplayName": "Medium safety", "Data": "131072" }, { "DisplayName": "Low safety", "Data": "196608" }, { "DisplayName": "Custom", "Data": "8388608" }, { "DisplayName": "Disable Java", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_PolicyLaunchAppsAndFilesInIFRAME_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Launching applications and files in an IFRAME", "ExplainText": "This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.\n\nIf you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.\n\nIf you disable this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.\n\nIf you do not configure this policy setting, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1804", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_PolicyLogon_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Logon options", "ExplainText": "This policy setting allows you to manage settings for logon options.\n\nIf you enable this policy setting, you can choose from the following logon options.\n\nAnonymous logon to disable HTTP authentication and use the guest account only for the Common Internet File System (CIFS) protocol.\n\nPrompt for user name and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder of the session.\n\nAutomatic logon only in Intranet zone to query users for user IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session.\n\nAutomatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supported by the server, the user is queried to provide the user name and password.\n\nIf you disable this policy setting, logon is set to Automatic logon only in Intranet zone.\n\nIf you do not configure this policy setting, logon is set to Automatic logon only in Intranet zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1A00", "Items": [ { "DisplayName": "Anonymous logon", "Data": "196608" }, { "DisplayName": "Automatic logon only in Intranet zone", "Data": "131072" }, { "DisplayName": "Automatic logon with current username and password", "Data": "0" }, { "DisplayName": "Prompt for user name and password", "Data": "65536" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_PolicyMimeSniffingURLaction_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Enable MIME Sniffing", "ExplainText": "This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.\n\nIf you enable this policy setting, the MIME Sniffing Safety Feature will not apply in this zone. The security zone will run without the added layer of security provided by this feature.\n\nIf you disable this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process.\n\nIf you do not configure this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "2100", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_IntranetLockdown", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Enable dragging of content from different domains within a window", "ExplainText": "This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.\n\nIf you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting.\n\nIf you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog.\n\nIn Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialog.\n\nIn Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "2708", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_IntranetLockdown", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Enable dragging of content from different domains across windows", "ExplainText": "This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.\n\nIf you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting.\n\nIf you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain when both the source and destination are in different windows. Users cannot change this setting.\n\nIn Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are in different windows. Users can change this setting in the Internet Options dialog.\n\nIn Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "2709", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_PolicyNavigateSubframesAcrossDomains_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Navigate windows and frames across different domains", "ExplainText": "This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.\n\nIf you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.\n\nIf you disable this policy setting, users cannot open windows and frames to access applications from different domains.\n\nIf you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1607", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_PolicyNoPromptForOneOrNoClientCertificate_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Do not prompt for client certificate selection when no certificates or only one certificate exists.", "ExplainText": "This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.\n\nIf you enable this policy setting, Internet Explorer does not prompt users with a \"Client Authentication\" message when they connect to a Web site that has no certificate or only one certificate.\n\nIf you disable this policy setting, Internet Explorer prompts users with a \"Client Authentication\" message when they connect to a Web site that has no certificate or only one certificate.\n\nIf you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1A04", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_PolicyNotificationBarActiveXURLaction_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Automatic prompting for ActiveX controls", "ExplainText": "This policy setting manages whether users will be automatically prompted for ActiveX control installations.\n\nIf you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.\n\nIf you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.\n\nIf you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "2201", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_PolicyNotificationBarDownloadURLaction_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Automatic prompting for file downloads", "ExplainText": "This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.\n\nIf you enable this setting, users will receive a file download dialog for automatic download attempts.\n\nIf you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "2200", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_PolicyRunActiveXControls_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Run ActiveX controls and plugins", "ExplainText": "This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.\n\nIf you enable this policy setting, controls and plug-ins can run without user intervention.\n\nIf you selected Prompt in the drop-down box, users are asked to choose whether to allow the controls or plug-in to run.\n\nIf you disable this policy setting, controls and plug-ins are prevented from running.\n\nIf you do not configure this policy setting, controls and plug-ins are prevented from running.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1200", "Items": [ { "DisplayName": "Administrator approved", "Data": "65536" }, { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_PolicyScriptActiveXMarkedSafe_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Script ActiveX controls marked safe for scripting", "ExplainText": "This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.\n\nIf you enable this policy setting, script interaction can occur automatically without user intervention.\n\nIf you select Prompt in the drop-down box, users are queried to choose whether to allow script interaction.\n\nIf you disable this policy setting, script interaction is prevented from occurring.\n\nIf you do not configure this policy setting, script interaction can occur automatically without user intervention.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1405", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_PolicyAntiMalwareCheckingOfActiveXControls_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11 - At least Internet Explorer 11.0", "DisplayName": "Don't run antimalware programs against ActiveX controls", "ExplainText": "This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.\n\nIf you enable this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.\n\nIf you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.\n\nIf you don't configure this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "270C", "Items": [ { "DisplayName": "Enable", "Data": "3" }, { "DisplayName": "Disable", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_PolicyScriptActiveXNotMarkedSafe_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Initialize and script ActiveX controls not marked as safe", "ExplainText": "This policy setting allows you to manage ActiveX controls not marked as safe.\n\nIf you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.\n\nIf you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.\n\nIf you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.\n\nIf you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1201", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_PolicyScriptingOfJavaApplets_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Scripting of Java applets", "ExplainText": "This policy setting allows you to manage whether applets are exposed to scripts within the zone.\n\nIf you enable this policy setting, scripts can access applets automatically without user intervention.\n\nIf you select Prompt in the drop-down box, users are queried to choose whether to allow scripts to access applets.\n\nIf you disable this policy setting, scripts are prevented from accessing applets.\n\nIf you do not configure this policy setting, scripts can access applets automatically without user intervention.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1402", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_PolicySignedFrameworkComponentsURLaction_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Run .NET Framework-reliant components signed with Authenticode", "ExplainText": "This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.\n\nIf you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components.\n\nIf you disable this policy setting, Internet Explorer will not execute signed managed components.\n\nIf you do not configure this policy setting, Internet Explorer will not execute signed managed components.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "2001", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_PolicySoftwareChannelPermissions_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2_IE7 - Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive", "DisplayName": "Software channel permissions", "ExplainText": "This policy setting allows you to manage software channel permissions.\n\nIf you enable this policy setting, you can choose the following options from the drop-down box.\n\nLow safety to allow users to be notified of software updates by e-mail, software packages to be automatically downloaded to users' computers, and software packages to be automatically installed on users' computers.\n\nMedium safety to allow users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' computers.\n\nHigh safety to prevent users from being notified of software updates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatically installed on users' computers.\n\nIf you disable this policy setting, permissions are set to high safety.\n\nIf you do not configure this policy setting, permissions are set to Low safety.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1E05", "Items": [ { "DisplayName": "High safety", "Data": "65536" }, { "DisplayName": "Medium safety", "Data": "131072" }, { "DisplayName": "Low safety", "Data": "196608" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_PolicySubmitNonencryptedFormData_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Submit non-encrypted form data", "ExplainText": "This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.\n\nIf you enable this policy setting, information using HTML forms on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted.\n\nIf you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted.\n\nIf you do not configure this policy setting, information using HTML forms on pages in this zone can be submitted automatically.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1601", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_PolicyUnsignedFrameworkComponentsURLaction_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Run .NET Framework-reliant components not signed with Authenticode", "ExplainText": "This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.\n\nIf you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.\n\nIf you disable this policy setting, Internet Explorer will not execute unsigned managed components.\n\nIf you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "2004", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_PolicyUserdataPersistence_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Userdata persistence", "ExplainText": "This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.\n\nIf you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.\n\nIf you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.\n\nIf you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "1606", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_PolicyWindowsRestrictionsURLaction_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow script-initiated windows without size or position constraints", "ExplainText": "This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.\n\nIf you enable this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature.\n\nIf you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.\n\nIf you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "2102", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_PolicyZoneElevationURLaction_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Web sites in less privileged Web content zones can navigate into this zone", "ExplainText": "This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.\n\nIf you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.\n\nIf you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.\n\nIf you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "2101", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_PolicyAllowVBScript_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11 - At least Internet Explorer 11.0", "DisplayName": "Allow VBScript to run in Internet Explorer", "ExplainText": "This policy setting allows you to manage whether VBScript can be run on pages from the specified zone in Internet Explorer.\n\nIf you selected Enable in the drop-down box, VBScript can run without user intervention.\n\nIf you selected Prompt in the drop-down box, users are asked to choose whether to allow VBScript to run.\n\nIf you selected Disable in the drop-down box, VBScript is prevented from running.\n\nIf you do not configure or disable this policy setting, users are asked to choose whether to allow VBScript to run.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Elements": [ { "Type": "Enum", "ValueName": "140C", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_Policy_AddressStatusBar_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow websites to open windows without status bar or Address bar", "ExplainText": "This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.\n\nIf you enable this policy setting, websites can open new Internet Explorer windows that have no status bar or Address bar.\n\nIf you disable this policy setting, websites cannot open new Internet Explorer windows that have no status bar or Address bar.\n\nIf you do not configure this policy setting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "2104", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_Policy_AllowDynsrcPlayback_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow video and animation on a webpage that uses an older media player", "ExplainText": "This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed, because this involves external controls or media players.\n\nThe dynsrc attribute on the img tag specifies an older media player. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files.\n\nIf you enable this policy setting, video and animation can be played through older media players in specified zones.\n\nIf you disable this policy setting, video and animation cannot be played through older media players.\n\nIf you do not configure this policy setting, video and animation can be played through older media players in specified zones.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "120A", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_Policy_AllowScriptlets_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow scriptlets", "ExplainText": "This policy setting allows you to manage whether the user can run scriptlets.\n\nIf you enable this policy setting, the user can run scriptlets.\n\nIf you disable this policy setting, the user cannot run scriptlets.\n\nIf you do not configure this policy setting, the user can enable or disable scriptlets.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1209", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_Policy_FirstRunOptIn_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn off first-run prompt", "ExplainText": "This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer, he or she may be prompted to approve the control. This policy setting determines whether the user is prompted.\n\nIf you enable this policy setting, the first-run prompt is turned off in the corresponding zone.\n\nIf you disable this policy setting, the first-run prompt is turned on in the corresponding zone.\n\nIf you do not configure this policy setting, the first-run prompt is turned on by default.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1208", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_Policy_LocalPathForUpload_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Include local path when user is uploading files to a server", "ExplainText": "This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent, some information may be unintentionally revealed to the server. For instance, files sent from the user's desktop may contain the user name as a part of the path.\n\nIf you enable this policy setting, path information is sent when the user is uploading a file via an HTML form.\n\nIf you disable this policy setting, path information is removed when the user is uploading a file via an HTML form.\n\nIf you do not configure this policy setting, the user can choose whether path information is sent when he or she is uploading a file via an HTML form. By default, path information is sent.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "160A", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_Policy_Phishing_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn on SmartScreen Filter scan", "ExplainText": "This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.\n\nIf you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.\n\nIf you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.\n\nIf you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.\n\nNote: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "2301", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_Policy_ScriptPrompt_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow websites to prompt for information by using scripted windows", "ExplainText": "This policy setting determines whether scripted windows are automatically displayed.\n\nIf you enable this policy setting, scripted windows are displayed.\n\nIf you disable this policy setting, the user must choose to display any scripted windows by using the Notification bar.\n\nIf you do not configure this policy setting, the user can enable or disable the Notification bar behavior.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "2105", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_Policy_ScriptStatusBar_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow updates to status bar via script", "ExplainText": "This policy setting allows you to manage whether script is allowed to update the status bar within the zone.\n\nIf you enable this policy setting, script is allowed to update the status bar.\n\nIf you disable or do not configure this policy setting, script is allowed to update the status bar.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "2103", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_Policy_TurnOnProtectedMode_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7VISTA - At least Internet Explorer 7.0 in Windows Vista", "DisplayName": "Turn on Protected Mode", "ExplainText": "This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.\n\nIf you enable this policy setting, Protected Mode is turned on. The user cannot turn off Protected Mode.\n\nIf you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode.\n\nIf you do not configure this policy setting, the user can turn on or turn off Protected Mode.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "2500", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_Policy_UnsafeFiles_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Show security warning for potentially unsafe files", "ExplainText": "This policy setting controls whether or not the \"Open File - Security Warning\" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer, for example).\n\nIf you enable this policy setting and set the drop-down box to Enable, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open.\n\nIf you disable this policy setting, these files do not open.\n\nIf you do not configure this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zones.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1806", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_Policy_WebBrowserApps_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow loading of XAML Browser Applications", "ExplainText": "This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOnce-deployed applications built via WinFX. These applications run in a security sandbox and take advantage of the Windows Presentation Foundation platform for the web.\n\nIf you enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs.\n\nIf you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this behavior.\n\nIf you do not configure this policy setting, the user can decide whether to load XBAPs inside Internet Explorer.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "2400", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_Policy_WebBrowserControl_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow scripting of Internet Explorer WebBrowser controls", "ExplainText": "This policy setting determines whether a page can control embedded WebBrowser controls via script.\n\nIf you enable this policy setting, script access to the WebBrowser control is allowed.\n\nIf you disable this policy setting, script access to the WebBrowser control is not allowed.\n\nIf you do not configure this policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control is allowed only in the Local Machine and Intranet zones.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1206", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_Policy_WinFXRuntimeComponent_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn off .NET Framework Setup", "ExplainText": "This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.\n\nIf you enable this policy setting, .NET Framework Setup is turned off. The user cannot change this behavior.\n\nIf you disable this policy setting, .NET Framework Setup is turned on. The user cannot change this behavior.\n\nIf you do not configure this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "2600", "Items": [ { "DisplayName": "Enable", "Data": "3" }, { "DisplayName": "Disable", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_Policy_XAML_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow loading of XAML files", "ExplainText": "This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.\n\nIf you enable this policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files.\n\nIf you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this behavior.\n\nIf you do not configure this policy setting, the user can decide whether to load XAML files inside Internet Explorer.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "2402", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_Policy_XPS_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow loading of XPS files", "ExplainText": "This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms, devices, and applications.\n\nIf you enable this policy setting and set the drop-down box to Enable, XPS files are automatically loaded inside Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS files.\n\nIf you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot change this behavior.\n\nIf you do not configure this policy setting, the user can decide whether to load XPS files inside Internet Explorer.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "2401", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_PolicyAccessDataSourcesAcrossDomains_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Access data sources across domains", "ExplainText": "This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).\n\nIf you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.\n\nIf you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.\n\nIf you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1406", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_PolicyActiveScripting_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow active scripting", "ExplainText": "This policy setting allows you to manage whether script code on pages in the zone is run.\n\nIf you enable this policy setting, script code on pages in the zone can run automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow script code on pages in the zone to run.\n\nIf you disable this policy setting, script code on pages in the zone is prevented from running.\n\nIf you do not configure this policy setting, script code on pages in the zone can run automatically.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1400", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_PolicyAllowMETAREFRESH_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow META REFRESH", "ExplainText": "This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.\n\nIf you enable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page.\n\nIf you disable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page.\n\nIf you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1608", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_PolicyAllowPasteViaScript_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow cut, copy or paste operations from the clipboard via script", "ExplainText": "This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region.\n\nIf you enable this policy setting, a script can perform a clipboard operation.\n\nIf you select Prompt in the drop-down box, users are queried as to whether to perform clipboard operations.\n\nIf you disable this policy setting, a script cannot perform a clipboard operation.\n\nIf you do not configure this policy setting, a script can perform a clipboard operation.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1407", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_PolicyBinaryBehaviors_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow binary and script behaviors", "ExplainText": "This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.\n\nIf you enable this policy setting, binary and script behaviors are available. If you select Administrator approved in the drop-down box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.\n\nIf you disable this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager.\n\nIf you do not configure this policy setting, binary and script behaviors are available.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "2000", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Administrator approved", "Data": "65536" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_PolicyBlockPopupWindows_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Use Pop-up Blocker", "ExplainText": "This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.\n\nIf you enable this policy setting, most unwanted pop-up windows are prevented from appearing.\n\nIf you disable this policy setting, pop-up windows are not prevented from appearing.\n\nIf you do not configure this policy setting, pop-up windows are not prevented from appearing.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1809", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_PolicyDisplayMixedContent_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Display mixed content", "ExplainText": "This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.\n\nIf you enable this policy setting, and the drop-down box is set to Enable, the user does not receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure items?) and nonsecure content can be displayed.\n\nIf the drop-down box is set to Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content.\n\nIf you disable this policy setting, users cannot receive the security information message and nonsecure content cannot be displayed.\n\nIf you do not configure this policy setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1609", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_PolicyDownloadSignedActiveX_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Download signed ActiveX controls", "ExplainText": "This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.\n\nIf you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.\n\nIf you disable the policy setting, signed controls cannot be downloaded.\n\nIf you do not configure this policy setting, users can download signed controls without user intervention.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1001", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_PolicyDownloadUnsignedActiveX_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Download unsigned ActiveX controls", "ExplainText": "This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.\n\nIf you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run.\n\nIf you disable this policy setting, users cannot run unsigned controls.\n\nIf you do not configure this policy setting, users can run unsigned controls without user intervention.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1004", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_PolicyDropOrPasteFiles_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow drag and drop or copy and paste files", "ExplainText": "This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.\n\nIf you enable this policy setting, users can drag files or copy and paste files from this zone automatically. If you select Prompt in the drop-down box, users are queried to choose whether to drag or copy files from this zone.\n\nIf you disable this policy setting, users are prevented from dragging files or copying and pasting files from this zone.\n\nIf you do not configure this policy setting, users can drag files or copy and paste files from this zone automatically.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1802", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_PolicyRenderLegacyFilters_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE10 - At least Internet Explorer 10.0", "DisplayName": "Render legacy filters", "ExplainText": "This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.\n\nIf you enable this policy setting, you can control whether or not Internet Explorer renders legacy filters by selecting Enable, or Disable, under Options in Group Policy Editor.\n\nIf you disable, or do not configure this policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Internet Options dialog box. Filters are not rendered by default in this zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "270B", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_PolicyFileDownload_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow file downloads", "ExplainText": "This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download, not the zone from which the file is delivered.\n\nIf you enable this policy setting, files can be downloaded from the zone.\n\nIf you disable this policy setting, files are prevented from being downloaded from the zone.\n\nIf you do not configure this policy setting, files can be downloaded from the zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1803", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_PolicyFontDownload_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow font downloads", "ExplainText": "This policy setting allows you to manage whether pages of the zone may download HTML fonts.\n\nIf you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.\n\nIf you disable this policy setting, HTML fonts are prevented from downloading.\n\nIf you do not configure this policy setting, HTML fonts can be downloaded automatically.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1604", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_PolicyInstallDesktopItems_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2_IE8 - Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive", "DisplayName": "Allow installation of desktop items", "ExplainText": "This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting, users can install desktop items from this zone automatically.\n\nIf you select Prompt in the drop-down box, users are queried to choose whether to install desktop items from this zone.\n\nIf you disable this policy setting, users are prevented from installing desktop items from this zone.\n\nIf you do not configure this policy setting, users can install desktop items from this zone automatically.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1800", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_PolicyJavaPermissions_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Java permissions", "ExplainText": "This policy setting allows you to manage permissions for Java applets.\n\nIf you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.\n\nLow Safety enables applets to perform all operations.\n\nMedium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.\n\nHigh Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.\n\nIf you disable this policy setting, Java applets cannot run.\n\nIf you do not configure this policy setting, the permission is set to Medium Safety.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1C00", "Items": [ { "DisplayName": "High safety", "Data": "65536" }, { "DisplayName": "Medium safety", "Data": "131072" }, { "DisplayName": "Low safety", "Data": "196608" }, { "DisplayName": "Custom", "Data": "8388608" }, { "DisplayName": "Disable Java", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_PolicyLaunchAppsAndFilesInIFRAME_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Launching applications and files in an IFRAME", "ExplainText": "This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.\n\nIf you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.\n\nIf you disable this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.\n\nIf you do not configure this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1804", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_PolicyLogon_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Logon options", "ExplainText": "This policy setting allows you to manage settings for logon options.\n\nIf you enable this policy setting, you can choose from the following logon options.\n\nAnonymous logon to disable HTTP authentication and use the guest account only for the Common Internet File System (CIFS) protocol.\n\nPrompt for user name and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder of the session.\n\nAutomatic logon only in Intranet zone to query users for user IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session.\n\nAutomatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supported by the server, the user is queried to provide the user name and password.\n\nIf you disable this policy setting, logon is set to Automatic logon only in Intranet zone.\n\nIf you do not configure this policy setting, logon is set to Automatic logon with current username and password.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1A00", "Items": [ { "DisplayName": "Anonymous logon", "Data": "196608" }, { "DisplayName": "Automatic logon only in Intranet zone", "Data": "131072" }, { "DisplayName": "Automatic logon with current username and password", "Data": "0" }, { "DisplayName": "Prompt for user name and password", "Data": "65536" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_PolicyMimeSniffingURLaction_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Enable MIME Sniffing", "ExplainText": "This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.\n\nIf you enable this policy setting, the MIME Sniffing Safety Feature will not apply in this zone. The security zone will run without the added layer of security provided by this feature.\n\nIf you disable this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process.\n\nIf you do not configure this policy setting, the MIME Sniffing Safety Feature will not apply in this zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "2100", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_LocalMachine", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Enable dragging of content from different domains within a window", "ExplainText": "This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.\n\nIf you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting.\n\nIf you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog.\n\nIn Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialog.\n\nIn Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "2708", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_LocalMachine", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Enable dragging of content from different domains across windows", "ExplainText": "This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.\n\nIf you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting.\n\nIf you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain when both the source and destination are in different windows. Users cannot change this setting.\n\nIn Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are in different windows. Users can change this setting in the Internet Options dialog.\n\nIn Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "2709", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_PolicyNavigateSubframesAcrossDomains_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Navigate windows and frames across different domains", "ExplainText": "This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.\n\nIf you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.\n\nIf you disable this policy setting, users cannot open windows and frames to access applications from different domains.\n\nIf you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1607", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_PolicyNetworkProtocolLockdown_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow active content over restricted protocols to access my computer", "ExplainText": "This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script, ActiveX, Java and Binary Behaviors. The list of restricted protocols may be set in the Intranet Zone Restricted Protocols section under Network Protocol Lockdown policy.\n\nIf you enable this policy setting, no Intranet Zone content accessed is affected, even for protocols on the restricted list. If you select Prompt from the drop-down box, the Notification bar will appear to allow control over questionable content accessed over any restricted protocols; content over other protocols is unaffected.\n\nIf you disable this policy setting, all attempts to access such content over the restricted protocols is blocked.\n\nIf you do not configure this policy setting, the Notification bar will appear to allow control over questionable content accessed over any restricted protocols when the Network Protocol Lockdown security feature is enabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "2300", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_PolicyNoPromptForOneOrNoClientCertificate_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Do not prompt for client certificate selection when no certificates or only one certificate exists.", "ExplainText": "This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.\n\nIf you enable this policy setting, Internet Explorer does not prompt users with a \"Client Authentication\" message when they connect to a Web site that has no certificate or only one certificate.\n\nIf you disable this policy setting, Internet Explorer prompts users with a \"Client Authentication\" message when they connect to a Web site that has no certificate or only one certificate.\n\nIf you do not configure this policy setting, Internet Explorer does not prompt users with a \"Client Authentication\" message when they connect to a Web site that has no certificate or only one certificate.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1A04", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_PolicyNotificationBarActiveXURLaction_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Automatic prompting for ActiveX controls", "ExplainText": "This policy setting manages whether users will be automatically prompted for ActiveX control installations.\n\nIf you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.\n\nIf you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.\n\nIf you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "2201", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_PolicyNotificationBarDownloadURLaction_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Automatic prompting for file downloads", "ExplainText": "This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.\n\nIf you enable this setting, users will receive a file download dialog for automatic download attempts.\n\nIf you disable or do not configure this setting, users will receive a file download dialog for automatic download attempts.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "2200", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_PolicyRunActiveXControls_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Run ActiveX controls and plugins", "ExplainText": "This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.\n\nIf you enable this policy setting, controls and plug-ins can run without user intervention.\n\nIf you selected Prompt in the drop-down box, users are asked to choose whether to allow the controls or plug-in to run.\n\nIf you disable this policy setting, controls and plug-ins are prevented from running.\n\nIf you do not configure this policy setting, controls and plug-ins can run without user intervention.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1200", "Items": [ { "DisplayName": "Administrator approved", "Data": "65536" }, { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_PolicyScriptActiveXMarkedSafe_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Script ActiveX controls marked safe for scripting", "ExplainText": "This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.\n\nIf you enable this policy setting, script interaction can occur automatically without user intervention.\n\nIf you select Prompt in the drop-down box, users are queried to choose whether to allow script interaction.\n\nIf you disable this policy setting, script interaction is prevented from occurring.\n\nIf you do not configure this policy setting, script interaction can occur automatically without user intervention.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1405", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_PolicyAntiMalwareCheckingOfActiveXControls_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11 - At least Internet Explorer 11.0", "DisplayName": "Don't run antimalware programs against ActiveX controls", "ExplainText": "This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.\n\nIf you enable this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.\n\nIf you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.\n\nIf you don't configure this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "270C", "Items": [ { "DisplayName": "Enable", "Data": "3" }, { "DisplayName": "Disable", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_PolicyScriptActiveXNotMarkedSafe_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Initialize and script ActiveX controls not marked as safe", "ExplainText": "This policy setting allows you to manage ActiveX controls not marked as safe.\n\nIf you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.\n\nIf you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.\n\nIf you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.\n\nIf you do not configure this policy setting, users are queried whether to allow the control to be loaded with parameters or scripted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1201", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_PolicyScriptingOfJavaApplets_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Scripting of Java applets", "ExplainText": "This policy setting allows you to manage whether applets are exposed to scripts within the zone.\n\nIf you enable this policy setting, scripts can access applets automatically without user intervention.\n\nIf you select Prompt in the drop-down box, users are queried to choose whether to allow scripts to access applets.\n\nIf you disable this policy setting, scripts are prevented from accessing applets.\n\nIf you do not configure this policy setting, scripts can access applets automatically without user intervention.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1402", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_PolicySignedFrameworkComponentsURLaction_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Run .NET Framework-reliant components signed with Authenticode", "ExplainText": "This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.\n\nIf you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components.\n\nIf you disable this policy setting, Internet Explorer will not execute signed managed components.\n\nIf you do not configure this policy setting, Internet Explorer will not execute signed managed components.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "2001", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_PolicySoftwareChannelPermissions_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2_IE7 - Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive", "DisplayName": "Software channel permissions", "ExplainText": "This policy setting allows you to manage software channel permissions.\n\nIf you enable this policy setting, you can choose the following options from the drop-down box.\n\nLow safety to allow users to be notified of software updates by e-mail, software packages to be automatically downloaded to users' computers, and software packages to be automatically installed on users' computers.\n\nMedium safety to allow users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' computers.\n\nHigh safety to prevent users from being notified of software updates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatically installed on users' computers.\n\nIf you disable this policy setting, permissions are set to high safety.\n\nIf you do not configure this policy setting, permissions are set to Low safety.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1E05", "Items": [ { "DisplayName": "High safety", "Data": "65536" }, { "DisplayName": "Medium safety", "Data": "131072" }, { "DisplayName": "Low safety", "Data": "196608" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_PolicySubmitNonencryptedFormData_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Submit non-encrypted form data", "ExplainText": "This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.\n\nIf you enable this policy setting, information using HTML forms on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted.\n\nIf you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted.\n\nIf you do not configure this policy setting, information using HTML forms on pages in this zone can be submitted automatically.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1601", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_PolicyUnsignedFrameworkComponentsURLaction_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Run .NET Framework-reliant components not signed with Authenticode", "ExplainText": "This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.\n\nIf you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.\n\nIf you disable this policy setting, Internet Explorer will not execute unsigned managed components.\n\nIf you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "2004", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_PolicyUserdataPersistence_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Userdata persistence", "ExplainText": "This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.\n\nIf you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.\n\nIf you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.\n\nIf you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1606", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_PolicyWindowsRestrictionsURLaction_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow script-initiated windows without size or position constraints", "ExplainText": "This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.\n\nIf you enable this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature.\n\nIf you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.\n\nIf you do not configure this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "2102", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_PolicyZoneElevationURLaction_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Web sites in less privileged Web content zones can navigate into this zone", "ExplainText": "This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.\n\nIf you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.\n\nIf you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.\n\nIf you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "2101", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_PolicyAllowVBScript_9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11 - At least Internet Explorer 11.0", "DisplayName": "Allow VBScript to run in Internet Explorer", "ExplainText": "This policy setting allows you to manage whether VBScript can be run on pages from the specified zone in Internet Explorer.\n\nIf you selected Enable in the drop-down box, VBScript can run without user intervention.\n\nIf you selected Prompt in the drop-down box, users are asked to choose whether to allow VBScript to run.\n\nIf you selected Disable in the drop-down box, VBScript is prevented from running.\n\nIf you do not configure or disable this policy setting, VBScript will run without user intervention.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "140C", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_Policy_AddressStatusBar_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow websites to open windows without status bar or Address bar", "ExplainText": "This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.\n\nIf you enable this policy setting, websites can open new Internet Explorer windows that have no status bar or Address bar.\n\nIf you disable this policy setting, websites cannot open new Internet Explorer windows that have no status bar or Address bar.\n\nIf you do not configure this policy setting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "2104", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_Policy_AllowDynsrcPlayback_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow video and animation on a webpage that uses an older media player", "ExplainText": "This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed, because this involves external controls or media players.\n\nThe dynsrc attribute on the img tag specifies an older media player. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files.\n\nIf you enable this policy setting, video and animation can be played through older media players in specified zones.\n\nIf you disable this policy setting, video and animation cannot be played through older media players.\n\nIf you do not configure this policy setting, video and animation can be played through older media players in specified zones.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "120A", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_Policy_AllowScriptlets_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow scriptlets", "ExplainText": "This policy setting allows you to manage whether the user can run scriptlets.\n\nIf you enable this policy setting, the user can run scriptlets.\n\nIf you disable this policy setting, the user cannot run scriptlets.\n\nIf you do not configure this policy setting, the user can enable or disable scriptlets.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1209", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_Policy_FirstRunOptIn_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn off first-run prompt", "ExplainText": "This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer, he or she may be prompted to approve the control. This policy setting determines whether the user is prompted.\n\nIf you enable this policy setting, the first-run prompt is turned off in the corresponding zone.\n\nIf you disable this policy setting, the first-run prompt is turned on in the corresponding zone.\n\nIf you do not configure this policy setting, the first-run prompt is turned off by default.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1208", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_Policy_LocalPathForUpload_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Include local path when user is uploading files to a server", "ExplainText": "This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent, some information may be unintentionally revealed to the server. For instance, files sent from the user's desktop may contain the user name as a part of the path.\n\nIf you enable this policy setting, path information is sent when the user is uploading a file via an HTML form.\n\nIf you disable this policy setting, path information is removed when the user is uploading a file via an HTML form.\n\nIf you do not configure this policy setting, the user can choose whether path information is sent when he or she is uploading a file via an HTML form. By default, path information is sent.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "160A", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_Policy_Phishing_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn on SmartScreen Filter scan", "ExplainText": "This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.\n\nIf you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.\n\nIf you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.\n\nIf you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.\n\nNote: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "2301", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_Policy_ScriptPrompt_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow websites to prompt for information by using scripted windows", "ExplainText": "This policy setting determines whether scripted windows are automatically displayed.\n\nIf you enable this policy setting, scripted windows are displayed.\n\nIf you disable this policy setting, the user must choose to display any scripted windows by using the Notification bar.\n\nIf you do not configure this policy setting, the user can enable or disable the Notification bar behavior.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "2105", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_Policy_ScriptStatusBar_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow updates to status bar via script", "ExplainText": "This policy setting allows you to manage whether script is allowed to update the status bar within the zone.\n\nIf you enable this policy setting, script is allowed to update the status bar.\n\nIf you disable or do not configure this policy setting, script is not allowed to update the status bar.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "2103", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_Policy_TurnOnProtectedMode_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7VISTA - At least Internet Explorer 7.0 in Windows Vista", "DisplayName": "Turn on Protected Mode", "ExplainText": "This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.\n\nIf you enable this policy setting, Protected Mode is turned on. The user cannot turn off Protected Mode.\n\nIf you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode.\n\nIf you do not configure this policy setting, the user can turn on or turn off Protected Mode.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "2500", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_Policy_UnsafeFiles_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Show security warning for potentially unsafe files", "ExplainText": "This policy setting controls whether or not the \"Open File - Security Warning\" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer, for example).\n\nIf you enable this policy setting and set the drop-down box to Enable, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open.\n\nIf you disable this policy setting, these files do not open.\n\nIf you do not configure this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zones.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1806", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_Policy_WebBrowserApps_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow loading of XAML Browser Applications", "ExplainText": "This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOnce-deployed applications built via WinFX. These applications run in a security sandbox and take advantage of the Windows Presentation Foundation platform for the web.\n\nIf you enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs.\n\nIf you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this behavior.\n\nIf you do not configure this policy setting, the user can decide whether to load XBAPs inside Internet Explorer.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "2400", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_Policy_WebBrowserControl_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow scripting of Internet Explorer WebBrowser controls", "ExplainText": "This policy setting determines whether a page can control embedded WebBrowser controls via script.\n\nIf you enable this policy setting, script access to the WebBrowser control is allowed.\n\nIf you disable this policy setting, script access to the WebBrowser control is not allowed.\n\nIf you do not configure this policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control is allowed only in the Local Machine and Intranet zones.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1206", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_Policy_WinFXRuntimeComponent_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn off .NET Framework Setup", "ExplainText": "This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.\n\nIf you enable this policy setting, .NET Framework Setup is turned off. The user cannot change this behavior.\n\nIf you disable this policy setting, .NET Framework Setup is turned on. The user cannot change this behavior.\n\nIf you do not configure this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "2600", "Items": [ { "DisplayName": "Enable", "Data": "3" }, { "DisplayName": "Disable", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_Policy_XAML_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow loading of XAML files", "ExplainText": "This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.\n\nIf you enable this policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files.\n\nIf you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this behavior.\n\nIf you do not configure this policy setting, the user can decide whether to load XAML files inside Internet Explorer.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "2402", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_Policy_XPS_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow loading of XPS files", "ExplainText": "This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms, devices, and applications.\n\nIf you enable this policy setting and set the drop-down box to Enable, XPS files are automatically loaded inside Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS files.\n\nIf you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot change this behavior.\n\nIf you do not configure this policy setting, the user can decide whether to load XPS files inside Internet Explorer.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "2401", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_PolicyAccessDataSourcesAcrossDomains_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Access data sources across domains", "ExplainText": "This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).\n\nIf you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.\n\nIf you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.\n\nIf you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1406", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_PolicyActiveScripting_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow active scripting", "ExplainText": "This policy setting allows you to manage whether script code on pages in the zone is run.\n\nIf you enable this policy setting, script code on pages in the zone can run automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow script code on pages in the zone to run.\n\nIf you disable this policy setting, script code on pages in the zone is prevented from running.\n\nIf you do not configure this policy setting, users are queried to choose whether to allow script code on pages in the Local Machine zone to run.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1400", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_PolicyAllowMETAREFRESH_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow META REFRESH", "ExplainText": "This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.\n\nIf you enable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page.\n\nIf you disable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page.\n\nIf you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1608", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_PolicyAllowPasteViaScript_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow cut, copy or paste operations from the clipboard via script", "ExplainText": "This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region.\n\nIf you enable this policy setting, a script can perform a clipboard operation.\n\nIf you select Prompt in the drop-down box, users are queried as to whether to perform clipboard operations.\n\nIf you disable this policy setting, a script cannot perform a clipboard operation.\n\nIf you do not configure this policy setting, a script can perform a clipboard operation.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1407", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_PolicyBinaryBehaviors_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow binary and script behaviors", "ExplainText": "This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.\n\nIf you enable this policy setting, binary and script behaviors are available. If you select Administrator approved in the drop-down box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.\n\nIf you disable this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager.\n\nIf you do not configure this policy setting, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "2000", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Administrator approved", "Data": "65536" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_PolicyBlockPopupWindows_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Use Pop-up Blocker", "ExplainText": "This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.\n\nIf you enable this policy setting, most unwanted pop-up windows are prevented from appearing.\n\nIf you disable this policy setting, pop-up windows are not prevented from appearing.\n\nIf you do not configure this policy setting, pop-up windows are not prevented from appearing.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1809", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_PolicyDisplayMixedContent_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Display mixed content", "ExplainText": "This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.\n\nIf you enable this policy setting, and the drop-down box is set to Enable, the user does not receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure items?) and nonsecure content can be displayed.\n\nIf the drop-down box is set to Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content.\n\nIf you disable this policy setting, users cannot receive the security information message and nonsecure content cannot be displayed.\n\nIf you do not configure this policy setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1609", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_PolicyDownloadSignedActiveX_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Download signed ActiveX controls", "ExplainText": "This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.\n\nIf you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.\n\nIf you disable the policy setting, signed controls cannot be downloaded.\n\nIf you do not configure this policy setting, users can download signed controls without user intervention.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1001", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_PolicyDownloadUnsignedActiveX_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Download unsigned ActiveX controls", "ExplainText": "This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.\n\nIf you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run.\n\nIf you disable this policy setting, users cannot run unsigned controls.\n\nIf you do not configure this policy setting, users cannot run unsigned controls.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1004", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_PolicyDropOrPasteFiles_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow drag and drop or copy and paste files", "ExplainText": "This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.\n\nIf you enable this policy setting, users can drag files or copy and paste files from this zone automatically. If you select Prompt in the drop-down box, users are queried to choose whether to drag or copy files from this zone.\n\nIf you disable this policy setting, users are prevented from dragging files or copying and pasting files from this zone.\n\nIf you do not configure this policy setting, users can drag files or copy and paste files from this zone automatically.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1802", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_PolicyRenderLegacyFilters_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE10 - At least Internet Explorer 10.0", "DisplayName": "Render legacy filters", "ExplainText": "This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.\n\nIf you enable this policy setting, you can control whether or not Internet Explorer renders legacy filters by selecting Enable, or Disable, under Options in Group Policy Editor.\n\nIf you disable, or do not configure this policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Internet Options dialog box. Filters are not rendered by default in this zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "270B", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_PolicyFileDownload_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow file downloads", "ExplainText": "This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download, not the zone from which the file is delivered.\n\nIf you enable this policy setting, files can be downloaded from the zone.\n\nIf you disable this policy setting, files are prevented from being downloaded from the zone.\n\nIf you do not configure this policy setting, files can be downloaded from the zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1803", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_PolicyFontDownload_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow font downloads", "ExplainText": "This policy setting allows you to manage whether pages of the zone may download HTML fonts.\n\nIf you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.\n\nIf you disable this policy setting, HTML fonts are prevented from downloading.\n\nIf you do not configure this policy setting, HTML fonts can be downloaded automatically.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1604", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_PolicyInstallDesktopItems_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2_IE8 - Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive", "DisplayName": "Allow installation of desktop items", "ExplainText": "This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting, users can install desktop items from this zone automatically.\n\nIf you select Prompt in the drop-down box, users are queried to choose whether to install desktop items from this zone.\n\nIf you disable this policy setting, users are prevented from installing desktop items from this zone.\n\nIf you do not configure this policy setting, users can install desktop items from this zone automatically.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1800", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_PolicyJavaPermissions_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Java permissions", "ExplainText": "This policy setting allows you to manage permissions for Java applets.\n\nIf you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.\n\nLow Safety enables applets to perform all operations.\n\nMedium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.\n\nHigh Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.\n\nIf you disable this policy setting, Java applets cannot run.\n\nIf you do not configure this policy setting, Java applets are disabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1C00", "Items": [ { "DisplayName": "High safety", "Data": "65536" }, { "DisplayName": "Medium safety", "Data": "131072" }, { "DisplayName": "Low safety", "Data": "196608" }, { "DisplayName": "Custom", "Data": "8388608" }, { "DisplayName": "Disable Java", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_PolicyLaunchAppsAndFilesInIFRAME_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Launching applications and files in an IFRAME", "ExplainText": "This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.\n\nIf you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.\n\nIf you disable this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.\n\nIf you do not configure this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1804", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_PolicyLogon_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Logon options", "ExplainText": "This policy setting allows you to manage settings for logon options.\n\nIf you enable this policy setting, you can choose from the following logon options.\n\nAnonymous logon to disable HTTP authentication and use the guest account only for the Common Internet File System (CIFS) protocol.\n\nPrompt for user name and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder of the session.\n\nAutomatic logon only in Intranet zone to query users for user IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session.\n\nAutomatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supported by the server, the user is queried to provide the user name and password.\n\nIf you disable this policy setting, logon is set to Automatic logon only in Intranet zone.\n\nIf you do not configure this policy setting, logon is set to Automatic logon with current username and password.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1A00", "Items": [ { "DisplayName": "Anonymous logon", "Data": "196608" }, { "DisplayName": "Automatic logon only in Intranet zone", "Data": "131072" }, { "DisplayName": "Automatic logon with current username and password", "Data": "0" }, { "DisplayName": "Prompt for user name and password", "Data": "65536" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_PolicyMimeSniffingURLaction_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Enable MIME Sniffing", "ExplainText": "This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.\n\nIf you enable this policy setting, the MIME Sniffing Safety Feature will not apply in this zone. The security zone will run without the added layer of security provided by this feature.\n\nIf you disable this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process.\n\nIf you do not configure this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "2100", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_LocalMachineLockdown", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Enable dragging of content from different domains within a window", "ExplainText": "This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.\n\nIf you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting.\n\nIf you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog.\n\nIn Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialog.\n\nIn Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "2708", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_LocalMachineLockdown", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Enable dragging of content from different domains across windows", "ExplainText": "This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.\n\nIf you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting.\n\nIf you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain when both the source and destination are in different windows. Users cannot change this setting.\n\nIn Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are in different windows. Users can change this setting in the Internet Options dialog.\n\nIn Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "2709", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_PolicyNavigateSubframesAcrossDomains_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Navigate windows and frames across different domains", "ExplainText": "This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.\n\nIf you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.\n\nIf you disable this policy setting, users cannot open windows and frames to access applications from different domains.\n\nIf you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1607", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_PolicyNoPromptForOneOrNoClientCertificate_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Do not prompt for client certificate selection when no certificates or only one certificate exists.", "ExplainText": "This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.\n\nIf you enable this policy setting, Internet Explorer does not prompt users with a \"Client Authentication\" message when they connect to a Web site that has no certificate or only one certificate.\n\nIf you disable this policy setting, Internet Explorer prompts users with a \"Client Authentication\" message when they connect to a Web site that has no certificate or only one certificate.\n\nIf you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1A04", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_PolicyNotificationBarActiveXURLaction_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Automatic prompting for ActiveX controls", "ExplainText": "This policy setting manages whether users will be automatically prompted for ActiveX control installations.\n\nIf you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.\n\nIf you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.\n\nIf you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "2201", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_PolicyNotificationBarDownloadURLaction_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Automatic prompting for file downloads", "ExplainText": "This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.\n\nIf you enable this setting, users will receive a file download dialog for automatic download attempts.\n\nIf you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "2200", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_PolicyRunActiveXControls_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Run ActiveX controls and plugins", "ExplainText": "This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.\n\nIf you enable this policy setting, controls and plug-ins can run without user intervention.\n\nIf you selected Prompt in the drop-down box, users are asked to choose whether to allow the controls or plug-in to run.\n\nIf you disable this policy setting, controls and plug-ins are prevented from running.\n\nIf you do not configure this policy setting, controls and plug-ins are prevented from running.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1200", "Items": [ { "DisplayName": "Administrator approved", "Data": "65536" }, { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_PolicyScriptActiveXMarkedSafe_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Script ActiveX controls marked safe for scripting", "ExplainText": "This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.\n\nIf you enable this policy setting, script interaction can occur automatically without user intervention.\n\nIf you select Prompt in the drop-down box, users are queried to choose whether to allow script interaction.\n\nIf you disable this policy setting, script interaction is prevented from occurring.\n\nIf you do not configure this policy setting, script interaction can occur automatically without user intervention.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1405", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_PolicyAntiMalwareCheckingOfActiveXControls_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11 - At least Internet Explorer 11.0", "DisplayName": "Don't run antimalware programs against ActiveX controls", "ExplainText": "This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.\n\nIf you enable this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.\n\nIf you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.\n\nIf you don't configure this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "270C", "Items": [ { "DisplayName": "Enable", "Data": "3" }, { "DisplayName": "Disable", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_PolicyScriptActiveXNotMarkedSafe_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Initialize and script ActiveX controls not marked as safe", "ExplainText": "This policy setting allows you to manage ActiveX controls not marked as safe.\n\nIf you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.\n\nIf you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.\n\nIf you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.\n\nIf you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1201", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_PolicyScriptingOfJavaApplets_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Scripting of Java applets", "ExplainText": "This policy setting allows you to manage whether applets are exposed to scripts within the zone.\n\nIf you enable this policy setting, scripts can access applets automatically without user intervention.\n\nIf you select Prompt in the drop-down box, users are queried to choose whether to allow scripts to access applets.\n\nIf you disable this policy setting, scripts are prevented from accessing applets.\n\nIf you do not configure this policy setting, scripts can access applets automatically without user intervention.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1402", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_PolicySignedFrameworkComponentsURLaction_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Run .NET Framework-reliant components signed with Authenticode", "ExplainText": "This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.\n\nIf you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components.\n\nIf you disable this policy setting, Internet Explorer will not execute signed managed components.\n\nIf you do not configure this policy setting, Internet Explorer will not execute signed managed components.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "2001", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_PolicySoftwareChannelPermissions_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2_IE7 - Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive", "DisplayName": "Software channel permissions", "ExplainText": "This policy setting allows you to manage software channel permissions.\n\nIf you enable this policy setting, you can choose the following options from the drop-down box.\n\nLow safety to allow users to be notified of software updates by e-mail, software packages to be automatically downloaded to users' computers, and software packages to be automatically installed on users' computers.\n\nMedium safety to allow users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' computers.\n\nHigh safety to prevent users from being notified of software updates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatically installed on users' computers.\n\nIf you disable this policy setting, permissions are set to high safety.\n\nIf you do not configure this policy setting, permissions are set to Low safety.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1E05", "Items": [ { "DisplayName": "High safety", "Data": "65536" }, { "DisplayName": "Medium safety", "Data": "131072" }, { "DisplayName": "Low safety", "Data": "196608" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_PolicySubmitNonencryptedFormData_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Submit non-encrypted form data", "ExplainText": "This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.\n\nIf you enable this policy setting, information using HTML forms on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted.\n\nIf you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted.\n\nIf you do not configure this policy setting, information using HTML forms on pages in this zone can be submitted automatically.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1601", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_PolicyUnsignedFrameworkComponentsURLaction_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Run .NET Framework-reliant components not signed with Authenticode", "ExplainText": "This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.\n\nIf you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.\n\nIf you disable this policy setting, Internet Explorer will not execute unsigned managed components.\n\nIf you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "2004", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_PolicyUserdataPersistence_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Userdata persistence", "ExplainText": "This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.\n\nIf you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.\n\nIf you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.\n\nIf you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "1606", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_PolicyWindowsRestrictionsURLaction_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow script-initiated windows without size or position constraints", "ExplainText": "This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.\n\nIf you enable this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature.\n\nIf you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.\n\nIf you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "2102", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_PolicyZoneElevationURLaction_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Web sites in less privileged Web content zones can navigate into this zone", "ExplainText": "This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.\n\nIf you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.\n\nIf you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.\n\nIf you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "2101", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_PolicyAllowVBScript_10", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11 - At least Internet Explorer 11.0", "DisplayName": "Allow VBScript to run in Internet Explorer", "ExplainText": "This policy setting allows you to manage whether VBScript can be run on pages from the specified zone in Internet Explorer.\n\nIf you selected Enable in the drop-down box, VBScript can run without user intervention.\n\nIf you selected Prompt in the drop-down box, users are asked to choose whether to allow VBScript to run.\n\nIf you selected Disable in the drop-down box, VBScript is prevented from running.\n\nIf you do not configure or disable this policy setting, users are asked to choose whether to allow VBScript to run.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Elements": [ { "Type": "Enum", "ValueName": "140C", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_Policy_AddressStatusBar_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow websites to open windows without status bar or Address bar", "ExplainText": "This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.\n\nIf you enable this policy setting, websites can open new Internet Explorer windows that have no status bar or Address bar.\n\nIf you disable this policy setting, websites cannot open new Internet Explorer windows that have no status bar or Address bar.\n\nIf you do not configure this policy setting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "2104", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_Policy_AllowDynsrcPlayback_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow video and animation on a webpage that uses an older media player", "ExplainText": "This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed, because this involves external controls or media players.\n\nThe dynsrc attribute on the img tag specifies an older media player. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files.\n\nIf you enable this policy setting, video and animation can be played through older media players in specified zones.\n\nIf you disable this policy setting, video and animation cannot be played through older media players.\n\nIf you do not configure this policy setting, video and animation can be played through older media players in specified zones.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "120A", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_Policy_AllowScriptlets_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow scriptlets", "ExplainText": "This policy setting allows you to manage whether the user can run scriptlets.\n\nIf you enable this policy setting, the user can run scriptlets.\n\nIf you disable this policy setting, the user cannot run scriptlets.\n\nIf you do not configure this policy setting, the user can enable or disable scriptlets.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1209", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_Policy_FirstRunOptIn_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn off first-run prompt", "ExplainText": "This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer, he or she may be prompted to approve the control. This policy setting determines whether the user is prompted.\n\nIf you enable this policy setting, the first-run prompt is turned off in the corresponding zone.\n\nIf you disable this policy setting, the first-run prompt is turned on in the corresponding zone.\n\nIf you do not configure this policy setting, the first-run prompt is turned off by default.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1208", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_Policy_LocalPathForUpload_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Include local path when user is uploading files to a server", "ExplainText": "This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent, some information may be unintentionally revealed to the server. For instance, files sent from the user's desktop may contain the user name as a part of the path.\n\nIf you enable this policy setting, path information is sent when the user is uploading a file via an HTML form.\n\nIf you disable this policy setting, path information is removed when the user is uploading a file via an HTML form.\n\nIf you do not configure this policy setting, the user can choose whether path information is sent when he or she is uploading a file via an HTML form. By default, path information is sent.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "160A", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_Policy_Phishing_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn on SmartScreen Filter scan", "ExplainText": "This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.\n\nIf you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.\n\nIf you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.\n\nIf you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.\n\nNote: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "2301", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_Policy_ScriptPrompt_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow websites to prompt for information by using scripted windows", "ExplainText": "This policy setting determines whether scripted windows are automatically displayed.\n\nIf you enable this policy setting, scripted windows are displayed.\n\nIf you disable this policy setting, the user must choose to display any scripted windows by using the Notification bar.\n\nIf you do not configure this policy setting, the user can enable or disable the Notification bar behavior.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "2105", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_Policy_ScriptStatusBar_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow updates to status bar via script", "ExplainText": "This policy setting allows you to manage whether script is allowed to update the status bar within the zone.\n\nIf you enable this policy setting, script is allowed to update the status bar.\n\nIf you disable or do not configure this policy setting, script is not allowed to update the status bar.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "2103", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_Policy_TurnOnProtectedMode_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7VISTA - At least Internet Explorer 7.0 in Windows Vista", "DisplayName": "Turn on Protected Mode", "ExplainText": "This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.\n\nIf you enable this policy setting, Protected Mode is turned on. The user cannot turn off Protected Mode.\n\nIf you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode.\n\nIf you do not configure this policy setting, the user can turn on or turn off Protected Mode.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "2500", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_Policy_UnsafeFiles_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Show security warning for potentially unsafe files", "ExplainText": "This policy setting controls whether or not the \"Open File - Security Warning\" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer, for example).\n\nIf you enable this policy setting and set the drop-down box to Enable, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open.\n\nIf you disable this policy setting, these files do not open.\n\nIf you do not configure this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zones.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1806", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_Policy_WebBrowserApps_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow loading of XAML Browser Applications", "ExplainText": "This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOnce-deployed applications built via WinFX. These applications run in a security sandbox and take advantage of the Windows Presentation Foundation platform for the web.\n\nIf you enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs.\n\nIf you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this behavior.\n\nIf you do not configure this policy setting, the user can decide whether to load XBAPs inside Internet Explorer.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "2400", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_Policy_WebBrowserControl_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow scripting of Internet Explorer WebBrowser controls", "ExplainText": "This policy setting determines whether a page can control embedded WebBrowser controls via script.\n\nIf you enable this policy setting, script access to the WebBrowser control is allowed.\n\nIf you disable this policy setting, script access to the WebBrowser control is not allowed.\n\nIf you do not configure this policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control is allowed only in the Local Machine and Intranet zones.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1206", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_Policy_WinFXRuntimeComponent_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn off .NET Framework Setup", "ExplainText": "This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.\n\nIf you enable this policy setting, .NET Framework Setup is turned off. The user cannot change this behavior.\n\nIf you disable this policy setting, .NET Framework Setup is turned on. The user cannot change this behavior.\n\nIf you do not configure this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "2600", "Items": [ { "DisplayName": "Enable", "Data": "3" }, { "DisplayName": "Disable", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_Policy_XAML_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow loading of XAML files", "ExplainText": "This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.\n\nIf you enable this policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files.\n\nIf you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this behavior.\n\nIf you do not configure this policy setting, the user can decide whether to load XAML files inside Internet Explorer.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "2402", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_Policy_XPS_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow loading of XPS files", "ExplainText": "This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms, devices, and applications.\n\nIf you enable this policy setting and set the drop-down box to Enable, XPS files are automatically loaded inside Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS files.\n\nIf you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot change this behavior.\n\nIf you do not configure this policy setting, the user can decide whether to load XPS files inside Internet Explorer.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "2401", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_PolicyAccessDataSourcesAcrossDomains_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Access data sources across domains", "ExplainText": "This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).\n\nIf you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.\n\nIf you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.\n\nIf you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1406", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_PolicyActiveScripting_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow active scripting", "ExplainText": "This policy setting allows you to manage whether script code on pages in the zone is run.\n\nIf you enable this policy setting, script code on pages in the zone can run automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow script code on pages in the zone to run.\n\nIf you disable this policy setting, script code on pages in the zone is prevented from running.\n\nIf you do not configure this policy setting, script code on pages in the zone is prevented from running.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1400", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_PolicyAllowMETAREFRESH_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow META REFRESH", "ExplainText": "This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.\n\nIf you enable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page.\n\nIf you disable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page.\n\nIf you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1608", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_PolicyAllowPasteViaScript_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow cut, copy or paste operations from the clipboard via script", "ExplainText": "This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region.\n\nIf you enable this policy setting, a script can perform a clipboard operation.\n\nIf you select Prompt in the drop-down box, users are queried as to whether to perform clipboard operations.\n\nIf you disable this policy setting, a script cannot perform a clipboard operation.\n\nIf you do not configure this policy setting, a script cannot perform a clipboard operation.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1407", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_PolicyBinaryBehaviors_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow binary and script behaviors", "ExplainText": "This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.\n\nIf you enable this policy setting, binary and script behaviors are available. If you select Administrator approved in the drop-down box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.\n\nIf you disable this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager.\n\nIf you do not configure this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "2000", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Administrator approved", "Data": "65536" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_PolicyBlockPopupWindows_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Use Pop-up Blocker", "ExplainText": "This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.\n\nIf you enable this policy setting, most unwanted pop-up windows are prevented from appearing.\n\nIf you disable this policy setting, pop-up windows are not prevented from appearing.\n\nIf you do not configure this policy setting, most unwanted pop-up windows are prevented from appearing.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1809", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_PolicyDisplayMixedContent_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Display mixed content", "ExplainText": "This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.\n\nIf you enable this policy setting, and the drop-down box is set to Enable, the user does not receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure items?) and nonsecure content can be displayed.\n\nIf the drop-down box is set to Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content.\n\nIf you disable this policy setting, users cannot receive the security information message and nonsecure content cannot be displayed.\n\nIf you do not configure this policy setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1609", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_PolicyDownloadSignedActiveX_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Download signed ActiveX controls", "ExplainText": "This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.\n\nIf you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.\n\nIf you disable the policy setting, signed controls cannot be downloaded.\n\nIf you do not configure this policy setting, signed controls cannot be downloaded.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1001", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_PolicyDownloadUnsignedActiveX_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Download unsigned ActiveX controls", "ExplainText": "This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.\n\nIf you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run.\n\nIf you disable this policy setting, users cannot run unsigned controls.\n\nIf you do not configure this policy setting, users cannot run unsigned controls.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1004", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_PolicyDropOrPasteFiles_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow drag and drop or copy and paste files", "ExplainText": "This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.\n\nIf you enable this policy setting, users can drag files or copy and paste files from this zone automatically. If you select Prompt in the drop-down box, users are queried to choose whether to drag or copy files from this zone.\n\nIf you disable this policy setting, users are prevented from dragging files or copying and pasting files from this zone.\n\nIf you do not configure this policy setting, users are queried to choose whether to drag or copy files from this zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1802", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_PolicyRenderLegacyFilters_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE10 - At least Internet Explorer 10.0", "DisplayName": "Render legacy filters", "ExplainText": "This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.\n\nIf you enable this policy setting, you can control whether or not Internet Explorer renders legacy filters by selecting Enable, or Disable, under Options in Group Policy Editor.\n\nIf you disable, or do not configure this policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Internet Options dialog box. Filters are not rendered by default in this zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "270B", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_PolicyFileDownload_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow file downloads", "ExplainText": "This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download, not the zone from which the file is delivered.\n\nIf you enable this policy setting, files can be downloaded from the zone.\n\nIf you disable this policy setting, files are prevented from being downloaded from the zone.\n\nIf you do not configure this policy setting, files are prevented from being downloaded from the zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1803", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_PolicyFontDownload_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow font downloads", "ExplainText": "This policy setting allows you to manage whether pages of the zone may download HTML fonts.\n\nIf you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.\n\nIf you disable this policy setting, HTML fonts are prevented from downloading.\n\nIf you do not configure this policy setting, users are queried whether to allow HTML fonts to download.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1604", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_PolicyInstallDesktopItems_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2_IE8 - Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive", "DisplayName": "Allow installation of desktop items", "ExplainText": "This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting, users can install desktop items from this zone automatically.\n\nIf you select Prompt in the drop-down box, users are queried to choose whether to install desktop items from this zone.\n\nIf you disable this policy setting, users are prevented from installing desktop items from this zone.\n\nIf you do not configure this policy setting, users are prevented from installing desktop items from this zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1800", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_PolicyJavaPermissions_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Java permissions", "ExplainText": "This policy setting allows you to manage permissions for Java applets.\n\nIf you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.\n\nLow Safety enables applets to perform all operations.\n\nMedium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.\n\nHigh Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.\n\nIf you disable this policy setting, Java applets cannot run.\n\nIf you do not configure this policy setting, Java applets are disabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1C00", "Items": [ { "DisplayName": "High safety", "Data": "65536" }, { "DisplayName": "Medium safety", "Data": "131072" }, { "DisplayName": "Low safety", "Data": "196608" }, { "DisplayName": "Custom", "Data": "8388608" }, { "DisplayName": "Disable Java", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_PolicyLaunchAppsAndFilesInIFRAME_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Launching applications and files in an IFRAME", "ExplainText": "This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.\n\nIf you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.\n\nIf you disable this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.\n\nIf you do not configure this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1804", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_PolicyLogon_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Logon options", "ExplainText": "This policy setting allows you to manage settings for logon options.\n\nIf you enable this policy setting, you can choose from the following logon options.\n\nAnonymous logon to disable HTTP authentication and use the guest account only for the Common Internet File System (CIFS) protocol.\n\nPrompt for user name and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder of the session.\n\nAutomatic logon only in Intranet zone to query users for user IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session.\n\nAutomatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supported by the server, the user is queried to provide the user name and password.\n\nIf you disable this policy setting, logon is set to Automatic logon only in Intranet zone.\n\nIf you do not configure this policy setting, logon is set to Prompt for username and password.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1A00", "Items": [ { "DisplayName": "Anonymous logon", "Data": "196608" }, { "DisplayName": "Automatic logon only in Intranet zone", "Data": "131072" }, { "DisplayName": "Automatic logon with current username and password", "Data": "0" }, { "DisplayName": "Prompt for user name and password", "Data": "65536" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_PolicyMimeSniffingURLaction_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Enable MIME Sniffing", "ExplainText": "This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.\n\nIf you enable this policy setting, the MIME Sniffing Safety Feature will not apply in this zone. The security zone will run without the added layer of security provided by this feature.\n\nIf you disable this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process.\n\nIf you do not configure this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "2100", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Restricted", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Enable dragging of content from different domains within a window", "ExplainText": "This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.\n\nIf you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting.\n\nIf you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog.\n\nIn Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialog.\n\nIn Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "2708", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Restricted", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Enable dragging of content from different domains across windows", "ExplainText": "This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.\n\nIf you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting.\n\nIf you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain when both the source and destination are in different windows. Users cannot change this setting.\n\nIn Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are in different windows. Users can change this setting in the Internet Options dialog.\n\nIn Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "2709", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_PolicyNavigateSubframesAcrossDomains_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Navigate windows and frames across different domains", "ExplainText": "This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.\n\nIf you enable this policy setting, users can open additional windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow additional windows and frames to access applications from other domains.\n\nIf you disable this policy setting, users cannot open other windows and frames from other domains or access applications from different domains.\n\nIf you do not configure this policy setting, users cannot open other windows and frames from different domains or access applications from different domains.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1607", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_PolicyNetworkProtocolLockdown_4", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow active content over restricted protocols to access my computer", "ExplainText": "This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Trusted Sites Zone can run active content such as script, ActiveX, Java and Binary Behaviors. The list of restricted protocols may be set in the Trusted Sites Zone Restricted Protocols section under Network Protocol Lockdown policy.\n\nIf you enable this policy setting, no Trusted Sites Zone content accessed is affected, even for protocols on the restricted list. If you select Prompt from the drop-down box, the Notification bar will appear to allow control over questionable content accessed over any restricted protocols; content over other protocols is unaffected.\n\nIf you disable this policy setting, all attempts to access such content over the restricted protocols is blocked.\n\nIf you do not configure this policy setting, all attempts to access such content over the restricted protocols is blocked when the Network Protocol Lockdown security feature is enabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "2300", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_PolicyNoPromptForOneOrNoClientCertificate_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Do not prompt for client certificate selection when no certificates or only one certificate exists.", "ExplainText": "This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.\n\nIf you enable this policy setting, Internet Explorer does not prompt users with a \"Client Authentication\" message when they connect to a Web site that has no certificate or only one certificate.\n\nIf you disable this policy setting, Internet Explorer prompts users with a \"Client Authentication\" message when they connect to a Web site that has no certificate or only one certificate.\n\nIf you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1A04", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_PolicyNotificationBarActiveXURLaction_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Automatic prompting for ActiveX controls", "ExplainText": "This policy setting manages whether users will be automatically prompted for ActiveX control installations.\n\nIf you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.\n\nIf you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.\n\nIf you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "2201", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_PolicyNotificationBarDownloadURLaction_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Automatic prompting for file downloads", "ExplainText": "This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.\n\nIf you enable this setting, users will receive a file download dialog for automatic download attempts.\n\nIf you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "2200", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_PolicyRunActiveXControls_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Run ActiveX controls and plugins", "ExplainText": "This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.\n\nIf you enable this policy setting, controls and plug-ins can run without user intervention.\n\nIf you selected Prompt in the drop-down box, users are asked to choose whether to allow the controls or plug-in to run.\n\nIf you disable this policy setting, controls and plug-ins are prevented from running.\n\nIf you do not configure this policy setting, controls and plug-ins are prevented from running.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1200", "Items": [ { "DisplayName": "Administrator approved", "Data": "65536" }, { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_PolicyScriptActiveXMarkedSafe_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Script ActiveX controls marked safe for scripting", "ExplainText": "This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.\n\nIf you enable this policy setting, script interaction can occur automatically without user intervention.\n\nIf you select Prompt in the drop-down box, users are queried to choose whether to allow script interaction.\n\nIf you disable this policy setting, script interaction is prevented from occurring.\n\nIf you do not configure this policy setting, script interaction is prevented from occurring.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1405", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_PolicyAntiMalwareCheckingOfActiveXControls_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11 - At least Internet Explorer 11.0", "DisplayName": "Don't run antimalware programs against ActiveX controls", "ExplainText": "This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.\n\nIf you enable this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.\n\nIf you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.\n\nIf you don't configure this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "270C", "Items": [ { "DisplayName": "Enable", "Data": "3" }, { "DisplayName": "Disable", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_PolicyScriptActiveXNotMarkedSafe_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Initialize and script ActiveX controls not marked as safe", "ExplainText": "This policy setting allows you to manage ActiveX controls not marked as safe.\n\nIf you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.\n\nIf you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.\n\nIf you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.\n\nIf you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1201", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_PolicyScriptingOfJavaApplets_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Scripting of Java applets", "ExplainText": "This policy setting allows you to manage whether applets are exposed to scripts within the zone.\n\nIf you enable this policy setting, scripts can access applets automatically without user intervention.\n\nIf you select Prompt in the drop-down box, users are queried to choose whether to allow scripts to access applets.\n\nIf you disable this policy setting, scripts are prevented from accessing applets.\n\nIf you do not configure this policy setting, scripts are prevented from accessing applets.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1402", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_PolicySignedFrameworkComponentsURLaction_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Run .NET Framework-reliant components signed with Authenticode", "ExplainText": "This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.\n\nIf you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components.\n\nIf you disable this policy setting, Internet Explorer will not execute signed managed components.\n\nIf you do not configure this policy setting, Internet Explorer will not execute signed managed components.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "2001", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_PolicySoftwareChannelPermissions_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2_IE7 - Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive", "DisplayName": "Software channel permissions", "ExplainText": "This policy setting allows you to manage software channel permissions.\n\nIf you enable this policy setting, you can choose the following options from the drop-down box.\n\nLow safety to allow users to be notified of software updates by e-mail, software packages to be automatically downloaded to users' computers, and software packages to be automatically installed on users' computers.\n\nMedium safety to allow users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' computers.\n\nHigh safety to prevent users from being notified of software updates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatically installed on users' computers.\n\nIf you disable this policy setting, permissions are set to high safety.\n\nIf you do not configure this policy setting, permissions are set to High safety.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1E05", "Items": [ { "DisplayName": "High safety", "Data": "65536" }, { "DisplayName": "Medium safety", "Data": "131072" }, { "DisplayName": "Low safety", "Data": "196608" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_PolicySubmitNonencryptedFormData_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Submit non-encrypted form data", "ExplainText": "This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.\n\nIf you enable this policy setting, information using HTML forms on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted.\n\nIf you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted.\n\nIf you do not configure this policy setting, users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1601", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_PolicyUnsignedFrameworkComponentsURLaction_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Run .NET Framework-reliant components not signed with Authenticode", "ExplainText": "This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.\n\nIf you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.\n\nIf you disable this policy setting, Internet Explorer will not execute unsigned managed components.\n\nIf you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "2004", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_PolicyUserdataPersistence_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Userdata persistence", "ExplainText": "This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.\n\nIf you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.\n\nIf you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.\n\nIf you do not configure this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1606", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_PolicyWindowsRestrictionsURLaction_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow script-initiated windows without size or position constraints", "ExplainText": "This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.\n\nIf you enable this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature.\n\nIf you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.\n\nIf you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "2102", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_PolicyZoneElevationURLaction_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Web sites in less privileged Web content zones can navigate into this zone", "ExplainText": "This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.\n\nIf you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.\n\nIf you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.\n\nIf you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "2101", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_PolicyAllowVBScript_7", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11 - At least Internet Explorer 11.0", "DisplayName": "Allow VBScript to run in Internet Explorer", "ExplainText": "This policy setting allows you to manage whether VBScript can be run on pages from the specified zone in Internet Explorer.\n\nIf you selected Enable in the drop-down box, VBScript can run without user intervention.\n\nIf you selected Prompt in the drop-down box, users are asked to choose whether to allow VBScript to run.\n\nIf you selected Disable in the drop-down box, VBScript is prevented from running.\n\nIf you do not configure or disable this policy setting, VBScript is prevented from running.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "140C", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_Policy_AddressStatusBar_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow websites to open windows without status bar or Address bar", "ExplainText": "This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.\n\nIf you enable this policy setting, websites can open new Internet Explorer windows that have no status bar or Address bar.\n\nIf you disable this policy setting, websites cannot open new Internet Explorer windows that have no status bar or Address bar.\n\nIf you do not configure this policy setting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "2104", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_Policy_AllowDynsrcPlayback_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow video and animation on a webpage that uses an older media player", "ExplainText": "This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed, because this involves external controls or media players.\n\nThe dynsrc attribute on the img tag specifies an older media player. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files.\n\nIf you enable this policy setting, video and animation can be played through older media players in specified zones.\n\nIf you disable this policy setting, video and animation cannot be played through older media players.\n\nIf you do not configure this policy setting, video and animation can be played through older media players in specified zones.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "120A", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_Policy_AllowScriptlets_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow scriptlets", "ExplainText": "This policy setting allows you to manage whether the user can run scriptlets.\n\nIf you enable this policy setting, the user can run scriptlets.\n\nIf you disable this policy setting, the user cannot run scriptlets.\n\nIf you do not configure this policy setting, the user can enable or disable scriptlets.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1209", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_Policy_FirstRunOptIn_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn off first-run prompt", "ExplainText": "This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer, he or she may be prompted to approve the control. This policy setting determines whether the user is prompted.\n\nIf you enable this policy setting, the first-run prompt is turned off in the corresponding zone.\n\nIf you disable this policy setting, the first-run prompt is turned on in the corresponding zone.\n\nIf you do not configure this policy setting, the first-run prompt is turned off by default.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1208", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_Policy_LocalPathForUpload_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Include local path when user is uploading files to a server", "ExplainText": "This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent, some information may be unintentionally revealed to the server. For instance, files sent from the user's desktop may contain the user name as a part of the path.\n\nIf you enable this policy setting, path information is sent when the user is uploading a file via an HTML form.\n\nIf you disable this policy setting, path information is removed when the user is uploading a file via an HTML form.\n\nIf you do not configure this policy setting, the user can choose whether path information is sent when he or she is uploading a file via an HTML form. By default, path information is sent.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "160A", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_Policy_Phishing_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn on SmartScreen Filter scan", "ExplainText": "This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.\n\nIf you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.\n\nIf you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.\n\nIf you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.\n\nNote: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "2301", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_Policy_ScriptPrompt_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow websites to prompt for information by using scripted windows", "ExplainText": "This policy setting determines whether scripted windows are automatically displayed.\n\nIf you enable this policy setting, scripted windows are displayed.\n\nIf you disable this policy setting, the user must choose to display any scripted windows by using the Notification bar.\n\nIf you do not configure this policy setting, the user can enable or disable the Notification bar behavior.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "2105", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_Policy_ScriptStatusBar_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow updates to status bar via script", "ExplainText": "This policy setting allows you to manage whether script is allowed to update the status bar within the zone.\n\nIf you enable this policy setting, script is allowed to update the status bar.\n\nIf you disable or do not configure this policy setting, script is not allowed to update the status bar.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "2103", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_Policy_TurnOnProtectedMode_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7VISTA - At least Internet Explorer 7.0 in Windows Vista", "DisplayName": "Turn on Protected Mode", "ExplainText": "This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.\n\nIf you enable this policy setting, Protected Mode is turned on. The user cannot turn off Protected Mode.\n\nIf you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode.\n\nIf you do not configure this policy setting, the user can turn on or turn off Protected Mode.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "2500", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_Policy_UnsafeFiles_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Show security warning for potentially unsafe files", "ExplainText": "This policy setting controls whether or not the \"Open File - Security Warning\" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer, for example).\n\nIf you enable this policy setting and set the drop-down box to Enable, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open.\n\nIf you disable this policy setting, these files do not open.\n\nIf you do not configure this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zones.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1806", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_Policy_WebBrowserApps_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow loading of XAML Browser Applications", "ExplainText": "This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOnce-deployed applications built via WinFX. These applications run in a security sandbox and take advantage of the Windows Presentation Foundation platform for the web.\n\nIf you enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs.\n\nIf you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this behavior.\n\nIf you do not configure this policy setting, the user can decide whether to load XBAPs inside Internet Explorer.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "2400", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_Policy_WebBrowserControl_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow scripting of Internet Explorer WebBrowser controls", "ExplainText": "This policy setting determines whether a page can control embedded WebBrowser controls via script.\n\nIf you enable this policy setting, script access to the WebBrowser control is allowed.\n\nIf you disable this policy setting, script access to the WebBrowser control is not allowed.\n\nIf you do not configure this policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control is allowed only in the Local Machine and Intranet zones.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1206", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_Policy_WinFXRuntimeComponent_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn off .NET Framework Setup", "ExplainText": "This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.\n\nIf you enable this policy setting, .NET Framework Setup is turned off. The user cannot change this behavior.\n\nIf you disable this policy setting, .NET Framework Setup is turned on. The user cannot change this behavior.\n\nIf you do not configure this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "2600", "Items": [ { "DisplayName": "Enable", "Data": "3" }, { "DisplayName": "Disable", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_Policy_XAML_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow loading of XAML files", "ExplainText": "This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.\n\nIf you enable this policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files.\n\nIf you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this behavior.\n\nIf you do not configure this policy setting, the user can decide whether to load XAML files inside Internet Explorer.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "2402", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_Policy_XPS_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow loading of XPS files", "ExplainText": "This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms, devices, and applications.\n\nIf you enable this policy setting and set the drop-down box to Enable, XPS files are automatically loaded inside Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS files.\n\nIf you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot change this behavior.\n\nIf you do not configure this policy setting, the user can decide whether to load XPS files inside Internet Explorer.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "2401", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_PolicyAccessDataSourcesAcrossDomains_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Access data sources across domains", "ExplainText": "This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).\n\nIf you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.\n\nIf you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.\n\nIf you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1406", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_PolicyActiveScripting_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow active scripting", "ExplainText": "This policy setting allows you to manage whether script code on pages in the zone is run.\n\nIf you enable this policy setting, script code on pages in the zone can run automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow script code on pages in the zone to run.\n\nIf you disable this policy setting, script code on pages in the zone is prevented from running.\n\nIf you do not configure this policy setting, script code on pages in the zone is prevented from running.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1400", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_PolicyAllowMETAREFRESH_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow META REFRESH", "ExplainText": "This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.\n\nIf you enable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page.\n\nIf you disable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page.\n\nIf you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1608", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_PolicyAllowPasteViaScript_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow cut, copy or paste operations from the clipboard via script", "ExplainText": "This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region.\n\nIf you enable this policy setting, a script can perform a clipboard operation.\n\nIf you select Prompt in the drop-down box, users are queried as to whether to perform clipboard operations.\n\nIf you disable this policy setting, a script cannot perform a clipboard operation.\n\nIf you do not configure this policy setting, a script cannot perform a clipboard operation.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1407", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_PolicyBinaryBehaviors_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow binary and script behaviors", "ExplainText": "This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.\n\nIf you enable this policy setting, binary and script behaviors are available. If you select Administrator approved in the drop-down box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.\n\nIf you disable this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager.\n\nIf you do not configure this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "2000", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Administrator approved", "Data": "65536" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_PolicyBlockPopupWindows_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Use Pop-up Blocker", "ExplainText": "This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.\n\nIf you enable this policy setting, most unwanted pop-up windows are prevented from appearing.\n\nIf you disable this policy setting, pop-up windows are not prevented from appearing.\n\nIf you do not configure this policy setting, most unwanted pop-up windows are prevented from appearing.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1809", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_PolicyDisplayMixedContent_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Display mixed content", "ExplainText": "This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.\n\nIf you enable this policy setting, and the drop-down box is set to Enable, the user does not receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure items?) and nonsecure content can be displayed.\n\nIf the drop-down box is set to Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content.\n\nIf you disable this policy setting, users cannot receive the security information message and nonsecure content cannot be displayed.\n\nIf you do not configure this policy setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1609", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_PolicyDownloadSignedActiveX_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Download signed ActiveX controls", "ExplainText": "This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.\n\nIf you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.\n\nIf you disable the policy setting, signed controls cannot be downloaded.\n\nIf you do not configure this policy setting, signed controls cannot be downloaded.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1001", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_PolicyDownloadUnsignedActiveX_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Download unsigned ActiveX controls", "ExplainText": "This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.\n\nIf you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run.\n\nIf you disable this policy setting, users cannot run unsigned controls.\n\nIf you do not configure this policy setting, users cannot run unsigned controls.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1004", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_PolicyDropOrPasteFiles_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow drag and drop or copy and paste files", "ExplainText": "This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.\n\nIf you enable this policy setting, users can drag files or copy and paste files from this zone automatically. If you select Prompt in the drop-down box, users are queried to choose whether to drag or copy files from this zone.\n\nIf you disable this policy setting, users are prevented from dragging files or copying and pasting files from this zone.\n\nIf you do not configure this policy setting, users are queried to choose whether to drag or copy files from this zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1802", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_PolicyRenderLegacyFilters_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE10 - At least Internet Explorer 10.0", "DisplayName": "Render legacy filters", "ExplainText": "This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.\n\nIf you enable this policy setting, you can control whether or not Internet Explorer renders legacy filters by selecting Enable, or Disable, under Options in Group Policy Editor.\n\nIf you disable, or do not configure this policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Internet Options dialog box. Filters are not rendered by default in this zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "270B", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_PolicyFileDownload_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow file downloads", "ExplainText": "This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download, not the zone from which the file is delivered.\n\nIf you enable this policy setting, files can be downloaded from the zone.\n\nIf you disable this policy setting, files are prevented from being downloaded from the zone.\n\nIf you do not configure this policy setting, files are prevented from being downloaded from the zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1803", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_PolicyFontDownload_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow font downloads", "ExplainText": "This policy setting allows you to manage whether pages of the zone may download HTML fonts.\n\nIf you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.\n\nIf you disable this policy setting, HTML fonts are prevented from downloading.\n\nIf you do not configure this policy setting, users are queried whether to allow HTML fonts to download.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1604", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_PolicyInstallDesktopItems_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2_IE8 - Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive", "DisplayName": "Allow installation of desktop items", "ExplainText": "This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting, users can install desktop items from this zone automatically.\n\nIf you select Prompt in the drop-down box, users are queried to choose whether to install desktop items from this zone.\n\nIf you disable this policy setting, users are prevented from installing desktop items from this zone.\n\nIf you do not configure this policy setting, users are prevented from installing desktop items from this zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1800", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_PolicyJavaPermissions_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Java permissions", "ExplainText": "This policy setting allows you to manage permissions for Java applets.\n\nIf you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.\n\nLow Safety enables applets to perform all operations.\n\nMedium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.\n\nHigh Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.\n\nIf you disable this policy setting, Java applets cannot run.\n\nIf you do not configure this policy setting, Java applets are disabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1C00", "Items": [ { "DisplayName": "High safety", "Data": "65536" }, { "DisplayName": "Medium safety", "Data": "131072" }, { "DisplayName": "Low safety", "Data": "196608" }, { "DisplayName": "Custom", "Data": "8388608" }, { "DisplayName": "Disable Java", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_PolicyLaunchAppsAndFilesInIFRAME_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Launching applications and files in an IFRAME", "ExplainText": "This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.\n\nIf you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.\n\nIf you disable this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.\n\nIf you do not configure this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1804", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_PolicyLogon_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Logon options", "ExplainText": "This policy setting allows you to manage settings for logon options.\n\nIf you enable this policy setting, you can choose from the following logon options.\n\nAnonymous logon to disable HTTP authentication and use the guest account only for the Common Internet File System (CIFS) protocol.\n\nPrompt for user name and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder of the session.\n\nAutomatic logon only in Intranet zone to query users for user IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session.\n\nAutomatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supported by the server, the user is queried to provide the user name and password.\n\nIf you disable this policy setting, logon is set to Automatic logon only in Intranet zone.\n\nIf you do not configure this policy setting, logon is set to Prompt for username and password.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1A00", "Items": [ { "DisplayName": "Anonymous logon", "Data": "196608" }, { "DisplayName": "Automatic logon only in Intranet zone", "Data": "131072" }, { "DisplayName": "Automatic logon with current username and password", "Data": "0" }, { "DisplayName": "Prompt for user name and password", "Data": "65536" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_PolicyMimeSniffingURLaction_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Enable MIME Sniffing", "ExplainText": "This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.\n\nIf you enable this policy setting, the MIME Sniffing Safety Feature will not apply in this zone. The security zone will run without the added layer of security provided by this feature.\n\nIf you disable this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process.\n\nIf you do not configure this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "2100", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_RestrictedLockdown", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Enable dragging of content from different domains within a window", "ExplainText": "This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.\n\nIf you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting.\n\nIf you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog.\n\nIn Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialog.\n\nIn Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "2708", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_RestrictedLockdown", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Enable dragging of content from different domains across windows", "ExplainText": "This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.\n\nIf you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting.\n\nIf you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain when both the source and destination are in different windows. Users cannot change this setting.\n\nIn Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are in different windows. Users can change this setting in the Internet Options dialog.\n\nIn Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "2709", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_PolicyNavigateSubframesAcrossDomains_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Navigate windows and frames across different domains", "ExplainText": "This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.\n\nIf you enable this policy setting, users can open additional windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow additional windows and frames to access applications from other domains.\n\nIf you disable this policy setting, users cannot open other windows and frames from other domains or access applications from different domains.\n\nIf you do not configure this policy setting, users cannot open other windows and frames from different domains or access applications from different domains.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1607", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_PolicyNoPromptForOneOrNoClientCertificate_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Do not prompt for client certificate selection when no certificates or only one certificate exists.", "ExplainText": "This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.\n\nIf you enable this policy setting, Internet Explorer does not prompt users with a \"Client Authentication\" message when they connect to a Web site that has no certificate or only one certificate.\n\nIf you disable this policy setting, Internet Explorer prompts users with a \"Client Authentication\" message when they connect to a Web site that has no certificate or only one certificate.\n\nIf you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1A04", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_PolicyNotificationBarActiveXURLaction_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Automatic prompting for ActiveX controls", "ExplainText": "This policy setting manages whether users will be automatically prompted for ActiveX control installations.\n\nIf you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.\n\nIf you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.\n\nIf you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "2201", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_PolicyNotificationBarDownloadURLaction_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Automatic prompting for file downloads", "ExplainText": "This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.\n\nIf you enable this setting, users will receive a file download dialog for automatic download attempts.\n\nIf you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "2200", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_PolicyRunActiveXControls_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Run ActiveX controls and plugins", "ExplainText": "This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.\n\nIf you enable this policy setting, controls and plug-ins can run without user intervention.\n\nIf you selected Prompt in the drop-down box, users are asked to choose whether to allow the controls or plug-in to run.\n\nIf you disable this policy setting, controls and plug-ins are prevented from running.\n\nIf you do not configure this policy setting, controls and plug-ins are prevented from running.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1200", "Items": [ { "DisplayName": "Administrator approved", "Data": "65536" }, { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_PolicyScriptActiveXMarkedSafe_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Script ActiveX controls marked safe for scripting", "ExplainText": "This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.\n\nIf you enable this policy setting, script interaction can occur automatically without user intervention.\n\nIf you select Prompt in the drop-down box, users are queried to choose whether to allow script interaction.\n\nIf you disable this policy setting, script interaction is prevented from occurring.\n\nIf you do not configure this policy setting, script interaction is prevented from occurring.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1405", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_PolicyAntiMalwareCheckingOfActiveXControls_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11 - At least Internet Explorer 11.0", "DisplayName": "Don't run antimalware programs against ActiveX controls", "ExplainText": "This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.\n\nIf you enable this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.\n\nIf you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.\n\nIf you don't configure this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "270C", "Items": [ { "DisplayName": "Enable", "Data": "3" }, { "DisplayName": "Disable", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_PolicyScriptActiveXNotMarkedSafe_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Initialize and script ActiveX controls not marked as safe", "ExplainText": "This policy setting allows you to manage ActiveX controls not marked as safe.\n\nIf you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.\n\nIf you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.\n\nIf you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.\n\nIf you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1201", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_PolicyScriptingOfJavaApplets_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Scripting of Java applets", "ExplainText": "This policy setting allows you to manage whether applets are exposed to scripts within the zone.\n\nIf you enable this policy setting, scripts can access applets automatically without user intervention.\n\nIf you select Prompt in the drop-down box, users are queried to choose whether to allow scripts to access applets.\n\nIf you disable this policy setting, scripts are prevented from accessing applets.\n\nIf you do not configure this policy setting, scripts are prevented from accessing applets.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1402", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_PolicySignedFrameworkComponentsURLaction_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Run .NET Framework-reliant components signed with Authenticode", "ExplainText": "This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.\n\nIf you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components.\n\nIf you disable this policy setting, Internet Explorer will not execute signed managed components.\n\nIf you do not configure this policy setting, Internet Explorer will not execute signed managed components.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "2001", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_PolicySoftwareChannelPermissions_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2_IE7 - Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive", "DisplayName": "Software channel permissions", "ExplainText": "This policy setting allows you to manage software channel permissions.\n\nIf you enable this policy setting, you can choose the following options from the drop-down box.\n\nLow safety to allow users to be notified of software updates by e-mail, software packages to be automatically downloaded to users' computers, and software packages to be automatically installed on users' computers.\n\nMedium safety to allow users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' computers.\n\nHigh safety to prevent users from being notified of software updates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatically installed on users' computers.\n\nIf you disable this policy setting, permissions are set to high safety.\n\nIf you do not configure this policy setting, permissions are set to Low safety.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1E05", "Items": [ { "DisplayName": "High safety", "Data": "65536" }, { "DisplayName": "Medium safety", "Data": "131072" }, { "DisplayName": "Low safety", "Data": "196608" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_PolicySubmitNonencryptedFormData_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Submit non-encrypted form data", "ExplainText": "This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.\n\nIf you enable this policy setting, information using HTML forms on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted.\n\nIf you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted.\n\nIf you do not configure this policy setting, users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1601", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_PolicyUnsignedFrameworkComponentsURLaction_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Run .NET Framework-reliant components not signed with Authenticode", "ExplainText": "This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.\n\nIf you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.\n\nIf you disable this policy setting, Internet Explorer will not execute unsigned managed components.\n\nIf you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "2004", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_PolicyUserdataPersistence_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Userdata persistence", "ExplainText": "This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.\n\nIf you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.\n\nIf you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.\n\nIf you do not configure this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "1606", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_PolicyWindowsRestrictionsURLaction_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow script-initiated windows without size or position constraints", "ExplainText": "This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.\n\nIf you enable this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature.\n\nIf you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.\n\nIf you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "2102", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_PolicyZoneElevationURLaction_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Web sites in less privileged Web content zones can navigate into this zone", "ExplainText": "This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.\n\nIf you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.\n\nIf you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.\n\nIf you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "2101", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_PolicyAllowVBScript_8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11 - At least Internet Explorer 11.0", "DisplayName": "Allow VBScript to run in Internet Explorer", "ExplainText": "This policy setting allows you to manage whether VBScript can be run on pages from the specified zone in Internet Explorer.\n\nIf you selected Enable in the drop-down box, VBScript can run without user intervention.\n\nIf you selected Prompt in the drop-down box, users are asked to choose whether to allow VBScript to run.\n\nIf you selected Disable in the drop-down box, VBScript is prevented from running.\n\nIf you do not configure or disable this policy setting, VBScript is prevented from running.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Elements": [ { "Type": "Enum", "ValueName": "140C", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_SecurityPage", "PolicyName": "IZ_IncludeUnspecifiedLocalSites", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Intranet Sites: Include all local (intranet) sites not listed in other zones", "ExplainText": "This policy setting controls whether local sites which are not explicitly mapped into any Security Zone are forced into the local Intranet security zone.\n\nIf you enable this policy setting, local sites which are not explicitly mapped into a zone are considered to be in the Intranet Zone.\n\nIf you disable this policy setting, local sites which are not explicitly mapped into a zone will not be considered to be in the Intranet Zone (so would typically be in the Internet Zone).\n\nIf you do not configure this policy setting, users choose whether to force local sites into the Intranet Zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap" ], "ValueName": "IntranetName", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IZ_SecurityPage", "PolicyName": "IZ_PolicyWarnCertMismatch", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Turn on certificate address mismatch warning", "ExplainText": "This policy setting allows you to turn on the certificate address mismatch security warning. When this policy setting is turned on, the user is warned when visiting Secure HTTP (HTTPS) websites that present certificates issued for a different website address. This warning helps prevent spoofing attacks.\n\nIf you enable this policy setting, the certificate address mismatch warning always appears.\n\nIf you disable or do not configure this policy setting, the user can choose whether the certificate address mismatch warning appears (by using the Advanced page in the Internet Control panel).", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings" ], "ValueName": "WarnOnBadCertRecving", "Elements": [ { "Type": "EnabledValue", "Data": "1" } ] }, { "File": "inetres.admx", "CategoryName": "IZ_SecurityPage", "PolicyName": "IZ_PolicyInternetZoneLockdownTemplate", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Locked-Down Internet Zone Template", "ExplainText": "This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.\n\nIf you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.\n\nIf you disable this template policy setting, no security level is configured.\n\nIf you do not configure this template policy setting, no security level is configured.\n\nNote. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.\n\nNote. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Lockdown Settings\\Template Policies", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Lockdown Settings\\Template Policies" ], "ValueName": "InternetZoneLockdownTemplate", "Elements": [ { "Type": "Enum", "ValueName": "Locked-Down Internet", "Items": [ { "DisplayName": "Low", "Data": "1", "ValueList": [{"ValueName": "1001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1206", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1207", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1208", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1209", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "120a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "120b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "120c", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "1"}, {"ValueName": "1402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1405", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1406", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1407", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "1"}, {"ValueName": "1409", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1601", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1604", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1605", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1606", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1607", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1608", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1609", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "1"}, {"ValueName": "160A", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1800", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1802", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1803", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1804", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1807", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1808", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1809", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "180a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "180b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "1"}, {"ValueName": "1a00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1a02", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1a03", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1a04", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1a05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1a06", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1c00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1e05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "196608"}, {"ValueName": "2000", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "65536"}, {"ValueName": "2001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2005", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2100", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2101", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2102", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2103", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2104", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2105", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2106", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "2200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2301", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "2401", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "2402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "2500", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "2600", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "2700", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}] }, { "DisplayName": "Medium Low", "Data": "2", "ValueList": [{"ValueName": "1001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "1"}, {"ValueName": "1004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1206", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1207", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1208", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1209", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "120a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "120b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "120c", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "1"}, {"ValueName": "1402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1405", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1406", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "1"}, {"ValueName": "1407", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "1"}, {"ValueName": "1409", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1601", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1604", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1605", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1606", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1607", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1608", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1609", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "1"}, {"ValueName": "160A", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1800", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "1"}, {"ValueName": "1802", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1803", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1804", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "1"}, {"ValueName": "1807", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1808", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1809", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "180a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "180b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "1"}, {"ValueName": "1a00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "131072"}, {"ValueName": "1a02", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1a03", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1a04", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1a05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1a06", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1c00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1e05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "131072"}, {"ValueName": "2000", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "65536"}, {"ValueName": "2001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2005", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2100", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2101", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2102", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2103", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2104", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2105", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2106", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "2200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2301", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "2401", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "2402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "2500", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "2600", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "2700", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}] }, { "DisplayName": "Medium", "Data": "3", "ValueList": [{"ValueName": "1001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "1"}, {"ValueName": "1004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1206", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1207", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1208", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1209", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "120a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "120b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "120c", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "1"}, {"ValueName": "1402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1405", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1406", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1407", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "1"}, {"ValueName": "1409", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1601", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "1"}, {"ValueName": "1604", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1605", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1606", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1607", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1608", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1609", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "1"}, {"ValueName": "160A", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1800", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "1"}, {"ValueName": "1802", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1803", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1804", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "1"}, {"ValueName": "1807", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "1"}, {"ValueName": "1808", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1809", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "180a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "180b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "1"}, {"ValueName": "1a00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "131072"}, {"ValueName": "1a02", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1a03", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1a04", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1a05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "1"}, {"ValueName": "1a06", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1c00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1e05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "131072"}, {"ValueName": "2000", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "65536"}, {"ValueName": "2001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2005", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2100", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2101", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2102", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2103", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2104", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2105", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2106", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "2200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2301", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "2400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "2401", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "2402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "2500", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "2600", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "2700", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}] }, { "DisplayName": "Medium High", "Data": "5", "ValueList": [{"ValueName": "1001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "1"}, {"ValueName": "1004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1206", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1207", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1208", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1209", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "120a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "120b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "120c", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "1"}, {"ValueName": "1402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1405", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1406", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1407", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "1"}, {"ValueName": "1409", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1601", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1604", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1605", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1606", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1607", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1608", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1609", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "1"}, {"ValueName": "160A", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1800", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "1"}, {"ValueName": "1802", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1803", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1804", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "1"}, {"ValueName": "1807", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "1"}, {"ValueName": "1808", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1809", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "180a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "180b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "1"}, {"ValueName": "1a00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "131072"}, {"ValueName": "1a02", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1a03", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1a04", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1a05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "1"}, {"ValueName": "1a06", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1c00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1e05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "131072"}, {"ValueName": "2000", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "65536"}, {"ValueName": "2001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2005", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2100", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2101", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2102", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2103", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2104", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2105", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2106", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "2200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2301", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "2401", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "2402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "2500", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "2600", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "2700", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}] }, { "DisplayName": "High", "Data": "4", "ValueList": [{"ValueName": "1001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1206", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1207", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1208", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1209", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "120a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "120b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "120c", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1405", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1406", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1407", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1409", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1601", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "1"}, {"ValueName": "1604", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1605", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1606", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1607", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1608", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1609", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "1"}, {"ValueName": "160A", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1800", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1802", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "1"}, {"ValueName": "1803", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1804", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1807", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "1"}, {"ValueName": "1808", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1809", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "180a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "180b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "1"}, {"ValueName": "1a00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "65536"}, {"ValueName": "1a02", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1a03", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1a04", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1a05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1a06", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "1c00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "1e05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "65536"}, {"ValueName": "2000", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2005", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2100", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2101", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2102", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2103", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2104", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2105", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2106", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2301", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "2400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2401", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2500", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}, {"ValueName": "2600", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "3"}, {"ValueName": "2700", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"], "Data": "0"}] } ], "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" }, { "Type": "DisabledList", "ValueName": "1001", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1004", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1200", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1201", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1206", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1207", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1208", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1209", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "120a", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "120b", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "120c", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1400", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1402", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1405", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1406", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1407", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1409", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1601", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1604", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1605", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1606", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1607", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1608", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1609", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "160A", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1800", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1802", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1803", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1804", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1807", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1808", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1809", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "180a", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "180b", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a00", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a02", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a03", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a04", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a05", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a06", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1c00", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1e05", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2000", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2001", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2004", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2005", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2100", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2101", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2102", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2103", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2104", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2105", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2106", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2200", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2201", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2301", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2400", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2401", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2402", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2500", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2600", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2700", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "Action": "Delete" } ] }, { "File": "inetres.admx", "CategoryName": "IZ_SecurityPage", "PolicyName": "IZ_PolicyInternetZoneTemplate", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Internet Zone Template", "ExplainText": "This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.\n\nIf you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.\n\nIf you disable this template policy setting, no security level is configured.\n\nIf you do not configure this template policy setting, no security level is configured.\n\nNote. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.\n\nNote. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Template Policies", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Template Policies" ], "ValueName": "InternetZoneTemplate", "Elements": [ { "Type": "Enum", "ValueName": "Internet", "Items": [ { "DisplayName": "Low", "Data": "1", "ValueList": [{"ValueName": "1001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "1"}, {"ValueName": "1200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "1"}, {"ValueName": "1206", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1207", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1208", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1209", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "120a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "120b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "120c", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1405", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1406", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1407", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1409", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "1601", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1604", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1605", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1606", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1607", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1608", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1609", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "1"}, {"ValueName": "160A", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1800", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1802", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1803", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1804", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1807", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1808", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1809", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "180a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "180b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "1"}, {"ValueName": "1a00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1a02", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1a03", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1a04", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1a05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1a06", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1c00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "196608"}, {"ValueName": "1e05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "196608"}, {"ValueName": "2000", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2005", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2100", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2101", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "1"}, {"ValueName": "2102", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2103", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2104", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2105", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2106", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2300", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "1"}, {"ValueName": "2301", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "2400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2401", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2500", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2600", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2700", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}] }, { "DisplayName": "Medium Low", "Data": "2", "ValueList": [{"ValueName": "1001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "1"}, {"ValueName": "1004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "1200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "1206", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1207", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1208", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1209", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "120a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "120b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "120c", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1405", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1406", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "1"}, {"ValueName": "1407", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1409", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "1601", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1604", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1605", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1606", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1607", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1608", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1609", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "1"}, {"ValueName": "160A", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1800", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "1"}, {"ValueName": "1802", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1803", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1804", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "1"}, {"ValueName": "1807", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1808", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1809", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "180a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "180b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "1"}, {"ValueName": "1a00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "131072"}, {"ValueName": "1a02", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1a03", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1a04", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1a05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1a06", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1c00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "131072"}, {"ValueName": "1e05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "131072"}, {"ValueName": "2000", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2005", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2100", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2101", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2102", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2103", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2104", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2105", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2106", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2300", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "1"}, {"ValueName": "2301", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "2400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2401", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2500", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2600", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2700", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}] }, { "DisplayName": "Medium", "Data": "3", "ValueList": [{"ValueName": "1001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "1"}, {"ValueName": "1004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "1200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "1206", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "1207", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1208", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1209", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "120a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "120b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "120c", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1405", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1406", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "1407", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "1"}, {"ValueName": "1409", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1601", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1604", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1605", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1606", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1607", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "1608", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1609", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "1"}, {"ValueName": "160A", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1800", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "1"}, {"ValueName": "1802", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1803", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1804", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "1"}, {"ValueName": "1807", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "1"}, {"ValueName": "1808", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1809", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "180a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "180b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "1"}, {"ValueName": "1a00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "131072"}, {"ValueName": "1a02", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1a03", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1a04", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "1a05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "1"}, {"ValueName": "1a06", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1c00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "65536"}, {"ValueName": "1e05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "131072"}, {"ValueName": "2000", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2005", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2100", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2101", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2102", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "2103", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2104", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "2105", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2106", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "2201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "2300", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "1"}, {"ValueName": "2301", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2401", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2500", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2600", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2700", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}] }, { "DisplayName": "Medium High", "Data": "5", "ValueList": [{"ValueName": "1001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "1"}, {"ValueName": "1004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "1200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "1206", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "1207", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "1208", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "1209", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "120a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "120b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "120c", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "1400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1405", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1406", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "1407", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "1"}, {"ValueName": "1409", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1601", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1604", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1605", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1606", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1607", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "1608", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1609", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "1"}, {"ValueName": "160A", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "1800", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "1"}, {"ValueName": "1802", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1803", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1804", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "1"}, {"ValueName": "1807", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "1"}, {"ValueName": "1808", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1809", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "180a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "180b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "1"}, {"ValueName": "1a00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "131072"}, {"ValueName": "1a02", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1a03", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1a04", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "1a05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "1"}, {"ValueName": "1a06", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1c00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "65536"}, {"ValueName": "1e05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "131072"}, {"ValueName": "2000", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2005", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "2100", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2101", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2102", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "2103", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "2104", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "2105", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "2106", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "2201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "2300", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "1"}, {"ValueName": "2301", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2401", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2500", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2600", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2700", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}] }, { "DisplayName": "High", "Data": "4", "ValueList": [{"ValueName": "1001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "1004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "1200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "1201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "1206", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "1207", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "1208", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "1209", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "120a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "120b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "120c", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "1400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "1402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "1405", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "1406", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "1407", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "1409", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1601", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "1"}, {"ValueName": "1604", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "1605", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1606", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "1607", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "1608", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "1609", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "1"}, {"ValueName": "160A", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "1800", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "1802", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "1"}, {"ValueName": "1803", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "1804", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "1807", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "1"}, {"ValueName": "1808", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1809", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "180a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "180b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "1"}, {"ValueName": "1a00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "65536"}, {"ValueName": "1a02", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "1a03", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "1a04", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "1a05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "1a06", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "1c00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "1e05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "65536"}, {"ValueName": "2000", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "2001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "2004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "2005", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "2100", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "2101", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "2102", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "2103", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "2104", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "2105", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "2106", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "2200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "2201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "2300", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "2301", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "2401", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "2402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "2500", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}, {"ValueName": "2600", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "3"}, {"ValueName": "2700", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"], "Data": "0"}] } ], "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" }, { "Type": "DisabledList", "ValueName": "1001", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1004", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1200", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1201", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1206", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1207", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1208", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1209", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "120a", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "120b", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "120c", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1400", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1402", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1405", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1406", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1407", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1409", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1601", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1604", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1605", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1606", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1607", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1608", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1609", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "160A", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1800", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1802", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1803", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1804", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1807", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1808", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1809", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "180a", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "180b", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a00", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a02", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a03", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a04", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a05", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a06", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1c00", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1e05", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2000", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2001", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2004", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2005", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2100", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2101", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2102", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2103", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2104", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2105", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2106", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2200", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2201", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2300", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2301", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2400", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2401", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2402", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2500", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2600", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2700", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "Action": "Delete" } ] }, { "File": "inetres.admx", "CategoryName": "IZ_SecurityPage", "PolicyName": "IZ_PolicyIntranetZoneLockdownTemplate", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Locked-Down Intranet Zone Template", "ExplainText": "This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.\n\nIf you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.\n\nIf you disable this template policy setting, no security level is configured.\n\nIf you do not configure this template policy setting, no security level is configured.\n\nNote. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.\n\nNote. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Intranet Lockdown Settings\\Template Policies", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Intranet Lockdown Settings\\Template Policies" ], "ValueName": "IntranetZoneLockdownTemplate", "Elements": [ { "Type": "Enum", "ValueName": "Locked-Down Intranet", "Items": [ { "DisplayName": "Low", "Data": "1", "ValueList": [{"ValueName": "1001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1206", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1207", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1208", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1209", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "120a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "120b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "120c", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "1"}, {"ValueName": "1402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1405", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1406", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1407", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "1"}, {"ValueName": "1409", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1601", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1604", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1605", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1606", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1607", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1608", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1609", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "1"}, {"ValueName": "160A", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1800", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1802", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1803", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1804", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1807", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1808", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1809", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "180a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "180b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "1"}, {"ValueName": "1a00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1a02", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1a03", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1a04", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1a05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1a06", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1c00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1e05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "196608"}, {"ValueName": "2000", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "65536"}, {"ValueName": "2001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2005", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2100", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2101", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2102", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2103", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2104", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2105", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2106", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "2200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2301", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "2401", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "2402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "2500", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "2600", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "2700", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}] }, { "DisplayName": "Medium Low", "Data": "2", "ValueList": [{"ValueName": "1001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "1"}, {"ValueName": "1004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1206", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1207", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1208", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1209", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "120a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "120b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "120c", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "1"}, {"ValueName": "1402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1405", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1406", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "1"}, {"ValueName": "1407", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "1"}, {"ValueName": "1409", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1601", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1604", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1605", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1606", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1607", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1608", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1609", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "1"}, {"ValueName": "160A", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1800", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "1"}, {"ValueName": "1802", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1803", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1804", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "1"}, {"ValueName": "1807", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1808", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1809", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "180a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "180b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "1"}, {"ValueName": "1a00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "131072"}, {"ValueName": "1a02", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1a03", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1a04", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1a05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1a06", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1c00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1E05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "131072"}, {"ValueName": "2000", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "65536"}, {"ValueName": "2001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2005", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2100", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2101", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2102", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2103", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2104", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2105", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2106", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "2200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2301", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "2401", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "2402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "2500", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "2600", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "2700", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}] }, { "DisplayName": "Medium", "Data": "3", "ValueList": [{"ValueName": "1001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "1"}, {"ValueName": "1004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1206", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1207", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1208", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1209", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "120a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "120b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "120c", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "1"}, {"ValueName": "1402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1405", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1406", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1407", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "1"}, {"ValueName": "1409", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1601", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "1"}, {"ValueName": "1604", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1605", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1606", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1607", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1608", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1609", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "1"}, {"ValueName": "160A", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1800", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "1"}, {"ValueName": "1802", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1803", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1804", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "1"}, {"ValueName": "1807", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "1"}, {"ValueName": "1808", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1809", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "180a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "180b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "1"}, {"ValueName": "1a00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "131072"}, {"ValueName": "1a02", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1a03", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1a04", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1a05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "1"}, {"ValueName": "1a06", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1c00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1e05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "131072"}, {"ValueName": "2000", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "65536"}, {"ValueName": "2001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2005", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2100", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2101", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2102", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2103", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2104", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2105", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2106", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "2200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2301", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "2400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "2401", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "2402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "2500", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "2600", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "2700", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}] }, { "DisplayName": "Medium High", "Data": "5", "ValueList": [{"ValueName": "1001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "1"}, {"ValueName": "1004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1206", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1207", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1208", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1209", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "120a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "120b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "120c", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "1"}, {"ValueName": "1402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1405", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1406", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1407", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "1"}, {"ValueName": "1409", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1601", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1604", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1605", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1606", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1607", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1608", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1609", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "1"}, {"ValueName": "160A", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1800", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "1"}, {"ValueName": "1802", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1803", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1804", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "1"}, {"ValueName": "1807", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "1"}, {"ValueName": "1808", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1809", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "180a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "180b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "1"}, {"ValueName": "1a00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "131072"}, {"ValueName": "1a02", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1a03", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1a04", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1a05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "1"}, {"ValueName": "1a06", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1c00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1e05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "131072"}, {"ValueName": "2000", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "65536"}, {"ValueName": "2001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2005", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2100", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2101", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2102", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2103", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2104", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2105", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2106", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "2200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2301", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "2401", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "2402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "2500", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "2600", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "2700", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}] }, { "DisplayName": "High", "Data": "4", "ValueList": [{"ValueName": "1001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1206", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1207", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1208", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1209", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "120a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "120b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "120c", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1405", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1406", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1407", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1409", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1601", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "1"}, {"ValueName": "1604", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1605", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1606", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1607", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1608", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1609", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "1"}, {"ValueName": "160A", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1800", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1802", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "1"}, {"ValueName": "1803", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1804", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1807", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "1"}, {"ValueName": "1808", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1809", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "180a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "180b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "1"}, {"ValueName": "1a00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "65536"}, {"ValueName": "1a02", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1a03", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1a04", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1a05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1a06", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "1c00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "1E05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "65536"}, {"ValueName": "2000", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2005", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2100", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2101", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2102", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2103", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2104", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2105", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2106", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2301", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "2400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2401", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2500", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}, {"ValueName": "2600", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "3"}, {"ValueName": "2700", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"], "Data": "0"}] } ], "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" }, { "Type": "DisabledList", "ValueName": "1001", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1004", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1200", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1201", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1206", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1207", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1208", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1209", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "120a", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "120b", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "120c", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1400", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1402", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1405", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1406", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1407", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1409", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1601", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1604", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1605", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1606", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1607", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1608", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1609", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "160A", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1800", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1802", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1803", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1804", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1807", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1808", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1809", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "180a", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "180b", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a00", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a02", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a03", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a04", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a05", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a06", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1c00", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1e05", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2000", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2001", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2004", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2005", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2100", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2101", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2102", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2103", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2104", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2105", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2106", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2200", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2201", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2301", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2400", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2401", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2402", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2500", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2600", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2700", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "Action": "Delete" } ] }, { "File": "inetres.admx", "CategoryName": "IZ_SecurityPage", "PolicyName": "IZ_PolicyIntranetZoneTemplate", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Intranet Zone Template", "ExplainText": "This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.\n\nIf you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.\n\nIf you disable this template policy setting, no security level is configured.\n\nIf you do not configure this template policy setting, no security level is configured.\n\nNote. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.\n\nNote. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Intranet Settings\\Template Policies", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Intranet Settings\\Template Policies" ], "ValueName": "IntranetZoneTemplate", "Elements": [ { "Type": "Enum", "ValueName": "Intranet", "Items": [ { "DisplayName": "Low", "Data": "1", "ValueList": [{"ValueName": "1001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "1"}, {"ValueName": "1200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "1"}, {"ValueName": "1206", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1207", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1208", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1209", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "120a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "120b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "120c", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1405", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1406", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1407", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1409", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "1601", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1604", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1605", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1606", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1607", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1608", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1609", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "1"}, {"ValueName": "160A", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1800", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1802", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1803", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1804", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1807", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1808", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1809", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "180a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "180b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "1"}, {"ValueName": "1a00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1a02", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1a03", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1a04", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1a05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1a06", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1c00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "196608"}, {"ValueName": "1e05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "196608"}, {"ValueName": "2000", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2005", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2100", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2101", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "1"}, {"ValueName": "2102", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2103", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2104", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2105", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2106", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2300", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "1"}, {"ValueName": "2301", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "2400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2401", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2500", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2600", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2700", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}] }, { "DisplayName": "Medium Low", "Data": "2", "ValueList": [{"ValueName": "1001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "1"}, {"ValueName": "1004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "1200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "1206", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1207", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1208", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1209", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "120a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "120b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "120c", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1405", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1406", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "1"}, {"ValueName": "1407", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1409", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "1601", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1604", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1605", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1606", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1607", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1608", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1609", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "1"}, {"ValueName": "160A", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1800", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "1"}, {"ValueName": "1802", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1803", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1804", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "1"}, {"ValueName": "1807", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1808", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1809", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "180a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "180b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "1"}, {"ValueName": "1a00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "131072"}, {"ValueName": "1a02", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1a03", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1a04", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1a05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1a06", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1c00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "131072"}, {"ValueName": "1e05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "131072"}, {"ValueName": "2000", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2005", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2100", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2101", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2102", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2103", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2104", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2105", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2106", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2300", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "1"}, {"ValueName": "2301", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "2400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2401", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2500", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2600", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2700", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}] }, { "DisplayName": "Medium", "Data": "3", "ValueList": [{"ValueName": "1001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "1"}, {"ValueName": "1004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "1200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "1206", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "1207", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1208", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1209", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "120a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "120b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "120c", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1405", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1406", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "1407", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "1"}, {"ValueName": "1409", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1601", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1604", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1605", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1606", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1607", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "1608", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1609", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "1"}, {"ValueName": "160A", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1800", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "1"}, {"ValueName": "1802", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1803", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1804", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "1"}, {"ValueName": "1807", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "1"}, {"ValueName": "1808", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1809", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "180a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "180b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "1"}, {"ValueName": "1a00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "131072"}, {"ValueName": "1a02", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1a03", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1a04", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "1a05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "1"}, {"ValueName": "1a06", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1c00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "65536"}, {"ValueName": "1e05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "131072"}, {"ValueName": "2000", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2005", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2100", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2101", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2102", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "2103", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2104", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "2105", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2106", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "2201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "2300", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "1"}, {"ValueName": "2301", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2401", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2500", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2600", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2700", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}] }, { "DisplayName": "Medium High", "Data": "5", "ValueList": [{"ValueName": "1001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "1"}, {"ValueName": "1004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "1200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "1206", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "1207", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "1208", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "1209", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "120a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "120b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "120c", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "1400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1405", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1406", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "1407", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "1"}, {"ValueName": "1409", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1601", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1604", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1605", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1606", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1607", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "1608", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1609", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "1"}, {"ValueName": "160A", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "1800", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "1"}, {"ValueName": "1802", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1803", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1804", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "1"}, {"ValueName": "1807", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "1"}, {"ValueName": "1808", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1809", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "180a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "180b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "1"}, {"ValueName": "1a00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "131072"}, {"ValueName": "1a02", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1a03", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1a04", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "1a05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "1"}, {"ValueName": "1a06", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1c00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "65536"}, {"ValueName": "1e05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "131072"}, {"ValueName": "2000", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2005", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "2100", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2101", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2102", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "2103", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "2104", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "2105", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "2106", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "2201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "2300", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "1"}, {"ValueName": "2301", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2401", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2500", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2600", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2700", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}] }, { "DisplayName": "High", "Data": "4", "ValueList": [{"ValueName": "1001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "1004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "1200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "1201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "1206", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "1207", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "1208", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "1209", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "120a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "120b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "120c", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "1400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "1402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "1405", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "1406", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "1407", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "1409", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1601", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "1"}, {"ValueName": "1604", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "1605", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1606", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "1607", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "1608", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "1609", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "1"}, {"ValueName": "160A", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "1800", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "1802", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "1"}, {"ValueName": "1803", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "1804", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "1807", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "1"}, {"ValueName": "1808", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1809", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "180a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "180b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "1"}, {"ValueName": "1a00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "65536"}, {"ValueName": "1a02", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "1a03", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "1a04", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "1a05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "1a06", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "1c00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "1e05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "65536"}, {"ValueName": "2000", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "2001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "2004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "2005", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "2100", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "2101", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "2102", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "2103", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "2104", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "2105", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "2106", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "2200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "2201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "2300", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "2301", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "2401", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "2402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "2500", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}, {"ValueName": "2600", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "3"}, {"ValueName": "2700", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"], "Data": "0"}] } ], "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" }, { "Type": "DisabledList", "ValueName": "1001", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1004", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1200", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1201", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1206", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1207", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1208", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1209", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "120a", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "120b", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "120c", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1400", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1402", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1405", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1406", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1407", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1409", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1601", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1604", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1605", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1606", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1607", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1608", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1609", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "160A", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1800", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1802", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1803", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1804", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1807", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1808", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1809", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "180a", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "180b", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a00", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a02", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a03", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a04", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a05", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a06", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1c00", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1e05", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2000", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2001", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2004", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2005", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2100", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2101", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2102", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2103", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2104", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2105", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2106", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2200", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2201", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2300", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2301", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2400", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2401", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2402", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2500", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2600", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2700", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "Action": "Delete" } ] }, { "File": "inetres.admx", "CategoryName": "IZ_SecurityPage", "PolicyName": "IZ_PolicyLocalMachineZoneLockdownTemplate", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Locked-Down Local Machine Zone Template", "ExplainText": "This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.\n\nIf you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.\n\nIf you disable this template policy setting, no security level is configured.\n\nIf you do not configure this template policy setting, no security level is configured.\n\nNote. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.\n\nNote. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Local Machine Zone Lockdown Settings\\Template Policies", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Local Machine Zone Lockdown Settings\\Template Policies" ], "ValueName": "LocalMachineZoneLockdownTemplate", "Elements": [ { "Type": "Enum", "ValueName": "Locked-Down Local Machine Zone", "Items": [ { "DisplayName": "Low", "Data": "1", "ValueList": [{"ValueName": "1001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1206", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1207", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1208", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1209", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "120a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "120b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "120c", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "1"}, {"ValueName": "1402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1405", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1406", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1407", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "1"}, {"ValueName": "1409", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1601", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1604", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1605", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1606", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1607", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1608", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1609", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "1"}, {"ValueName": "160A", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1800", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1802", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1803", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1804", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1807", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1808", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1809", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "180a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "180b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "1"}, {"ValueName": "1a00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1a02", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1a03", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1a04", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1a05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1a06", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1c00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1e05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "196608"}, {"ValueName": "2000", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "65536"}, {"ValueName": "2001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2005", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2100", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2101", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2102", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2103", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2104", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2105", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2106", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "2200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2301", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "2401", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "2402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "2500", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2600", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "2700", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}] }, { "DisplayName": "Medium Low", "Data": "2", "ValueList": [{"ValueName": "1001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "1"}, {"ValueName": "1004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1206", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1207", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1208", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1209", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "120a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "120b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "120c", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "1"}, {"ValueName": "1402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1405", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1406", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "1"}, {"ValueName": "1407", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "1"}, {"ValueName": "1409", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1601", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1604", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1605", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1606", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1607", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1608", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1609", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "1"}, {"ValueName": "160A", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1800", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "1"}, {"ValueName": "1802", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1803", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1804", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "1"}, {"ValueName": "1807", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1808", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1809", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "180a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "180b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "1"}, {"ValueName": "1a00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "131072"}, {"ValueName": "1a02", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1a03", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1a04", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1a05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1a06", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1c00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1e05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "131072"}, {"ValueName": "2000", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "65536"}, {"ValueName": "2001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2005", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2100", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2101", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2102", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2103", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2104", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2105", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2106", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "2200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2301", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "2401", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "2402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "2500", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2600", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "2700", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}] }, { "DisplayName": "Medium", "Data": "3", "ValueList": [{"ValueName": "1001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "1"}, {"ValueName": "1004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1206", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1207", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1208", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1209", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "120a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "120b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "120c", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "1"}, {"ValueName": "1402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1405", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1406", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1407", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "1"}, {"ValueName": "1409", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1601", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "1"}, {"ValueName": "1604", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1605", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1606", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1607", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1608", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1609", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "1"}, {"ValueName": "160A", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1800", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "1"}, {"ValueName": "1802", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1803", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1804", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "1"}, {"ValueName": "1807", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "1"}, {"ValueName": "1808", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1809", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "180a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "180b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "1"}, {"ValueName": "1a00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "131072"}, {"ValueName": "1a02", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1a03", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1a04", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1a05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "1"}, {"ValueName": "1a06", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1c00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1e05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "131072"}, {"ValueName": "2000", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "65536"}, {"ValueName": "2001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2005", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2100", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2101", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2102", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2103", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2104", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2105", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2106", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "2200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2301", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "2400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "2401", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "2402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "2500", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2600", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "2700", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}] }, { "DisplayName": "Medium High", "Data": "5", "ValueList": [{"ValueName": "1001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "1"}, {"ValueName": "1004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1206", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1207", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1208", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1209", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "120a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "120b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "120c", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "1"}, {"ValueName": "1402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1405", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1406", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1407", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "1"}, {"ValueName": "1409", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1601", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1604", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1605", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1606", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1607", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1608", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1609", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "1"}, {"ValueName": "160A", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1800", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "1"}, {"ValueName": "1802", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1803", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1804", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "1"}, {"ValueName": "1807", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "1"}, {"ValueName": "1808", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1809", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "180a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "180b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "1"}, {"ValueName": "1a00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "131072"}, {"ValueName": "1a02", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1a03", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1a04", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1a05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "1"}, {"ValueName": "1a06", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1c00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1e05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "131072"}, {"ValueName": "2000", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "65536"}, {"ValueName": "2001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2005", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2100", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2101", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2102", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2103", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2104", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2105", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2106", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "2200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2301", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "2401", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "2402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "2500", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2600", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "2700", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}] }, { "DisplayName": "High", "Data": "4", "ValueList": [{"ValueName": "1001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1206", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1207", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1208", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1209", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "120a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "120b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "120c", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1405", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1406", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1407", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1409", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1601", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "1"}, {"ValueName": "1604", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1605", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1606", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1607", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1608", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1609", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "1"}, {"ValueName": "160A", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1800", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1802", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "1"}, {"ValueName": "1803", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1804", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1807", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "1"}, {"ValueName": "1808", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1809", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "180a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "180b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "1"}, {"ValueName": "1a00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "65536"}, {"ValueName": "1a02", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1a03", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1a04", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1a05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1a06", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "1c00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "1e05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "65536"}, {"ValueName": "2000", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2005", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2100", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2101", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2102", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2103", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2104", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2105", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2106", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2301", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}, {"ValueName": "2400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2401", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2500", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2600", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "3"}, {"ValueName": "2700", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"], "Data": "0"}] } ], "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" }, { "Type": "DisabledList", "ValueName": "1001", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1004", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1200", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1201", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1206", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1207", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1208", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1209", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "120a", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "120b", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "120c", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1400", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1402", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1405", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1406", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1407", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1409", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1601", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1604", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1605", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1606", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1607", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1608", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1609", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "160A", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1800", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1802", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1803", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1804", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1807", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1808", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1809", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "180a", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "180b", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a00", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a02", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a03", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a04", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a05", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a06", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1c00", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1e05", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2000", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2001", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2004", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2005", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2100", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2101", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2102", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2103", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2104", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2105", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2106", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2200", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2201", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2301", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2400", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2401", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2402", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2500", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2600", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2700", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "Action": "Delete" } ] }, { "File": "inetres.admx", "CategoryName": "IZ_SecurityPage", "PolicyName": "IZ_PolicyLocalMachineZoneTemplate", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Local Machine Zone Template", "ExplainText": "This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.\n\nIf you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.\n\nIf you disable this template policy setting, no security level is configured.\n\nIf you do not configure this template policy setting, no security level is configured.\n\nNote. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.\n\nNote. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Local Machine Zone Settings\\Template Policies", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Local Machine Zone Settings\\Template Policies" ], "ValueName": "LocalMachineZoneTemplate", "Elements": [ { "Type": "Enum", "ValueName": "Local Machine Zone", "Items": [ { "DisplayName": "Low", "Data": "1", "ValueList": [{"ValueName": "1001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "1"}, {"ValueName": "1200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "1"}, {"ValueName": "1206", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1207", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1208", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1209", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "120a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "120b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "120c", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1405", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1406", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1407", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1409", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "1601", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1604", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1605", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1606", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1607", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1608", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1609", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "1"}, {"ValueName": "160A", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1800", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1802", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1803", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1804", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1807", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1808", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1809", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "180a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "180b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "1"}, {"ValueName": "1a00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1a02", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1a03", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1a04", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1a05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1a06", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1c00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "196608"}, {"ValueName": "1e05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "196608"}, {"ValueName": "2000", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2005", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2100", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2101", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "1"}, {"ValueName": "2102", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2103", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2104", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2105", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2106", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2300", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "1"}, {"ValueName": "2301", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "2400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2401", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2500", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "2600", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2700", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}] }, { "DisplayName": "Medium Low", "Data": "2", "ValueList": [{"ValueName": "1001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "1"}, {"ValueName": "1004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "1200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "1206", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1207", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1208", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1209", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "120a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "120b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "120c", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1405", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1406", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "1"}, {"ValueName": "1407", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1409", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "1601", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1604", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1605", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1606", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1607", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1608", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1609", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "1"}, {"ValueName": "160A", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1800", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "1"}, {"ValueName": "1802", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1803", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1804", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "1"}, {"ValueName": "1807", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1808", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1809", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "180a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "180b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "1"}, {"ValueName": "1a00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "131072"}, {"ValueName": "1a02", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1a03", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1a04", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1a05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1a06", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1c00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "131072"}, {"ValueName": "1e05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "131072"}, {"ValueName": "2000", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2005", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2100", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2101", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2102", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2103", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2104", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2105", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2106", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2300", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "1"}, {"ValueName": "2301", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "2400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2401", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2500", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "2600", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2700", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}] }, { "DisplayName": "Medium", "Data": "3", "ValueList": [{"ValueName": "1001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "1"}, {"ValueName": "1004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "1200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "1206", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "1207", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1208", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1209", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "120a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "120b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "120c", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1405", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1406", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "1407", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "1"}, {"ValueName": "1409", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1601", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1604", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1605", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1606", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1607", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "1608", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1609", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "1"}, {"ValueName": "160A", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1800", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "1"}, {"ValueName": "1802", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1803", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1804", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "1"}, {"ValueName": "1807", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "1"}, {"ValueName": "1808", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1809", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "180a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "180b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "1"}, {"ValueName": "1a00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "131072"}, {"ValueName": "1a02", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1a03", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1a04", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "1a05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "1"}, {"ValueName": "1a06", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1c00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "65536"}, {"ValueName": "1e05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "131072"}, {"ValueName": "2000", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2005", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2100", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2101", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2102", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "2103", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2104", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "2105", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2106", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "2201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "2300", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "1"}, {"ValueName": "2301", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2401", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2500", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "2600", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2700", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}] }, { "DisplayName": "Medium High", "Data": "5", "ValueList": [{"ValueName": "1001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "1"}, {"ValueName": "1004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "1200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "1206", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "1207", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "1208", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "1209", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "120a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "120b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "120c", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "1400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1405", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1406", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "1407", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "1"}, {"ValueName": "1409", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1601", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1604", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1605", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1606", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1607", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "1608", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1609", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "1"}, {"ValueName": "160A", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "1800", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "1"}, {"ValueName": "1802", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1803", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1804", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "1"}, {"ValueName": "1807", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "1"}, {"ValueName": "1808", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1809", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "180a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "180b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "1"}, {"ValueName": "1a00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "131072"}, {"ValueName": "1a02", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1a03", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1a04", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "1a05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "1"}, {"ValueName": "1a06", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1c00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "65536"}, {"ValueName": "1e05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "131072"}, {"ValueName": "2000", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2005", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "2100", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2101", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2102", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "2103", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "2104", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "2105", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "2106", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "2201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "2300", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "1"}, {"ValueName": "2301", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2401", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2500", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "2600", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2700", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}] }, { "DisplayName": "High", "Data": "4", "ValueList": [{"ValueName": "1001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "1004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "1200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "1201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "1206", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "1207", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "1208", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "1209", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "120a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "120b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "120c", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "1400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "1402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "1405", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "1406", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "1407", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "1409", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1601", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "1"}, {"ValueName": "1604", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "1605", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1606", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "1607", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "1608", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "1609", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "1"}, {"ValueName": "160A", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "1800", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "1802", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "1"}, {"ValueName": "1803", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "1804", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "1807", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "1"}, {"ValueName": "1808", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1809", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "180a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "180b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "1"}, {"ValueName": "1a00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "65536"}, {"ValueName": "1a02", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "1a03", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "1a04", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "1a05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "1a06", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "1c00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "1e05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "65536"}, {"ValueName": "2000", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "2001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "2004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "2005", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "2100", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "2101", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "2102", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "2103", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "2104", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "2105", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "2106", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "2200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "2201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "2300", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "2301", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}, {"ValueName": "2400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "2401", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "2402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "2500", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "2600", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "3"}, {"ValueName": "2700", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"], "Data": "0"}] } ], "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" }, { "Type": "DisabledList", "ValueName": "1001", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1004", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1200", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1201", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1206", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1207", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1208", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1209", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "120a", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "120b", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "120c", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1400", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1402", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1405", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1406", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1407", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1409", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1601", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1604", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1605", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1606", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1607", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1608", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1609", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "160A", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1800", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1802", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1803", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1804", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1807", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1808", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1809", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "180a", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "180b", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a00", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a02", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a03", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a04", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a05", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a06", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1c00", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1e05", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2000", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2001", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2004", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2005", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2100", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2101", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2102", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2103", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2104", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2105", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2106", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2200", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2201", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2300", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2301", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2400", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2401", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2402", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2500", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2600", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2700", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "Action": "Delete" } ] }, { "File": "inetres.admx", "CategoryName": "IZ_SecurityPage", "PolicyName": "IZ_PolicyRestrictedSitesZoneLockdownTemplate", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Locked-Down Restricted Sites Zone Template", "ExplainText": "This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.\n\nIf you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.\n\nIf you disable this template policy setting, no security level is configured.\n\nIf you do not configure this template policy setting, no security level is configured.\n\nNote. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.\n\nNote. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Restricted Sites Lockdown Settings\\Template Policies", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Restricted Sites Lockdown Settings\\Template Policies" ], "ValueName": "RestrictedSitesZoneLockdownTemplate", "Elements": [ { "Type": "Enum", "ValueName": "Locked-Down Restricted Sites", "Items": [ { "DisplayName": "Low", "Data": "1", "ValueList": [{"ValueName": "1001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1206", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1207", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1208", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1209", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "120a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "120b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "120c", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "1"}, {"ValueName": "1402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1405", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1406", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1407", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "1"}, {"ValueName": "1409", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1601", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1604", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1605", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1606", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1607", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1608", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1609", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "1"}, {"ValueName": "160A", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1800", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1802", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1803", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1804", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1807", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1808", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1809", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "180a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "180b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "1"}, {"ValueName": "1a00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1a02", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1a03", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1a04", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1a05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1a06", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1c00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1e05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "196608"}, {"ValueName": "2000", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "65536"}, {"ValueName": "2001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2005", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2100", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2101", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2102", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2103", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2104", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2105", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2106", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "2200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2301", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "2401", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "2402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "2500", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "2600", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "2700", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}] }, { "DisplayName": "Medium Low", "Data": "2", "ValueList": [{"ValueName": "1001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "1"}, {"ValueName": "1004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1206", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1207", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1208", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1209", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "120a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "120b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "120c", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "1"}, {"ValueName": "1402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1405", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1406", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "1"}, {"ValueName": "1407", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "1"}, {"ValueName": "1409", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1601", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1604", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1605", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1606", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1607", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1608", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1609", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "1"}, {"ValueName": "160A", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1800", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "1"}, {"ValueName": "1802", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1803", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1804", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "1"}, {"ValueName": "1807", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1808", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1809", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "180a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "180b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "1"}, {"ValueName": "1a00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "131072"}, {"ValueName": "1a02", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1a03", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1a04", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1a05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1a06", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1c00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1E05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "131072"}, {"ValueName": "2000", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "65536"}, {"ValueName": "2001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2005", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2100", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2101", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2102", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2103", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2104", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2105", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2106", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "2200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2301", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "2401", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "2402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "2500", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "2600", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "2700", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}] }, { "DisplayName": "Medium", "Data": "3", "ValueList": [{"ValueName": "1001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "1"}, {"ValueName": "1004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1206", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1207", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1208", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1209", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "120a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "120b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "120c", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "1"}, {"ValueName": "1402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1405", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1406", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1407", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "1"}, {"ValueName": "1409", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1601", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "1"}, {"ValueName": "1604", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1605", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1606", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1607", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1608", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1609", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "1"}, {"ValueName": "160A", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1800", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "1"}, {"ValueName": "1802", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1803", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1804", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "1"}, {"ValueName": "1807", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "1"}, {"ValueName": "1808", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1809", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "180a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "180b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "1"}, {"ValueName": "1a00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "131072"}, {"ValueName": "1a02", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1a03", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1a04", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1a05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "1"}, {"ValueName": "1a06", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1c00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1e05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "131072"}, {"ValueName": "2000", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "65536"}, {"ValueName": "2001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2005", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2100", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2101", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2102", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2103", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2104", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2105", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2106", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "2200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2301", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "2400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "2401", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "2402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "2500", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "2600", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "2700", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}] }, { "DisplayName": "Medium High", "Data": "5", "ValueList": [{"ValueName": "1001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "1"}, {"ValueName": "1004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1206", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1207", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1208", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1209", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "120a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "120b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "120c", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "1"}, {"ValueName": "1402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1405", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1406", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1407", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "1"}, {"ValueName": "1409", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1601", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1604", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1605", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1606", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1607", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1608", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1609", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "1"}, {"ValueName": "160A", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1800", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "1"}, {"ValueName": "1802", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1803", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1804", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "1"}, {"ValueName": "1807", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "1"}, {"ValueName": "1808", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1809", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "180a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "180b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "1"}, {"ValueName": "1a00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "131072"}, {"ValueName": "1a02", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1a03", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1a04", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1a05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "1"}, {"ValueName": "1a06", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1c00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1e05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "131072"}, {"ValueName": "2000", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "65536"}, {"ValueName": "2001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2005", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2100", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2101", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2102", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2103", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2104", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2105", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2106", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "2200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2301", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "2401", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "2402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "2500", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "2600", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "2700", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}] }, { "DisplayName": "High", "Data": "4", "ValueList": [{"ValueName": "1001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1206", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1207", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1208", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1209", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "120a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "120b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "120c", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1405", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1406", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1407", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1409", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1601", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "1"}, {"ValueName": "1604", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1605", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1606", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1607", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1608", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1609", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "1"}, {"ValueName": "160A", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1800", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1802", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "1"}, {"ValueName": "1803", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1804", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1807", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "1"}, {"ValueName": "1808", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1809", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "180a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "180b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "1"}, {"ValueName": "1a00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "65536"}, {"ValueName": "1a02", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1a03", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1a04", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1a05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1a06", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "1c00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "1E05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "65536"}, {"ValueName": "2000", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2005", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2100", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2101", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2102", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2103", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2104", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2105", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2106", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2301", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "2400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2401", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2500", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}, {"ValueName": "2600", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "3"}, {"ValueName": "2700", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"], "Data": "0"}] } ], "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" }, { "Type": "DisabledList", "ValueName": "1001", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1004", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1200", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1201", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1206", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1207", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1208", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1209", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "120a", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "120b", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "120c", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1400", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1402", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1405", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1406", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1407", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1409", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1601", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1604", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1605", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1606", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1607", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1608", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1609", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "160A", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1800", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1802", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1803", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1804", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1807", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1808", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1809", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "180a", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "180b", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a00", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a02", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a03", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a04", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a05", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a06", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1c00", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1e05", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2000", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2001", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2004", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2005", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2100", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2101", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2102", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2103", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2104", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2105", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2106", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2200", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2201", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2301", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2400", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2401", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2402", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2500", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2600", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2700", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "Action": "Delete" } ] }, { "File": "inetres.admx", "CategoryName": "IZ_SecurityPage", "PolicyName": "IZ_PolicyRestrictedSitesZoneTemplate", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Restricted Sites Zone Template", "ExplainText": "This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.\n\nIf you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.\n\nIf you disable this template policy setting, no security level is configured.\n\nIf you do not configure this template policy setting, no security level is configured.\n\nNote. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.\n\nNote. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Restricted Sites Settings\\Template Policies", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Restricted Sites Settings\\Template Policies" ], "ValueName": "RestrictedSitesZoneTemplate", "Elements": [ { "Type": "Enum", "ValueName": "Restricted Sites", "Items": [ { "DisplayName": "Low", "Data": "1", "ValueList": [{"ValueName": "1001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "1"}, {"ValueName": "1200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "1"}, {"ValueName": "1206", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1207", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1208", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1209", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "120a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "120b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "120c", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1405", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1406", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1407", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1409", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "1601", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1604", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1605", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1606", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1607", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1608", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1609", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "1"}, {"ValueName": "160A", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1800", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1802", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1803", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1804", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1807", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1808", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1809", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "180a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "180b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "1"}, {"ValueName": "1a00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1a02", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1a03", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1a04", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1a05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1a06", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1c00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "196608"}, {"ValueName": "1e05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "196608"}, {"ValueName": "2000", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2005", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2100", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2101", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "1"}, {"ValueName": "2102", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2103", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2104", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2105", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2106", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2300", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "1"}, {"ValueName": "2301", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "2400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2401", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2500", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2600", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2700", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}] }, { "DisplayName": "Medium Low", "Data": "2", "ValueList": [{"ValueName": "1001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "1"}, {"ValueName": "1004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "1200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "1206", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1207", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1208", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1209", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "120a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "120b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "120c", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1405", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1406", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "1"}, {"ValueName": "1407", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1409", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "1601", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1604", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1605", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1606", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1607", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1608", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1609", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "1"}, {"ValueName": "160A", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1800", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "1"}, {"ValueName": "1802", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1803", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1804", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "1"}, {"ValueName": "1807", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1808", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1809", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "180a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "180b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "1"}, {"ValueName": "1a00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "131072"}, {"ValueName": "1a02", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1a03", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1a04", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1a05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1a06", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1c00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "131072"}, {"ValueName": "1e05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "131072"}, {"ValueName": "2000", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2005", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2100", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2101", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2102", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2103", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2104", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2105", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2106", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2300", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "1"}, {"ValueName": "2301", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "2400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2401", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2500", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2600", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2700", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}] }, { "DisplayName": "Medium", "Data": "3", "ValueList": [{"ValueName": "1001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "1"}, {"ValueName": "1004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "1200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "1206", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "1207", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1208", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1209", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "120a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "120b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "120c", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1405", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1406", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "1407", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "1"}, {"ValueName": "1409", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1601", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1604", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1605", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1606", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1607", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "1608", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1609", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "1"}, {"ValueName": "160A", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1800", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "1"}, {"ValueName": "1802", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1803", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1804", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "1"}, {"ValueName": "1807", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "1"}, {"ValueName": "1808", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1809", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "180a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "180b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "1"}, {"ValueName": "1a00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "131072"}, {"ValueName": "1a02", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1a03", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1a04", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "1a05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "1"}, {"ValueName": "1a06", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1c00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "65536"}, {"ValueName": "1e05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "131072"}, {"ValueName": "2000", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2005", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2100", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2101", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2102", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "2103", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2104", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "2105", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2106", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "2201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "2300", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "1"}, {"ValueName": "2301", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2401", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2500", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2600", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2700", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}] }, { "DisplayName": "Medium High", "Data": "5", "ValueList": [{"ValueName": "1001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "1"}, {"ValueName": "1004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "1200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "1206", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "1207", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "1208", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "1209", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "120a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "120b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "120c", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "1400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1405", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1406", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "1407", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "1"}, {"ValueName": "1409", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1601", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1604", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1605", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1606", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1607", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "1608", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1609", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "1"}, {"ValueName": "160A", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "1800", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "1"}, {"ValueName": "1802", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1803", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1804", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "1"}, {"ValueName": "1807", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "1"}, {"ValueName": "1808", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1809", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "180a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "180b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "1"}, {"ValueName": "1a00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "131072"}, {"ValueName": "1a02", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1a03", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1a04", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "1a05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "1"}, {"ValueName": "1a06", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1c00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "65536"}, {"ValueName": "1e05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "131072"}, {"ValueName": "2000", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2005", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "2100", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2101", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2102", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "2103", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "2104", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "2105", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "2106", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "2201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "2300", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "1"}, {"ValueName": "2301", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2401", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2500", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2600", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2700", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}] }, { "DisplayName": "High", "Data": "4", "ValueList": [{"ValueName": "1001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "1004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "1200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "1201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "1206", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "1207", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "1208", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "1209", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "120a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "120b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "120c", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "1400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "1402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "1405", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "1406", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "1407", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "1409", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1601", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "1"}, {"ValueName": "1604", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "1605", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1606", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "1607", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "1608", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "1609", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "1"}, {"ValueName": "160A", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "1800", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "1802", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "1"}, {"ValueName": "1803", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "1804", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "1807", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "1"}, {"ValueName": "1808", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1809", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "180a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "180b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "1"}, {"ValueName": "1a00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "65536"}, {"ValueName": "1a02", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "1a03", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "1a04", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "1a05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "1a06", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "1c00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "1e05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "65536"}, {"ValueName": "2000", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "2001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "2004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "2005", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "2100", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "2101", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "2102", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "2103", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "2104", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "2105", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "2106", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "2200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "2201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "2300", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "2301", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "2401", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "2402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "2500", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}, {"ValueName": "2600", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "3"}, {"ValueName": "2700", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"], "Data": "0"}] } ], "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" }, { "Type": "DisabledList", "ValueName": "1001", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1004", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1200", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1201", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1206", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1207", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1208", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1209", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "120a", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "120b", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "120c", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1400", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1402", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1405", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1406", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1407", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1409", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1601", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1604", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1605", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1606", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1607", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1608", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1609", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "160A", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1800", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1802", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1803", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1804", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1807", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1808", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1809", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "180a", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "180b", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a00", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a02", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a03", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a04", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a05", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a06", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1c00", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1e05", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2000", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2001", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2004", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2005", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2100", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2101", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2102", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2103", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2104", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2105", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2106", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2200", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2201", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2300", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2301", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2400", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2401", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2402", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2500", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2600", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2700", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "Action": "Delete" } ] }, { "File": "inetres.admx", "CategoryName": "IZ_SecurityPage", "PolicyName": "IZ_PolicyTrustedSitesZoneLockdownTemplate", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Locked-Down Trusted Sites Zone Template", "ExplainText": "This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.\n\nIf you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.\n\nIf you disable this template policy setting, no security level is configured.\n\nIf you do not configure this template policy setting, no security level is configured.\n\nNote. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.\n\nNote. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Trusted Sites Lockdown Settings\\Template Policies", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Trusted Sites Lockdown Settings\\Template Policies" ], "ValueName": "TrustedSitesZoneLockdownTemplate", "Elements": [ { "Type": "Enum", "ValueName": "Locked-Down Trusted Sites", "Items": [ { "DisplayName": "Low", "Data": "1", "ValueList": [{"ValueName": "1001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1206", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1207", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1208", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1209", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "120a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "120b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "120c", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "1"}, {"ValueName": "1402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1405", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1406", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1407", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "1"}, {"ValueName": "1409", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1601", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1604", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1605", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1606", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1607", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1608", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1609", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "1"}, {"ValueName": "160A", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1800", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1802", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1803", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1804", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1807", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1808", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1809", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "180a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "180b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "1"}, {"ValueName": "1a00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1a02", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1a03", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1a04", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1a05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1a06", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1c00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1e05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "196608"}, {"ValueName": "2000", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "65536"}, {"ValueName": "2001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2005", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2100", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2101", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2102", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2103", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2104", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2105", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2106", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "2200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2301", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "2401", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "2402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "2500", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2600", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "2700", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}] }, { "DisplayName": "Medium Low", "Data": "2", "ValueList": [{"ValueName": "1001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "1"}, {"ValueName": "1004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1206", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1207", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1208", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1209", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "120a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "120b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "120c", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "1"}, {"ValueName": "1402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1405", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1406", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "1"}, {"ValueName": "1407", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "1"}, {"ValueName": "1409", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1601", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1604", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1605", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1606", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1607", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1608", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1609", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "1"}, {"ValueName": "160A", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1800", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "1"}, {"ValueName": "1802", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1803", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1804", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "1"}, {"ValueName": "1807", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1808", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1809", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "180a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "180b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "1"}, {"ValueName": "1a00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "131072"}, {"ValueName": "1a02", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1a03", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1a04", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1a05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1a06", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1c00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1E05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "131072"}, {"ValueName": "2000", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "65536"}, {"ValueName": "2001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2005", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2100", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2101", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2102", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2103", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2104", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2105", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2106", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "2200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2301", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "2401", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "2402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "2500", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2600", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "2700", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}] }, { "DisplayName": "Medium", "Data": "3", "ValueList": [{"ValueName": "1001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "1"}, {"ValueName": "1004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1206", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1207", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1208", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1209", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "120a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "120b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "120c", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "1"}, {"ValueName": "1402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1405", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1406", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1407", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "1"}, {"ValueName": "1409", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1601", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "1"}, {"ValueName": "1604", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1605", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1606", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1607", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1608", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1609", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "1"}, {"ValueName": "160A", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1800", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "1"}, {"ValueName": "1802", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1803", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1804", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "1"}, {"ValueName": "1807", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "1"}, {"ValueName": "1808", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1809", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "180a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "180b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "1"}, {"ValueName": "1a00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "131072"}, {"ValueName": "1a02", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1a03", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1a04", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1a05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "1"}, {"ValueName": "1a06", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1c00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1e05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "131072"}, {"ValueName": "2000", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "65536"}, {"ValueName": "2001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2005", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2100", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2101", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2102", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2103", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2104", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2105", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2106", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "2200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2301", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "2400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "2401", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "2402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "2500", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2600", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "2700", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}] }, { "DisplayName": "Medium High", "Data": "5", "ValueList": [{"ValueName": "1001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "1"}, {"ValueName": "1004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1206", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1207", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1208", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1209", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "120a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "120b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "120c", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "1"}, {"ValueName": "1402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1405", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1406", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1407", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "1"}, {"ValueName": "1409", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1601", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1604", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1605", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1606", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1607", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1608", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1609", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "1"}, {"ValueName": "160A", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1800", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "1"}, {"ValueName": "1802", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1803", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1804", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "1"}, {"ValueName": "1807", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "1"}, {"ValueName": "1808", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1809", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "180a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "180b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "1"}, {"ValueName": "1a00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "131072"}, {"ValueName": "1a02", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1a03", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1a04", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1a05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "1"}, {"ValueName": "1a06", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1c00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1e05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "131072"}, {"ValueName": "2000", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "65536"}, {"ValueName": "2001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2005", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2100", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2101", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2102", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2103", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2104", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2105", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2106", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "2200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2301", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "2401", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "2402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "2500", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2600", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "2700", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}] }, { "DisplayName": "High", "Data": "4", "ValueList": [{"ValueName": "1001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1206", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1207", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1208", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1209", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "120a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "120b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "120c", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1405", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1406", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1407", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1409", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1601", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "1"}, {"ValueName": "1604", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1605", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1606", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1607", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1608", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1609", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "1"}, {"ValueName": "160A", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1800", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1802", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "1"}, {"ValueName": "1803", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1804", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1807", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "1"}, {"ValueName": "1808", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1809", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "180a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "180b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "1"}, {"ValueName": "1a00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "65536"}, {"ValueName": "1a02", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1a03", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1a04", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1a05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1a06", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "1c00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "1E05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "65536"}, {"ValueName": "2000", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2005", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2100", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2101", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2102", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2103", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2104", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2105", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2106", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2301", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}, {"ValueName": "2400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2401", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2500", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2600", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "3"}, {"ValueName": "2700", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"], "Data": "0"}] } ], "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" }, { "Type": "DisabledList", "ValueName": "1001", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1004", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1200", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1201", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1206", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1207", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1208", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1209", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "120a", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "120b", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "120c", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1400", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1402", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1405", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1406", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1407", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1409", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1601", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1604", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1605", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1606", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1607", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1608", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1609", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "160A", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1800", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1802", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1803", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1804", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1807", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1808", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1809", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "180a", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "180b", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a00", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a02", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a03", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a04", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a05", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a06", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1c00", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1e05", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2000", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2001", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2004", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2005", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2100", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2101", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2102", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2103", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2104", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2105", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2106", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2200", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2201", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2301", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2400", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2401", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2402", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2500", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2600", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2700", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Action": "Delete" } ] }, { "File": "inetres.admx", "CategoryName": "IZ_SecurityPage", "PolicyName": "IZ_PolicyTrustedSitesZoneTemplate", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Trusted Sites Zone Template", "ExplainText": "This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.\n\nIf you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.\n\nIf you disable this template policy setting, no security level is configured.\n\nIf you do not configure this template policy setting, no security level is configured.\n\nNote. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.\n\nNote. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Trusted Sites Settings\\Template Policies", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Trusted Sites Settings\\Template Policies" ], "ValueName": "TrustedSitesZoneTemplate", "Elements": [ { "Type": "Enum", "ValueName": "Trusted Sites", "Items": [ { "DisplayName": "Low", "Data": "1", "ValueList": [{"ValueName": "1001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "1"}, {"ValueName": "1200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "1"}, {"ValueName": "1206", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1207", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1208", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1209", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "120a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "120b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "120c", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1405", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1406", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1407", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1409", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "1601", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1604", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1605", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1606", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1607", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1608", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1609", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "1"}, {"ValueName": "160A", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1800", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1802", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1803", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1804", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1807", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1808", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1809", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "180a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "180b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "1"}, {"ValueName": "1a00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1a02", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1a03", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1a04", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1a05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1a06", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1c00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "196608"}, {"ValueName": "1e05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "196608"}, {"ValueName": "2000", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2005", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2100", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2101", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "1"}, {"ValueName": "2102", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2103", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2104", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2105", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2106", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2300", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "1"}, {"ValueName": "2301", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "2400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2401", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2500", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "2600", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2700", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}] }, { "DisplayName": "Medium Low", "Data": "2", "ValueList": [{"ValueName": "1001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "1"}, {"ValueName": "1004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "1200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "1206", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1207", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1208", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1209", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "120a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "120b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "120c", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1405", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1406", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "1"}, {"ValueName": "1407", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1409", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "1601", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1604", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1605", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1606", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1607", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1608", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1609", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "1"}, {"ValueName": "160A", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1800", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "1"}, {"ValueName": "1802", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1803", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1804", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "1"}, {"ValueName": "1807", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1808", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1809", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "180a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "180b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "1"}, {"ValueName": "1a00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "131072"}, {"ValueName": "1a02", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1a03", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1a04", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1a05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1a06", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1c00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "131072"}, {"ValueName": "1e05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "131072"}, {"ValueName": "2000", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2005", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2100", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2101", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2102", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2103", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2104", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2105", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2106", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2300", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "1"}, {"ValueName": "2301", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "2400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2401", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2500", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "2600", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2700", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}] }, { "DisplayName": "Medium", "Data": "3", "ValueList": [{"ValueName": "1001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "1"}, {"ValueName": "1004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "1200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "1206", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "1207", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1208", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1209", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "120a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "120b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "120c", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1405", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1406", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "1407", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "1"}, {"ValueName": "1409", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1601", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1604", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1605", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1606", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1607", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "1608", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1609", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "1"}, {"ValueName": "160A", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1800", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "1"}, {"ValueName": "1802", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1803", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1804", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "1"}, {"ValueName": "1807", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "1"}, {"ValueName": "1808", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1809", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "180a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "180b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "1"}, {"ValueName": "1a00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "131072"}, {"ValueName": "1a02", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1a03", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1a04", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "1a05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "1"}, {"ValueName": "1a06", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1c00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "65536"}, {"ValueName": "1e05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "131072"}, {"ValueName": "2000", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2005", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2100", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2101", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2102", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "2103", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2104", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "2105", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2106", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "2201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "2300", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "1"}, {"ValueName": "2301", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2401", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2500", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "2600", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2700", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}] }, { "DisplayName": "Medium High", "Data": "5", "ValueList": [{"ValueName": "1001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "1"}, {"ValueName": "1004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "1200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "1206", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "1207", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "1208", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "1209", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "120a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "120b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "120c", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "1400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1405", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1406", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "1407", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "1"}, {"ValueName": "1409", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1601", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1604", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1605", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1606", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1607", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "1608", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1609", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "1"}, {"ValueName": "160A", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "1800", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "1"}, {"ValueName": "1802", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1803", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1804", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "1"}, {"ValueName": "1807", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "1"}, {"ValueName": "1808", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1809", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "180a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "180b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "1"}, {"ValueName": "1a00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "131072"}, {"ValueName": "1a02", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1a03", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1a04", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "1a05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "1"}, {"ValueName": "1a06", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1c00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "65536"}, {"ValueName": "1e05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "131072"}, {"ValueName": "2000", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2005", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "2100", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2101", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2102", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "2103", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "2104", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "2105", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "2106", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "2201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "2300", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "1"}, {"ValueName": "2301", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2401", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2500", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "2600", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2700", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}] }, { "DisplayName": "High", "Data": "4", "ValueList": [{"ValueName": "1001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "1004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "1200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "1201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "1206", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "1207", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "1208", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "1209", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "120a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "120b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "120c", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "1400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "1402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "1405", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "1406", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "1407", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "1409", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1601", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "1"}, {"ValueName": "1604", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "1605", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1606", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "1607", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "1608", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "1609", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "1"}, {"ValueName": "160A", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "1800", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "1802", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "1"}, {"ValueName": "1803", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "1804", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "1807", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "1"}, {"ValueName": "1808", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1809", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "180a", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "180b", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "1"}, {"ValueName": "1a00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "65536"}, {"ValueName": "1a02", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "1a03", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "1a04", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "1a05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "1a06", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "1c00", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "1e05", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "65536"}, {"ValueName": "2000", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "2001", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "2004", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "2005", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "2100", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "2101", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "2102", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "2103", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "2104", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "2105", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "2106", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "2200", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "2201", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "2300", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "2301", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}, {"ValueName": "2400", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "2401", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "2402", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "2500", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "2600", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "3"}, {"ValueName": "2700", "KeyPath": ["HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"], "Data": "0"}] } ], "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" }, { "Type": "DisabledList", "ValueName": "1001", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1004", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1200", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1201", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1206", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1207", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1208", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1209", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "120a", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1400", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1402", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1405", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1406", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1407", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1601", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1604", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1605", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1606", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1607", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1608", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1609", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "160A", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1800", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1802", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1803", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1804", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1807", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1808", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1809", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "180a", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "180b", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a00", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a02", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a03", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a04", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a05", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1a06", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1c00", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "1e05", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2000", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2001", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2004", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2005", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2100", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2101", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2102", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2103", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2104", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2105", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2200", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2201", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2300", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2301", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2400", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2401", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2402", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2500", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" }, { "Type": "DisabledList", "ValueName": "2600", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Action": "Delete" } ] }, { "File": "inetres.admx", "CategoryName": "IZ_SecurityPage", "PolicyName": "IZ_ProxyByPass", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Intranet Sites: Include all sites that bypass the proxy server", "ExplainText": "This policy setting controls whether sites which bypass the proxy server are mapped into the local Intranet security zone.\n\nIf you enable this policy setting, sites which bypass the proxy server are mapped into the Intranet Zone.\n\nIf you disable this policy setting, sites which bypass the proxy server aren't necessarily mapped into the Intranet Zone (other rules might map one there).\n\nIf you do not configure this policy setting, users choose whether sites which bypass the proxy server are mapped into the Intranet Zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap" ], "ValueName": "ProxyByPass", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IZ_SecurityPage", "PolicyName": "IZ_UNCAsIntranet", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Intranet Sites: Include all network paths (UNCs)", "ExplainText": "This policy setting controls whether URLs representing UNCs are mapped into the local Intranet security zone.\n\nIf you enable this policy setting, all network paths are mapped into the Intranet Zone.\n\nIf you disable this policy setting, network paths are not necessarily mapped into the Intranet Zone (other rules might map one there).\n\nIf you do not configure this policy setting, users choose whether network paths are mapped into the Intranet Zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap" ], "ValueName": "UNCAsIntranet", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IZ_SecurityPage", "PolicyName": "IZ_Zonemaps", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Site to Zone Assignment List", "ExplainText": "This policy setting allows you to manage a list of sites that you want to associate with a particular security zone. These zone numbers have associated security settings that apply to all of the sites in the zone.\n\nInternet Explorer has 4 security zones, numbered 1-4, and these are used by this policy setting to associate sites to zones. They are: (1) Intranet zone, (2) Trusted Sites zone, (3) Internet zone, and (4) Restricted Sites zone. Security settings can be set for each of these zones through other policy settings, and their default settings are: Trusted Sites zone (Low template), Intranet zone (Medium-Low template), Internet zone (Medium template), and Restricted Sites zone (High template). (The Local Machine zone and its locked down equivalent have special security settings that protect your local computer.)\n\nIf you enable this policy setting, you can enter a list of sites and their related zone numbers. The association of a site with a zone will ensure that the security settings for the specified zone are applied to the site.\u00a0 For each entry that you add to the list, enter the following information:\n\nValuename \u2013 A host for an intranet site, or a fully qualified domain name for other sites. The valuename may also include\u00a0a specific\u00a0protocol. For example, if you enter http://www.contoso.com\u00a0as the valuename, other protocols are not affected.\u00a0If you enter just www.contoso.com,\u00a0then all protocols\u00a0are affected for that site, including http, https, ftp, and so on. The site may also be expressed as an IP address (e.g., 127.0.0.1) or range (e.g., 127.0.0.1-10). To avoid creating conflicting policies, do not include additional characters after the domain such as trailing slashes or URL path. For example, policy settings for www.contoso.com and www.contoso.com/mail would be treated as the same policy setting by Internet Explorer, and would therefore be in conflict.\n\nValue - A number indicating the zone with which this site should be associated for security settings. The Internet Explorer zones described above are 1-4.\n\nIf you disable or do not configure this policy, users may choose their own site-to-zone assignments.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings" ], "ValueName": "ListBox_Support_ZoneMapKey", "Elements": [ { "Type": "List", "ValueName": null, "ClientExtension": "{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMapKey", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMapKey" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IZ_SecurityPage", "PolicyName": "SecurityPage_AutoDetect", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn on automatic detection of intranet", "ExplainText": "This policy setting enables intranet mapping rules to be applied automatically if the computer belongs to a domain.\n\nIf you enable this policy setting, automatic detection of the intranet is turned on, and intranet mapping rules are applied automatically if the computer belongs to a domain.\n\nIf you disable this policy setting, automatic detection of the intranet is turned off, and intranet mapping rules are applied however they are configured.\n\nIf this policy setting is not configured, the user can choose whether or not to automatically detect the intranet through the intranet settings dialog in Control Panel.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap" ], "ValueName": "AutoDetect", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IZ_SecurityPage", "PolicyName": "SecurityPage_WarnOnIntranet", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn on Notification bar notification for intranet content", "ExplainText": "This policy setting causes a Notification bar notification to appear when intranet content is loaded and the intranet mapping rules have not been configured. The Notification bar allows the user to enable intranet mappings, if they require them.\n\nIf you enable this policy setting, a Notification bar notification appears whenever the user browses to a page that loads content from an intranet site.\n\nIf you disable this policy setting, a Notification bar notification does not appear when the user loads content from an intranet site that is being treated as though it is in the Internet zone.\n\nIf this policy setting is not configured, a Notification bar notification appears for intranet content loaded on a browser on a computer that is not a domain member, until the user turns off the Notification bar.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings" ], "ValueName": "WarnOnIntranet", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_Policy_AddressStatusBar_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow websites to open windows without status bar or Address bar", "ExplainText": "This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.\n\nIf you enable this policy setting, websites can open new Internet Explorer windows that have no status bar or Address bar.\n\nIf you disable this policy setting, websites cannot open new Internet Explorer windows that have no status bar or Address bar.\n\nIf you do not configure this policy setting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "2104", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_Policy_AllowDynsrcPlayback_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow video and animation on a webpage that uses an older media player", "ExplainText": "This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed, because this involves external controls or media players.\n\nThe dynsrc attribute on the img tag specifies an older media player. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files.\n\nIf you enable this policy setting, video and animation can be played through older media players in specified zones.\n\nIf you disable this policy setting, video and animation cannot be played through older media players.\n\nIf you do not configure this policy setting, video and animation can be played through older media players in specified zones.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "120A", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_Policy_AllowScriptlets_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow scriptlets", "ExplainText": "This policy setting allows you to manage whether the user can run scriptlets.\n\nIf you enable this policy setting, the user can run scriptlets.\n\nIf you disable this policy setting, the user cannot run scriptlets.\n\nIf you do not configure this policy setting, the user can enable or disable scriptlets.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1209", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_Policy_FirstRunOptIn_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn off first-run prompt", "ExplainText": "This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer, he or she may be prompted to approve the control. This policy setting determines whether the user is prompted.\n\nIf you enable this policy setting, the first-run prompt is turned off in the corresponding zone.\n\nIf you disable this policy setting, the first-run prompt is turned on in the corresponding zone.\n\nIf you do not configure this policy setting, the first-run prompt is turned on by default.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1208", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_Policy_LocalPathForUpload_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Include local path when user is uploading files to a server", "ExplainText": "This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent, some information may be unintentionally revealed to the server. For instance, files sent from the user's desktop may contain the user name as a part of the path.\n\nIf you enable this policy setting, path information is sent when the user is uploading a file via an HTML form.\n\nIf you disable this policy setting, path information is removed when the user is uploading a file via an HTML form.\n\nIf you do not configure this policy setting, the user can choose whether path information is sent when he or she is uploading a file via an HTML form. By default, path information is sent.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "160A", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_Policy_Phishing_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn on SmartScreen Filter scan", "ExplainText": "This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.\n\nIf you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.\n\nIf you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.\n\nIf you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.\n\nNote: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "2301", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_Policy_ScriptPrompt_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow websites to prompt for information by using scripted windows", "ExplainText": "This policy setting determines whether scripted windows are automatically displayed.\n\nIf you enable this policy setting, scripted windows are displayed.\n\nIf you disable this policy setting, the user must choose to display any scripted windows by using the Notification bar.\n\nIf you do not configure this policy setting, the user can enable or disable the Notification bar behavior.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "2105", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_Policy_ScriptStatusBar_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow updates to status bar via script", "ExplainText": "This policy setting allows you to manage whether script is allowed to update the status bar within the zone.\n\nIf you enable this policy setting, script is allowed to update the status bar.\n\nIf you disable or do not configure this policy setting, script is allowed to update the status bar.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "2103", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_Policy_TurnOnProtectedMode_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7VISTA - At least Internet Explorer 7.0 in Windows Vista", "DisplayName": "Turn on Protected Mode", "ExplainText": "This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.\n\nIf you enable this policy setting, Protected Mode is turned on. The user cannot turn off Protected Mode.\n\nIf you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode.\n\nIf you do not configure this policy setting, the user can turn on or turn off Protected Mode.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "2500", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_Policy_UnsafeFiles_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Show security warning for potentially unsafe files", "ExplainText": "This policy setting controls whether or not the \"Open File - Security Warning\" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer, for example).\n\nIf you enable this policy setting and set the drop-down box to Enable, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open.\n\nIf you disable this policy setting, these files do not open.\n\nIf you do not configure this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zones.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1806", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_Policy_WebBrowserApps_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow loading of XAML Browser Applications", "ExplainText": "This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOnce-deployed applications built via WinFX. These applications run in a security sandbox and take advantage of the Windows Presentation Foundation platform for the web.\n\nIf you enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs.\n\nIf you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this behavior.\n\nIf you do not configure this policy setting, the user can decide whether to load XBAPs inside Internet Explorer.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "2400", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_Policy_WebBrowserControl_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow scripting of Internet Explorer WebBrowser controls", "ExplainText": "This policy setting determines whether a page can control embedded WebBrowser controls via script.\n\nIf you enable this policy setting, script access to the WebBrowser control is allowed.\n\nIf you disable this policy setting, script access to the WebBrowser control is not allowed.\n\nIf you do not configure this policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control is allowed only in the Local Machine and Intranet zones.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1206", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_Policy_WinFXRuntimeComponent_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn off .NET Framework Setup", "ExplainText": "This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.\n\nIf you enable this policy setting, .NET Framework Setup is turned off. The user cannot change this behavior.\n\nIf you disable this policy setting, .NET Framework Setup is turned on. The user cannot change this behavior.\n\nIf you do not configure this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "2600", "Items": [ { "DisplayName": "Enable", "Data": "3" }, { "DisplayName": "Disable", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_Policy_XAML_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow loading of XAML files", "ExplainText": "This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.\n\nIf you enable this policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files.\n\nIf you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this behavior.\n\nIf you do not configure this policy setting, the user can decide whether to load XAML files inside Internet Explorer.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "2402", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_Policy_XPS_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow loading of XPS files", "ExplainText": "This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms, devices, and applications.\n\nIf you enable this policy setting and set the drop-down box to Enable, XPS files are automatically loaded inside Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS files.\n\nIf you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot change this behavior.\n\nIf you do not configure this policy setting, the user can decide whether to load XPS files inside Internet Explorer.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "2401", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_PolicyAccessDataSourcesAcrossDomains_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Access data sources across domains", "ExplainText": "This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).\n\nIf you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.\n\nIf you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.\n\nIf you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1406", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_PolicyActiveScripting_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow active scripting", "ExplainText": "This policy setting allows you to manage whether script code on pages in the zone is run.\n\nIf you enable this policy setting, script code on pages in the zone can run automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow script code on pages in the zone to run.\n\nIf you disable this policy setting, script code on pages in the zone is prevented from running.\n\nIf you do not configure this policy setting, script code on pages in the zone can run automatically.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1400", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_PolicyAllowMETAREFRESH_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow META REFRESH", "ExplainText": "This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.\n\nIf you enable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page.\n\nIf you disable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page.\n\nIf you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1608", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_PolicyAllowPasteViaScript_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow cut, copy or paste operations from the clipboard via script", "ExplainText": "This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region.\n\nIf you enable this policy setting, a script can perform a clipboard operation.\n\nIf you select Prompt in the drop-down box, users are queried as to whether to perform clipboard operations.\n\nIf you disable this policy setting, a script cannot perform a clipboard operation.\n\nIf you do not configure this policy setting, a script can perform a clipboard operation.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1407", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_PolicyBinaryBehaviors_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow binary and script behaviors", "ExplainText": "This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.\n\nIf you enable this policy setting, binary and script behaviors are available. If you select Administrator approved in the drop-down box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.\n\nIf you disable this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager.\n\nIf you do not configure this policy setting, binary and script behaviors are available.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "2000", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Administrator approved", "Data": "65536" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_PolicyBlockPopupWindows_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Use Pop-up Blocker", "ExplainText": "This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.\n\nIf you enable this policy setting, most unwanted pop-up windows are prevented from appearing.\n\nIf you disable this policy setting, pop-up windows are not prevented from appearing.\n\nIf you do not configure this policy setting, pop-up windows are not prevented from appearing.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1809", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_PolicyDisplayMixedContent_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Display mixed content", "ExplainText": "This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.\n\nIf you enable this policy setting, and the drop-down box is set to Enable, the user does not receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure items?) and nonsecure content can be displayed.\n\nIf the drop-down box is set to Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content.\n\nIf you disable this policy setting, users cannot receive the security information message and nonsecure content cannot be displayed.\n\nIf you do not configure this policy setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1609", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_PolicyDownloadSignedActiveX_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Download signed ActiveX controls", "ExplainText": "This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.\n\nIf you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.\n\nIf you disable the policy setting, signed controls cannot be downloaded.\n\nIf you do not configure this policy setting, users can download signed controls without user intervention.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1001", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_PolicyDownloadUnsignedActiveX_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Download unsigned ActiveX controls", "ExplainText": "This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.\n\nIf you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run.\n\nIf you disable this policy setting, users cannot run unsigned controls.\n\nIf you do not configure this policy setting, users are queried to choose whether to allow the unsigned control to run.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1004", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_PolicyDropOrPasteFiles_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow drag and drop or copy and paste files", "ExplainText": "This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.\n\nIf you enable this policy setting, users can drag files or copy and paste files from this zone automatically. If you select Prompt in the drop-down box, users are queried to choose whether to drag or copy files from this zone.\n\nIf you disable this policy setting, users are prevented from dragging files or copying and pasting files from this zone.\n\nIf you do not configure this policy setting, users can drag files or copy and paste files from this zone automatically.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1802", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_PolicyRenderLegacyFilters_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE10 - At least Internet Explorer 10.0", "DisplayName": "Render legacy filters", "ExplainText": "This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.\n\nIf you enable this policy setting, you can control whether or not Internet Explorer renders legacy filters by selecting Enable, or Disable, under Options in Group Policy Editor.\n\nIf you disable, or do not configure this policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Internet Options dialog box. Filters are rendered by default in this zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "270B", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_PolicyFileDownload_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow file downloads", "ExplainText": "This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download, not the zone from which the file is delivered.\n\nIf you enable this policy setting, files can be downloaded from the zone.\n\nIf you disable this policy setting, files are prevented from being downloaded from the zone.\n\nIf you do not configure this policy setting, files can be downloaded from the zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1803", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_PolicyFontDownload_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow font downloads", "ExplainText": "This policy setting allows you to manage whether pages of the zone may download HTML fonts.\n\nIf you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.\n\nIf you disable this policy setting, HTML fonts are prevented from downloading.\n\nIf you do not configure this policy setting, HTML fonts can be downloaded automatically.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1604", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_PolicyInstallDesktopItems_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2_IE8 - Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive", "DisplayName": "Allow installation of desktop items", "ExplainText": "This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting, users can install desktop items from this zone automatically.\n\nIf you select Prompt in the drop-down box, users are queried to choose whether to install desktop items from this zone.\n\nIf you disable this policy setting, users are prevented from installing desktop items from this zone.\n\nIf you do not configure this policy setting, users can install desktop items from this zone automatically.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1800", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_PolicyJavaPermissions_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Java permissions", "ExplainText": "This policy setting allows you to manage permissions for Java applets.\n\nIf you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.\n\nLow Safety enables applets to perform all operations.\n\nMedium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.\n\nHigh Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.\n\nIf you disable this policy setting, Java applets cannot run.\n\nIf you do not configure this policy setting, the permission is set to Low Safety.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1C00", "Items": [ { "DisplayName": "High safety", "Data": "65536" }, { "DisplayName": "Medium safety", "Data": "131072" }, { "DisplayName": "Low safety", "Data": "196608" }, { "DisplayName": "Custom", "Data": "8388608" }, { "DisplayName": "Disable Java", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_PolicyLaunchAppsAndFilesInIFRAME_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Launching applications and files in an IFRAME", "ExplainText": "This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.\n\nIf you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.\n\nIf you disable this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.\n\nIf you do not configure this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1804", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_PolicyLogon_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Logon options", "ExplainText": "This policy setting allows you to manage settings for logon options.\n\nIf you enable this policy setting, you can choose from the following logon options.\n\nAnonymous logon to disable HTTP authentication and use the guest account only for the Common Internet File System (CIFS) protocol.\n\nPrompt for user name and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder of the session.\n\nAutomatic logon only in Intranet zone to query users for user IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session.\n\nAutomatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supported by the server, the user is queried to provide the user name and password.\n\nIf you disable this policy setting, logon is set to Automatic logon only in Intranet zone.\n\nIf you do not configure this policy setting, logon is set to Automatic logon with current username and password.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1A00", "Items": [ { "DisplayName": "Anonymous logon", "Data": "196608" }, { "DisplayName": "Automatic logon only in Intranet zone", "Data": "131072" }, { "DisplayName": "Automatic logon with current username and password", "Data": "0" }, { "DisplayName": "Prompt for user name and password", "Data": "65536" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_PolicyMimeSniffingURLaction_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Enable MIME Sniffing", "ExplainText": "This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.\n\nIf you enable this policy setting, the MIME Sniffing Safety Feature will not apply in this zone. The security zone will run without the added layer of security provided by this feature.\n\nIf you disable this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process.\n\nIf you do not configure this policy setting, the MIME Sniffing Safety Feature will not apply in this zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "2100", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Trusted", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Enable dragging of content from different domains within a window", "ExplainText": "This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.\n\nIf you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting.\n\nIf you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog.\n\nIn Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialog.\n\nIn Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "2708", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Trusted", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Enable dragging of content from different domains across windows", "ExplainText": "This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.\n\nIf you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting.\n\nIf you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain when both the source and destination are in different windows. Users cannot change this setting.\n\nIn Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are in different windows. Users can change this setting in the Internet Options dialog.\n\nIn Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "2709", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_PolicyNavigateSubframesAcrossDomains_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Navigate windows and frames across different domains", "ExplainText": "This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.\n\nIf you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.\n\nIf you disable this policy setting, users cannot open windows and frames to access applications from different domains.\n\nIf you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1607", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_PolicyNetworkProtocolLockdown_3", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow active content over restricted protocols to access my computer", "ExplainText": "This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script, ActiveX, Java and Binary Behaviors. The list of restricted protocols may be set in the Intranet Zone Restricted Protocols section under Network Protocol Lockdown policy.\n\nIf you enable this policy setting, no Intranet Zone content accessed is affected, even for protocols on the restricted list. If you select Prompt from the drop-down box, the Notification bar will appear to allow control over questionable content accessed over any restricted protocols; content over other protocols is unaffected.\n\nIf you disable this policy setting, all attempts to access such content over the restricted protocols is blocked.\n\nIf you do not configure this policy setting, the Notification bar will appear to allow control over questionable content accessed over any restricted protocols when the Network Protocol Lockdown security feature is enabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "2300", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_PolicyNoPromptForOneOrNoClientCertificate_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Do not prompt for client certificate selection when no certificates or only one certificate exists.", "ExplainText": "This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.\n\nIf you enable this policy setting, Internet Explorer does not prompt users with a \"Client Authentication\" message when they connect to a Web site that has no certificate or only one certificate.\n\nIf you disable this policy setting, Internet Explorer prompts users with a \"Client Authentication\" message when they connect to a Web site that has no certificate or only one certificate.\n\nIf you do not configure this policy setting, Internet Explorer does not prompt users with a \"Client Authentication\" message when they connect to a Web site that has no certificate or only one certificate.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1A04", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_PolicyNotificationBarActiveXURLaction_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Automatic prompting for ActiveX controls", "ExplainText": "This policy setting manages whether users will be automatically prompted for ActiveX control installations.\n\nIf you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.\n\nIf you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.\n\nIf you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "2201", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_PolicyNotificationBarDownloadURLaction_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Automatic prompting for file downloads", "ExplainText": "This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.\n\nIf you enable this setting, users will receive a file download dialog for automatic download attempts.\n\nIf you disable or do not configure this setting, users will receive a file download dialog for automatic download attempts.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "2200", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_PolicyRunActiveXControls_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Run ActiveX controls and plugins", "ExplainText": "This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.\n\nIf you enable this policy setting, controls and plug-ins can run without user intervention.\n\nIf you selected Prompt in the drop-down box, users are asked to choose whether to allow the controls or plug-in to run.\n\nIf you disable this policy setting, controls and plug-ins are prevented from running.\n\nIf you do not configure this policy setting, controls and plug-ins can run without user intervention.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1200", "Items": [ { "DisplayName": "Administrator approved", "Data": "65536" }, { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_PolicyScriptActiveXMarkedSafe_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Script ActiveX controls marked safe for scripting", "ExplainText": "This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.\n\nIf you enable this policy setting, script interaction can occur automatically without user intervention.\n\nIf you select Prompt in the drop-down box, users are queried to choose whether to allow script interaction.\n\nIf you disable this policy setting, script interaction is prevented from occurring.\n\nIf you do not configure this policy setting, script interaction can occur automatically without user intervention.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1405", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_PolicyAntiMalwareCheckingOfActiveXControls_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11 - At least Internet Explorer 11.0", "DisplayName": "Don't run antimalware programs against ActiveX controls", "ExplainText": "This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.\n\nIf you enable this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.\n\nIf you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.\n\nIf you don't configure this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "270C", "Items": [ { "DisplayName": "Enable", "Data": "3" }, { "DisplayName": "Disable", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_PolicyScriptActiveXNotMarkedSafe_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Initialize and script ActiveX controls not marked as safe", "ExplainText": "This policy setting allows you to manage ActiveX controls not marked as safe.\n\nIf you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.\n\nIf you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.\n\nIf you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.\n\nIf you do not configure this policy setting, users are queried whether to allow the control to be loaded with parameters or scripted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1201", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_PolicyScriptingOfJavaApplets_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Scripting of Java applets", "ExplainText": "This policy setting allows you to manage whether applets are exposed to scripts within the zone.\n\nIf you enable this policy setting, scripts can access applets automatically without user intervention.\n\nIf you select Prompt in the drop-down box, users are queried to choose whether to allow scripts to access applets.\n\nIf you disable this policy setting, scripts are prevented from accessing applets.\n\nIf you do not configure this policy setting, scripts can access applets automatically without user intervention.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1402", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_PolicySignedFrameworkComponentsURLaction_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Run .NET Framework-reliant components signed with Authenticode", "ExplainText": "This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.\n\nIf you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components.\n\nIf you disable this policy setting, Internet Explorer will not execute signed managed components.\n\nIf you do not configure this policy setting, Internet Explorer will execute signed managed components.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "2001", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_PolicySoftwareChannelPermissions_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2_IE7 - Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive", "DisplayName": "Software channel permissions", "ExplainText": "This policy setting allows you to manage software channel permissions.\n\nIf you enable this policy setting, you can choose the following options from the drop-down box.\n\nLow safety to allow users to be notified of software updates by e-mail, software packages to be automatically downloaded to users' computers, and software packages to be automatically installed on users' computers.\n\nMedium safety to allow users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' computers.\n\nHigh safety to prevent users from being notified of software updates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatically installed on users' computers.\n\nIf you disable this policy setting, permissions are set to high safety.\n\nIf you do not configure this policy setting, permissions are set to Low safety.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1E05", "Items": [ { "DisplayName": "High safety", "Data": "65536" }, { "DisplayName": "Medium safety", "Data": "131072" }, { "DisplayName": "Low safety", "Data": "196608" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_PolicySubmitNonencryptedFormData_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Submit non-encrypted form data", "ExplainText": "This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.\n\nIf you enable this policy setting, information using HTML forms on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted.\n\nIf you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted.\n\nIf you do not configure this policy setting, information using HTML forms on pages in this zone can be submitted automatically.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1601", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_PolicyUnsignedFrameworkComponentsURLaction_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Run .NET Framework-reliant components not signed with Authenticode", "ExplainText": "This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.\n\nIf you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.\n\nIf you disable this policy setting, Internet Explorer will not execute unsigned managed components.\n\nIf you do not configure this policy setting, Internet Explorer will execute unsigned managed components.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "2004", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_PolicyUserdataPersistence_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Userdata persistence", "ExplainText": "This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.\n\nIf you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.\n\nIf you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.\n\nIf you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1606", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_PolicyWindowsRestrictionsURLaction_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow script-initiated windows without size or position constraints", "ExplainText": "This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.\n\nIf you enable this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature.\n\nIf you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.\n\nIf you do not configure this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "2102", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_PolicyZoneElevationURLaction_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Web sites in less privileged Web content zones can navigate into this zone", "ExplainText": "This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone.\n\nIf you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.\n\nIf you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.\n\nIf you do not configure this policy setting, a warning is issued to the user that potentially risky navigation is about to occur.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "2101", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_PolicyAllowVBScript_5", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11 - At least Internet Explorer 11.0", "DisplayName": "Allow VBScript to run in Internet Explorer", "ExplainText": "This policy setting allows you to manage whether VBScript can be run on pages from the specified zone in Internet Explorer.\n\nIf you selected Enable in the drop-down box, VBScript can run without user intervention.\n\nIf you selected Prompt in the drop-down box, users are asked to choose whether to allow VBScript to run.\n\nIf you selected Disable in the drop-down box, VBScript is prevented from running.\n\nIf you do not configure or disable this policy setting, VBScript will run without user intervention.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "140C", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_Policy_AddressStatusBar_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow websites to open windows without status bar or Address bar", "ExplainText": "This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.\n\nIf you enable this policy setting, websites can open new Internet Explorer windows that have no status bar or Address bar.\n\nIf you disable this policy setting, websites cannot open new Internet Explorer windows that have no status bar or Address bar.\n\nIf you do not configure this policy setting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "2104", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_Policy_AllowDynsrcPlayback_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow video and animation on a webpage that uses an older media player", "ExplainText": "This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed, because this involves external controls or media players.\n\nThe dynsrc attribute on the img tag specifies an older media player. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files.\n\nIf you enable this policy setting, video and animation can be played through older media players in specified zones.\n\nIf you disable this policy setting, video and animation cannot be played through older media players.\n\nIf you do not configure this policy setting, video and animation can be played through older media players in specified zones.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "120A", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_Policy_AllowScriptlets_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow scriptlets", "ExplainText": "This policy setting allows you to manage whether the user can run scriptlets.\n\nIf you enable this policy setting, the user can run scriptlets.\n\nIf you disable this policy setting, the user cannot run scriptlets.\n\nIf you do not configure this policy setting, the user can enable or disable scriptlets.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1209", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_Policy_FirstRunOptIn_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn off first-run prompt", "ExplainText": "This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer, he or she may be prompted to approve the control. This policy setting determines whether the user is prompted.\n\nIf you enable this policy setting, the first-run prompt is turned off in the corresponding zone.\n\nIf you disable this policy setting, the first-run prompt is turned on in the corresponding zone.\n\nIf you do not configure this policy setting, the first-run prompt is turned off by default.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1208", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_Policy_LocalPathForUpload_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Include local path when user is uploading files to a server", "ExplainText": "This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent, some information may be unintentionally revealed to the server. For instance, files sent from the user's desktop may contain the user name as a part of the path.\n\nIf you enable this policy setting, path information is sent when the user is uploading a file via an HTML form.\n\nIf you disable this policy setting, path information is removed when the user is uploading a file via an HTML form.\n\nIf you do not configure this policy setting, the user can choose whether path information is sent when he or she is uploading a file via an HTML form. By default, path information is sent.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "160A", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_Policy_Phishing_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn on SmartScreen Filter scan", "ExplainText": "This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.\n\nIf you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.\n\nIf you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.\n\nIf you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.\n\nNote: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "2301", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_Policy_ScriptPrompt_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow websites to prompt for information by using scripted windows", "ExplainText": "This policy setting determines whether scripted windows are automatically displayed.\n\nIf you enable this policy setting, scripted windows are displayed.\n\nIf you disable this policy setting, the user must choose to display any scripted windows by using the Notification bar.\n\nIf you do not configure this policy setting, the user can enable or disable the Notification bar behavior.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "2105", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_Policy_ScriptStatusBar_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow updates to status bar via script", "ExplainText": "This policy setting allows you to manage whether script is allowed to update the status bar within the zone.\n\nIf you enable this policy setting, script is allowed to update the status bar.\n\nIf you disable or do not configure this policy setting, script is not allowed to update the status bar.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "2103", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_Policy_TurnOnProtectedMode_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7VISTA - At least Internet Explorer 7.0 in Windows Vista", "DisplayName": "Turn on Protected Mode", "ExplainText": "This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.\n\nIf you enable this policy setting, Protected Mode is turned on. The user cannot turn off Protected Mode.\n\nIf you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode.\n\nIf you do not configure this policy setting, the user can turn on or turn off Protected Mode.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "2500", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_Policy_UnsafeFiles_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Show security warning for potentially unsafe files", "ExplainText": "This policy setting controls whether or not the \"Open File - Security Warning\" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer, for example).\n\nIf you enable this policy setting and set the drop-down box to Enable, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open.\n\nIf you disable this policy setting, these files do not open.\n\nIf you do not configure this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zones.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1806", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_Policy_WebBrowserApps_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow loading of XAML Browser Applications", "ExplainText": "This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOnce-deployed applications built via WinFX. These applications run in a security sandbox and take advantage of the Windows Presentation Foundation platform for the web.\n\nIf you enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs.\n\nIf you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this behavior.\n\nIf you do not configure this policy setting, the user can decide whether to load XBAPs inside Internet Explorer.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "2400", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_Policy_WebBrowserControl_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow scripting of Internet Explorer WebBrowser controls", "ExplainText": "This policy setting determines whether a page can control embedded WebBrowser controls via script.\n\nIf you enable this policy setting, script access to the WebBrowser control is allowed.\n\nIf you disable this policy setting, script access to the WebBrowser control is not allowed.\n\nIf you do not configure this policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control is allowed only in the Local Machine and Intranet zones.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1206", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_Policy_WinFXRuntimeComponent_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn off .NET Framework Setup", "ExplainText": "This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.\n\nIf you enable this policy setting, .NET Framework Setup is turned off. The user cannot change this behavior.\n\nIf you disable this policy setting, .NET Framework Setup is turned on. The user cannot change this behavior.\n\nIf you do not configure this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "2600", "Items": [ { "DisplayName": "Enable", "Data": "3" }, { "DisplayName": "Disable", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_Policy_XAML_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow loading of XAML files", "ExplainText": "This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.\n\nIf you enable this policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files.\n\nIf you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this behavior.\n\nIf you do not configure this policy setting, the user can decide whether to load XAML files inside Internet Explorer.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "2402", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_Policy_XPS_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow loading of XPS files", "ExplainText": "This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms, devices, and applications.\n\nIf you enable this policy setting and set the drop-down box to Enable, XPS files are automatically loaded inside Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS files.\n\nIf you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot change this behavior.\n\nIf you do not configure this policy setting, the user can decide whether to load XPS files inside Internet Explorer.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "2401", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_PolicyAccessDataSourcesAcrossDomains_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Access data sources across domains", "ExplainText": "This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).\n\nIf you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.\n\nIf you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.\n\nIf you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1406", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_PolicyActiveScripting_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow active scripting", "ExplainText": "This policy setting allows you to manage whether script code on pages in the zone is run.\n\nIf you enable this policy setting, script code on pages in the zone can run automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow script code on pages in the zone to run.\n\nIf you disable this policy setting, script code on pages in the zone is prevented from running.\n\nIf you do not configure this policy setting, users are queried to choose whether to allow script code on pages in the Local Machine zone to run.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1400", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_PolicyAllowMETAREFRESH_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow META REFRESH", "ExplainText": "This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.\n\nIf you enable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page.\n\nIf you disable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page.\n\nIf you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1608", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_PolicyAllowPasteViaScript_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow cut, copy or paste operations from the clipboard via script", "ExplainText": "This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region.\n\nIf you enable this policy setting, a script can perform a clipboard operation.\n\nIf you select Prompt in the drop-down box, users are queried as to whether to perform clipboard operations.\n\nIf you disable this policy setting, a script cannot perform a clipboard operation.\n\nIf you do not configure this policy setting, a script can perform a clipboard operation.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1407", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_PolicyBinaryBehaviors_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow binary and script behaviors", "ExplainText": "This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.\n\nIf you enable this policy setting, binary and script behaviors are available. If you select Administrator approved in the drop-down box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.\n\nIf you disable this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager.\n\nIf you do not configure this policy setting, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "2000", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Administrator approved", "Data": "65536" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_PolicyBlockPopupWindows_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Use Pop-up Blocker", "ExplainText": "This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.\n\nIf you enable this policy setting, most unwanted pop-up windows are prevented from appearing.\n\nIf you disable this policy setting, pop-up windows are not prevented from appearing.\n\nIf you do not configure this policy setting, pop-up windows are not prevented from appearing.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1809", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_PolicyDisplayMixedContent_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Display mixed content", "ExplainText": "This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.\n\nIf you enable this policy setting, and the drop-down box is set to Enable, the user does not receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure items?) and nonsecure content can be displayed.\n\nIf the drop-down box is set to Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content.\n\nIf you disable this policy setting, users cannot receive the security information message and nonsecure content cannot be displayed.\n\nIf you do not configure this policy setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1609", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_PolicyDownloadSignedActiveX_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Download signed ActiveX controls", "ExplainText": "This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.\n\nIf you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.\n\nIf you disable the policy setting, signed controls cannot be downloaded.\n\nIf you do not configure this policy setting, users can download signed controls without user intervention.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1001", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_PolicyDownloadUnsignedActiveX_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Download unsigned ActiveX controls", "ExplainText": "This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.\n\nIf you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run.\n\nIf you disable this policy setting, users cannot run unsigned controls.\n\nIf you do not configure this policy setting, users cannot run unsigned controls.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1004", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_PolicyDropOrPasteFiles_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow drag and drop or copy and paste files", "ExplainText": "This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.\n\nIf you enable this policy setting, users can drag files or copy and paste files from this zone automatically. If you select Prompt in the drop-down box, users are queried to choose whether to drag or copy files from this zone.\n\nIf you disable this policy setting, users are prevented from dragging files or copying and pasting files from this zone.\n\nIf you do not configure this policy setting, users can drag files or copy and paste files from this zone automatically.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1802", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_PolicyRenderLegacyFilters_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE10 - At least Internet Explorer 10.0", "DisplayName": "Render legacy filters", "ExplainText": "This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.\n\nIf you enable this policy setting, you can control whether or not Internet Explorer renders legacy filters by selecting Enable, or Disable, under Options in Group Policy Editor.\n\nIf you disable, or do not configure this policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Internet Options dialog box. Filters are rendered by default in this zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "270B", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_PolicyFileDownload_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow file downloads", "ExplainText": "This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download, not the zone from which the file is delivered.\n\nIf you enable this policy setting, files can be downloaded from the zone.\n\nIf you disable this policy setting, files are prevented from being downloaded from the zone.\n\nIf you do not configure this policy setting, files can be downloaded from the zone.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1803", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_PolicyFontDownload_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow font downloads", "ExplainText": "This policy setting allows you to manage whether pages of the zone may download HTML fonts.\n\nIf you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.\n\nIf you disable this policy setting, HTML fonts are prevented from downloading.\n\nIf you do not configure this policy setting, HTML fonts can be downloaded automatically.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1604", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_PolicyInstallDesktopItems_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2_IE8 - Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive", "DisplayName": "Allow installation of desktop items", "ExplainText": "This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting, users can install desktop items from this zone automatically.\n\nIf you select Prompt in the drop-down box, users are queried to choose whether to install desktop items from this zone.\n\nIf you disable this policy setting, users are prevented from installing desktop items from this zone.\n\nIf you do not configure this policy setting, users can install desktop items from this zone automatically.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1800", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_PolicyJavaPermissions_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Java permissions", "ExplainText": "This policy setting allows you to manage permissions for Java applets.\n\nIf you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.\n\nLow Safety enables applets to perform all operations.\n\nMedium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.\n\nHigh Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.\n\nIf you disable this policy setting, Java applets cannot run.\n\nIf you do not configure this policy setting, Java applets are disabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1C00", "Items": [ { "DisplayName": "High safety", "Data": "65536" }, { "DisplayName": "Medium safety", "Data": "131072" }, { "DisplayName": "Low safety", "Data": "196608" }, { "DisplayName": "Custom", "Data": "8388608" }, { "DisplayName": "Disable Java", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_PolicyLaunchAppsAndFilesInIFRAME_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Launching applications and files in an IFRAME", "ExplainText": "This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.\n\nIf you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.\n\nIf you disable this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.\n\nIf you do not configure this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1804", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_PolicyLogon_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Logon options", "ExplainText": "This policy setting allows you to manage settings for logon options.\n\nIf you enable this policy setting, you can choose from the following logon options.\n\nAnonymous logon to disable HTTP authentication and use the guest account only for the Common Internet File System (CIFS) protocol.\n\nPrompt for user name and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder of the session.\n\nAutomatic logon only in Intranet zone to query users for user IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session.\n\nAutomatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supported by the server, the user is queried to provide the user name and password.\n\nIf you disable this policy setting, logon is set to Automatic logon only in Intranet zone.\n\nIf you do not configure this policy setting, logon is set to Automatic logon with current username and password.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1A00", "Items": [ { "DisplayName": "Anonymous logon", "Data": "196608" }, { "DisplayName": "Automatic logon only in Intranet zone", "Data": "131072" }, { "DisplayName": "Automatic logon with current username and password", "Data": "0" }, { "DisplayName": "Prompt for user name and password", "Data": "65536" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_PolicyMimeSniffingURLaction_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Enable MIME Sniffing", "ExplainText": "This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.\n\nIf you enable this policy setting, the MIME Sniffing Safety Feature will not apply in this zone. The security zone will run without the added layer of security provided by this feature.\n\nIf you disable this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process.\n\nIf you do not configure this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "2100", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_TrustedLockdown", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Enable dragging of content from different domains within a window", "ExplainText": "This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.\n\nIf you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting.\n\nIf you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog.\n\nIn Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialog.\n\nIn Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "2708", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_TrustedLockdown", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Enable dragging of content from different domains across windows", "ExplainText": "This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.\n\nIf you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting.\n\nIf you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain when both the source and destination are in different windows. Users cannot change this setting.\n\nIn Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are in different windows. Users can change this setting in the Internet Options dialog.\n\nIn Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "2709", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_PolicyNavigateSubframesAcrossDomains_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Navigate windows and frames across different domains", "ExplainText": "This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.\n\nIf you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.\n\nIf you disable this policy setting, users cannot open windows and frames to access applications from different domains.\n\nIf you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1607", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_PolicyNoPromptForOneOrNoClientCertificate_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Do not prompt for client certificate selection when no certificates or only one certificate exists.", "ExplainText": "This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.\n\nIf you enable this policy setting, Internet Explorer does not prompt users with a \"Client Authentication\" message when they connect to a Web site that has no certificate or only one certificate.\n\nIf you disable this policy setting, Internet Explorer prompts users with a \"Client Authentication\" message when they connect to a Web site that has no certificate or only one certificate.\n\nIf you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1A04", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_PolicyNotificationBarActiveXURLaction_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Automatic prompting for ActiveX controls", "ExplainText": "This policy setting manages whether users will be automatically prompted for ActiveX control installations.\n\nIf you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.\n\nIf you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.\n\nIf you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "2201", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_PolicyNotificationBarDownloadURLaction_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Automatic prompting for file downloads", "ExplainText": "This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.\n\nIf you enable this setting, users will receive a file download dialog for automatic download attempts.\n\nIf you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "2200", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_PolicyRunActiveXControls_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Run ActiveX controls and plugins", "ExplainText": "This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.\n\nIf you enable this policy setting, controls and plug-ins can run without user intervention.\n\nIf you selected Prompt in the drop-down box, users are asked to choose whether to allow the controls or plug-in to run.\n\nIf you disable this policy setting, controls and plug-ins are prevented from running.\n\nIf you do not configure this policy setting, controls and plug-ins are prevented from running.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1200", "Items": [ { "DisplayName": "Administrator approved", "Data": "65536" }, { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_PolicyScriptActiveXMarkedSafe_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Script ActiveX controls marked safe for scripting", "ExplainText": "This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.\n\nIf you enable this policy setting, script interaction can occur automatically without user intervention.\n\nIf you select Prompt in the drop-down box, users are queried to choose whether to allow script interaction.\n\nIf you disable this policy setting, script interaction is prevented from occurring.\n\nIf you do not configure this policy setting, script interaction can occur automatically without user intervention.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1405", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_PolicyAntiMalwareCheckingOfActiveXControls_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11 - At least Internet Explorer 11.0", "DisplayName": "Don't run antimalware programs against ActiveX controls", "ExplainText": "This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.\n\nIf you enable this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.\n\nIf you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.\n\nIf you don't configure this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "270C", "Items": [ { "DisplayName": "Enable", "Data": "3" }, { "DisplayName": "Disable", "Data": "0" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_PolicyScriptActiveXNotMarkedSafe_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Initialize and script ActiveX controls not marked as safe", "ExplainText": "This policy setting allows you to manage ActiveX controls not marked as safe.\n\nIf you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.\n\nIf you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.\n\nIf you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.\n\nIf you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1201", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_PolicyScriptingOfJavaApplets_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Scripting of Java applets", "ExplainText": "This policy setting allows you to manage whether applets are exposed to scripts within the zone.\n\nIf you enable this policy setting, scripts can access applets automatically without user intervention.\n\nIf you select Prompt in the drop-down box, users are queried to choose whether to allow scripts to access applets.\n\nIf you disable this policy setting, scripts are prevented from accessing applets.\n\nIf you do not configure this policy setting, scripts can access applets automatically without user intervention.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1402", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_PolicySignedFrameworkComponentsURLaction_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Run .NET Framework-reliant components signed with Authenticode", "ExplainText": "This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.\n\nIf you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components.\n\nIf you disable this policy setting, Internet Explorer will not execute signed managed components.\n\nIf you do not configure this policy setting, Internet Explorer will not execute signed managed components.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "2001", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_PolicySoftwareChannelPermissions_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2_IE7 - Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive", "DisplayName": "Software channel permissions", "ExplainText": "This policy setting allows you to manage software channel permissions.\n\nIf you enable this policy setting, you can choose the following options from the drop-down box.\n\nLow safety to allow users to be notified of software updates by e-mail, software packages to be automatically downloaded to users' computers, and software packages to be automatically installed on users' computers.\n\nMedium safety to allow users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' computers.\n\nHigh safety to prevent users from being notified of software updates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatically installed on users' computers.\n\nIf you disable this policy setting, permissions are set to high safety.\n\nIf you do not configure this policy setting, permissions are set to Low safety.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1E05", "Items": [ { "DisplayName": "High safety", "Data": "65536" }, { "DisplayName": "Medium safety", "Data": "131072" }, { "DisplayName": "Low safety", "Data": "196608" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_PolicySubmitNonencryptedFormData_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Submit non-encrypted form data", "ExplainText": "This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.\n\nIf you enable this policy setting, information using HTML forms on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted.\n\nIf you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted.\n\nIf you do not configure this policy setting, information using HTML forms on pages in this zone can be submitted automatically.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1601", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_PolicyUnsignedFrameworkComponentsURLaction_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Run .NET Framework-reliant components not signed with Authenticode", "ExplainText": "This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.\n\nIf you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.\n\nIf you disable this policy setting, Internet Explorer will not execute unsigned managed components.\n\nIf you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "2004", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_PolicyUserdataPersistence_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Userdata persistence", "ExplainText": "This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.\n\nIf you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.\n\nIf you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.\n\nIf you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "1606", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_PolicyWindowsRestrictionsURLaction_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Allow script-initiated windows without size or position constraints", "ExplainText": "This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.\n\nIf you enable this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature.\n\nIf you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.\n\nIf you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "2102", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_PolicyZoneElevationURLaction_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE6SP2 - At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1", "DisplayName": "Web sites in less privileged Web content zones can navigate into this zone", "ExplainText": "This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.\n\nIf you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.\n\nIf you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.\n\nIf you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "2101", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_PolicyAllowVBScript_6", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11 - At least Internet Explorer 11.0", "DisplayName": "Allow VBScript to run in Internet Explorer", "ExplainText": "This policy setting allows you to manage whether VBScript can be run on pages from the specified zone in Internet Explorer.\n\nIf you selected Enable in the drop-down box, VBScript can run without user intervention.\n\nIf you selected Prompt in the drop-down box, users are asked to choose whether to allow VBScript to run.\n\nIf you selected Disable in the drop-down box, VBScript is prevented from running.\n\nIf you do not configure or disable this policy setting, users are asked to choose whether to allow VBScript to run.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "Elements": [ { "Type": "Enum", "ValueName": "140C", "Items": [ { "DisplayName": "Enable", "Data": "0" }, { "DisplayName": "Disable", "Data": "3" }, { "DisplayName": "Prompt", "Data": "1" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "LinkColors", "PolicyName": "AnchorColorHoverPol", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Prevent specifying the hover color", "ExplainText": "This policy setting prevents the user from specifying the color to which hyperlinks change when the mouse pointer pauses on them.\n\nIf you enable this policy setting, the user cannot specify the hover color. You must specify the hover color (for example: 192,192,192).\n\nIf you disable or do not configure this policy setting, the user can specify the hover color.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Settings" ], "Elements": [ { "Type": "Text", "ValueName": "Anchor Color Hover" } ] }, { "File": "inetres.admx", "CategoryName": "LinkColors", "PolicyName": "LinkColorPol", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Prevent specifying the color of links that have not yet been clicked", "ExplainText": "This policy setting prevents the user from specifying the color of webpage links that he or she has not yet clicked. Appropriate color choices can make links easier to see for some users, especially those who use high-contrast color schemes.\n\nIf you enable this policy setting, the user cannot specify the color of links not yet clicked in Internet Explorer. You must specify the link color (for example: 192,192,192).\n\nIf you disable or do not configure this policy setting, the user can specify the color of links not yet clicked.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Settings" ], "Elements": [ { "Type": "Text", "ValueName": "Anchor Color" } ] }, { "File": "inetres.admx", "CategoryName": "LinkColors", "PolicyName": "LinkColorVisitedPol", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Prevent specifying the color of links that have already been clicked", "ExplainText": "This policy setting prevents the user from specifying the color of webpage links that he or she has already clicked. Appropriate color choices can make links easier to see for some users, especially those who use high-contrast color schemes.\n\nIf you enable this policy setting, the user cannot specify the color of links already clicked in Internet Explorer. You must specify the link color (for example: 192,192,192).\n\nIf you disable or do not configure this policy setting, the user can specify the color of links already clicked.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Settings" ], "Elements": [ { "Type": "Text", "ValueName": "Anchor Color Visited" } ] }, { "File": "inetres.admx", "CategoryName": "LinkColors", "PolicyName": "UseHoverColor", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn on the hover color option", "ExplainText": "This policy setting makes hyperlinks change color when the mouse pointer pauses on them.\n\nIf you enable this policy setting, the hover color option is turned on. The user cannot turn it off.\n\nIf you disable this policy setting, the hover color option is turned off. The user cannot turn it on.\n\nIf you do not configure this policy setting, the user can turn on or turn off the hover color option.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Settings" ], "ValueName": "Use Anchor Hover Color", "Elements": [ { "Type": "EnabledValue", "Data": "yes" }, { "Type": "DisabledValue", "Data": "no" } ] }, { "File": "inetres.admx", "CategoryName": "Menus", "PolicyName": "File_NoBrowserClose", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "File menu: Disable closing the browser and Explorer windows", "ExplainText": "Prevents users from closing Microsoft Internet Explorer and File Explorer.\n\nIf you enable this policy, the Close command on the File menu will appear dimmed.\n\nIf you disable this policy or do not configure it, users are not prevented from closing the browser or File Explorer.\n\nNote: The Close button in the top right corner of the program will not work; if users click the Close button, they will be informed that the command is not available.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions" ], "ValueName": "NoBrowserClose", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "Menus", "PolicyName": "File_NoBrowserSaveAs", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "File menu: Disable Save As... menu option", "ExplainText": "Prevents users from saving Web pages from the browser File menu to their hard disk or to a network share.\n\nIf you enable this policy, the Save As command on the File menu will be removed.\n\nIf you disable this policy or do not configure it, users can save Web pages for later viewing.\n\nThis policy takes precedence over the \"File Menu: Disable Save As Web Page Complete\" policy, which prevents users from saving the entire contents that are displayed or run from a Web Page, such as graphics, scripts, and linked files, but does not prevent users from saving the text of a Web page.\n\nCaution: If you enable this policy, users are not prevented from saving Web content by pointing to a link on a Web page, clicking the right mouse button, and then clicking Save Target As.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions" ], "ValueName": "NoBrowserSaveAs", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "Menus", "PolicyName": "File_NoBrowserSaveWebComplete", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "File menu: Disable Save As Web Page Complete", "ExplainText": "Prevents users from saving the complete contents that are displayed on or run from a Web page, including the graphics, scripts, linked files, and other elements. It does not prevent users from saving the text of a Web page.\n\nIf you enable this policy, the Web Page, Complete file type option will be removed from the Save as Type box in the Save Web Page dialog box. Users can still save Web pages as hypertext markup language (HTML) files or as text files, but graphics, scripts, and other elements are not saved. To display the Save Web Page dialog box, users click the File menu, and then click the Save As command.\n\nIf you disable this policy or do not configure it, users can save all elements on a Web page.\n\nThe \"File menu: Disable Save As... menu option\" policy, which removes the Save As command, takes precedence over this policy. If it is enabled, this policy is ignored.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Infodelivery\\Restrictions" ], "ValueName": "NoBrowserSaveWebComplete", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "Menus", "PolicyName": "File_NoFileNew", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "File menu: Disable New menu option", "ExplainText": "Prevents users from opening a new browser window from the File menu.\n\nIf this policy is enabled, users cannot open a new browser window by clicking the File menu, pointing to the New menu, and then clicking Window. The user interface is not changed, but a new window will not be opened, and users will be informed that the command is not available.\n\nIf you disable this policy or do not configure it, users can open a new browser window from the File menu.\n\nCaution: This policy does not prevent users from opening a new browser window by right-clicking, and then clicking the Open in New Window command. To prevent users from using the shortcut menu to open new browser windows, you should also set the \"Disable Open in New Window menu option\" policy, which disables this command on the shortcut menu, or the \"Turn off Shortcut Menu\" policy, which disables the entire shortcut menu.\n\nNote: the user will still be able to open New Tabs.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions" ], "ValueName": "NoFileNew", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "Menus", "PolicyName": "File_NoFileOpen", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "File menu: Disable Open menu option", "ExplainText": "Prevents users from opening a file or Web page from the File menu in Internet Explorer.\n\nIf you enable this policy, the Open dialog box will not appear when users click the Open command on the File menu. If users click the Open command, they will be notified that the command is not available.\n\nIf you disable this policy or do not configure it, users can open a Web page from the browser File menu.\n\nCaution: This policy does not prevent users from right-clicking a link on a Web page, and then clicking the Open or Open in New Window command. To prevent users from opening Web pages by using the shortcut menu, set the \"Disable Open in New Window menu option\" policy, which disables this command on the shortcut menu, or the \"Turn off Shortcut Menu\" policy, which disables the entire shortcut menu.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions" ], "ValueName": "NoFileOpen", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "Menus", "PolicyName": "Help_NoFeedback", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Help menu: Remove 'Send Feedback' menu option", "ExplainText": "Prevents users from sending feedback to Microsoft by clicking the Send Feedback command on the Help menu.\n\nIf you enable this policy, the Send Feedback command is removed from the Help menu.\n\nIf you disable this policy or do not configure it, users can fill out an Internet form to provide feedback about Microsoft products.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions" ], "ValueName": "NoHelpItemSendFeedback", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "Menus", "PolicyName": "Help_NoNetscapeHelp", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5_6 - Only Internet Explorer 5.0 and Internet Explorer 6.0", "DisplayName": "Help menu: Remove 'For Netscape Users' menu option", "ExplainText": "Prevents users from displaying tips for users who are switching from Netscape.\n\nIf you enable this policy, the For Netscape Users command is removed from the Help menu.\n\nIf you disable this policy or do not configure it, users can display content about switching from Netscape by clicking the For Netscape Users command on the Help menu.\n\nCaution: Enabling this policy does not remove the tips for Netscape users from the Microsoft Internet Explorer Help file.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions" ], "ValueName": "NoHelpItemNetscapeHelp", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "Menus", "PolicyName": "Help_NoTip", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5_6 - Only Internet Explorer 5.0 and Internet Explorer 6.0", "DisplayName": "Help menu: Remove 'Tip of the Day' menu option", "ExplainText": "Prevents users from viewing or changing the Tip of the Day interface in Microsoft Internet Explorer.\n\nIf you enable this policy, the Tip of the Day command is removed from the Help menu.\n\nIf you disable this policy or do not configure it, users can enable or disable the Tip of the Day, which appears at the bottom of the browser.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions" ], "ValueName": "NoHelpItemTipOfTheDay", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "Menus", "PolicyName": "Help_NoTutorial", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Help menu: Remove 'Tour' menu option", "ExplainText": "Prevents users from running the Internet Explorer Tour from the Help menu in Internet Explorer.\n\nIf you enable this policy, the Tour command is removed from the Help menu.\n\nIf you disable this policy or do not configure it, users can run the tour from the Help menu.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions" ], "ValueName": "NoHelpItemTutorial", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "Menus", "PolicyName": "NoBrowserContextMenu", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Turn off Shortcut Menu", "ExplainText": "This policy setting prevents the shortcut menu from appearing when a user right-clicks a webpage while using Internet Explorer. Starting with Windows 8, this policy setting only applies to Internet Explorer on the desktop.\n\nIf you enable this policy setting, the shortcut menu will not appear when a user right-clicks a webpage.\n\nIf you disable or do not configure this policy setting, users can use the shortcut menu.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions" ], "ValueName": "NoBrowserContextMenu", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "Menus", "PolicyName": "NoFavorites", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Hide Favorites menu", "ExplainText": "Prevents users from adding, removing, editing or viewing the list of Favorite links.\n\nThe Favorites list is a way to store popular links for future use.\n\nIf you enable this policy, the Favorites menu is removed from the interface, and the Favorites button on the browser toolbar appears dimmed. The Add to Favorites command on the shortcut menu is disabled; when users click it, they are informed that the command is unavailable.\n\nIf you disable this policy or do not configure it, users can manage their Favorites list.\n\nNote: If you enable this policy, users also cannot click Synchronize on the Tools menu (in Internet Explorer 6) to manage their favorite links that are set up for offline viewing.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions" ], "ValueName": "NoFavorites", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "Menus", "PolicyName": "NoOpeninNewWnd", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Disable Open in New Window menu option", "ExplainText": "Prevents using the shortcut menu to open a link in a new browser window.\n\nIf you enable this policy, users cannot point to a link, click the right mouse button, and then click the Open in New Window command.\n\nIf you disable this policy or do not configure it, users can open a Web page in a new browser window by using the shortcut menu.\n\nThis policy can be used in coordination with the \"File menu: Disable New menu option\" policy, which prevents users from opening the browser in a new window by clicking the File menu, pointing to New, and then clicking Window.\n\nNote: When users click the Open in New Window command, the link will not open in a new window and they will be informed that the command is not available.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions" ], "ValueName": "NoOpeninNewWnd", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "Menus", "PolicyName": "NoSelectDownloadDir", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Disable Save this program to disk option", "ExplainText": "Prevents users from saving a program or file that Microsoft Internet Explorer has downloaded to the hard disk.\n\nIf you enable this policy, users cannot save a program to disk by clicking the Save This Program to Disk command while attempting to download a file. The file will not be downloaded and users will be informed that the command is not available.\n\nIf you disable this policy or do not configure it, users can download programs from their browsers.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions" ], "ValueName": "NoSelectDownloadDir", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "Menus", "PolicyName": "NoPrinting", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Turn off Print Menu", "ExplainText": "This policy setting allows you to manage whether users can access the Print menu. Starting with Windows 8, this policy setting also allows you to manage whether users can access the Print flyout for Internet Explorer and any printers under the Devices charm.\n\nIf you enable this policy setting, the Print menu in Internet Explorer will not be available. Starting with Windows 8, the Print flyout for Internet Explorer will not be available, and users will not see printers under the Devices charm.\n\nIf you disable or do not configure this policy setting, the Print menu in Internet Explorer will be available. Starting with Windows 8, the Print flyout for Internet Explorer will be available, and users will see installed printers under the Devices charm.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions" ], "ValueName": "NoPrinting", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "Menus", "PolicyName": "Tools_Menu", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Tools menu: Disable Internet Options... menu option", "ExplainText": "Prevents users from opening the Internet Options dialog box from the Tools menu in Microsoft Internet Explorer.\n\nIf you enable this policy, users cannot change their Internet options, such as default home page, cache size, and connection and proxy settings, from the browser Tools menu. When users click the Internet Options command on the Tools menu, they are informed that the command is unavailable.\n\nIf you disable this policy or do not configure it, users can change their Internet settings from the browser Tools menu.\n\nCaution: This policy does not prevent users from viewing and changing Internet settings by clicking the Internet Options icon in Windows Control Panel.\n\nAlso, see policies for Internet options in the \\Administrative Templates\\Windows Components\\Internet Explorer and in \\Administrative Templates\\Windows Components\\Internet Explorer\\Internet Control Panel folders.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions" ], "ValueName": "NoBrowserOptions", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "Menus", "PolicyName": "NoReportSiteProblems", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11 - At least Internet Explorer 11.0", "DisplayName": "Turn off the ability to launch report site problems using a menu option", "ExplainText": "This policy setting allows you to manage whether users can launch the report site problems dialog using a menu option.\n\nIf you enable this policy setting, a menu option won\u2019t be available in Internet Explorer settings, or in the tools menu in the desktop. Users won\u2019t be able to use it to launch the report site problems dialog box.\n\nIf you disable or do not configure this policy setting, the menu options will be available.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "ValueName": "NoReportSiteProblems", "Elements": [ { "Type": "EnabledValue", "Data": "yes" }, { "Type": "DisabledValue", "Data": "no" } ] }, { "File": "inetres.admx", "CategoryName": "Menus", "PolicyName": "View_NoTheaterMode", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "View menu: Disable Full Screen menu option", "ExplainText": "Prevents users from displaying the browser in full-screen (kiosk) mode, without the standard toolbar.\n\nIf you enable this policy, the Full Screen command on the View menu will appear dimmed, and pressing F11 will not display the browser in a full screen.\n\nIf you disable this policy or do not configure it, users can display the browser in a full screen.\n\nThis policy is intended to prevent users from displaying the browser without toolbars, which might be confusing for some beginning users.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions" ], "ValueName": "NoTheaterMode", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "Menus", "PolicyName": "View_NoViewSource", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "View menu: Disable Source menu option", "ExplainText": "Prevents users from viewing the HTML source of Web pages by clicking the Source command on the View menu.\n\nIf you enable this policy, the Source command on the View menu will appear dimmed.\n\nIf you disable this policy or do not configure it, then users can view the HTML source of Web pages from the browser View menu.\n\nCaution: This policy does not prevent users from viewing the HTML source of a Web page by right-clicking a Web page to open the shortcut menu, and then clicking View Source. To prevent users from viewing the HTML source of a Web page from the shortcut menu, set the \"Turn off Shortcut Menu\" policy, which disables the entire shortcut menu.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions" ], "ValueName": "NoViewSource", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "Multimedia", "PolicyName": "RestrictAutoImageResize", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn off automatic image resizing", "ExplainText": "This policy setting specifies that you want Internet Explorer to automatically resize large images so that they fit in the browser window.\n\nIf you enable this policy setting, automatic image resizing is turned off. The user cannot change this setting.\n\nIf you disable this policy setting, automatic image resizing is turned on. The user cannot change this setting.\n\nIf you do not configure this policy setting, the user can turn on or off automatic image resizing.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "ValueName": "Enable AutoImageResize", "Elements": [ { "Type": "EnabledValue", "Data": "no" }, { "Type": "DisabledValue", "Data": "yes" } ] }, { "File": "inetres.admx", "CategoryName": "Multimedia", "PolicyName": "ShowPictures", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn off image display", "ExplainText": "This policy setting specifies whether graphical images are included when pages are displayed.\n\nSometimes, pages that contain several graphical images are displayed very slowly. If you want to display pages more quickly, you can turn off image display.\n\nIf you enable this policy setting, images do not appear. The user cannot turn on image display. However, the user can still display an individual image by right-clicking the icon that represents the image and then clicking Show Picture. The \"Allow the display of image download placeholders\" policy setting must be disabled if this policy setting is enabled.\n\nIf you disable this policy setting, images appear. The user cannot turn off image display.\n\nIf you do not configure this policy setting, the user can turn on or turn off image display.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "ValueName": "Display Inline Images", "Elements": [ { "Type": "EnabledValue", "Data": "no" }, { "Type": "DisabledValue", "Data": "yes" } ] }, { "File": "inetres.admx", "CategoryName": "Multimedia", "PolicyName": "EnableAlternativeCodec", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE9 - At least Internet Explorer 9.0", "DisplayName": "Allow Internet Explorer to play media files that use alternative codecs", "ExplainText": "This policy setting specifies whether Internet Explorer plays media files that use alternative codecs and that require additional software.\n\nIf you enable this policy setting, Internet Explorer plays these files, if the appropriate software is installed.\n\nIf you disable this policy setting, Internet Explorer does not play these files.\n\nIf you do not configure this policy setting, the user can change the \"Enable alternative codecs in HTML5 media elements\" setting on the Advanced tab in the Internet Options dialog box.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "ValueName": "EnableAlternativeCodec", "Elements": [ { "Type": "EnabledValue", "Data": "yes" }, { "Type": "DisabledValue", "Data": "no" } ] }, { "File": "inetres.admx", "CategoryName": "Multimedia", "PolicyName": "ShowPlaceholders", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow the display of image download placeholders", "ExplainText": "This policy setting specifies whether placeholders appear for graphical images while the images are downloading. This allows items on the page to be positioned where they will appear when the images are completely downloaded. This option is ignored if the Show Pictures check box is cleared.\n\nIf you enable this policy setting, placeholders appear for graphical images while the images are downloading. The user cannot change this policy setting. The \"Turn off image display\" policy setting must be disabled if this policy setting is enabled.\n\nIf you disable this policy setting, placeholders will not appear for graphical images while the images are downloading. The user cannot change this policy setting.\n\nIf you do not configure this policy setting, the user can allow or prevent the display of placeholders for graphical images while the images are downloading.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "ValueName": "Show image placeholders", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "Multimedia", "PolicyName": "SmartImageDithering", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn off smart image dithering", "ExplainText": "This policy setting specifies whether you want Internet Explorer to smooth images so that they appear less jagged when displayed.\n\nIf you enable this policy setting, smart image dithering is turned off. The user cannot turn it on.\n\nIf you disable this policy setting, smart image dithering is turned on. The user cannot turn it off.\n\nIf you do not configure this policy setting, the user can turn on or turn off smart image dithering.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer" ], "ValueName": "SmartDithering", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "inetres.admx", "CategoryName": "Persistence", "PolicyName": "Persistence_FileLimits0", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "File size limits for Local Machine zone", "ExplainText": "Limits the amount of storage that a page or site using the DHTML Persistence behavior can use for the Local Computer security zone.\n\nIf you enable this policy, you can specify the persistence storage amount per domain or per document for this security zone.\n\nIf you disable this policy or do not configure it, you cannot set this limit.\n\nNote: This setting does not appear in the user interface.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Persistence" ], "Elements": [ { "Type": "Decimal", "ValueName": "DomainLimit", "MinValue": "0", "MaxValue": null, "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Persistence\\0" ] }, { "Type": "Decimal", "ValueName": "DocumentLimit", "MinValue": "0", "MaxValue": null, "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Persistence\\0" ] } ] }, { "File": "inetres.admx", "CategoryName": "Persistence", "PolicyName": "Persistence_FileLimits1", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "File size limits for Intranet zone", "ExplainText": "Limits the amount of storage that a page or site using the DHTML Persistence behavior can use for the Local Intranet security zone.\n\nIf you enable this policy, you can specify the persistence storage amount per domain or per document for this security zone.\n\nIf you disable this policy or do not configure it, you cannot set this limit.\n\nNote: This setting does not appear in the user interface.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Persistence" ], "Elements": [ { "Type": "Decimal", "ValueName": "DomainLimit", "MinValue": "0", "MaxValue": "20480", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Persistence\\1" ] }, { "Type": "Decimal", "ValueName": "DocumentLimit", "MinValue": "0", "MaxValue": null, "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Persistence\\1" ] } ] }, { "File": "inetres.admx", "CategoryName": "Persistence", "PolicyName": "Persistence_FileLimits2", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "File size limits for Trusted Sites zone", "ExplainText": "Limits the amount of storage that a page or site using the DHTML Persistence behavior can use for the Trusted Sites security zone.\n\nIf you enable this policy, you can specify the persistence storage amount per domain or per document for this security zone.\n\nIf you disable this policy or do not configure it, you cannot set this limit.\n\nNote: This setting does not appear in the user interface.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Persistence" ], "Elements": [ { "Type": "Decimal", "ValueName": "DomainLimit", "MinValue": "0", "MaxValue": null, "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Persistence\\2" ] }, { "Type": "Decimal", "ValueName": "DocumentLimit", "MinValue": "0", "MaxValue": null, "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Persistence\\2" ] } ] }, { "File": "inetres.admx", "CategoryName": "Persistence", "PolicyName": "Persistence_FileLimits3", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "File size limits for Internet zone", "ExplainText": "Limits the amount of storage that a page or site using the DHTML Persistence behavior can use for the Internet security zone.\n\nIf you enable this policy, you can specify the persistence storage amount per domain or per document for this security zone.\n\nIf you disable this policy or do not configure it, you cannot set this limit.\n\nNote: This setting does not appear in the user interface.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Persistence" ], "Elements": [ { "Type": "Decimal", "ValueName": "DomainLimit", "MinValue": "0", "MaxValue": null, "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Persistence\\3" ] }, { "Type": "Decimal", "ValueName": "DocumentLimit", "MinValue": "0", "MaxValue": null, "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Persistence\\3" ] } ] }, { "File": "inetres.admx", "CategoryName": "Persistence", "PolicyName": "Persistence_FileLimits4", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "File size limits for Restricted Sites zone", "ExplainText": "Limits the amount of storage that a page or site using the DHTML Persistence behavior can use for the Restricted Sites security zone.\n\nIf you enable this policy, you can specify the persistence storage amount per domain or per document for this security zone.\n\nIf you disable this policy or do not configure it, you cannot set this limit.\n\nNote: This setting does not appear in the user interface.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Persistence" ], "Elements": [ { "Type": "Decimal", "ValueName": "DomainLimit", "MinValue": "0", "MaxValue": null, "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Persistence\\4" ] }, { "Type": "Decimal", "ValueName": "DocumentLimit", "MinValue": "0", "MaxValue": null, "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Persistence\\4" ] } ] }, { "File": "inetres.admx", "CategoryName": "Printing", "PolicyName": "BackgroundColors", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn on printing of background colors and images", "ExplainText": "This policy setting specifies whether Internet Explorer prints background colors and images when the user prints a webpage. Including background colors and images might reduce the speed at which a page is printed and the quality of the printing, depending on the capabilities of the printer.\n\nIf you enable this policy setting, the printing of background colors and images is turned on. The user cannot turn it off.\n\nIf you disable this policy setting, the printing of background colors and images is turned off. The user cannot turn it on.\n\nIf you do not configure this policy setting, the user can turn on or turn off the printing of background colors and images.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "ValueName": "Print_Background", "Elements": [ { "Type": "EnabledValue", "Data": "yes" }, { "Type": "DisabledValue", "Data": "no" } ] }, { "File": "inetres.admx", "CategoryName": "RSS_Feeds", "PolicyName": "Disable_Background_Syncing", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn off background synchronization for feeds and Web Slices", "ExplainText": "This policy setting controls whether to have background synchronization for feeds and Web Slices.\n\nIf you enable this policy setting, the ability to synchronize feeds and Web Slices in the background is turned off.\n\nIf you disable or do not configure this policy setting, the user can synchronize feeds and Web Slices in the background.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Feeds", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Feeds" ], "ValueName": "BackgroundSyncStatus", "Elements": [ { "Type": "EnabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "RSS_Feeds", "PolicyName": "Disable_Downloading_of_Enclosures", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Prevent downloading of enclosures", "ExplainText": "This policy setting prevents the user from having enclosures (file attachments) downloaded from a feed to the user's computer.\n\nIf you enable this policy setting, the user cannot set the Feed Sync Engine to download an enclosure through the Feed property page. A developer cannot change the download setting through the Feed APIs.\n\nIf you disable or do not configure this policy setting, the user can set the Feed Sync Engine to download an enclosure through the Feed property page. A developer can change the download setting through the Feed APIs.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Feeds", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Feeds" ], "ValueName": "DisableEnclosureDownload", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "RSS_Feeds", "PolicyName": "Disable_Feed_Add_Remove", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Prevent subscribing to or deleting a feed or a Web Slice", "ExplainText": "This policy setting prevents the user from subscribing to or deleting a feed or a Web Slice.\n\nIf you enable this policy setting, the menu command to subscribe to a feed and the menu command to delete a feed are disabled, and access to Web Slices is turned off. A developer cannot add a feed or Web Slice or delete a feed or Web Slice by using the Feed APIs. A developer also cannot create or delete folders.\n\nIf you disable or do not configure this policy setting, the user can subscribe to a feed or Web Slice through the Subscribe button in Internet Explorer and delete a feed or Web Slice through the feed list control. A developer can add or delete a feed or Web Slice by using the Feed APIs.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Feeds", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Feeds" ], "ValueName": "DisableAddRemove", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "RSS_Feeds", "PolicyName": "Disable_Feed_Discovery", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Prevent automatic discovery of feeds and Web Slices", "ExplainText": "This policy setting prevents users from having Internet Explorer automatically discover whether a feed or Web Slice is available for an associated webpage.\n\nIf you enable this policy setting, the user does not receive a notification on the toolbar that a feed or Web Slice is available.\n\nIf you disable or do not configure this policy setting, the user receives a notification when a feed or Web Slice is available and can click the feed discovery button.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Feed Discovery", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Feed Discovery" ], "ValueName": "Enabled", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "inetres.admx", "CategoryName": "RSS_Feeds", "PolicyName": "Disable_Feed_List", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Prevent access to feed list", "ExplainText": "This policy setting prevents the user from using Internet Explorer as a feed reader. This policy setting has no impact on the Windows RSS Platform.\n\nIf you enable this policy setting, the user cannot access the feed list in the Favorites Center.\n\nIf you disable or do not configure this policy setting, the user can access the feed list in the Favorites Center.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Feeds", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Feeds" ], "ValueName": "DisableFeedPane", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "RSS_Feeds", "PolicyName": "Allow_Basic_Feed_Auth_In_Clear", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Turn on Basic feed authentication over HTTP", "ExplainText": "This policy setting allows users to have their feeds authenticated through the Basic authentication scheme over an unencrypted HTTP connection.\n\nIf you enable this policy setting, the Windows RSS Platform authenticates feeds to servers by using the Basic authentication scheme in combination with a less secure HTTP connection.\n\nIf you disable or do not configure this policy setting, the Windows RSS Platform does not authenticate feeds to servers by using the Basic authentication scheme in combination with a less secure HTTP connection.\n\nA developer cannot change this policy setting through the Feed APIs.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Feeds", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Feeds" ], "ValueName": "AllowBasicAuthInClear", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "ScriptPaste", "PolicyName": "IESF_PolicyScriptPasteAllProcesses", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Bypass prompting for Clipboard access for scripts running in any process", "ExplainText": "This policy setting allows you to bypass prompting when a script that is running in any process on the computer attempts to perform a Clipboard operation (delete, copy, or paste).\n\nIf you enable this policy setting, the user is not prompted when a script that is running in any process on the computer performs a Clipboard operation. This means that if the zone behavior is currently set to prompt, it will be bypassed and enabled.\n\nIf you disable this policy setting, the user is prompted when a script that is running in any process on the computer attempts to perform a Clipboard operation.\n\nIf you do not configure this policy setting, current values of the URL action for the application or process on the computer prevail.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\Feature_Enable_Script_Paste_URLAction_If_Prompt", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\Feature_Enable_Script_Paste_URLAction_If_Prompt" ], "ValueName": "*", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "ScriptPaste", "PolicyName": "IESF_PolicyScriptPasteExplorerProcesses", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Bypass prompting for Clipboard access for scripts running in the Internet Explorer process", "ExplainText": "This policy setting allows you to bypass prompting when a script that is running in the Internet Explorer process attempts to perform a Clipboard operation (delete, copy, or paste) and the URL action for the zone is set to prompt.\n\nIf you enable this policy setting, the user is not prompted when a script that is running in the Internet Explorer process performs a Clipboard operation. In the Internet Explorer process, if the zone behavior is currently set to prompt, it will be bypassed and enabled.\n\nIf you disable this policy setting, the user is prompted when a script that is running in the Internet Explorer process attempts to perform a Clipboard operation.\n\nIf you do not configure this policy setting, current values of the URL action for the Internet Explorer process prevail.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\Feature_Enable_Script_Paste_URLAction_If_Prompt", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\Feature_Enable_Script_Paste_URLAction_If_Prompt" ], "Elements": [ { "Type": "EnabledList", "ValueName": "(Reserved)", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\Feature_Enable_Script_Paste_URLAction_If_Prompt", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\Feature_Enable_Script_Paste_URLAction_If_Prompt" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "explorer.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\Feature_Enable_Script_Paste_URLAction_If_Prompt", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\Feature_Enable_Script_Paste_URLAction_If_Prompt" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "iexplore.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\Feature_Enable_Script_Paste_URLAction_If_Prompt", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\Feature_Enable_Script_Paste_URLAction_If_Prompt" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "(Reserved)", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\Feature_Enable_Script_Paste_URLAction_If_Prompt", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\Feature_Enable_Script_Paste_URLAction_If_Prompt" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "explorer.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\Feature_Enable_Script_Paste_URLAction_If_Prompt", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\Feature_Enable_Script_Paste_URLAction_If_Prompt" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "iexplore.exe", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\Feature_Enable_Script_Paste_URLAction_If_Prompt", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\Feature_Enable_Script_Paste_URLAction_If_Prompt" ], "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "ScriptPaste", "PolicyName": "IESF_PolicyScriptPasteProcessList", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Define applications and processes that can access the Clipboard without prompting", "ExplainText": "This policy setting allows you to define applications and processes that can access the Clipboard without prompting the user.\n\nNote: Do not enter the Internet Explorer processes in this list. To enable or disable Internet Explorer processes, use the \"Bypass prompting for Clipboard access for scripts running in the Internet Explorer process\" policy. If the \"Bypass prompting for Clipboard access for scripts running in any process\" policy setting is enabled, the processes configured in this policy setting take precedence over that policy setting.\n\nIf you enable this policy setting and enter a value of 1, prompts are bypassed. If you enter a value of 0, prompts are not bypassed. Value Name is the name of the executable file. If Value Name is empty or the value is not 0 or 1, the policy setting is ignored.\n\nIf you enable this policy setting for an application or process in the list, a script can perform a Clipboard operation without prompting the user. This means that if the zone behavior is currently set to prompt, it will be bypassed and enabled.\n\nIf you disable this policy setting for an application or process in the list, a script that is running in the application or process cannot bypass the prompt for delete, copy, or paste operations from the Clipboard.\n\nIf you do not configure this policy setting, current values of the URL action for an application or process in the list prevail.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl" ], "ValueName": "ListBox_Support_Feature_Enable_Script_Paste_URLAction_If_Prompt", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\Feature_Enable_Script_Paste_URLAction_If_Prompt", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\Feature_Enable_Script_Paste_URLAction_If_Prompt" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "Searching", "PolicyName": "URLFailsPol", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Prevent configuration of search on Address bar", "ExplainText": "This policy setting specifies whether the user can conduct a search on the Address bar.\n\nIf you enable this policy setting, you must specify which of the following actions applies to searches on the Address bar. The user cannot change the specified action.\n\n\u2022 Do not search from the Address bar: The user cannot use the Address bar for searches. The user can still perform searches on the Search bar by clicking the Search button.\n\u2022 Display the results in the main window: When the user searches on the Address bar, the list of search results is displayed in the main window.\n\nIf you disable or do not configure this policy setting, the user can specify what action applies to searches on the Address bar.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "Elements": [ { "Type": "Enum", "ValueName": "AutoSearch", "Items": [ { "DisplayName": "Display the results in the main window", "Data": "4" }, { "DisplayName": "Do not search from the address bar", "Data": "0" } ] } ] }, { "File": "inetres.admx", "CategoryName": "Searching", "PolicyName": "TopResultPol", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE9_IE11NONWIN10 - Only Internet Explorer 9.0 through 11.0. Not supported on Windows 10", "DisplayName": "Prevent configuration of top-result search on Address bar", "ExplainText": "This policy setting allows you to specify whether a user can browse to the website of a top result when search is enabled on the Address bar. The possible options are:\n\u2022 Disable top result search: When a user performs a search in the Address bar, a list of search results from the selected search provider is displayed in the main window.\n\u2022 Enable top result search: When a user performs a search in the Address bar, the user is directed to an external top result website determined by the search provider, if available.\n\nIf you enable this policy setting, you can choose where to direct the user after a search on the Address bar: a top-result website or a search-results webpage in the main window.\n\nIf you disable or do not configure this policy setting, the user can select their preference for this behavior. Browsing to the top-result website is the default.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\SearchScopes", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\SearchScopes" ], "Elements": [ { "Type": "Enum", "ValueName": "TopResult", "Items": [ { "DisplayName": "Enable top result search", "Data": "1" }, { "DisplayName": "Disable top result search", "Data": "0" } ] } ] }, { "File": "inetres.admx", "CategoryName": "IESF_CategoryAJAX", "PolicyName": "IESF_DisableXMLHTTP", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow native XMLHTTP support", "ExplainText": "This policy setting allows the user to run natively implemented, scriptable XMLHTTP.\n\nIf you enable this policy setting, the user can run natively implemented, scriptable XMLHTTP.\n\nIf you disable this policy setting, the user cannot run natively implemented, scriptable XMLHTTP.\n\nIf you do not configure this policy setting, the user can choose to run natively implemented, scriptable XMLHTTP.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "ValueName": "XMLHTTP", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "SecurityFeatures", "PolicyName": "IESF_DisableDataURI", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Turn off Data URI support", "ExplainText": "This policy setting allows you to turn on or turn off Data URI support. A Data URI allows web developers to encapsulate images and .css files within the body of the URL and optionally encode them by using base 64 encoding. Malware filters or other network-based filters may not properly filter encapsulated data.\n\nIf you enable this policy setting, Data URI support is turned off. Without Data URI support, a Data URI will be interpreted as a failed URL.\n\nIf you disable this policy setting, Data URI support is turned on.\n\nIf you do not configure this policy setting, Data URI support can be turned on or off through the registry.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_DATAURI", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_DATAURI" ], "ValueName": "iexplore.exe", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "inetres.admx", "CategoryName": "SecurityFeatures", "PolicyName": "IESF_DisableDEP", "Class": "Machine", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Turn off Data Execution Prevention", "ExplainText": "This policy setting allows you to turn off the Data Execution Prevention feature for Internet Explorer on Windows Server 2008, Windows Vista with SP1, and Windows XP with SP3.\n\nIf you enable this policy setting, Internet Explorer does not turn on Data Execution Prevention on platforms that support the SetProcessDEPPolicy function.\n\nIf you disable or do not configure this policy setting, Internet Explorer uses the SetProcessDEPPolicy function to turn on Data Execution Prevention on platforms that support the function.\n\nThis policy setting has no effect if Windows has been configured to enable Data Execution Prevention.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "ValueName": "DEPOff", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "SecurityFeatures", "PolicyName": "IESF_DisablePasswordRevealButton", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE10 - At least Internet Explorer 10.0", "DisplayName": "Do not display the reveal password button", "ExplainText": "This policy setting allows you to hide the reveal password button when Internet Explorer prompts users for a password. The reveal password button is displayed during password entry. When the user clicks the button, the current password value is visible until the mouse button is released (or until the tap ends).\n\nIf you enable this policy setting, the reveal password button will be hidden for all password fields. Users and developers will not be able to depend on the reveal password button being displayed in any web form or web application.\n\nIf you disable or do not configure this policy setting, the reveal password button can be shown by the application as a user types in a password. The reveal password button is visible by default.\n\nOn at least Windows 8, if the \"Do not display the reveal password button\" policy setting located in Computer Configuration\\Administrative Templates\\Windows Components\\Credential User Interface is enabled for the system, it will override this policy setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "ValueName": "DisablePasswordReveal", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_CategoryAJAX", "PolicyName": "IESF_MaxConnectionPerServer", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Change the maximum number of connections per host (HTTP 1.1)", "ExplainText": "This policy setting allows you to change the default connection limit for HTTP 1.1 from 6 connections per host to a limit of your choice (from 2 through 128).\n\nIf you enable this policy setting, Internet Explorer uses the connection limit of your choice for HTTP 1.1.\n\nIf you disable or do not configure this policy setting, Internet Explorer uses the default connection limit for HTTP 1.1 (6 connections per host).\n\nIn versions of Internet Explorer before Internet Explorer 8, the default connection limit for HTTP 1.1 was 2.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MAXCONNECTIONSPERSERVER", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MAXCONNECTIONSPERSERVER" ], "Elements": [ { "Type": "Decimal", "ValueName": "iexplore.exe", "MinValue": "2", "MaxValue": "128" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_CategoryAJAX", "PolicyName": "IESF_MaxConnectionPer1_0Server", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Maximum number of connections per server (HTTP 1.0)", "ExplainText": "This policy setting allows you to change the default connection limit for HTTP 1.0 from 6 connections per host to a limit of your choice (from 2 through 128).\n\nIf you disable or do not configure this policy setting, Internet Explorer will use the default connection limit for HTTP 1.0 (6 connections per host).\n\nIn versions of Internet Explorer prior to Internet Explorer 8, the default connection limit for HTTP 1.0 was 4.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MAXCONNECTIONSPER1_0SERVER", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MAXCONNECTIONSPER1_0SERVER" ], "Elements": [ { "Type": "Decimal", "ValueName": "iexplore.exe", "MinValue": "2", "MaxValue": "128" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_CategoryAJAX", "PolicyName": "IESF_DisableXDM", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Turn off cross-document messaging", "ExplainText": "This policy setting allows you to manage whether documents can request data across third-party domains embedded in the page.\n\nIf you enable this policy setting, documents cannot request data across third-party domains embedded in the page.\n\nIf you disable or do not configure this policy setting, documents can request data across third-party domains embedded in the page.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_CROSS_DOCUMENT_MESSAGING", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_CROSS_DOCUMENT_MESSAGING" ], "ValueName": "iexplore.exe", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_CategoryAJAX", "PolicyName": "IESF_DisableXDR", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Turn off the XDomainRequest object", "ExplainText": "This policy setting allows you to choose whether websites can request data across domains by using the XDomainRequest object. Note that this policy setting does not block client-side communication across domains through other features in Internet Explorer 8, and it does not prevent a site from requesting cross-domain data through a server.\n\nIf you enable this policy setting, websites cannot request data across domains by using the XDomainRequest object.\n\nIf you disable or do not configure this policy setting, websites can request data across domains by using the XDomainRequest object.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_XDOMAINREQUEST", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_XDOMAINREQUEST" ], "ValueName": "iexplore.exe", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_CategoryAJAX", "PolicyName": "IESF_DisableWebSocket", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE10 - At least Internet Explorer 10.0", "DisplayName": "Turn off the WebSocket Object", "ExplainText": "The WebSocket object allows websites to request data across domains from your browser by using the WebSocket protocol. This policy setting allows administrators to enable or disable the WebSocket object. This policy setting does not prevent client-side communication across domains via other features in Internet Explorer 10. Also, this policy setting does not prevent a site from requesting cross-domain data through a server.\n\nIf you enable this policy setting, websites cannot request data across domains by using the WebSocket object.\n\nIf you disable or do not configure this policy setting, websites can request data across domains by using the WebSocket object. By default, the WebSocket object is enabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_WEBSOCKET", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_WEBSOCKET" ], "ValueName": "iexplore.exe", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "inetres.admx", "CategoryName": "IESF_CategoryAJAX", "PolicyName": "IESF_WebSocketMaxConnectionsPerServer", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE10 - At least Internet Explorer 10.0", "DisplayName": "Set the maximum number of WebSocket connections per server", "ExplainText": "This policy setting allows you to change the default limit of WebSocket connections per server. The default limit is 6; you can select a value from 2 through 128.\n\nIf you enable this policy setting, Internet Explorer uses the WebSocket connection limit that you set with this policy setting.\n\nIf you disable or do not configure this policy setting, Internet Explorer uses the default limit of 6 WebSocket connections per server.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_WEBSOCKET_MAXCONNECTIONSPERSERVER", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_WEBSOCKET_MAXCONNECTIONSPERSERVER" ], "Elements": [ { "Type": "Decimal", "ValueName": "iexplore.exe", "MinValue": "2", "MaxValue": "128" } ] }, { "File": "inetres.admx", "CategoryName": "SignupSettings", "PolicyName": "NoAutomaticSignup", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn on automatic signup", "ExplainText": "This policy setting allows Internet Explorer to be started automatically to complete the signup process after the branding is complete for Internet service providers (ISPs) through the Internet Explorer Administration Kit (IEAK).\n\nIf you enable this policy setting, Internet Explorer is started automatically to complete the signup process after the branding is complete for ISPs (IEAK). The user cannot change this behavior.\n\nIf you disable this policy setting, Internet Explorer is not started automatically to complete the signup process after the branding is complete for ISPs (IEAK). The user cannot change this behavior.\n\nIf you do not configure this policy setting, the user can decide whether to start Internet Explorer automatically to complete the signup process after the branding is complete for ISPs (IEAK).", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\IEAK" ], "ValueName": "NoAutomaticSignup", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "inetres.admx", "CategoryName": "Toolbars", "PolicyName": "DisableToolbarUpgrader", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Turn off toolbar upgrade tool", "ExplainText": "This policy setting allows you to turn off the toolbar upgrade tool. The toolbar upgrade tool determines whether incompatible toolbars or Browser Helper Objects are installed when Internet Explorer starts. If the tool detects an incompatible toolbar, the user is prompted to update or disable the toolbar. Specific toolbars or Browser Helper Objects that are enabled or disabled via policy settings do not undergo this check.\n\nIf you enable this policy setting, the toolbar upgrade tool does not check for incompatible toolbars. The user is not prompted, and incompatible toolbars run unless previously disabled through policy settings or user choice.\n\nIf you disable or do not configure this policy setting, the toolbar upgrade tool checks for incompatible toolbars. The user can enable or disable incompatible toolbars. Toolbars that are enabled or disabled via policy settings do not undergo these checks.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Toolbars\\Restrictions", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Toolbars\\Restrictions" ], "ValueName": "DisableToolbarUpgrader", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "Toolbars", "PolicyName": "DisableDeveloperTools", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Turn off Developer Tools", "ExplainText": "This policy setting allows you to manage whether the user can access Developer Tools in Internet Explorer.\n\nIf you enable this policy setting, the user cannot access Developer Tools.\n\nIf you disable or do not configure this policy setting, the user can access Developer Tools.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\IEDevTools", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\IEDevTools" ], "ValueName": "Disabled", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "Toolbars", "PolicyName": "NoBandCustomize", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Disable customizing browser toolbars", "ExplainText": "Prevents users from determining which toolbars are displayed in Microsoft Internet Explorer and File Explorer.\n\nIf you enable this policy, the list of toolbars, which users can display by clicking the View menu and then pointing to the Toolbars command, will appear dimmed.\n\nIf you disable this policy or do not configure it, users can determine which toolbars are displayed in File Explorer and Internet Explorer.\n\nThis policy can be used in coordination with the \"Disable customizing browser toolbar buttons\" policy, which prevents users from adding or removing toolbars from Internet Explorer.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoBandCustomize", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "Toolbars", "PolicyName": "NoToolbarCustomize", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5 - At least Internet Explorer 5.0", "DisplayName": "Disable customizing browser toolbar buttons", "ExplainText": "Prevents users from determining which buttons appear on the Microsoft Internet Explorer and File Explorer standard toolbars. The buttons appearing on the toolbar can be customized by the \"Customize\" option. This is present under the Toolbars submenu of the View menu in Internet Explorer 6 and under the Toolbars submenu of the Tools menu in the Command bar in subsequent versions of Internet Explorer.\n\nIf you enable this policy, the Customize option will be removed from the menu.\n\nIf you disable this policy or do not configure it, users can customize which buttons appear on the Internet Explorer and File Explorer toolbars.\n\nThis policy can be used in coordination with the \"Disable customizing browser toolbars\" policy, which prevents users from determining which toolbars are displayed in Internet Explorer and File Explorer.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoToolbarCustomize", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "Toolbars", "PolicyName": "ToolbarButtons", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE5_6 - Only Internet Explorer 5.0 and Internet Explorer 6.0", "DisplayName": "Configure Toolbar Buttons", "ExplainText": "Specifies which buttons will be displayed on the standard toolbar in Microsoft Internet Explorer.\n\nIf you enable this policy, you can specify whether or not each button will be displayed by selecting or clearing the check boxes for each button.\n\nIf you disable this policy or do not configure it, the standard toolbar will be displayed with its default settings, unless users customize it.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\SpecifyDefaultButtons" ], "Elements": [ { "Type": "Boolean", "ValueName": "Btn_Back", "TrueValue": "1", "FalseValue": "2" }, { "Type": "Boolean", "ValueName": "Btn_Forward", "TrueValue": "1", "FalseValue": "2" }, { "Type": "Boolean", "ValueName": "Btn_Stop", "TrueValue": "1", "FalseValue": "2" }, { "Type": "Boolean", "ValueName": "Btn_Refresh", "TrueValue": "1", "FalseValue": "2" }, { "Type": "Boolean", "ValueName": "Btn_Home", "TrueValue": "1", "FalseValue": "2" }, { "Type": "Boolean", "ValueName": "Btn_Search", "TrueValue": "1", "FalseValue": "2" }, { "Type": "Boolean", "ValueName": "Btn_Favorites", "TrueValue": "1", "FalseValue": "2" }, { "Type": "Boolean", "ValueName": "Btn_History", "TrueValue": "1", "FalseValue": "2" }, { "Type": "Boolean", "ValueName": "Btn_Folders", "TrueValue": "1", "FalseValue": "2" }, { "Type": "Boolean", "ValueName": "Btn_Fullscreen", "TrueValue": "1", "FalseValue": "2" }, { "Type": "Boolean", "ValueName": "Btn_Tools", "TrueValue": "1", "FalseValue": "2" }, { "Type": "Boolean", "ValueName": "Btn_MailNews", "TrueValue": "1", "FalseValue": "2" }, { "Type": "Boolean", "ValueName": "Btn_Size", "TrueValue": "1", "FalseValue": "2" }, { "Type": "Boolean", "ValueName": "Btn_Print", "TrueValue": "1", "FalseValue": "2" }, { "Type": "Boolean", "ValueName": "Btn_Edit", "TrueValue": "1", "FalseValue": "2" }, { "Type": "Boolean", "ValueName": "Btn_Discussions", "TrueValue": "1", "FalseValue": "2" }, { "Type": "Boolean", "ValueName": "Btn_Cut", "TrueValue": "1", "FalseValue": "2" }, { "Type": "Boolean", "ValueName": "Btn_Copy", "TrueValue": "1", "FalseValue": "2" }, { "Type": "Boolean", "ValueName": "Btn_Paste", "TrueValue": "1", "FalseValue": "2" }, { "Type": "Boolean", "ValueName": "Btn_Encoding", "TrueValue": "1", "FalseValue": "2" } ] }, { "File": "inetres.admx", "CategoryName": "Toolbars", "PolicyName": "HideCommandBar", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Hide the Command bar", "ExplainText": "This policy setting allows you to show or hide the Command bar.\n\nIf you enable this policy setting, the Command bar is hidden and the user cannot choose to show it.\n\nIf you disable this policy setting, the Command bar is shown and the user cannot choose to hide it.\n\nIf you do not configure this policy setting, the Command bar is shown by default, and the user can choose to hide it.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\CommandBar", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\CommandBar" ], "ValueName": "CommandBarEnabled", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "inetres.admx", "CategoryName": "Toolbars", "PolicyName": "HideStatusBar", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Hide the status bar", "ExplainText": "This policy setting allows you to show or hide the status bar.\n\nIf you enable this policy setting, the status bar is hidden and the user cannot choose to show it.\n\nIf you disable this policy setting, the status bar is shown and the user cannot choose to hide it.\n\nIf you do not configure this policy setting, the status bar is shown by default, and the user can choose to hide it.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "ValueName": "StatusBarWeb", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "inetres.admx", "CategoryName": "Toolbars", "PolicyName": "LockToolbars", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Lock all toolbars", "ExplainText": "This policy setting allows you to lock or unlock the toolbars on the user interface.\n\nIf you enable this policy setting, the toolbars are locked and the user cannot move them.\n\nIf you disable this policy setting, the toolbars are unlocked and the user can move them.\n\nIf you do not configure this policy setting, the toolbars are locked by default, but the user can unlock them through the shortcut menu of the Command bar.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Toolbar", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Toolbar" ], "ValueName": "Locked", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "Toolbars", "PolicyName": "MoveStopRefresh", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Lock location of Stop and Refresh buttons", "ExplainText": "This policy setting allows you to lock the Stop and Refresh buttons next to the Back and Forward buttons.\n\nIf you enable this policy setting, the Stop and Refresh buttons are next to the Forward and Back buttons, and the user cannot move them.\n\nIf you disable this policy setting, the Stop and Refresh buttons are next to the Address bar, and the user cannot move them.\n\nIf you do not configure this policy setting, the Stop and Refresh buttons are next to the Address bar by default, and the user can choose to move them.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\CommandBar", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\CommandBar" ], "ValueName": "ShowLeftAddressToolbar", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "Toolbars", "PolicyName": "SetCommandLabels", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Customize command labels", "ExplainText": "This policy setting allows you to choose among three different labels for command buttons: show all text labels, show selective text, or show only icons.\n\nIf you enable this policy setting, command buttons are displayed according to which one of the following options you choose, and the user cannot change how command buttons are displayed:\n\nShow all text labels: All command buttons have only text.\n\nShow selective text: Some command buttons have only text; some have icons and text.\n\nShow only icons: All command buttons have only icons.\n\nIf you disable or do not configure this policy setting, the command buttons show selective text by default, and the user can change this.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\CommandBar", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\CommandBar" ], "Elements": [ { "Type": "Enum", "ValueName": "TextOption", "Items": [ { "DisplayName": "Show selective text", "Data": "0" }, { "DisplayName": "Show all text labels", "Data": "1" }, { "DisplayName": "Show only icons", "Data": "2" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "Toolbars", "PolicyName": "UseLargeIcons", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8_10 - Internet Explorer 8.0 to Internet Explorer 10.0", "DisplayName": "Use large icons for command buttons", "ExplainText": "This policy setting allows you increase the size of icons for command buttons.\n\nIf you enable this policy setting, icons for command buttons are 20 x 20 pixels and cannot be made smaller (16 x 16 pixels).\n\nIf you disable this policy setting, icons for command buttons are 16 x 16 pixels (the default) and cannot be made bigger (20 x 20 pixels).\n\nIf you do not configure this policy setting, icons for command buttons are 16 x 16 pixels, and the user can make them bigger (20 x 20 pixels).", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\CommandBar", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\CommandBar" ], "ValueName": "SmallIcons", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "inetres.admx", "CategoryName": "Toolbars", "PolicyName": "MoveTabBand", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE9 - At least Internet Explorer 9.0", "DisplayName": "Display tabs on a separate row", "ExplainText": "This policy setting allows you to manage where tabs are displayed.\n\nIf you enable this policy setting, tabs are displayed on a separate row.\n\nIf you disable this policy setting, tabs are not displayed on a separate row.\n\nIf you do not configure this policy setting, the user can change where tabs are displayed.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\MINIE", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\MINIE" ], "ValueName": "ShowTabsBelowAddressBar", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "UpdateCheck", "PolicyName": "UpdateIntervalPol", "Class": "Machine", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Prevent specifying the update check interval (in days)", "ExplainText": "This policy setting prevents the user from specifying the update check interval. The default value is 30 days.\n\nIf you enable this policy setting, the user cannot specify the update check interval. You must specify the update check interval.\n\nIf you disable or do not configure this policy setting, the user can specify the update check interval.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "Elements": [ { "Type": "Decimal", "ValueName": "Update_Check_Interval", "MinValue": "1", "MaxValue": "365" } ] }, { "File": "inetres.admx", "CategoryName": "UpdateCheck", "PolicyName": "UpdatePagePol", "Class": "Machine", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Prevent changing the URL for checking updates to Internet Explorer and Internet Tools", "ExplainText": "This policy setting prevents the user from changing the default URL for checking updates to Internet Explorer and Internet Tools.\n\nIf you enable this policy setting, the user cannot change the URL that is displayed for checking updates to Internet Explorer and Internet Tools. You must specify this URL.\n\nIf you disable or do not configure this policy setting, the user can change the URL that is displayed for checking updates to Internet Explorer and Internet Tools.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "Elements": [ { "Type": "Text", "ValueName": "Update_Check_Page" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "DisableActiveXFirstPrompt", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Turn off ActiveX Opt-In prompt", "ExplainText": "This policy setting allows you to turn off the ActiveX Opt-In prompt. ActiveX Opt-In prevents websites from loading any ActiveX control without prior approval. If a website attempts to load an ActiveX control that Internet Explorer has not used before, a Notification bar will appear, asking the user for approval.\n\nIf you enable this policy setting, the ActiveX Opt-In prompt does not appear. Internet Explorer does not ask the user for permission to load an ActiveX control, and Internet Explorer loads the control if it passes all other internal security checks.\n\nIf you disable or do not configure this policy setting, the ActiveX Opt-In prompt appears.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Ext", "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Ext" ], "ValueName": "NoFirsttimeprompt", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "DisablePerUserActiveXInstall", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Prevent per-user installation of ActiveX controls", "ExplainText": "This policy setting allows you to prevent the installation of ActiveX controls on a per-user basis.\n\nIf you enable this policy setting, ActiveX controls cannot be installed on a per-user basis.\n\nIf you disable or do not configure this policy setting, ActiveX controls can be installed on a per-user basis.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Security\\ActiveX", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Security\\ActiveX" ], "ValueName": "BlockNonAdminActiveXInstall", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "OnlyUseAXISForActiveXInstall", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Specify use of ActiveX Installer Service for installation of ActiveX controls", "ExplainText": "This policy setting allows you to specify how ActiveX controls are installed.\n\nIf you enable this policy setting, ActiveX controls are installed only if the ActiveX Installer Service is present and has been configured to allow the installation of ActiveX controls.\n\nIf you disable or do not configure this policy setting, ActiveX controls, including per-user controls, are installed through the standard installation process.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AxInstaller", "HKCU\\Software\\Policies\\Microsoft\\Windows\\AxInstaller" ], "ValueName": "OnlyUseAXISForActiveXInstall", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "EnableSuggestedSites", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Turn on Suggested Sites", "ExplainText": "This policy setting controls the Suggested Sites feature, which recommends websites based on the user\u2019s browsing activity. Suggested Sites reports a user\u2019s browsing history to Microsoft to suggest sites that the user might want to visit.\n\nIf you enable this policy setting, the user is not prompted to enable Suggested Sites. The user\u2019s browsing history is sent to Microsoft to produce suggestions.\n\nIf you disable this policy setting, the entry points and functionality associated with this feature are turned off.\n\nIf you do not configure this policy setting, the user can turn on and turn off the Suggested Sites feature.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Suggested Sites", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Suggested Sites" ], "ValueName": "Enabled", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "CategoryPrivacy", "PolicyName": "DisableInPrivateBrowsing", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Turn off InPrivate Browsing", "ExplainText": "This policy setting allows you to turn off the InPrivate Browsing feature.\n\nInPrivate Browsing prevents Internet Explorer from storing data about a user's browsing session. This includes cookies, temporary Internet files, history, and other data.\n\nIf you enable this policy setting, InPrivate Browsing is turned off.\n\nIf you disable this policy setting, InPrivate Browsing is available for use.\n\nIf you do not configure this policy setting, InPrivate Browsing can be turned on or off through the registry.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Privacy", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Privacy" ], "ValueName": "EnableInPrivateBrowsing", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "inetres.admx", "CategoryName": "CategoryPrivacy", "PolicyName": "DisableInPrivateToolbars", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Prevent the computer from loading toolbars and Browser Helper Objects when InPrivate Browsing starts", "ExplainText": "This policy setting allows you to choose whether or not toolbars and Browser Helper Objects (BHOs) are loaded by default during an InPrivate Browsing session.\n\nToolbars and BHOs may store data about a user's browsing session. By default, the computer does not load them when InPrivate Browsing starts.\n\nIf you enable this policy setting, toolbars and BHOs are not loaded by default during an InPrivate Browsing session.\n\nIf you disable this policy setting, toolbars and BHOs are loaded by default during an InPrivate Browsing session.\n\nIf you do not configure this policy setting, it can be configured on the Privacy tab in Internet Options.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Safety\\PrivacIE", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Safety\\PrivacIE" ], "ValueName": "DisableToolbars", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "CategoryPrivacy", "PolicyName": "DisableInPrivateLogging", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8ONLY - Only Internet Explorer 8.0", "DisplayName": "Turn off collection of InPrivate Filtering data", "ExplainText": "This policy setting allows you to turn off the collection of data used by the InPrivate Filtering Automatic mode.\n\nThe data consists of the URLs of third-party content, along with data about the first-party websites that referenced it. It is collected during non-InPrivate (normal) browsing sessions.\n\nIf you enable this policy setting, InPrivate Filtering data collection is turned off.\n\nIf you disable this policy setting, InPrivate Filtering collection is turned on.\n\nIf you do not configure this policy setting, InPrivate Filtering data collection can be turned on or off on the Privacy tab in Internet Options.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Safety\\PrivacIE", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Safety\\PrivacIE" ], "ValueName": "DisableLogging", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "CategoryPrivacy", "PolicyName": "InPrivateBlockingThresholdV8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8ONLY - Only Internet Explorer 8.0", "DisplayName": "Establish InPrivate Filtering threshold", "ExplainText": "This policy setting allows you to establish the threshold for InPrivate Filtering Automatic mode.\n\nThe threshold sets the number of first-party sites that a particular third-party item can be referenced from before it is blocked. Setting this value lower can help prevent more third-party sites from obtaining details about a user's browsing. However, doing so may cause compatibility issues on some websites. The allowed value range is 3 through 30.\n\nIf you enable this policy setting, the selected value is enforced.\n\nIf you disable or do not configure this policy setting, the user can establish the InPrivate Filtering threshold by clicking the Safety button and then clicking InPrivate Filtering.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Safety\\PrivacIE", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Safety\\PrivacIE" ], "Elements": [ { "Type": "Decimal", "ValueName": "Threshold", "MinValue": "3", "MaxValue": "30", "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "CategoryPrivacy", "PolicyName": "DisableInPrivateBlockingV8", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8ONLY - Only Internet Explorer 8.0", "DisplayName": "Turn off InPrivate Filtering", "ExplainText": "This policy setting allows you to turn off InPrivate Filtering.\n\nInPrivate Filtering helps users control whether third parties can automatically collect information about their browsing based on the sites that they visit. InPrivate Filtering does this by identifying third-party content that is used by multiple websites that users have visited.\n\nIf you enable this policy setting, InPrivate Filtering is turned off in all browsing sessions, and InPrivate Filtering data is not collected.\n\nIf you disable this policy setting, InPrivate Filtering is available for use.\n\nIf you do not configure this policy setting, it can be configured through the registry.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Safety\\PrivacIE", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Safety\\PrivacIE" ], "ValueName": "DisableInPrivateBlocking", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "CategoryPrivacy", "PolicyName": "InPrivateBlockingThresholdV9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE9 - At least Internet Explorer 9.0", "DisplayName": "Establish Tracking Protection threshold", "ExplainText": "This policy setting allows you to establish the threshold for Tracking Protection Automatic mode.\n\nThe threshold sets the number of first-party sites that a particular third-party item can be referenced from before it is blocked. Setting this value lower can help prevent more third-party sites from obtaining details about a user's browsing. However, doing so may cause compatibility issues on some websites. The allowed value range is 3 through 30.\n\nIf you enable this policy setting, the selected value is enforced.\n\nIf you disable or do not configure this policy setting, the user can establish the Tracking Protection threshold by clicking the Safety button and then clicking Tracking Protection.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Safety\\PrivacIE", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Safety\\PrivacIE" ], "Elements": [ { "Type": "Decimal", "ValueName": "TrackingProtectionThreshold", "MinValue": "3", "MaxValue": "30", "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "CategoryPrivacy", "PolicyName": "DisableInPrivateBlockingV9", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE9 - At least Internet Explorer 9.0", "DisplayName": "Turn off Tracking Protection", "ExplainText": "This policy setting allows you to turn off Tracking Protection.\n\nTracking Protection helps users control whether third parties can automatically collect information about their browsing based on the sites that they visit. Tracking Protection does this by identifying third-party content that is used by multiple websites that users have visited.\n\nIf you enable this policy setting, Tracking Protection is disabled in all browsing sessions, and Tracking Protection data is not collected.\n\nIf you disable this policy setting, Tracking Protection is available for use.\n\nIf you do not configure this policy setting, it can be configured through the registry.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Safety\\PrivacIE", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Safety\\PrivacIE" ], "ValueName": "DisableTrackingProtection", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "CategoryAccelerators", "PolicyName": "DeployAccelerators_1", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Add non-default Accelerators", "ExplainText": "This policy setting allows you to add non-default Accelerators.\n\nIf you enable this policy setting, the specified Accelerators are added to the user's browser. The user can append other Accelerators to this list, but the user cannot remove or change the Accelerators that this policy setting has added. Default and non-default Accelerators should not overlap.\n\nIf you disable or do not configure this policy setting, the user has Accelerators that are provided through first use of the browser.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\GPActivities" ], "ValueName": "ActivitiesInstall", "Elements": [ { "Type": "List", "ValueName": null, "ClientExtension": "{7b849a69-220f-451e-b3fe-2cb811af94ae}" } ] }, { "File": "inetres.admx", "CategoryName": "CategoryAccelerators", "PolicyName": "DeployAccelerators_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Add non-default Accelerators", "ExplainText": "This policy setting allows you to add non-default Accelerators.\n\nIf you enable this policy setting, the specified Accelerators are added to the user's browser. The user can append other Accelerators to this list, but the user cannot remove or change the Accelerators that this policy setting has added. Default and non-default Accelerators should not overlap.\n\nIf you disable or do not configure this policy setting, the user has Accelerators that are provided through first use of the browser.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\GPActivities" ], "ValueName": "ActivitiesInstall", "Elements": [ { "Type": "List", "ValueName": null, "ClientExtension": "{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}" } ] }, { "File": "inetres.admx", "CategoryName": "CategoryAccelerators", "PolicyName": "DeployDefaultAccelerators_1", "Class": "User", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Add default Accelerators", "ExplainText": "This policy setting allows you to add default Accelerators.\n\nIf you enable this policy setting, the specified Accelerators are added to the user's browser. The user can append other Accelerators to this list, but the user cannot remove or change the Accelerators that this policy setting has added. Default and non-default Accelerators should not overlap.\n\nIf you disable or do not configure this policy setting, the user has Accelerators that are provided through first use of the browser.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\GPActivities" ], "ValueName": "ActivitiesDefaultInstall", "Elements": [ { "Type": "List", "ValueName": null, "ClientExtension": "{7b849a69-220f-451e-b3fe-2cb811af94ae}" } ] }, { "File": "inetres.admx", "CategoryName": "CategoryAccelerators", "PolicyName": "DeployDefaultAccelerators_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Add default Accelerators", "ExplainText": "This policy setting allows you to add default Accelerators.\n\nIf you enable this policy setting, the specified Accelerators are added to the user's browser. The user can append other Accelerators to this list, but the user cannot remove or change the Accelerators that this policy setting has added. Default and non-default Accelerators should not overlap.\n\nIf you disable or do not configure this policy setting, the user has Accelerators that are provided through first use of the browser.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\GPActivities" ], "ValueName": "ActivitiesDefaultInstall", "Elements": [ { "Type": "List", "ValueName": null, "ClientExtension": "{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}" } ] }, { "File": "inetres.admx", "CategoryName": "CategoryAccelerators", "PolicyName": "TurnOffAccelerators", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Turn off Accelerators", "ExplainText": "This policy setting allows you to manage whether users can access Accelerators.\n\nIf you enable this policy setting, users cannot access Accelerators.\n\nIf you disable or do not configure this policy setting, users can access Accelerators and install new Accelerators.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Activities", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Activities" ], "ValueName": "NoActivities", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "CategoryAccelerators", "PolicyName": "UsePolicyAccelerators", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Restrict Accelerators to those deployed through Group Policy", "ExplainText": "This policy setting restricts the list of Accelerators that the user can access to only the set deployed through Group Policy.\n\nIf you enable this policy setting, the user can access only Accelerators that are deployed through Group Policy. The user cannot add or delete Accelerators.\n\nIf you disable or do not configure this policy setting, the user can access any Accelerators that he or she has installed.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Activities\\Restrictions", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Activities\\Restrictions" ], "ValueName": "UsePolicyActivitiesOnly", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "CategoryCompatView", "PolicyName": "CompatView_AllSites", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8_10 - Internet Explorer 8.0 to Internet Explorer 10.0", "DisplayName": "Turn on Internet Explorer 7 Standards Mode", "ExplainText": "This policy setting allows you to turn on Internet Explorer 7 Standards Mode. Compatibility View determines how Internet Explorer identifies itself to a web server and determines whether content is rendered in Internet Explorer 7 Standards Mode or the Standards Mode available in the latest version of Internet Explorer.\n\nIf you enable this policy setting, Internet Explorer uses an Internet Explorer 7 user agent string (with an additional string appended). Additionally, all Standards Mode webpages appear in Internet Explorer 7 Standards Mode. This option results in the greatest compatibility with existing webpages, but newer content written to common Internet standards may be displayed incorrectly.\n\nIf you disable this policy setting, Internet Explorer uses a current user agent string. Additionally, all Standards Mode webpages appear in the Standards Mode available in the latest version of Internet Explorer. This option matches the default behavior of Internet Explorer.\n\nIf you do not configure this policy setting, the user can turn on and turn off Internet Explorer 7 Standards Mode.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\BrowserEmulation", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\BrowserEmulation" ], "ValueName": "AllSitesCompatibilityMode", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "CategoryCompatView", "PolicyName": "CompatView_DisableList", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Turn off Compatibility View", "ExplainText": "This policy setting controls the Compatibility View feature, which allows the user to fix website display problems that he or she may encounter while browsing.\n\nIf you enable this policy setting, the user cannot use the Compatibility View button or manage the Compatibility View sites list.\n\nIf you disable or do not configure this policy setting, the user can use the Compatibility View button and manage the Compatibility View sites list.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\BrowserEmulation", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\BrowserEmulation" ], "ValueName": "DisableSiteListEditing", "Elements": [] }, { "File": "inetres.admx", "CategoryName": "CategoryCompatView", "PolicyName": "CompatView_IntranetSites", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Turn on Internet Explorer Standards Mode for local intranet", "ExplainText": "This policy setting controls how Internet Explorer displays local intranet content. Intranet content is defined as any webpage that belongs to the local intranet security zone.\n\nIf you enable this policy setting, Internet Explorer uses the current user agent string for local intranet content. Additionally, all local intranet Standards Mode pages appear in the Standards Mode available with the latest version of Internet Explorer. The user cannot change this behavior through the Compatibility View Settings dialog box.\n\nIf you disable this policy setting, Internet Explorer uses an Internet Explorer 7 user agent string (with an additional string appended) for local intranet content. Additionally, all local intranet Standards Mode pages appear in Internet Explorer 7 Standards Mode. The user cannot change this behavior through the Compatibility View Settings dialog box.\n\nIf you do not configure this policy setting, Internet Explorer uses an Internet Explorer 7 user agent string (with an additional string appended) for local intranet content. Additionally, all local intranet Standards Mode pages appear in Internet Explorer 7 Standards Mode. This option results in the greatest compatibility with existing webpages, but newer content written to common Internet standards may be displayed incorrectly. This option matches the default behavior of Internet Explorer.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\BrowserEmulation", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\BrowserEmulation" ], "ValueName": "IntranetCompatibilityMode", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "inetres.admx", "CategoryName": "CategoryCompatView", "PolicyName": "CompatView_ShowButton", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8_10 - Internet Explorer 8.0 to Internet Explorer 10.0", "DisplayName": "Turn off Compatibility View button", "ExplainText": "This policy setting controls the Compatibility View button that appears on the Command bar. This button allows the user to fix website display problems that he or she may encounter while browsing.\n\nIf you enable this policy setting, the user cannot use the Compatibility View button.\n\nIf you disable or do not configure this policy setting, the user can use the Compatibility View button.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\CommandBar", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\CommandBar" ], "ValueName": "ShowCompatibilityViewButton", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "inetres.admx", "CategoryName": "CategoryCompatView", "PolicyName": "CompatView_UsePolicyList", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Use Policy List of Internet Explorer 7 sites", "ExplainText": "This policy setting allows you to add specific sites that must be viewed in Internet Explorer 7 Compatibility View.\n\nIf you enable this policy setting, the user can add and remove sites from the list, but the user cannot remove the entries that you specify.\n\nIf you disable or do not configure this policy setting, the user can add and remove sites from the list.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\BrowserEmulation", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\BrowserEmulation" ], "ValueName": "PolicyList", "Elements": [ { "Type": "List", "ValueName": null } ] }, { "File": "inetres.admx", "CategoryName": "CategoryCompatView", "PolicyName": "CompatView_UseQuirksPolicyList", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Use Policy List of Quirks Mode sites", "ExplainText": "Compatibility View determines how Internet Explorer identifies itself to a web server and determines whether content is rendered in Quirks Mode or the Standards Mode available in the latest version of Internet Explorer.\n\nIf you enable this policy setting, Internet Explorer uses an Internet Explorer 7 user agent string (with an additional string appended). Additionally, webpages included in this list appear in Quirks Mode.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\BrowserEmulation", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\BrowserEmulation" ], "ValueName": "QuirksPolicyList", "Elements": [ { "Type": "List", "ValueName": null } ] }, { "File": "inetres.admx", "CategoryName": "CategoryCompatView", "PolicyName": "CompatView_UseMSList", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Include updated website lists from Microsoft", "ExplainText": "This policy controls the website compatibility lists that Microsoft provides. The updated website lists are available on Windows Update.\n\nIf you enable this policy setting, the Microsoft-provided website lists are used during browser navigation. If a user visits a site on the compatibility lists, the pages are automatically displayed in Compatibility View.\n\nIf you disable this policy setting, the Microsoft-provided website lists are not used. Additionally, the user cannot activate the feature by using the Compatibility View Settings dialog box.\n\nIf you do not configure this policy setting, the Microsoft-provided website lists are not active. The user can activate the feature by using the Compatibility View Settings dialog box.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\BrowserEmulation", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\BrowserEmulation" ], "ValueName": "MSCompatibilityMode", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "TurnOffPinnedSites", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE9 - At least Internet Explorer 9.0", "DisplayName": "Turn off ability to pin sites in Internet Explorer on the desktop", "ExplainText": "This policy setting allows you to manage whether users can pin sites to locations where pinning is allowed, such as the taskbar, the desktop, or File Explorer.\n\nIf you enable this policy setting, users cannot pin sites.\n\nIf you disable or do not configure this policy setting, users can pin sites.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "ValueName": "DisableAddSiteMode", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "EnterpriseModeEnable", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11 - At least Internet Explorer 11.0", "DisplayName": "Let users turn on and use Enterprise Mode from the Tools menu", "ExplainText": "This policy setting lets you decide whether users can turn on Enterprise Mode for websites with compatibility issues. Optionally, this policy also lets you specify where to get reports (through post messages) about the websites for which users turn on Enterprise Mode using the Tools menu.\n\nIf you turn this setting on, users can see and use the Enterprise Mode option from the Tools menu. If you turn this setting on, but don't specify a report location, Enterprise Mode will still be available to your users, but you won't get any reports.\n\nIf you disable or don't configure this policy setting, the menu option won't appear and users won't be able to run websites in Enterprise Mode.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\EnterpriseMode", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\EnterpriseMode" ], "Elements": [ { "Type": "Text", "ValueName": "Enable" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "EnterpriseModeSiteList", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11 - At least Internet Explorer 11.0", "DisplayName": "Use the Enterprise Mode IE website list", "ExplainText": "This policy setting lets you specify where to find the list of websites you want opened using Enterprise Mode IE, instead of Standard mode, because of compatibility issues. Users can't edit this list.\n\nIf you enable this policy setting, Internet Explorer downloads the website list from your location (HKCU or HKLM\\Software\\policies\\Microsoft\\Internet Explorer\\Main\\EnterpriseMode), opening all listed websites using Enterprise Mode IE.\n\nIf you disable or don't configure this policy setting, Internet Explorer opens all websites using Standards mode.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\EnterpriseMode", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\EnterpriseMode" ], "Elements": [ { "Type": "Text", "ValueName": "SiteList", "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "RestrictInternetExplorer", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11WIN10_1607 - At least Internet Explorer 11.0 on Windows 10, vertion 1607 or later", "DisplayName": "Send all sites not included in the Enterprise Mode Site List to Microsoft Edge", "ExplainText": "This setting lets you decide whether to open all sites not included in the Enterprise Mode Site List in Microsoft Edge. If you use this setting, you must also turn on the Administrative Templates\\Windows Components\\Internet Explorer\\Use the Enterprise Mode IE website list policy setting and you must include at least one site in the Enterprise Mode Site List.\n\nEnabling this setting automatically opens all sites not included in the Enterprise Mode Site List in Microsoft Edge.\n\nDisabling, or not configuring this setting, opens all sites based on the currently active browser.\n\nNote: If you've also enabled the Administrative Templates\\Windows Components\\Microsoft Edge\\Send all intranet sites to Internet Explorer 11 policy setting, then all intranet sites will continue to open in Internet Explorer 11.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\EnterpriseMode", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\EnterpriseMode" ], "ValueName": "RestrictIE", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "ShowMessageWhenOpeningSitesInMicrosoftEdge", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11WIN10_1607 - At least Internet Explorer 11.0 on Windows 10, vertion 1607 or later", "DisplayName": "Show message when opening sites in Microsoft Edge using Enterprise Mode", "ExplainText": "This policy setting lets you decide whether employees see an additional page in Internet Explorer 11, stating that a site has been opened using Microsoft Edge with Enterprise Mode.\n\nIf you enable this setting, employees see an additional page in Internet Explorer 11, stating that a site has been opened using Microsoft Edge with Enterprise Mode.\n\nIf you disable or don't configure this setting, the default app behavior occurs and no additional page appears.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\EnterpriseMode", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\EnterpriseMode" ], "ValueName": "ShowMessageWhenOpeningSitesInMicrosoftEdge", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "NeedEdgeBrowser", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11 - At least Internet Explorer 11.0", "DisplayName": "Configure which channel of Microsoft Edge to use for opening redirected sites", "ExplainText": "Enables you to configure up to three versions of Microsoft Edge to open a redirected site (in order of preference). Use this policy if your environment is configured to redirect sites from Internet Explorer 11 to Microsoft Edge. If any of the chosen versions are not installed on the device, that preference will be bypassed.\n\nIf both the Windows Update for the next version of Microsoft Edge* and Microsoft Edge Stable channel are installed, the following behaviors occur:\n- If you disable or don't configure this policy, Microsoft Edge Stable channel is used. This is the default behavior.\n- If you enable this policy, you can configure redirected sites to open in up to three of the following channels where:\n1 = Microsoft Edge Stable\n2 = Microsoft Edge Beta version 77 or later\n3 = Microsoft Edge Dev version 77 or later\n4 = Microsoft Edge Canary version 77 or later\n\nIf the Windows Update for the next version of Microsoft Edge* or Microsoft Edge Stable channel are not installed, the following behaviors occur:\n- If you disable or don't configure this policy, Microsoft Edge version 45 or earlier is automatically used. This is the default behavior.\n- If you enable this policy, you can configure redirected sites to open in up to three of the following channels where:\n0 = Microsoft Edge version 45 or earlier\n1 = Microsoft Edge Stable\n2 = Microsoft Edge Beta version 77 or later\n3 = Microsoft Edge Dev version 77 or later\n4 = Microsoft Edge Canary version 77 or later\n\n*For more information about the Windows update for the next version of Microsoft Edge including how to disable it, see https://go.microsoft.com/fwlink/?linkid=2102115. This update applies only to Windows 10 version 1709 and higher.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\EnterpriseMode", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\EnterpriseMode" ], "Elements": [ { "Type": "Enum", "ValueName": "NeedEdgeBrowser", "Items": [ { "DisplayName": "NeedEdgeBrowserChoice_None", "Action": "Delete" }, { "DisplayName": "Microsoft Edge Stable", "Data": "1" }, { "DisplayName": "Microsoft Edge Beta version 77 or later", "Data": "2" }, { "DisplayName": "Microsoft Edge Dev version 77 or later", "Data": "3" }, { "DisplayName": "Microsoft Edge Canary version 77 or later", "Data": "4" }, { "DisplayName": "Microsoft Edge version 45 or earlier", "Data": "0" } ] }, { "Type": "Enum", "ValueName": "NeedEdgeBrowser2", "Items": [ { "DisplayName": "NeedEdgeBrowserChoice_None", "Action": "Delete" }, { "DisplayName": "Microsoft Edge Stable", "Data": "1" }, { "DisplayName": "Microsoft Edge Beta version 77 or later", "Data": "2" }, { "DisplayName": "Microsoft Edge Dev version 77 or later", "Data": "3" }, { "DisplayName": "Microsoft Edge Canary version 77 or later", "Data": "4" }, { "DisplayName": "Microsoft Edge version 45 or earlier", "Data": "0" } ] }, { "Type": "Enum", "ValueName": "NeedEdgeBrowser3", "Items": [ { "DisplayName": "NeedEdgeBrowserChoice_None", "Action": "Delete" }, { "DisplayName": "Microsoft Edge Stable", "Data": "1" }, { "DisplayName": "Microsoft Edge Beta version 77 or later", "Data": "2" }, { "DisplayName": "Microsoft Edge Dev version 77 or later", "Data": "3" }, { "DisplayName": "Microsoft Edge Canary version 77 or later", "Data": "4" }, { "DisplayName": "Microsoft Edge version 45 or earlier", "Data": "0" } ] } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "KeepIntranetSitesInInternetExplorer", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11 - At least Internet Explorer 11.0", "DisplayName": "Keep all intranet sites in Internet Explorer", "ExplainText": "Prevents intranet sites from being opened in any browser except Internet Explorer. But note that If the \u2018Send all sites not included in the Enterprise Mode Site List to Microsoft Edge\u2019 (\u2018RestrictIE\u2019) policy isn\u2019t enabled, this policy has no effect.\n\nIf you enable this policy, all intranet sites are opened in Internet Explorer 11. The only exceptions are sites listed in your Enterprise Mode Site List.\n\nIf you disable or don\u2019t configure this policy, all intranet sites are automatically opened in Microsoft Edge.\n\nWe strongly recommend keeping this policy in sync with the \u2018Send all intranet sites to Internet Explorer\u2019 (\u2018SendIntranetToInternetExplorer\u2019) policy. Additionally, it\u2019s best to enable this policy only if your intranet sites have known compatibility problems with Microsoft Edge.\n\nRelated policies:\n- Send all intranet sites to Internet Explorer (\u2018SendIntranetToInternetExplorer\u2019)\n- Send all sites not included in the Enterprise Mode Site List to Microsoft Edge (\u2018RestrictIE\u2019)\n\nFor more info about how to use this policy together with other related policies to create the optimal configuration for your organization, see https://go.microsoft.com/fwlink/?linkid=2094210.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\EnterpriseMode", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\EnterpriseMode" ], "ValueName": "KeepIntranetSitesInInternetExplorer", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "AllowSaveTargetAsInIEMode", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11 - At least Internet Explorer 11.0", "DisplayName": "Allow \"Save Target As\" in Internet Explorer mode", "ExplainText": "This policy setting allows admins to enable \"Save Target As\" context menu in Internet Explorer mode.\n\nIf you enable this policy, \"Save Target As\" will show up in the Internet Explorer mode context menu and work the same as Internet Explorer.\n\nIf you disable or do not configure this policy setting, \"Save Target As\" will not show up in the Internet Explorer mode context menu.\n\nFor more information, see https://go.microsoft.com/fwlink/?linkid=2102115", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\EnterpriseMode", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\EnterpriseMode" ], "ValueName": "AllowSaveTargetAsInIEMode", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "EnableGlobalWindowListInIEMode", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11 - At least Internet Explorer 11.0", "DisplayName": "Enable global window list in Internet Explorer mode", "ExplainText": "This setting allows Internet Explorer mode to use the global window list that enables sharing state with other applications.\nThe setting will take effect only when Internet Explorer 11 is disabled as a standalone browser.\n\nIf you enable this policy, Internet Explorer mode will use the global window list.\n\nIf you disable or don\u2019t configure this policy, Internet Explorer mode will continue to maintain a separate window list.\n\nTo learn more about Internet Explorer mode, see https://go.microsoft.com/fwlink/?linkid=2102921\nTo learn more about disabling Internet Explorer 11 as a standalone browser, see https://go.microsoft.com/fwlink/?linkid=2168340", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\EnterpriseMode", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\EnterpriseMode" ], "ValueName": "EnableGlobalWindowListInIEMode", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "EnableExtendedIEModeHotkeys", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11 - At least Internet Explorer 11.0", "DisplayName": "Enable extended hot keys in Internet Explorer mode", "ExplainText": "This policy setting lets admins enable extended Microsoft Edge Internet Explorer mode hotkeys, such as \"Ctrl+S\" to have \"Save as\" functionality.\n\nIf you enable this policy, extended hotkey functionality is enabled in Internet Explorer mode and work the same as Internet Explorer.\n\nIf you disable, or don't configure this policy, extended hotkeys will not work in Internet Explorer mode.\n\nFor more information, see https://go.microsoft.com/fwlink/?linkid=2102115", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\EnterpriseMode", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\EnterpriseMode" ], "ValueName": "EnableExtendedIEModeHotkeys", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "AllowLegacyURLFields", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE7 - At least Internet Explorer 7.0", "DisplayName": "Allow legacy functionality for Internet Shortcut files", "ExplainText": "This policy setting allows the use of some disabled functionality, such as WorkingDirectory field or pluggable protocol handling, in Internet Shortcut files.\n\nIf you enable this policy, disabled functionality for Internet Shortcut files will be re-enabled.\n\nIf you disable, or don't configure this policy, some functionality for Internet Shortcut files, such as WorkingDirectory field or pluggable protocol handling, will be disabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "ValueName": "AllowLegacyURLFields", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "ResetZoomForDialogInIEMode", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11 - At least Internet Explorer 11.0", "DisplayName": "Reset zoom to default for HTML dialogs in Internet Explorer mode", "ExplainText": "This policy setting lets admins reset zoom to default for HTML dialogs in Internet Explorer mode.\n\nIf you enable this policy, the zoom of an HTML dialog in Internet Explorer mode will not get propagated from its parent page.\n\nIf you disable, or don't configure this policy, the zoom of an HTML dialog in Internet Explorer mode will be set based on the zoom of it's parent page.\n\nFor more information, see https://go.microsoft.com/fwlink/?linkid=2220107", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\EnterpriseMode", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\EnterpriseMode" ], "ValueName": "ResetZoomForDialogInIEMode", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "DisableInternetExplorerApp", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11WIN10 - At least Internet Explorer 11.0 on Windows 10", "DisplayName": "Disable Internet Explorer 11 as a standalone browser", "ExplainText": "This policy lets you restrict launching of Internet Explorer as a standalone browser.\n\nIf you enable this policy, it:\n- Prevents Internet Explorer 11 from launching as a standalone browser.\n- Restricts Internet Explorer's usage to Microsoft Edge's native 'Internet Explorer mode'.\n- Redirects attempts at launching Internet Explorer 11 to Microsoft Edge Stable Channel browser.\n- Overrides any other policies that redirect to Internet Explorer 11.\n\nEven with this policy enabled launching Internet Explorer 11 using COM automation will still be allowed. To disable COM automation launches of Internet Explorer 11 use the \"Disable Internet Explorer 11 COM Automation\" group policy.\n\nIf you disable, or don\u2019t configure this policy, all sites are opened using the current active browser settings. Note: Microsoft Edge Stable Channel must be installed for this policy to take effect.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "Elements": [ { "Type": "Enum", "ValueName": "NotifyDisableIEOptions", "Items": [ { "DisplayName": "Never", "Data": "0" }, { "DisplayName": "Always", "Data": "1" }, { "DisplayName": "Once per user", "Data": "2" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "DisableInternetExplorerLaunchViaCOM", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11WIN10 - At least Internet Explorer 11.0 on Windows 10", "DisplayName": "Disable Internet Explorer 11 Launch Via COM Automation", "ExplainText": "This policy lets you restrict launching of Internet Explorer using COM automation.\n\nIf you enable this policy, it prevents Internet Explorer 11 from being launched using COM automation.\n\nIf you disable, or don\u2019t configure this policy, Internet Explorer 11 COM automation launches are allowed.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "ValueName": "DisableInternetExplorerLaunchViaCOM", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "DisableIEAppDeprecationNotification", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11WIN10 - At least Internet Explorer 11.0 on Windows 10", "DisplayName": "Hide Internet Explorer 11 retirement notification", "ExplainText": "This policy setting allows you to manage whether the notification bar reminder that Internet Explorer is being retired is displayed. By default, the Notification bar is displayed in Internet Explorer 11.\n\nIf you enable this policy setting, the Notification bar will not be displayed in Internet Explorer 11.\n\nIf you disable, or do not configure, this policy setting, the Notification bar will be displayed in Internet Explorer 11.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "ValueName": "DisableIEAppNotificationPolicy", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "JScriptReplacement", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11 - At least Internet Explorer 11.0", "DisplayName": "Replace JScript by loading JScript9Legacy in place of JScript.", "ExplainText": "This policy setting specifies whether JScript or JScript9Legacy is loaded.\n\nIf you enable this policy setting or not configured, JScript9Legacy will be loaded in situations where JScript is instantiated.\n\nIf you disable this policy, then JScript will be utilized.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "ValueName": "JScriptReplacement", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "CategoryBrowsingHistory", "PolicyName": "DefaultDomainCacheLimitInMB", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE10 - At least Internet Explorer 10.0", "DisplayName": "Set default storage limits for websites", "ExplainText": "This policy setting sets data storage limits for indexed database and application caches for individual websites. When you set this policy setting, you provide the cache limit, in MB.\n\nIf you enable this policy setting, Internet Explorer displays a notification when a website exceeds the configured storage limit.\n\nIf you disable or do not configure this policy setting, users can set default data storage limits for indexed databases and application caches.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\BrowserStorage", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\BrowserStorage" ], "Elements": [ { "Type": "Decimal", "ValueName": "DefaultDomainCacheLimitInMB", "MinValue": "0", "MaxValue": "9999", "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "CategoryBrowsingHistory", "PolicyName": "IndexedDB_AllowWebsiteDatabases", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE10 - At least Internet Explorer 10.0", "DisplayName": "Allow websites to store indexed databases on client computers", "ExplainText": "This policy setting allows websites to store indexed database cache information on client computers.\n\nIf you enable this policy setting, websites will be able to store an indexed database on client computers. Allow website database and caches on Website Data Settings will be unavailable to users.\n\nIf you disable this policy setting, websites will not be able to store an indexed database on client computers. Allow website database and caches on Website Data Settings will be unavailable to users.\n\nIf you do not configure this policy setting, websites will be able to store an indexed database on client computers. Allow website database and caches on Website Data Settings will be available to users. Users can choose whether or not to allow websites to store data on their computers.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\BrowserStorage\\IndexedDB", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\BrowserStorage\\IndexedDB" ], "ValueName": "AllowWebsiteDatabases", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "CategoryBrowsingHistory", "PolicyName": "IndexedDB_MaxTrustedDomainLimitInMB", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE10 - At least Internet Explorer 10.0", "DisplayName": "Set indexed database storage limits for individual domains", "ExplainText": "This policy setting sets data storage limits for indexed databases of websites that have been allowed to exceed their storage limit. The \"Set default storage limits for websites\" policy setting sets the data storage limits for indexed databases. If a domain exceeds the indexed database storage limit for an individual domain, Internet Explorer sends an error to the website. No notification is sent to the user. This group policy sets the maximum data storage limit for domains that are trusted by users. When you set this policy setting, you provide the cache limit, in MB. The default is 500 MB.\n\nIf you enable this policy setting, Internet Explorer will allow trusted domains to store additional data in indexed databases, up to the limit set in this group policy.\n\nIf you disable or do not configure this policy setting, Internet Explorer will use the default maximum storage limit for all indexed databases. The default is 500 MB.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\BrowserStorage\\IndexedDB", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\BrowserStorage\\IndexedDB" ], "Elements": [ { "Type": "Decimal", "ValueName": "MaxTrustedDomainLimitInMB", "MinValue": "1", "MaxValue": "9999", "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "CategoryBrowsingHistory", "PolicyName": "IndexedDB_TotalLimitInMB", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE10 - At least Internet Explorer 10.0", "DisplayName": "Set maximum indexed database storage limit for all domains", "ExplainText": "This policy setting sets the data storage limit for all combined indexed databases for a user. When you set this policy setting, you provide the storage limit in MB. When the limit is reached, Internet Explorer notifies the user, and the user must delete indexed databases before an updated database can be saved on their computer. The default maximum storage limit for all indexed databases is 4 GB.\n\nIf you enable this policy setting, you can set the maximum storage limit for all indexed databases. The default is 4 GB.\n\nIf you disable or do not configure this policy setting, Internet Explorer will use the default maximum storage limit for all indexed databases. The default is 4 GB.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\BrowserStorage\\IndexedDB", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\BrowserStorage\\IndexedDB" ], "Elements": [ { "Type": "Decimal", "ValueName": "TotalLimitInMB", "MinValue": "1", "MaxValue": "99999", "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "CategoryBrowsingHistory", "PolicyName": "AppCache_AllowWebsiteCaches", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE10 - At least Internet Explorer 10.0", "DisplayName": "Allow websites to store application caches on client computers", "ExplainText": "This policy setting allows websites to store file resources in application caches on client computers.\n\nIf you enable this policy setting, websites will be able to store application caches on client computers. Allow website database and caches on Website Data Settings will be unavailable to users.\n\nIf you disable this policy setting, websites will not be able to store application caches on client computers. Allow website database and caches on Website Data Settings will be unavailable to users.\n\nIf you do not configure this policy setting, websites will be able to store application caches on client computers. Allow website database and caches on Website Data Settings will be available to users. Users can choose whether or not to allow websites to store data on their computers.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\BrowserStorage\\AppCache", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\BrowserStorage\\AppCache" ], "ValueName": "AllowWebsiteCaches", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "CategoryBrowsingHistory", "PolicyName": "AppCache_MaxTrustedDomainLimitInMB", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE10 - At least Internet Explorer 10.0", "DisplayName": "Set application cache storage limits for individual domains", "ExplainText": "This policy setting sets file storage limits for application caches of websites that have been allowed to exceed their storage limit. The \"Set default storage limits for websites\" policy setting sets the data storage limits for application caches. If a domain exceeds the application cache storage limit for an individual domain, Internet Explorer sends an error to the website. No notification will be displayed to the user. This group policy sets the maximum file storage limit for domains that are trusted by users. When you set this policy setting, you provide the cache limit, in MB. The default is 50 MB.\n\nIf you enable this policy setting, Internet Explorer will allow trusted domains to store additional files in application caches, up to the limit set in this policy setting.\n\nIf you disable or do not configure this policy setting, Internet Explorer will use the default maximum storage limit for all application caches. The default is 50 MB.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\BrowserStorage\\AppCache", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\BrowserStorage\\AppCache" ], "Elements": [ { "Type": "Decimal", "ValueName": "MaxTrustedDomainLimitInMB", "MinValue": "1", "MaxValue": "9999", "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "CategoryBrowsingHistory", "PolicyName": "AppCache_TotalLimitInMB", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE10 - At least Internet Explorer 10.0", "DisplayName": "Set maximum application caches storage limit for all domains", "ExplainText": "This policy setting sets the file storage limit for all combined application caches for a user. When you set this policy setting, you provide the storage limit in MB. When the limit is reached, Internet Explorer notifies the user, and the user must delete application caches before an updated one can be saved on their computer. The default maximum storage limit for all application caches is 1 GB.\n\nIf you enable this policy setting, you can set the maximum storage limit for all application caches. The default is 1 GB.\n\nIf you disable or do not configure this policy setting, Internet Explorer will use the default maximum storage limit for all application caches. The default is 1 GB.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\BrowserStorage\\AppCache", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\BrowserStorage\\AppCache" ], "Elements": [ { "Type": "Decimal", "ValueName": "TotalLimitInMB", "MinValue": "1", "MaxValue": "99999", "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "CategoryBrowsingHistory", "PolicyName": "AppCache_GarbageCollectionThresholdInDays", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE10 - At least Internet Explorer 10.0", "DisplayName": "Set application caches expiration time limit for individual domains", "ExplainText": "This policy setting sets the number of days an inactive application cache will exist before it is removed. If the application cache is used before the expiration time limit, it will not be automatically removed. When you set this policy setting, you provide the expiration time limit in days.\n\nIf you enable this policy setting, Internet Explorer will remove application caches that haven't been used within the timeframe set in this policy setting.\n\nIf you disable or do not configure this policy setting, Internet Explorer will use the default application cache expiration time limit for all application caches. The default is 30 days.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\BrowserStorage\\AppCache", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\BrowserStorage\\AppCache" ], "Elements": [ { "Type": "Decimal", "ValueName": "GarbageCollectionThresholdInDays", "MinValue": "0", "MaxValue": "99999", "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "CategoryBrowsingHistory", "PolicyName": "AppCache_ManifestResourceQuota", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE10 - At least Internet Explorer 10.0", "DisplayName": "Set maximum application cache resource list size", "ExplainText": "This policy setting sets the maximum number of resource entries that can be specified in a manifest file associated with an application cache. If the manifest associated with an application cache exceeds the number of resources allowed, including the page that referenced the manifest, Internet Explorer sends an error to the website. No notification will be displayed to the user. When you set this policy setting, you provide the resource limit as a number. The default is 1000 resources.\n\nIf you enable this policy setting, Internet Explorer will allow the creation of application caches whose manifest file contains the number of resources, including the page that referenced the manifest, that are less than or equal to the limit set in this policy setting.\n\nIf you disable or do not configure this policy setting, Internet Explorer will use the default maximum application cache resource list size for all application caches. The default is 1000 resources.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\BrowserStorage\\AppCache", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\BrowserStorage\\AppCache" ], "Elements": [ { "Type": "Decimal", "ValueName": "ManifestResourceQuota", "MinValue": "0", "MaxValue": "99999", "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "CategoryBrowsingHistory", "PolicyName": "AppCache_ManifestSingleResourceQuotaInMB", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE10 - At least Internet Explorer 10.0", "DisplayName": "Set maximum application cache individual resource size", "ExplainText": "This policy setting sets the maximum size for an individual resource file contained in a manifest file. The manifest file is used to create the application cache. If any file in the manifest exceeds the allowed size, Internet Explorer sends an error to the website. No notification will be displayed to the user. When you set this policy setting, you provide the resource size limit, in MB. The default is 50 MB.\n\nIf you enable this policy setting, Internet Explorer will allow the creation of application caches whose individual manifest file entries are less than or equal to the size set in this policy setting.\n\nIf you disable or do not configure this policy setting, Internet Explorer will use the default application cache individual resource size for all application caches resources. The default is 50 MB.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\BrowserStorage\\AppCache", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\BrowserStorage\\AppCache" ], "Elements": [ { "Type": "Decimal", "ValueName": "ManifestSingleResourceQuotaInMB", "MinValue": "0", "MaxValue": "99999", "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "CategoryGeneralPage", "PolicyName": "ContinuousBrowsing", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE10 - At least Internet Explorer 10.0", "DisplayName": "Start Internet Explorer with tabs from last browsing session", "ExplainText": "This policy setting configures what Internet Explorer displays when a new browsing session is started. By default, Internet Explorer displays the home page. In Internet Explorer 10, Internet Explorer can start a new browsing session with the tabs from the last browsing session.\n\nIf you enable this policy setting, Internet Explorer starts a new browsing session with the tabs from the last browsing session. Users cannot change this option to start with the home page.\n\nIf you disable this policy setting, Internet Explorer starts a new browsing session with the home page. Users cannot change this option to start with the tabs from the last browsing session.\n\nIf you do not configure this policy setting, Internet Explorer starts with the home page. Users can change this option to start with the tabs from the last session.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\ContinuousBrowsing", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\ContinuousBrowsing" ], "ValueName": "Enabled", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "InternetSettings", "PolicyName": "DefaultTilesView", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE10WIN8 - At least Internet Explorer 10.0 on Windows 8", "DisplayName": "Open Internet Explorer tiles on the desktop", "ExplainText": "This policy setting configures Internet Explorer to open Internet Explorer tiles on the desktop.\n\nIf you enable this policy setting, Internet Explorer opens tiles only on the desktop.\n\nIf you disable this policy setting, Internet Explorer does not open tiles on the desktop.\n\nIf you do not configure this policy, users can choose how Internet Explorer tiles are opened.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "ValueName": "ApplicationTileImmersiveActivation", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "inetres.admx", "CategoryName": "InternetSettings", "PolicyName": "DefaultLinksView", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE10WIN8 - At least Internet Explorer 10.0 on Windows 8", "DisplayName": "Set how links are opened in Internet Explorer", "ExplainText": "This policy setting allows you to choose how links are opened in Internet Explorer: Let Internet Explorer decide, always in Internet Explorer, or always in Internet Explorer on the desktop.\n\nIf you enable this policy setting, Internet Explorer enforces your choice. Users cannot change the setting.\n\nIf you disable or do not configure this policy setting, users can choose how links are opened in Internet Explorer.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "Elements": [ { "Type": "Enum", "ValueName": "AssociationActivationMode", "Items": [ { "DisplayName": "Let Internet Explorer decide", "Data": "0" }, { "DisplayName": "Always in Internet Explorer", "Data": "1" }, { "DisplayName": "Always in Internet Explorer on the desktop", "Data": "2" } ], "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "EnableAutoUpgrade", "Class": "Machine", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE10 - At least Internet Explorer 10.0", "DisplayName": "Install new versions of Internet Explorer automatically", "ExplainText": "This policy setting configures Internet Explorer to automatically install new versions of Internet Explorer when they are available.\n\nIf you enable this policy setting, automatic upgrade of Internet Explorer will be turned on.\n\nIf you disable this policy setting, automatic upgrade of Internet Explorer will be turned off.\n\nIf you do not configure this policy, users can turn on or turn off automatic updates from the About Internet Explorer dialog.\n\nNote: This policy is deprecated starting with Windows 10 version 1703.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main" ], "ValueName": "EnableAutoUpgrade", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "SiteDiscoveryEnableWMI", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Turn on Site Discovery WMI output", "ExplainText": "This policy setting allows you to manage the WMI output functionality of the Internet Explorer Site discovery Toolkit(SDTK). When enabled the feature will write data collected to a WMI class which can then be aggregated using a client management solution(SCCM) or other means. When disabled, no data will be written to the WMI class. Enabling or disabling this setting will not impact other output methods available for the SDTK.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Internet Explorer\\WMITelemetry", "HKCU\\Software\\Microsoft\\Internet Explorer\\WMITelemetry" ], "ValueName": "Active", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "SiteDiscoveryEnableXML", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Turn on Site Discovery XML output", "ExplainText": "This policy setting allows you to manage the XML output functionality of the Internet Explorer Site discovery Toolkit(SDTK). When enabled the feature will write data collected to an XML file at a location specified when setting this policy. When disabled, no data will be written to the XML file. Enabling or disabling this setting will not impact other output methods available for the SDTK.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Internet Explorer\\WMITelemetry", "HKCU\\Software\\Microsoft\\Internet Explorer\\WMITelemetry" ], "Elements": [ { "Type": "Text", "ValueName": "XMLPath", "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "SiteDiscoveryZoneAllowList", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Limit Site Discovery output by Zone", "ExplainText": "This policy setting allows you to control which site zones are included in the discovery functionality of the Internet Explorer Site discovery Toolkit(SDTK). When enabled the feature will collect data from sites that are part of the zones configured in the policy. When disabled or not configured all Zones will be included in site discovery. This policy can be used in conjunction with other policies controlling sites included in Site Discovery.\n\nTo configure zone(s) included in site discovery, a binary number is formed based on the selected zones. The decimal representation of this number is used to represent this number in policy. For example:\n\n\u2022\u00a02 - Intranet site zone only\nBinary Representation - 00010\n\u2022\u00a00 - Restricted Sites Zone\n\u2022\u00a00 - Internet Zone\n\u2022\u00a00 - Trusted Sites Zone\n\u2022\u00a01 - Local Intranet Zone\n\u2022\u00a00 - Local Machine Zone\n\u2022\u00a06 - Intranet and Trusted site zones only\nBinary Representation - 00110\n\u2022\u00a00 - Restricted Sites Zone\n\u2022\u00a00 - Internet Zone\n\u2022\u00a01 - Trusted Sites Zone\n\u2022\u00a01 - Local Intranet Zone\n\u2022\u00a00 - Local Machine Zone\n\u2022\u00a022 - Trusted, Intranet, and Restricted site zones only\nBinary Representation - 10110\n\u2022\u00a01 - Restricted Sites Zone\n\u2022\u00a00 - Internet Zone\n\u2022\u00a01 - Trusted Sites Zone\n\u2022\u00a01 - Local Intranet Zone\n\u2022\u00a00 - Local Machine Zone", "KeyPath": [ "HKLM\\Software\\Microsoft\\Internet Explorer\\WMITelemetry", "HKCU\\Software\\Microsoft\\Internet Explorer\\WMITelemetry" ], "Elements": [ { "Type": "Decimal", "ValueName": "ZoneAllowList", "MinValue": "0", "MaxValue": null, "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "SiteDiscoveryDomainAllowList", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE8 - At least Internet Explorer 8.0", "DisplayName": "Limit Site Discovery output by Domain", "ExplainText": "This policy setting allows you to control which Domains are included in the discovery functionality of the Internet Explorer Site discovery Toolkit(SDTK). When enabled the feature will collect data from sites that are part of the domains configured in the policy. When disabled, or not configured, all domains will be included in site discovery. This policy can be used in conjunction with other policies controlling sites included in Site Discovery.\n\nTo configure the domain(s) included in data collection for the IE Site Discovery Toolkit, Add one domain per line to the text box. For example:\n\nmicrosoft.sharepoint.com\noutlook.com\nonedrive.com\ntimecard.contoso.com\nLOBApp.contoso.com", "KeyPath": [ "HKLM\\Software\\Microsoft\\Internet Explorer\\WMITelemetry", "HKCU\\Software\\Microsoft\\Internet Explorer\\WMITelemetry" ], "Elements": [ { "Type": "MultiText", "ValueName": "DomainAllowList", "Required": true } ] }, { "File": "inetres.admx", "CategoryName": "InternetExplorer", "PolicyName": "DisableHTMLApplication", "Class": "Both", "NameSpace": "Microsoft.Policies.InternetExplorer", "Supported": "IE11 - At least Internet Explorer 11.0", "DisplayName": "Disable HTML Application", "ExplainText": "This policy setting specifies if running the HTML Application (HTA file) is blocked or allowed.\n\nIf you enable this policy setting, running the HTML Application (HTA file) will be blocked.\n\nIf you disable or do not configure this policy setting, running the HTML Application (HTA file) is allowed.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Hta", "HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Hta" ], "ValueName": "DisableHTMLApplication", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "iSCSI.admx", "CategoryName": "iSCSIDiscovery_Category", "PolicyName": "iSCSIDiscovery_ConfigureiSNSServers", "Class": "Machine", "NameSpace": "Microsoft.Policies.iSCSI", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Do not allow manual configuration of iSNS servers", "ExplainText": "If enabled then new iSNS servers may not be added and thus new targets discovered via those iSNS servers; existing iSNS servers may not be removed. If disabled then new iSNS servers may be added and thus new targets discovered via those iSNS servers; existing iSNS servers may be removed.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\iSCSI" ], "ValueName": "ConfigureiSNSServers", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "iSCSI.admx", "CategoryName": "iSCSIDiscovery_Category", "PolicyName": "iSCSIDiscovery_ConfigureTargetPortals", "Class": "Machine", "NameSpace": "Microsoft.Policies.iSCSI", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Do not allow manual configuration of target portals", "ExplainText": "If enabled then new target portals may not be added and thus new targets discovered on those portals; existing target portals may not be removed. If disabled then new target portals may be added and thus new targets discovered on those portals; existing target portals may be removed.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\iSCSI" ], "ValueName": "ConfigureTargetPortals", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "iSCSI.admx", "CategoryName": "iSCSIDiscovery_Category", "PolicyName": "iSCSIDiscovery_ConfigureTargets", "Class": "Machine", "NameSpace": "Microsoft.Policies.iSCSI", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Do not allow manual configuration of discovered targets", "ExplainText": "If enabled then discovered targets may not be manually configured. If disabled then discovered targets may be manually configured. Note: if enabled there may be cases where this will break VDS.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\iSCSI" ], "ValueName": "ConfigureTargets", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "iSCSI.admx", "CategoryName": "iSCSIDiscovery_Category", "PolicyName": "iSCSIDiscovery_NewStaticTargets", "Class": "Machine", "NameSpace": "Microsoft.Policies.iSCSI", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Do not allow adding new targets via manual configuration", "ExplainText": "If enabled then new targets may not be manually configured by entering the target name and target portal; already discovered targets may be manually configured. If disabled then new and already discovered targets may be manually configured. Note: if enabled there may be cases where this will break VDS.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\iSCSI" ], "ValueName": "NewStaticTargets", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "iSCSI.admx", "CategoryName": "iSCSIGeneral_Category", "PolicyName": "iSCSIGeneral_ChangeIQNName", "Class": "Machine", "NameSpace": "Microsoft.Policies.iSCSI", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Do not allow changes to initiator iqn name", "ExplainText": "If enabled then do not allow the initiator iqn name to be changed. If disabled then the initiator iqn name may be changed.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\iSCSI" ], "ValueName": "ChangeIQNName", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "iSCSI.admx", "CategoryName": "iSCSIGeneral_Category", "PolicyName": "iSCSIGeneral_RestrictAdditionalLogins", "Class": "Machine", "NameSpace": "Microsoft.Policies.iSCSI", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Do not allow additional session logins", "ExplainText": "If enabled then only those sessions that are established via a persistent login will be established and no new persistent logins may be created. If disabled then additional persistent and non persistent logins may be established.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\iSCSI" ], "ValueName": "RestrictAdditionalLogins", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "iSCSI.admx", "CategoryName": "iSCSISecurity_Category", "PolicyName": "iSCSISecurity_ChangeCHAPSecret", "Class": "Machine", "NameSpace": "Microsoft.Policies.iSCSI", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Do not allow changes to initiator CHAP secret", "ExplainText": "If enabled then do not allow the initiator CHAP secret to be changed. If disabled then the initiator CHAP secret may be changed.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\iSCSI" ], "ValueName": "ChangeCHAPSecret", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "iSCSI.admx", "CategoryName": "iSCSISecurity_Category", "PolicyName": "iSCSISecurity_RequireIPSec", "Class": "Machine", "NameSpace": "Microsoft.Policies.iSCSI", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Do not allow connections without IPSec", "ExplainText": "If enabled then only those connections that are configured for IPSec may be established. If disabled then connections that are configured for IPSec or connections not configured for IPSec may be established.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\iSCSI" ], "ValueName": "RequireIPSec", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "iSCSI.admx", "CategoryName": "iSCSISecurity_Category", "PolicyName": "iSCSISecurity_RequireMutualCHAP", "Class": "Machine", "NameSpace": "Microsoft.Policies.iSCSI", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Do not allow sessions without mutual CHAP", "ExplainText": "If enabled then only those sessions that are configured for mutual CHAP may be established. If disabled then sessions that are configured for mutual CHAP or sessions not configured for mutual CHAP may be established.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\iSCSI" ], "ValueName": "RequireMutualCHAP", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "iSCSI.admx", "CategoryName": "iSCSISecurity_Category", "PolicyName": "iSCSISecurity_RequireOneWayCHAP", "Class": "Machine", "NameSpace": "Microsoft.Policies.iSCSI", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Do not allow sessions without one way CHAP", "ExplainText": "If enabled then only those sessions that are configured for one-way CHAP may be established. If disabled then sessions that are configured for one-way CHAP or sessions not configured for one-way CHAP may be established. Note that if the \"Do not allow sessions without mutual CHAP\" setting is enabled then that setting overrides this one.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\iSCSI" ], "ValueName": "RequireOneWayCHAP", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "kdc.admx", "CategoryName": "KDC", "PolicyName": "emitlili", "Class": "Machine", "NameSpace": "Microsoft.Policies.KDC", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Provide information about previous logons to client computers", "ExplainText": "This policy setting controls whether the domain controller provides information about previous logons to client computers.\n\nIf you enable this policy setting, the domain controller provides the information message about previous logons.\n\nFor Windows Logon to leverage this feature, the \"Display information about previous logons during user logon\" policy setting located in the Windows Logon Options node under Windows Components also needs to be enabled.\n\nIf you disable or do not configure this policy setting, the domain controller does not provide information about previous logons unless the \"Display information about previous logons during user logon\" policy setting is enabled.\n\nNote: Information about previous logons is provided only if the domain functional level is Windows Server 2008. In domains with a domain functional level of Windows Server 2003, Windows 2000 native, or Windows 2000 mixed, domain controllers cannot provide information about previous logons, and enabling this policy setting does not affect anything.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\KDC\\Parameters" ], "ValueName": "EmitLILI", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "kdc.admx", "CategoryName": "KDC", "PolicyName": "ForestSearch", "Class": "Machine", "NameSpace": "Microsoft.Policies.KDC", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Use forest search order", "ExplainText": "This policy setting defines the list of trusting forests that the Key Distribution Center (KDC) searches when attempting to resolve two-part service principal names (SPNs).\n\nIf you enable this policy setting, the KDC will search the forests in this list if it is unable to resolve a two-part SPN in the local forest. The forest search is performed by using a global catalog or name suffix hints. If a match is found, the KDC will return a referral ticket to the client for the appropriate domain.\n\nIf you disable or do not configure this policy setting, the KDC will not search the listed forests to resolve the SPN. If the KDC is unable to resolve the SPN because the name is not found, NTLM authentication might be used.\n\nTo ensure consistent behavior, this policy setting must be supported and set identically on all domain controllers in the domain.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\KDC\\Parameters" ], "ValueName": "UseForestSearch", "Elements": [ { "Type": "Text", "ValueName": "ForestSearchList", "Required": true, "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\KDC\\Parameters" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "kdc.admx", "CategoryName": "KDC", "PolicyName": "CbacAndArmor", "Class": "Machine", "NameSpace": "Microsoft.Policies.KDC", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "KDC support for claims, compound authentication and Kerberos armoring", "ExplainText": "This policy setting allows you to configure a domain controller to support claims and compound authentication for Dynamic Access Control and Kerberos armoring using Kerberos authentication.\n\nIf you enable this policy setting, client computers that support claims and compound authentication for Dynamic Access Control and are Kerberos armor-aware will use this feature for Kerberos authentication messages. This policy should be applied to all domain controllers to ensure consistent application of this policy in the domain.\n\nIf you disable or do not configure this policy setting, the domain controller does not support claims, compound authentication or armoring.\n\nIf you configure the \"Not supported\" option, the domain controller does not support claims, compound authentication or armoring which is the default behavior for domain controllers running Windows Server 2008 R2 or earlier operating systems.\n\nNote: For the following options of this KDC policy to be effective, the Kerberos Group Policy \"Kerberos client support for claims, compound authentication and Kerberos armoring\" must be enabled on supported systems. If the Kerberos policy setting is not enabled, Kerberos authentication messages will not use these features.\n\nIf you configure \"Supported\", the domain controller supports claims, compound authentication and Kerberos armoring. The domain controller advertises to Kerberos client computers that the domain is capable of claims and compound authentication for Dynamic Access Control and Kerberos armoring.\n\nDomain functional level requirements\nFor the options \"Always provide claims\" and \"Fail unarmored authentication requests\", when the domain functional level is set to Windows Server 2008 R2 or earlier then domain controllers behave as if the \"Supported\" option is selected.\n\nWhen the domain functional level is set to Windows Server 2012 then the domain controller advertises to Kerberos client computers that the domain is capable of claims and compound authentication for Dynamic Access Control and Kerberos armoring, and:\n- If you set the \"Always provide claims\" option, always returns claims for accounts and supports the RFC behavior for advertising the flexible authentication secure tunneling (FAST).\n- If you set the \"Fail unarmored authentication requests\" option, rejects unarmored Kerberos messages.\n\nWarning: When \"Fail unarmored authentication requests\" is set, then client computers which do not support Kerberos armoring will fail to authenticate to the domain controller.\n\nTo ensure this feature is effective, deploy enough domain controllers that support claims and compound authentication for Dynamic Access Control and are Kerberos armor-aware to handle the authentication requests. Insufficient number of domain controllers that support this policy result in authentication failures whenever Dynamic Access Control or Kerberos armoring is required (that is, the \"Supported\" option is enabled).\n\nImpact on domain controller performance when this policy setting is enabled:\n- Secure Kerberos domain capability discovery is required resulting in additional message exchanges.\n- Claims and compound authentication for Dynamic Access Control increases the size and complexity of the data in the message which results in more processing time and greater Kerberos service ticket size.\n- Kerberos armoring fully encrypts Kerberos messages and signs Kerberos errors which results in increased processing time, but does not change the service ticket size.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\KDC\\Parameters" ], "ValueName": "EnableCbacAndArmor", "Elements": [ { "Type": "Enum", "ValueName": "CbacAndArmorLevel", "Items": [ { "DisplayName": "Not supported", "Data": "0" }, { "DisplayName": "Supported", "Data": "1" }, { "DisplayName": "Always provide claims", "Data": "2" }, { "DisplayName": "Fail unarmored authentication requests", "Data": "3" } ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "kdc.admx", "CategoryName": "KDC", "PolicyName": "TicketSizeThreshold", "Class": "Machine", "NameSpace": "Microsoft.Policies.KDC", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Warning for large Kerberos tickets", "ExplainText": "This policy setting allows you to configure at what size Kerberos tickets will trigger the warning event issued during Kerberos authentication. The ticket size warnings are logged in the System log.\n\nIf you enable this policy setting, you can set the threshold limit for Kerberos ticket which trigger the warning events. If set too high, then authentication failures might be occurring even though warning events are not being logged. If set too low, then there will be too many ticket warnings in the log to be useful for analysis. This value should be set to the same value as the Kerberos policy \"Set maximum Kerberos SSPI context token buffer size\" or the smallest MaxTokenSize used in your environment if you are not configuring using Group Policy.\n\nIf you disable or do not configure this policy setting, the threshold value defaults to 12,000 bytes, which is the default Kerberos MaxTokenSize for Windows 7, Windows Server 2008 R2 and prior versions.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\KDC\\Parameters" ], "ValueName": "EnableTicketSizeThreshold", "Elements": [ { "Type": "Decimal", "ValueName": "TicketSizeThreshold", "MinValue": "12000", "MaxValue": "2147483647", "Required": true, "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\KDC\\Parameters" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "kdc.admx", "CategoryName": "KDC", "PolicyName": "RequestCompoundId", "Class": "Machine", "NameSpace": "Microsoft.Policies.KDC", "Supported": "Windows_6_3 - At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1", "DisplayName": "Request compound authentication", "ExplainText": "This policy setting allows you to configure a domain controller to request compound authentication.\n\nNote: For a domain controller to request compound authentication, the policy \"KDC support for claims, compound authentication, and Kerberos armoring\" must be configured and enabled.\n\nIf you enable this policy setting, domain controllers will request compound authentication. The returned service ticket will contain compound authentication only when the account is explicitly configured. This policy should be applied to all domain controllers to ensure consistent application of this policy in the domain.\n\nIf you disable or do not configure this policy setting, domain controllers will return service tickets that contain compound authentication any time the client sends a compound authentication request regardless of the account configuration.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\KDC\\Parameters" ], "ValueName": "RequestCompoundId", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "kdc.admx", "CategoryName": "KDC", "PolicyName": "PKINITFreshness", "Class": "Machine", "NameSpace": "Microsoft.Policies.KDC", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "KDC support for PKInit Freshness Extension", "ExplainText": "Support for PKInit Freshness Extension requires Windows Server 2016 domain functional level (DFL). If the domain controller\u2019s domain is not at Windows Server 2016 DFL or higher this policy will not be applied.\n\nThis policy setting allows you to configure a domain controller (DC) to support the PKInit Freshness Extension.\n\nIf you enable this policy setting, the following options are supported:\n\nSupported: PKInit Freshness Extension is supported on request. Kerberos clients successfully authenticating with the PKInit Freshness Extension will get the fresh public key identity SID.\n\nRequired: PKInit Freshness Extension is required for successful authentication. Kerberos clients which do not support the PKInit Freshness Extension will always fail when using public key credentials.\n\nIf you disable or not configure this policy setting, then the DC will never offer the PKInit Freshness Extension and accept valid authentication requests without checking for freshness. Users will never receive the fresh public key identity SID.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\KDC\\Parameters" ], "Elements": [ { "Type": "Enum", "ValueName": "PKINITFreshness", "Items": [ { "DisplayName": "Disabled", "Data": "0" }, { "DisplayName": "Supported", "Data": "1" }, { "DisplayName": "Required", "Data": "2" } ] } ] }, { "File": "kdc.admx", "CategoryName": "KDC", "PolicyName": "PKINITHashAlgorithmConfiguration", "Class": "Machine", "NameSpace": "Microsoft.Policies.KDC", "Supported": "Windows_11_0_22H2_NOSERVER - At least Windows 11 Version 22H2", "DisplayName": "Configure hash algorithms for certificate logon", "ExplainText": "This policy setting controls hash or checksum algorithms used by the Kerberos client when performing certificate authentication.\n\nIf you enable this policy, you will be able to configure one of four states for each algorithm:\n\n- \"Default\" sets the algorithm to the recommended state.\n\n- \"Supported\" enables usage of the algorithm. Enabling algorithms that have been disabled by default may reduce your security.\n\n- \"Audited\" enables usage of the algorithm and reports an event (ID 309) every time it is used. This state is intended to verify that the algorithm is not being used and can be safely disabled.\n\n- \"Not Supported\" disables usage of the algorithm. This state is intended for algorithms that are deemed to be insecure.\n\nIf you disable or do not configure this policy, each algorithm will assume the \"Default\" state.\nMore information about the hash and checksum algorithms supported by the Windows Kerberos client and their default states can be found at https://go.microsoft.com/fwlink/?linkid=2169037.\n\nEvents generated by this configuration: 309, 310.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\KDC\\Parameters" ], "ValueName": "PKINITHashAlgorithmConfigurationEnabled", "Elements": [ { "Type": "Enum", "ValueName": "PKINITSHA1", "Items": [ { "DisplayName": "Default", "Data": "1" }, { "DisplayName": "Supported", "Data": "3" }, { "DisplayName": "Audited", "Data": "2" }, { "DisplayName": "Not Supported", "Data": "0" } ] }, { "Type": "Enum", "ValueName": "PKINITSHA256", "Items": [ { "DisplayName": "Default", "Data": "1" }, { "DisplayName": "Supported", "Data": "3" }, { "DisplayName": "Audited", "Data": "2" }, { "DisplayName": "Not Supported", "Data": "0" } ] }, { "Type": "Enum", "ValueName": "PKINITSHA384", "Items": [ { "DisplayName": "Default", "Data": "1" }, { "DisplayName": "Supported", "Data": "3" }, { "DisplayName": "Audited", "Data": "2" }, { "DisplayName": "Not Supported", "Data": "0" } ] }, { "Type": "Enum", "ValueName": "PKINITSHA512", "Items": [ { "DisplayName": "Default", "Data": "1" }, { "DisplayName": "Supported", "Data": "3" }, { "DisplayName": "Audited", "Data": "2" }, { "DisplayName": "Not Supported", "Data": "0" } ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "kdc.admx", "CategoryName": "KDC", "PolicyName": "StrongNameMatches", "Class": "Machine", "NameSpace": "Microsoft.Policies.KDC", "Supported": "Windows_10_0_20H1 - At least Windows Server 2019, Windows 10 Version 2004", "DisplayName": "Allow name-based strong mappings for certificates", "ExplainText": "This policy setting enables the use of alternative, name-based identifiers to strongly map certificates issued to Active Directory user accounts and specifies which certificates map to which accounts. Without this setting enabled, certificates must meet the \"strong mapping\" criteria specified in aka.ms/StrongCertMapKB, which generally disallow name-based identifiers.\n\nEach mapping specified in this policy must include a policy OID alongside an IssuerSubject and/or a UPN Suffix using the syntax specified below. If a valid mapping for a given certificate cannot be found in this policy, Active Directory will attempt to find a match using the existing strong mapping criteria specified in KB5014754. Certificate mappings which do not conform to either \"strong name mapping\" criteria (this policy) or the existing \"strong mapping\" criteria will be considered invalid for authentication.\n\nThe general policy format and some examples are listed below. This policy only applies to Active Directory user accounts.\n\nGeneral syntax\n==============\n; ; \n\nExamples\n==============\nIssuerThumbprint1; oid1, oid2, oid3; UpnSuffix=domain.com\nIssuerThumbprint2; oid1; UpnSuffix=domain.com, UpnSuffix=other.domain.com, IssuerSubject\nIssuerThumbprint3; oid1, oid2; IssuerSubject\n\nThe policy must contain exactly one certificate thumbprint per rule, with each rule represented as a tuple. Thumbprints must be unique and cannot be repeated in multiple rules. The sections of each tuple that are separated by semi-colons must be in the stated order, while the fields separated by commas can be in any order. The rules themselves are separated by newlines.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\KDC\\Parameters" ], "ValueName": "UseStrongNameMatches", "Elements": [ { "Type": "MultiText", "ValueName": "StrongNameMatchesList", "Required": true, "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\KDC\\Parameters" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Kerberos.admx", "CategoryName": "kerberos", "PolicyName": "HostToRealm", "Class": "Machine", "NameSpace": "Microsoft.Policies.Kerberos", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Define host name-to-Kerberos realm mappings", "ExplainText": "This policy setting allows you to specify which DNS host names and which DNS suffixes are mapped to a Kerberos realm.\n\nIf you enable this policy setting, you can view and change the list of DNS host names and DNS suffixes mapped to a Kerberos realm as defined by Group Policy. To view the list of mappings, enable the policy setting and then click the Show button. To add a mapping, enable the policy setting, note the syntax, and then click Show. In the Show Contents dialog box in the Value Name column, type a realm name. In the Value column, type the list of DNS host names and DNS suffixes using the appropriate syntax format. To remove a mapping from the list, click the mapping entry to be removed, and then press the DELETE key. To edit a mapping, remove the current entry from the list and add a new one with different parameters.\n\nIf you disable this policy setting, the host name-to-Kerberos realm mappings list defined by Group Policy is deleted.\n\nIf you do not configure this policy setting, the system uses the host name-to-Kerberos realm mappings that are defined in the local registry, if they exist.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos" ], "ValueName": "domain_realm_Enabled", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\domain_realm" ] } ] }, { "File": "Kerberos.admx", "CategoryName": "kerberos", "PolicyName": "MitRealms", "Class": "Machine", "NameSpace": "Microsoft.Policies.Kerberos", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Define interoperable Kerberos V5 realm settings", "ExplainText": "This policy setting configures the Kerberos client so that it can authenticate with interoperable Kerberos V5 realms, as defined by this policy setting.\n\nIf you enable this policy setting, you can view and change the list of interoperable Kerberos V5 realms and their settings. To view the list of interoperable Kerberos V5 realms, enable the policy setting and then click the Show button. To add an interoperable Kerberos V5 realm, enable the policy setting, note the syntax, and then click Show. In the Show Contents dialog box in the Value Name column, type the interoperable Kerberos V5 realm name. In the Value column, type the realm flags and host names of the host KDCs using the appropriate syntax format. To remove an interoperable Kerberos V5 realm Value Name or Value entry from the list, click the entry, and then press the DELETE key. To edit a mapping, remove the current entry from the list and add a new one with different parameters.\n\nIf you disable this policy setting, the interoperable Kerberos V5 realm settings defined by Group Policy are deleted.\n\nIf you do not configure this policy setting, the system uses the interoperable Kerberos V5 realm settings that are defined in the local registry, if they exist.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos" ], "ValueName": "MitRealms_Enabled", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms" ] } ] }, { "File": "Kerberos.admx", "CategoryName": "kerberos", "PolicyName": "ValidateKDC", "Class": "Machine", "NameSpace": "Microsoft.Policies.Kerberos", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Require strict KDC validation", "ExplainText": "This policy setting controls the Kerberos client's behavior in validating the KDC certificate for smart card and system certificate logon.\n\nIf you enable this policy setting, the Kerberos client requires that the KDC's X.509 certificate contains the KDC key purpose object identifier in the Extended Key Usage (EKU) extensions, and that the KDC's X.509 certificate contains a dNSName subjectAltName (SAN) extension that matches the DNS name of the domain. If the computer is joined to a domain, the Kerberos client requires that the KDC's X.509 certificate must be signed by a Certificate Authority (CA) in the NTAuth store. If the computer is not joined to a domain, the Kerberos client allows the root CA certificate on the smart card to be used in the path validation of the KDC's X.509 certificate.\n\nIf you disable or do not configure this policy setting, the Kerberos client requires only that the KDC certificate contain the Server Authentication purpose object identifier in the EKU extensions which can be issued to any server.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\Parameters" ], "ValueName": "KdcValidation", "Elements": [ { "Type": "EnabledValue", "Data": "2" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Kerberos.admx", "CategoryName": "kerberos", "PolicyName": "ForestSearch", "Class": "Machine", "NameSpace": "Microsoft.Policies.Kerberos", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Use forest search order", "ExplainText": "This policy setting defines the list of trusting forests that the Kerberos client searches when attempting to resolve two-part service principal names (SPNs).\n\nIf you enable this policy setting, the Kerberos client searches the forests in this list, if it is unable to resolve a two-part SPN. If a match is found, the Kerberos client requests a referral ticket to the appropriate domain.\n\nIf you disable or do not configure this policy setting, the Kerberos client does not search the listed forests to resolve the SPN. If the Kerberos client is unable to resolve the SPN because the name is not found, NTLM authentication might be used.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\Parameters" ], "ValueName": "UseForestSearch", "Elements": [ { "Type": "Text", "ValueName": "ForestSearchList", "Required": true, "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\Parameters" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Kerberos.admx", "CategoryName": "kerberos", "PolicyName": "StrictTarget", "Class": "Machine", "NameSpace": "Microsoft.Policies.Kerberos", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Require strict target SPN match on remote procedure calls", "ExplainText": "This policy setting allows you to configure this server so that Kerberos can decrypt a ticket that contains this system-generated SPN. When an application attempts to make a remote procedure call (RPC) to this server with a NULL value for the service principal name (SPN), computers running Windows 7 or later attempt to use Kerberos by generating an SPN.\n\nIf you enable this policy setting, only services running as LocalSystem or NetworkService are allowed to accept these connections. Services running as identities different from LocalSystem or NetworkService might fail to authenticate.\n\nIf you disable or do not configure this policy setting, any service is allowed to accept incoming connections by using this system-generated SPN.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\Parameters" ], "ValueName": "StrictTargetContext", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Kerberos.admx", "CategoryName": "kerberos", "PolicyName": "KdcProxyServer", "Class": "Machine", "NameSpace": "Microsoft.Policies.Kerberos", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Specify KDC proxy servers for Kerberos clients", "ExplainText": "This policy setting configures the Kerberos client's mapping to KDC proxy servers for domains based on their DNS suffix names.\n\nIf you enable this policy setting, the Kerberos client will use the KDC proxy server for a domain when a domain controller cannot be located based on the configured mappings. To map a KDC proxy server to a domain, enable the policy setting, click Show, and then map the KDC proxy server name(s) to the DNS name for the domain using the syntax described in the options pane. In the Show Contents dialog box in the Value Name column, type a DNS suffix name. In the Value column, type the list of proxy servers using the appropriate syntax format. To view the list of mappings, enable the policy setting and then click the Show button. To remove a mapping from the list, click the mapping entry to be removed, and then press the DELETE key. To edit a mapping, remove the current entry from the list and add a new one with different parameters.\n\nIf you disable or do not configure this policy setting, the Kerberos client does not have KDC proxy servers settings defined by Group Policy.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos" ], "ValueName": "KdcProxyServer_Enabled", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\KdcProxy\\ProxyServers" ] } ] }, { "File": "Kerberos.admx", "CategoryName": "kerberos", "PolicyName": "KdcProxyDisableServerRevocationCheck", "Class": "Machine", "NameSpace": "Microsoft.Policies.Kerberos", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Disable revocation checking for the SSL certificate of KDC proxy servers", "ExplainText": "This policy setting allows you to disable revocation check for the SSL certificate of the targeted KDC proxy server.\n\nIf you enable this policy setting, revocation check for the SSL certificate of the KDC proxy server is ignored by the Kerberos client. This policy setting should only be used in troubleshooting KDC proxy connections.\nWarning: When revocation check is ignored, the server represented by the certificate is not guaranteed valid.\n\nIf you disable or do not configure this policy setting, the Kerberos client enforces the revocation check for the SSL certificate. The connection to the KDC proxy server is not established if the revocation check fails.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\Parameters" ], "ValueName": "NoRevocationCheck", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Kerberos.admx", "CategoryName": "kerberos", "PolicyName": "ClientRequireFast", "Class": "Machine", "NameSpace": "Microsoft.Policies.Kerberos", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Fail authentication requests when Kerberos armoring is not available", "ExplainText": "This policy setting controls whether a computer requires that Kerberos message exchanges be armored when communicating with a domain controller.\n\nWarning: When a domain does not support Kerberos armoring by enabling \"Support Dynamic Access Control and Kerberos armoring\", then all authentication for all its users will fail from computers with this policy setting enabled.\n\nIf you enable this policy setting, the client computers in the domain enforce the use of Kerberos armoring in only authentication service (AS) and ticket-granting service (TGS) message exchanges with the domain controllers.\n\nNote: The Kerberos Group Policy \"Kerberos client support for claims, compound authentication and Kerberos armoring\" must also be enabled to support Kerberos armoring.\n\nIf you disable or do not configure this policy setting, the client computers in the domain enforce the use of Kerberos armoring when possible as supported by the target domain.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\Parameters" ], "ValueName": "RequireFast", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Kerberos.admx", "CategoryName": "kerberos", "PolicyName": "ServerAcceptsCompound", "Class": "Machine", "NameSpace": "Microsoft.Policies.Kerberos", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Support compound authentication", "ExplainText": "This policy setting controls configuring the device's Active Directory account for compound authentication.\n\nSupport for providing compound authentication which is used for access control will require enough domain controllers in the resource account domains to support the requests. The Domain Administrator must configure the policy \"Support Dynamic Access Control and Kerberos armoring\" on all the domain controllers to support this policy.\n\nIf you enable this policy setting, the device's Active Directory account will be configured for compound authentication by the following options:\n\nNever: Compound authentication is never provided for this computer account.\n\nAutomatic: Compound authentication is provided for this computer account when one or more applications are configured for Dynamic Access Control.\n\nAlways: Compound authentication is always provided for this computer account.\n\nIf you disable this policy setting, Never will be used.\nIf you do not configure this policy setting, Automatic will be used.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Netlogon\\Parameters" ], "ValueName": "CompoundIdDisabled", "Elements": [ { "Type": "Enum", "ValueName": "CompoundIdEnabled", "Items": [ { "DisplayName": "Never", "Data": "0" }, { "DisplayName": "Automatic", "Data": "1" }, { "DisplayName": "Always", "Data": "2" } ], "Required": true, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Netlogon\\Parameters" ] }, { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "Kerberos.admx", "CategoryName": "kerberos", "PolicyName": "MaxTokenSize", "Class": "Machine", "NameSpace": "Microsoft.Policies.Kerberos", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Set maximum Kerberos SSPI context token buffer size", "ExplainText": "This policy setting allows you to set the value returned to applications which request the maximum size of the SSPI context token buffer size.\n\nThe size of the context token buffer determines the maximum size of SSPI context tokens an application expects and allocates. Depending upon authentication request processing and group memberships, the buffer might be smaller than the actual size of the SSPI context token.\n\nIf you enable this policy setting, the Kerberos client or server uses the configured value, or the locally allowed maximum value, whichever is smaller.\n\nIf you disable or do not configure this policy setting, the Kerberos client or server uses the locally configured value or the default value.\n\nNote: This policy setting configures the existing MaxTokenSize registry value in HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa\\Kerberos\\Parameters, which was added in Windows XP and Windows Server 2003, with a default value of 12,000 bytes. Beginning with Windows 8 the default is 48,000 bytes. Due to HTTP's base64 encoding of authentication context tokens, it is not advised to set this value more than 48,000 bytes.", "KeyPath": [ "HKLM\\System\\CurrentControlSet\\Control\\Lsa\\Kerberos\\Parameters" ], "ValueName": "EnableMaxTokenSize", "Elements": [ { "Type": "Decimal", "ValueName": "MaxTokenSize", "MinValue": "12000", "MaxValue": "2147483647", "Required": true, "KeyPath": [ "HKLM\\System\\CurrentControlSet\\Control\\Lsa\\Kerberos\\Parameters" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Kerberos.admx", "CategoryName": "kerberos", "PolicyName": "EnableCbacAndArmor", "Class": "Machine", "NameSpace": "Microsoft.Policies.Kerberos", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Kerberos client support for claims, compound authentication and Kerberos armoring", "ExplainText": "This policy setting controls whether a device will request claims and compound authentication for Dynamic Access Control and Kerberos armoring using Kerberos authentication with domains that support these features.\nIf you enable this policy setting, the client computers will request claims, provide information required to create compounded authentication and armor Kerberos messages in domains which support claims and compound authentication for Dynamic Access Control and Kerberos armoring.\n\nIf you disable or do not configure this policy setting, the client devices will not request claims, provide information required to create compounded authentication and armor Kerberos messages. Services hosted on the device will not be able to retrieve claims for clients using Kerberos protocol transition.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\Parameters" ], "ValueName": "EnableCbacAndArmor", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Kerberos.admx", "CategoryName": "kerberos", "PolicyName": "AlwaysSendCompoundId", "Class": "Machine", "NameSpace": "Microsoft.Policies.Kerberos", "Supported": "Windows_6_3 - At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1", "DisplayName": "Always send compound authentication first", "ExplainText": "This policy setting controls whether a device always sends a compound authentication request when the resource domain requests compound identity.\n\nNote: For a domain controller to request compound authentication, the policies \"KDC support for claims, compound authentication, and Kerberos armoring\" and \"Request compound authentication\" must be configured and enabled in the resource account domain.\n\nIf you enable this policy setting and the resource domain requests compound authentication, devices that support compound authentication always send a compound authentication request.\n\nIf you disable or do not configure this policy setting and the resource domain requests compound authentication, devices will send a non-compounded authentication request first then a compound authentication request when the service requests compound authentication.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\Parameters" ], "ValueName": "AlwaysSendCompoundId", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Kerberos.admx", "CategoryName": "kerberos", "PolicyName": "DevicePKInitEnabled", "Class": "Machine", "NameSpace": "Microsoft.Policies.Kerberos", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Support device authentication using certificate", "ExplainText": "Support for device authentication using certificate will require connectivity to a DC in the device account domain which supports certificate authentication for computer accounts.\n\nThis policy setting allows you to set support for Kerberos to attempt authentication using the certificate for the device to the domain.\n\nIf you enable this policy setting, the device\u0092s credentials will be selected based on the following options:\n\nAutomatic: Device will attempt to authenticate using its certificate. If the DC does not support computer account authentication using certificates then authentication with password will be attempted.\n\nForce: Device will always authenticate using its certificate. If a DC cannot be found which support computer account authentication using certificates then authentication will fail.\n\nIf you disable this policy setting, certificates will never be used.\nIf you do not configure this policy setting, Automatic will be used.\n\nFollow this guide to configure enterprise PKI: https://go.microsoft.com/fwlink/?linkid=2340158", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\Parameters" ], "ValueName": "DevicePKInitEnabled", "Elements": [ { "Type": "Enum", "ValueName": "DevicePKInitBehavior", "Items": [ { "DisplayName": "Automatic", "Data": "0" }, { "DisplayName": "Force", "Data": "1" } ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Kerberos.admx", "CategoryName": "kerberos", "PolicyName": "PKInitHashAlgorithmConfiguration", "Class": "Machine", "NameSpace": "Microsoft.Policies.Kerberos", "Supported": "Windows_11_0_22H2_NOSERVER - At least Windows 11 Version 22H2", "DisplayName": "Configure hash algorithms for certificate logon", "ExplainText": "This policy setting controls hash or checksum algorithms used by the Kerberos client when performing certificate authentication.\n\nIf you enable this policy, you will be able to configure one of four states for each algorithm:\n\n- \"Default\" sets the algorithm to the recommended state.\n\n- \"Supported\" enables usage of the algorithm. Enabling algorithms that have been disabled by default may reduce your security.\n\n- \"Audited\" enables usage of the algorithm and reports an event (ID 206) every time it is used. This state is intended to verify that the algorithm is not being used and can be safely disabled.\n\n- \"Not Supported\" disables usage of the algorithm. This state is intended for algorithms that are deemed to be insecure.\n\nIf you disable or do not configure this policy, each algorithm will assume the \"Default\" state.\nMore information about the hash and checksum algorithms supported by the Windows Kerberos client and their default states can be found at https://go.microsoft.com/fwlink/?linkid=2169037.\n\nEvents generated by this configuration: 205, 206, 207, 208.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\Parameters" ], "ValueName": "PKInitHashAlgorithmConfigurationEnabled", "Elements": [ { "Type": "Enum", "ValueName": "PKInitSHA1", "Items": [ { "DisplayName": "Default", "Data": "1" }, { "DisplayName": "Supported", "Data": "3" }, { "DisplayName": "Audited", "Data": "2" }, { "DisplayName": "Not Supported", "Data": "0" } ] }, { "Type": "Enum", "ValueName": "PKInitSHA256", "Items": [ { "DisplayName": "Default", "Data": "1" }, { "DisplayName": "Supported", "Data": "3" }, { "DisplayName": "Audited", "Data": "2" }, { "DisplayName": "Not Supported", "Data": "0" } ] }, { "Type": "Enum", "ValueName": "PKInitSHA384", "Items": [ { "DisplayName": "Default", "Data": "1" }, { "DisplayName": "Supported", "Data": "3" }, { "DisplayName": "Audited", "Data": "2" }, { "DisplayName": "Not Supported", "Data": "0" } ] }, { "Type": "Enum", "ValueName": "PKInitSHA512", "Items": [ { "DisplayName": "Default", "Data": "1" }, { "DisplayName": "Supported", "Data": "3" }, { "DisplayName": "Audited", "Data": "2" }, { "DisplayName": "Not Supported", "Data": "0" } ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Kerberos.admx", "CategoryName": "kerberos", "PolicyName": "CloudKerberosTicketRetrievalEnabled", "Class": "Machine", "NameSpace": "Microsoft.Policies.Kerberos", "Supported": "Windows_10_0_20H1 - At least Windows Server 2019, Windows 10 Version 2004", "DisplayName": "Allow retrieving the Azure AD Kerberos Ticket Granting Ticket during logon", "ExplainText": "This policy setting allows retrieving the Azure AD Kerberos Ticket Granting Ticket during logon.\n\nIf you disable or do not configure this policy setting, the Azure AD Kerberos Ticket Granting Ticket is not retrieved during logon.\n\nIf you enable this policy setting, the Azure AD Kerberos Ticket Granting Ticket is retrieved during logon.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\Parameters" ], "ValueName": "CloudKerberosTicketRetrievalEnabled", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Kerberos.admx", "CategoryName": "kerberos", "PolicyName": "DelegatedMSAEnabled", "Class": "Machine", "NameSpace": "Microsoft.Policies.Kerberos", "Supported": "Windows_11_0_24H2 - At least Windows 11 Version 24H2", "DisplayName": "Enable Delegated Managed Service Account logons", "ExplainText": "This policy setting enables or disables delegated managed service account logons for this machine.\n\nIf you enable this policy setting, delegated managed service account logons will be supported by the Kerberos client. Note that this policy has certain prerequites. The prerequisites and the directions to create a new delegated managed service account can be found at https://go.microsoft.com/fwlink/?linkid=2250379.\n\nIf you disable or do not configure this policy setting, delegated managed service account logons will not be supported.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\Parameters" ], "ValueName": "DelegatedMSAEnabled", "Elements": [ { "Type": "MultiText", "ValueName": "DmsaRealms", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\Parameters" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "KeyboardFilterPolicy.admx", "CategoryName": "KbFilter", "PolicyName": "AllowKbFilterInRemoteSessions", "Class": "Both", "NameSpace": "Microsoft.Policies.KbFilter", "Supported": "Windows_11_0_24H2 - At least Windows 11 Version 24H2", "DisplayName": "Allow Keyboard Filter in remote sessions", "ExplainText": "Keyboard filter typically only applies to local sessions.\n\nEnabling this setting will allow the keyboard filter to be applied to users that connect to the computer by remote sessions.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "ValueName": "KbFilterAllowInRemoteSessions", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "LanmanServer.admx", "CategoryName": "Cat_LanmanServer", "PolicyName": "Pol_HashPublication", "Class": "Machine", "NameSpace": "Microsoft.Policies.LanmanServer", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Hash Publication for BranchCache", "ExplainText": "This policy setting specifies whether a hash generation service generates hashes, also called content information, for data that is stored in shared folders. This policy setting must be applied to server computers that have the File Services role and both the File Server and the BranchCache for Network Files role services installed.\n\nPolicy configuration\n\nSelect one of the following:\n\n- Not Configured. With this selection, hash publication settings are not applied to file servers. In the circumstance where file servers are domain members but you do not want to enable BranchCache on all file servers, you can specify Not Configured for this domain Group Policy setting, and then configure local machine policy to enable BranchCache on individual file servers. Because the domain Group Policy setting is not configured, it will not over-write the enabled setting that you use on individual servers where you want to enable BranchCache.\n\n- Enabled. With this selection, hash publication is turned on for all file servers where Group Policy is applied. For example, if Hash Publication for BranchCache is enabled in domain Group Policy, hash publication is turned on for all domain member file servers to which the policy is applied. The file servers are then able to create content information for all content that is stored in BranchCache-enabled file shares.\n\n- Disabled. With this selection, hash publication is turned off for all file servers where Group Policy is applied.\n\nIn circumstances where this policy setting is enabled, you can also select the following configuration options:\n\n- Allow hash publication for all shared folders. With this option, BranchCache generates content information for all content in all shares on the file server.\n\n- Allow hash publication only for shared folders on which BranchCache is enabled. With this option, content information is generated only for shared folders on which BranchCache is enabled. If you use this setting, you must enable BranchCache for individual shares in Share and Storage Management on the file server.\n\n- Disallow hash publication on all shared folders. With this option, BranchCache does not generate content information for any shares on the computer and does not send content information to client computers that request content.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\LanmanServer" ], "Elements": [ { "Type": "Enum", "ValueName": "HashPublicationForPeerCaching", "Items": [ { "DisplayName": "Allow hash publication only for shared folders on which BranchCache is enabled", "Data": "0" }, { "DisplayName": "Disallow hash publication on all shared folders", "Data": "1" }, { "DisplayName": "Allow hash publication for all shared folders", "Data": "2" } ], "Required": true } ] }, { "File": "LanmanServer.admx", "CategoryName": "Cat_LanmanServer", "PolicyName": "Pol_HashSupportVersion", "Class": "Machine", "NameSpace": "Microsoft.Policies.LanmanServer", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Hash Version support for BranchCache", "ExplainText": "This policy setting specifies whether the BranchCache hash generation service supports version 1 (V1) hashes, version 2 (V2) hashes, or both V1 and V2 hashes. Hashes, also called content information, are created based on the data in shared folders where BranchCache is enabled.\n\nIf you specify only one version that is supported, content information for that version is the only type that is generated by BranchCache, and it is the only type of content information that can be retrieved by client computers. For example, if you enable support for V1 hashes, BranchCache generates only V1 hashes and client computers can retrieve only V1 hashes.\n\nPolicy configuration\n\nSelect one of the following:\n\n- Not Configured. With this selection, BranchCache settings are not applied to client computers by this policy setting. In this circumstance, which is the default, both V1 and V2 hash generation and retrieval are supported.\n\n- Enabled. With this selection, the policy setting is applied and the hash version(s) that are specified in \"Hash version supported\" are generated and retrieved.\n\n- Disabled. With this selection, both V1 and V2 hash generation and retrieval are supported.\n\nIn circumstances where this setting is enabled, you can also select and configure the following option:\n\nHash version supported:\n\n- To support V1 content information only, configure \"Hash version supported\" with the value of 1.\n\n- To support V2 content information only, configure \"Hash version supported\" with the value of 2.\n\n- To support both V1 and V2 content information, configure \"Hash version supported\" with the value of 3.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\LanmanServer" ], "Elements": [ { "Type": "Enum", "ValueName": "HashSupportVersion", "Items": [ { "DisplayName": "Supports V1 hash version only", "Data": "1" }, { "DisplayName": "Supports V2 hash version only", "Data": "2" }, { "DisplayName": "Supports V1 as well as V2 versions", "Data": "3" } ], "Required": true } ] }, { "File": "LanmanServer.admx", "CategoryName": "Cat_LanmanServer", "PolicyName": "Pol_CipherSuiteOrder", "Class": "Machine", "NameSpace": "Microsoft.Policies.LanmanServer", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Cipher suite order", "ExplainText": "This policy setting determines the cipher suites used by the SMB server.\n\nIf you enable this policy setting, cipher suites are prioritized in the order specified.\n\nIf you enable this policy setting and do not specify at least one supported cipher suite, or if you disable or do not configure this policy setting, the default cipher suite order is used.\n\nSMB 3.11 cipher suites:\n\nAES_128_GCM\nAES_128_CCM\nAES_256_GCM\nAES_256_CCM\n\nSMB 3.0 and 3.02 cipher suites:\n\nAES_128_CCM\n\nHow to modify this setting:\n\nArrange the desired cipher suites in the edit box, one cipher suite per line, in order from most to least preferred, with the most preferred cipher suite at the top. Remove any cipher suites you don't want to use.\n\nNote: When configuring this security setting, changes will not take effect until you restart Windows.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\LanmanServer" ], "Elements": [ { "Type": "MultiText", "ValueName": "CipherSuiteOrder" } ] }, { "File": "LanmanServer.admx", "CategoryName": "Cat_LanmanServer", "PolicyName": "Pol_HonorCipherSuiteOrder", "Class": "Machine", "NameSpace": "Microsoft.Policies.LanmanServer", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Honor cipher suite order", "ExplainText": "This policy setting determines how the SMB server selects a cipher suite when negotiating a new connection with an SMB client.\n\nIf you enable this policy setting, the SMB server will select the cipher suite it most prefers from the list of client-supported cipher suites, ignoring the client's preferences.\n\nIf you disable or do not configure this policy setting, the SMB server will select the cipher suite the client most prefers from the list of server-supported cipher suites.\n\nNote: When configuring this security setting, changes will not take effect until you restart Windows.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\LanmanServer" ], "ValueName": "HonorCipherSuiteOrder", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "LanmanServer.admx", "CategoryName": "Cat_LanmanServer", "PolicyName": "Pol_EnableCompressedTraffic", "Class": "Machine", "NameSpace": "Microsoft.Policies.LanmanServer", "Supported": "Windows_Server_2022_Windows_11_0 - At least Windows Server 2022, Windows 11", "DisplayName": "Request traffic compression for all shares", "ExplainText": "This policy controls whether the SMB server requests SMB client to use traffic compression for all SMB shares.\n\nIf you enable this policy setting, the SMB server will by default request the SMB client to compress traffic when SMB compression is enabled. See notes below.\n\nIf you disable or do not configure this policy setting, the SMB server will not by default request the SMB client to compress traffic. However traffic compression may be requested by other means. See notes below.\n\nNote: If this policy is disabled, traffic compression may be requested by server-side per-share properties or by the SMB Client. If this is undesired, and one wishes to completely disable compression, configure the accompanying 'Disable SMB compression' policy instead.\n\nNote: Traffic compression can only be used when both the SMB client and SMB server support and enable traffic compression.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\LanmanServer" ], "ValueName": "EnableCompressedTraffic", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "LanmanServer.admx", "CategoryName": "Cat_LanmanServer", "PolicyName": "Pol_DisableCompression", "Class": "Machine", "NameSpace": "Microsoft.Policies.LanmanServer", "Supported": "Windows_Server_2022_Windows_11_0 - At least Windows Server 2022, Windows 11", "DisplayName": "Disable SMB compression", "ExplainText": "This policy controls whether the SMB server will disable (completely prevent) traffic compression.\n\nIf you enable this policy setting, the SMB server will never compress data, irrespective of other policies (such as the 'Use SMB compression by default' policy or per-share property).\n\nIf you disable or do not configure this policy setting, the SMB server may compress traffic (depending on a combination of other policies and conditions).", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\LanmanServer" ], "ValueName": "DisableCompression", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "LanmanServer.admx", "CategoryName": "Cat_LanmanServer", "PolicyName": "Pol_MaxSmb2Dialect", "Class": "Machine", "NameSpace": "Microsoft.Policies.LanmanServer", "Supported": "Windows_Server_2022_Windows_11_0 - At least Windows Server 2022, Windows 11", "DisplayName": "Mandate the maximum version of SMB", "ExplainText": "This policy controls the maximum version of SMB protocol\n\nNote: This group policy does not prevent use of SMB 1 if that component is still installed and enabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\LanmanServer" ], "Elements": [ { "Type": "Enum", "ValueName": "MaxSmb2Dialect", "Items": [ { "DisplayName": "SMB 3.1.1", "Data": "785" }, { "DisplayName": "SMB 3.0.2", "Data": "770" }, { "DisplayName": "SMB 3.0.0", "Data": "768" }, { "DisplayName": "SMB 2.1.0", "Data": "528" }, { "DisplayName": "SMB 2.0.2", "Data": "514" } ], "Required": true } ] }, { "File": "LanmanServer.admx", "CategoryName": "Cat_LanmanServer", "PolicyName": "Pol_MinSmb2Dialect", "Class": "Machine", "NameSpace": "Microsoft.Policies.LanmanServer", "Supported": "Windows_Server_2022_Windows_11_0 - At least Windows Server 2022, Windows 11", "DisplayName": "Mandate the minimum version of SMB", "ExplainText": "This policy controls the minimum version of SMB protocol\n\nNote: This group policy does not prevent use of SMB 1 if that component is still installed and enabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\LanmanServer" ], "Elements": [ { "Type": "Enum", "ValueName": "MinSmb2Dialect", "Items": [ { "DisplayName": "SMB 2.0.2", "Data": "514" }, { "DisplayName": "SMB 2.1.0", "Data": "528" }, { "DisplayName": "SMB 3.0.0", "Data": "768" }, { "DisplayName": "SMB 3.0.2", "Data": "770" }, { "DisplayName": "SMB 3.1.1", "Data": "785" } ], "Required": true } ] }, { "File": "LanmanServer.admx", "CategoryName": "Cat_LanmanServer", "PolicyName": "Pol_EnableMailslots", "Class": "Machine", "NameSpace": "Microsoft.Policies.LanmanServer", "Supported": "Windows_Server_2025_Windows_11_0 - At least Windows Server 2025, Windows 11", "DisplayName": "Enable remote mailslots", "ExplainText": "This policy controls whether the SMB server will enable or disable remote mailslots over the computer browser service.\n\nIf you disable this policy setting, the computer browser service will no longer run as expected.\n\nIf you do not configure this policy setting, the computer browser may still be working with remote mailslots enabled.\n\nNote: This policy requires a Windows reboot to take effect.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Bowser" ], "ValueName": "EnableMailslots", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "LanmanServer.admx", "CategoryName": "Cat_LanmanServer", "PolicyName": "Pol_EnableAuthRateLimiter", "Class": "Machine", "NameSpace": "Microsoft.Policies.LanmanServer", "Supported": "Windows_Server_2025_Windows_11_0 - At least Windows Server 2025, Windows 11", "DisplayName": "Enable authentication rate limiter", "ExplainText": "This policy controls whether the SMB server will enable or disable the authentication rate limiter.\n\nIf you disable this policy setting, the authentication rate limiter will not be enabled.\n\nIf you do not configure this policy setting, the authentication rate limiter may still be working depending on the delay settings (the recommended delay value is 2000ms).", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\LanmanServer" ], "ValueName": "EnableAuthRateLimiter", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "LanmanServer.admx", "CategoryName": "Cat_LanmanServer", "PolicyName": "Pol_AuditClientDoesNotSupportEncryption", "Class": "Machine", "NameSpace": "Microsoft.Policies.LanmanServer", "Supported": "Windows_Server_2025_Windows_11_0 - At least Windows Server 2025, Windows 11", "DisplayName": "Audit client does not support encryption", "ExplainText": "This policy controls whether the SMB server will log the event when the SMB client doesn't support encryption.\n\nIf you enable this policy setting, the SMB server will log the event when the SMB client doesn't support encryption.\n\nIf you disable or do not configure this policy setting, the SMB server will not log the event.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\LanmanServer" ], "ValueName": "AuditClientDoesNotSupportEncryption", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "LanmanServer.admx", "CategoryName": "Cat_LanmanServer", "PolicyName": "Pol_AuditClientDoesNotSupportSigning", "Class": "Machine", "NameSpace": "Microsoft.Policies.LanmanServer", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Audit client does not support signing", "ExplainText": "This policy controls whether the SMB server will log the event when the SMB client doesn't support signing.\n\nIf you enable this policy setting, the SMB server will log the event when the SMB client doesn't support signing.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\LanmanServer" ], "ValueName": "AuditClientDoesNotSupportSigning", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "LanmanServer.admx", "CategoryName": "Cat_LanmanServer", "PolicyName": "Pol_AuditInsecureGuestLogon", "Class": "Machine", "NameSpace": "Microsoft.Policies.LanmanServer", "Supported": "Windows_Server_2025_Windows_11_0 - At least Windows Server 2025, Windows 11", "DisplayName": "Audit insecure guest logon", "ExplainText": "This policy controls whether the SMB server will enable the audit event when the client is logged on as guest account.\n\nIf you enable this policy setting, the SMB server will log the event when the client is logged on as guest account.\n\nIf you disable or do not configure this policy setting, the SMB server will not log the event.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\LanmanServer" ], "ValueName": "AuditInsecureGuestLogon", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "LanmanServer.admx", "CategoryName": "Cat_LanmanServer", "PolicyName": "Pol_EnableSMBQUIC", "Class": "Machine", "NameSpace": "Microsoft.Policies.LanmanServer", "Supported": "Windows_Server_2025_Windows_11_0 - At least Windows Server 2025, Windows 11", "DisplayName": "Enable SMB over QUIC", "ExplainText": "This policy setting controls whether the SMB server will enable SMB over QUIC.\n\nIf you disable this policy setting, the SMB server will not accept connections over QUIC.\n\nIf you do not configure this policy setting, the SMB server may accept connections over QUIC.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\LanmanServer" ], "ValueName": "EnableSMBQUIC", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "LanmanServer.admx", "CategoryName": "Cat_LanmanServer", "PolicyName": "Pol_AuthRateLimiterDelayInMs", "Class": "Machine", "NameSpace": "Microsoft.Policies.LanmanServer", "Supported": "Windows_Server_2025_Windows_11_0_24H2 - At least Windows Server 2025, Windows 11 24H2", "DisplayName": "Set authentication rate limiter delay (milliseconds)", "ExplainText": "This policy controls whether the SMB server will use a default value in milliseconds for the invalid authentication delay.\n\nIf you configure this policy setting, the authentication rate limiter will use the specified value for delaying invalid authentication attempts.\n\nIf you do not configure this policy setting, the authentication rate limiter will use the default value or the value from local registry under HKLM\\SYSTEM\\CurrentControlSet\\Services\\LanmanServer\\Parameters.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\LanmanServer" ], "Elements": [ { "Type": "Decimal", "ValueName": "InvalidAuthenticationDelayTimeInMs", "MinValue": "0", "MaxValue": "10000", "Required": true } ] }, { "File": "LanmanServer.admx", "CategoryName": "Cat_LanmanServer", "PolicyName": "Pol_AuditClientSpnSupport", "Class": "Machine", "NameSpace": "Microsoft.Policies.LanmanServer", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Audit SMB client SPN support", "ExplainText": "This policy controls whether the SMB server audits the Service Principal Name (SPN) provided by SMB clients during authentication.\n\nIf you enable this policy setting, the SMB server will log an event whenever an SMB client doesn't send SPN or sends an invalid SPN during authentication. This audit data can help identify clients that may be incompatible with SPN validation before enforcement is enabled on SMB server.\n\nIf you disable or do not configure this policy setting, the SMB server will not log the event.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\LanmanServer" ], "ValueName": "AuditClientSpnSupport", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "LanmanWorkstation.admx", "CategoryName": "Cat_LanmanWorkstation", "PolicyName": "Pol_CipherSuiteOrder", "Class": "Machine", "NameSpace": "Microsoft.Policies.LanmanWorkstation", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Cipher suite order", "ExplainText": "This policy setting determines the cipher suites used by the SMB client.\n\nIf you enable this policy setting, cipher suites are prioritized in the order specified.\n\nIf you enable this policy setting and do not specify at least one supported cipher suite, or if you disable or do not configure this policy setting, the default cipher suite order is used.\n\nSMB 3.11 cipher suites:\n\nAES_128_GCM\nAES_128_CCM\nAES_256_GCM\nAES_256_CCM\n\nSMB 3.0 and 3.02 cipher suites:\n\nAES_128_CCM\n\nHow to modify this setting:\n\nArrange the desired cipher suites in the edit box, one cipher suite per line, in order from most to least preferred, with the most preferred cipher suite at the top. Remove any cipher suites you don't want to use.\n\nNote: When configuring this security setting, changes will not take effect until you restart Windows.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\LanmanWorkstation" ], "Elements": [ { "Type": "MultiText", "ValueName": "CipherSuiteOrder" } ] }, { "File": "LanmanWorkstation.admx", "CategoryName": "Cat_LanmanWorkstation", "PolicyName": "Pol_EnableInsecureGuestLogons", "Class": "Machine", "NameSpace": "Microsoft.Policies.LanmanWorkstation", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Enable insecure guest logons", "ExplainText": "This policy setting determines if the SMB client will allow insecure guest logons to an SMB server.\n\nIf you enable this policy setting or if you do not configure this policy setting, the SMB client will allow insecure guest logons.\n\nIf you disable this policy setting, the SMB client will reject insecure guest logons.\n\nIf you enable signing, the SMB client will reject insecure guest logons.\n\nInsecure guest logons are used by file servers to allow unauthenticated access to shared folders. While uncommon in an enterprise environment, insecure guest logons are frequently used by consumer Network Attached Storage (NAS) appliances acting as file servers. Windows file servers require authentication and do not use insecure guest logons by default. Since insecure guest logons are unauthenticated, important security features such as SMB Signing and SMB Encryption are disabled. As a result, clients that allow insecure guest logons are vulnerable to a variety of man-in-the-middle attacks that can result in data loss, data corruption, and exposure to malware. Additionally, any data written to a file server using an insecure guest logon is potentially accessible to anyone on the network. Microsoft recommends disabling insecure guest logons and configuring file servers to require authenticated access.\"", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\LanmanWorkstation" ], "ValueName": "AllowInsecureGuestAuth", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "LanmanWorkstation.admx", "CategoryName": "Cat_LanmanWorkstation", "PolicyName": "Pol_EnableOfflineFilesforCAShares", "Class": "Machine", "NameSpace": "Microsoft.Policies.LanmanWorkstation", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Offline Files Availability on Continuous Availability Shares", "ExplainText": "This policy setting determines the behavior of Offline Files on clients connecting to an SMB share where the Continuous Availability (CA) flag is enabled.\n\nIf you enable this policy setting, the \"Always Available offline\" option will appear in the File Explorer menu on a Windows computer when connecting to a CA-enabled share. Pinning of files on CA-enabled shares using client-side caching will also be possible.\n\nIf you disable or do not configure this policy setting, Windows will prevent use of Offline Files with CA-enabled shares.\n\nNote: Microsoft does not recommend enabling this group policy. Use of CA with Offline Files will lead to very long transition times between the online and offline states.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\LanmanWorkstation" ], "ValueName": "AllowOfflineFilesforCAShares", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "LanmanWorkstation.admx", "CategoryName": "Cat_LanmanWorkstation", "PolicyName": "Pol_EnableHandleCachingForCAFiles", "Class": "Machine", "NameSpace": "Microsoft.Policies.LanmanWorkstation", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Handle Caching on Continuous Availability Shares", "ExplainText": "This policy setting determines the behavior of SMB handle caching for clients connecting to an SMB share where the Continuous Availability (CA) flag is enabled.\n\nIf you enable this policy setting, the SMB client will allow cached handles to files on CA shares. This may lead to better performance when repeatedly accessing a large number of unstructured data files on CA shares running in Microsoft Azure Files.\n\nIf you disable or do not configure this policy setting, Windows will prevent use of cached handles to files opened through CA shares.\n\nNote: This policy has no effect when connecting Scale-out File Server shares provided by a Windows Server. Microsoft does not recommend enabling this policy for clients that routinely connect to files hosted on a Windows Failover Cluster with the File Server for General Use role, as it can lead to adverse failover times and increased memory and CPU usage.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\LanmanWorkstation" ], "ValueName": "EnableHandleCachingForCAFiles", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "LanmanWorkstation.admx", "CategoryName": "Cat_LanmanWorkstation", "PolicyName": "Pol_EnableCompressedTraffic", "Class": "Machine", "NameSpace": "Microsoft.Policies.LanmanWorkstation", "Supported": "Windows_Server_2022_Windows_11_0 - At least Windows Server 2022, Windows 11", "DisplayName": "Use SMB compression by default", "ExplainText": "This policy controls whether the SMB client uses traffic compression by default.\n\nIf you enable this policy setting, the SMB client will attempt to compress traffic by default when SMB compression is enabled.\n\nIf you disable or do not configure this policy setting, the SMB client will not by default attempt to compress traffic. However traffic compression may be requested by other means. See notes below.\n\nNote: This policy is combined with per-share and per-file handle properties, through which traffic compression may be requested. As well, the SMB server must support and enable compression. For example, should this policy be disabled (or not configured), the SMB client may still perform compression if an SMB server share has compression requested. If this is undesired, and one wishes to completely disable compression, configure the accompanying 'Disable SMB compression' policy instead.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\LanmanWorkstation" ], "ValueName": "EnableCompressedTraffic", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "LanmanWorkstation.admx", "CategoryName": "Cat_LanmanWorkstation", "PolicyName": "Pol_DisableCompression", "Class": "Machine", "NameSpace": "Microsoft.Policies.LanmanWorkstation", "Supported": "Windows_Server_2022_Windows_11_0 - At least Windows Server 2022, Windows 11", "DisplayName": "Disable SMB compression", "ExplainText": "This policy controls whether the SMB client will disable (completely prevent) traffic compression.\n\nIf you enable this policy setting, the SMB client will never compress data, irrespective of other policies (such as the 'Use SMB compression by default' policy or per-share property).\n\nIf you disable or do not configure this policy setting, the SMB client may compress traffic (depending on a combination of other policies and conditions).", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\LanmanWorkstation" ], "ValueName": "DisableCompression", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "LanmanWorkstation.admx", "CategoryName": "Cat_LanmanWorkstation", "PolicyName": "Pol_MaxSmb2Dialect", "Class": "Machine", "NameSpace": "Microsoft.Policies.LanmanWorkstation", "Supported": "Windows_Server_2025_Windows_11_0 - At least Windows Server 2025, Windows 11", "DisplayName": "Mandate the maximum version of SMB", "ExplainText": "This policy controls the maximum version of SMB protocol\n\nNote: This group policy does not prevent use of SMB 1 if that component is still installed and enabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\LanmanWorkstation" ], "Elements": [ { "Type": "Enum", "ValueName": "MaxSmb2Dialect", "Items": [ { "DisplayName": "SMB 3.1.1", "Data": "785" }, { "DisplayName": "SMB 3.0.2", "Data": "770" }, { "DisplayName": "SMB 3.0.0", "Data": "768" }, { "DisplayName": "SMB 2.1.0", "Data": "528" }, { "DisplayName": "SMB 2.0.2", "Data": "514" } ], "Required": true } ] }, { "File": "LanmanWorkstation.admx", "CategoryName": "Cat_LanmanWorkstation", "PolicyName": "Pol_MinSmb2Dialect", "Class": "Machine", "NameSpace": "Microsoft.Policies.LanmanWorkstation", "Supported": "Windows_Server_2025_Windows_11_0 - At least Windows Server 2025, Windows 11", "DisplayName": "Mandate the minimum version of SMB", "ExplainText": "This policy controls the minimum version of SMB protocol\n\nNote: This group policy does not prevent use of SMB 1 if that component is still installed and enabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\LanmanWorkstation" ], "Elements": [ { "Type": "Enum", "ValueName": "MinSmb2Dialect", "Items": [ { "DisplayName": "SMB 2.0.2", "Data": "514" }, { "DisplayName": "SMB 2.1.0", "Data": "528" }, { "DisplayName": "SMB 3.0.0", "Data": "768" }, { "DisplayName": "SMB 3.0.2", "Data": "770" }, { "DisplayName": "SMB 3.1.1", "Data": "785" } ], "Required": true } ] }, { "File": "LanmanWorkstation.admx", "CategoryName": "Cat_LanmanWorkstation", "PolicyName": "Pol_BlockNTLM", "Class": "Machine", "NameSpace": "Microsoft.Policies.LanmanWorkstation", "Supported": "Windows_Server_2025_Windows_11_0 - At least Windows Server 2025, Windows 11", "DisplayName": "Block NTLM (LM, NTLM, NTLMv2)", "ExplainText": "This policy controls if the SMB client will block NTLM for remote connection authentication.\n\nIf you enable this policy setting, the SMB client won't use NTLM for remote connection authentication.\n\nIf you disable or do not configure this policy setting, the SMB client can still use NTLM.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\LanmanWorkstation" ], "ValueName": "BlockNTLM", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "LanmanWorkstation.admx", "CategoryName": "Cat_LanmanWorkstation", "PolicyName": "Pol_BlockNTLMServerExceptionList", "Class": "Machine", "NameSpace": "Microsoft.Policies.LanmanWorkstation", "Supported": "Windows_Server_2025_Windows_11_0 - At least Windows Server 2025, Windows 11", "DisplayName": "Block NTLM Server Exception List", "ExplainText": "This policy setting determines if NTLM can be used to access specified servers.\n\nIf you enable this policy setting (valid only if NTLM (LM, NTLM, NTLMv2) is blocked), NTLM can be used to access servers specified. Please enter the desired servers (DNS name, IP address or NetBIOS name) in the edit box, one server name per line.\n\nIf you disable or do not configure this policy setting, the NTLM access to servers will be determined by other settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\LanmanWorkstation" ], "Elements": [ { "Type": "MultiText", "ValueName": "BlockNTLMServerExceptionList" } ] }, { "File": "LanmanWorkstation.admx", "CategoryName": "Cat_LanmanWorkstation", "PolicyName": "Pol_EnableMailslots", "Class": "Machine", "NameSpace": "Microsoft.Policies.LanmanWorkstation", "Supported": "Windows_Server_2025_Windows_11_0 - At least Windows Server 2025, Windows 11", "DisplayName": "Enable remote mailslots", "ExplainText": "This policy controls whether the SMB client will enable or disable remote mailslots over MUP.\n\nIf you disable this policy setting, remote mailslots will not function over MUP, hence they will not go through the SMB client redirector.\n\nIf you do not configure this policy setting, remote mailslots may be allowed through MUP.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\NetworkProvider" ], "ValueName": "EnableMailslots", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "LanmanWorkstation.admx", "CategoryName": "Cat_LanmanWorkstation", "PolicyName": "Pol_RequireEncryption", "Class": "Machine", "NameSpace": "Microsoft.Policies.LanmanWorkstation", "Supported": "Windows_Server_2022_Windows_11_0 - At least Windows Server 2022, Windows 11", "DisplayName": "Require Encryption", "ExplainText": "This policy controls whether the SMB client will require encryption.\n\nIf you enable this policy setting, the SMB client will require the SMB server to support encryption and encrypt the data.\n\nIf you disable or do not configure this policy setting, the SMB client will not require encryption. However, SMB encryption may still be required; see notes below.\n\nNote: This policy is combined with per-share, per-server, and per mapped drive connection properties, through which SMB encryption may be required. The SMB server must support and enable SMB encryption. For example, should this policy be disabled (or not configured), the SMB client may still perform encryption if an SMB server share has required encryption.\n\nImportant: SMB encryption requires SMB 3.0 or later", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\LanmanWorkstation" ], "ValueName": "RequireEncryption", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "LanmanWorkstation.admx", "CategoryName": "Cat_LanmanWorkstation", "PolicyName": "Pol_EnableAlternativePorts", "Class": "Machine", "NameSpace": "Microsoft.Policies.LanmanWorkstation", "Supported": "Windows_Server_2025_Windows_11_0 - At least Windows Server 2025, Windows 11", "DisplayName": "Enable Alternative Ports", "ExplainText": "This policy controls whether the SMB client will enable or disable alternative ports.\n\nIf you disable this policy setting, alternative ports will not be used by the SMB client.\n\nIf you do not configure this policy setting, alternative ports may be used by the SMB client.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\LanmanWorkstation" ], "ValueName": "EnableAlternativePorts", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "LanmanWorkstation.admx", "CategoryName": "Cat_LanmanWorkstation", "PolicyName": "Pol_AuditServerDoesNotSupportEncryption", "Class": "Machine", "NameSpace": "Microsoft.Policies.LanmanWorkstation", "Supported": "Windows_Server_2025_Windows_11_0 - At least Windows Server 2025, Windows 11", "DisplayName": "Audit server does not support encryption", "ExplainText": "This policy controls whether the SMB client will enable the audit event when the SMB server doesn't support encryption.\n\nIf you enable this policy setting, the SMB client will log the event when the SMB server doesn't support encryption.\n\nIf you disable or do not configure this policy setting, the SMB client will not log the event.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\LanmanWorkstation" ], "ValueName": "AuditServerDoesNotSupportEncryption", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "LanmanWorkstation.admx", "CategoryName": "Cat_LanmanWorkstation", "PolicyName": "Pol_AuditServerDoesNotSupportSigning", "Class": "Machine", "NameSpace": "Microsoft.Policies.LanmanWorkstation", "Supported": "Windows_Server_2025_Windows_11_0 - At least Windows Server 2025, Windows 11", "DisplayName": "Audit server does not support signing", "ExplainText": "This policy controls whether the SMB client will enable the audit event when the SMB server doesn't support signing.\n\nIf you enable this policy setting, the SMB client will log the event when the SMB server doesn't support signing.\n\nIf you disable or do not configure this policy setting, the SMB client will not log the event.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\LanmanWorkstation" ], "ValueName": "AuditServerDoesNotSupportSigning", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "LanmanWorkstation.admx", "CategoryName": "Cat_LanmanWorkstation", "PolicyName": "Pol_AuditInsecureGuestLogon", "Class": "Machine", "NameSpace": "Microsoft.Policies.LanmanWorkstation", "Supported": "Windows_Server_2025_Windows_11_0 - At least Windows Server 2025, Windows 11", "DisplayName": "Audit insecure guest logon", "ExplainText": "This policy controls whether the SMB client will enable the audit event when the client is logged on as guest account.\n\nIf you enable this policy setting, the SMB client will log the event when the client is logged on as guest account.\n\nIf you disable or do not configure this policy setting, the SMB client will not log the event.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\LanmanWorkstation" ], "ValueName": "AuditInsecureGuestLogon", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "LanmanWorkstation.admx", "CategoryName": "Cat_LanmanWorkstation", "PolicyName": "Pol_AlternativePortMappings", "Class": "Machine", "NameSpace": "Microsoft.Policies.LanmanWorkstation", "Supported": "Windows_Server_2025_Windows_11_0 - At least Windows Server 2025, Windows 11", "DisplayName": "Alternative Port Mappings", "ExplainText": "This policy setting determines the alternative port registry mappings used by the SMB client.\n\nIf you enable this policy setting, the first valid mapping will be used if the mapping's server name matches the targeted server name for connectivity.\n\nIf you enable this policy setting and do not specify at least one valid mapping, or if you disable or do not configure this policy setting, then the SMB client will refer to other methods of determining alternative port usage such as with the NET USE or New-SmbMapping commands.\n\nExamples:\n\ncontososa.file.core.windows.net:tcp:448\nedgesrv1.corp.contoso.com:quic:450\n\nHow to modify this setting:\n\nArrange the desired alternative port mappings in the edit box with one mapping entry per line.\n\nThe format of each mapping entry specifies a server name, transport type, and port number separated by colons as done so in the example above.\n\nNote: This policy does not require a Windows reboot to take effect.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\LanmanWorkstation" ], "Elements": [ { "Type": "MultiText", "ValueName": "AlternativePortMappings" } ] }, { "File": "LanmanWorkstation.admx", "CategoryName": "Cat_LanmanWorkstation", "PolicyName": "Pol_EnableSMBQUIC", "Class": "Machine", "NameSpace": "Microsoft.Policies.LanmanWorkstation", "Supported": "Windows_Server_2025_Windows_11_0 - At least Windows Server 2025, Windows 11", "DisplayName": "Enable SMB over QUIC", "ExplainText": "This policy setting controls whether the SMB client will enable SMB over QUIC.\n\nIf you disable this policy setting, the SMB client will not allow initiating connections over QUIC. In this case, if the user attempts to connect over QUIC, SMB client will attempt to connect over TCP.\n\nIf you do not configure this policy setting, the SMB client may allow initiating connections over QUIC.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\LanmanWorkstation" ], "ValueName": "EnableSMBQUIC", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "LanmanWorkstation.admx", "CategoryName": "Cat_LanmanWorkstation", "PolicyName": "Pol_DisabledSMBQUICServerExceptionList", "Class": "Machine", "NameSpace": "Microsoft.Policies.LanmanWorkstation", "Supported": "Windows_Server_2025_Windows_11_0 - At least Windows Server 2025, Windows 11", "DisplayName": "Disabled SMB over QUIC Server Exception List", "ExplainText": "This policy setting specifies the servers the SMB client can connect to over QUIC.\n\nIf you enable this policy setting (valid only if SMB over QUIC is disabled), the SMB client can connect to the specified servers over QUIC. Please enter the desired servers (DNS name, IP address or NetBIOS name) in the edit box, one server name per line.\n\nIf you disable or do not configure this policy setting, the SMB client's ability to connect to servers over QUIC will be determined by other settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\LanmanWorkstation" ], "Elements": [ { "Type": "MultiText", "ValueName": "DisabledSMBQUICServerExceptionList" } ] }, { "File": "LAPS.admx", "CategoryName": "LAPS_CAT", "PolicyName": "LAPS_BackupDirectory", "Class": "Machine", "NameSpace": "Microsoft.Policies.LAPS", "Supported": "Windows10 - At least Microsoft Windows 10 or later", "DisplayName": "Configure password backup directory", "ExplainText": "Use this setting to configure which directory the local admin account password is backed up to.\n\nThe allowable settings are:\n\n0=Disabled (password will not be backed up)\n\n1=Backup the password to Azure Active Directory\n\n2=Backup the password to Active Directory\n\nIf not specified, this setting will default to 0 (Disabled).\n\nIf this setting is configured to 1, and the managed device is not joined to Azure Active Directory, the local administrator password will not be managed.\n\nIf this setting is configured to 2, and the managed device is not joined to Active Directory, the local administrator password will not be managed.\n\nIf this setting is disabled or not configured, the local administrator password is not managed.\n\nSee https://go.microsoft.com/fwlink/?linkid=2188435 for more information.", "KeyPath": [ "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\LAPS" ], "Elements": [ { "Type": "Enum", "ValueName": "BackupDirectory", "Items": [ { "DisplayName": "Disabled", "Data": "0" }, { "DisplayName": "Azure Active Directory", "Data": "1" }, { "DisplayName": "Active Directory", "Data": "2" } ] } ] }, { "File": "LAPS.admx", "CategoryName": "LAPS_CAT", "PolicyName": "LAPS_PasswordSettings", "Class": "Machine", "NameSpace": "Microsoft.Policies.LAPS", "Supported": "Windows10 - At least Microsoft Windows 10 or later", "DisplayName": "Password Settings", "ExplainText": "Configures password parameters\n\nPassword complexity: which characters are used when generating a new password\nDefault: Large letters + small letters + numbers + special characters\n\nPassword length\nMinimum: 8 characters\nMaximum: 64 characters\nDefault: 14 characters\n\nPassword age in days\nMinimum: 1 day (7 days when backup directory is configured to be Azure AD)\nMaximum: 365 days\nDefault: 30 days\n\nPassphrase length\nMinimum: 3 words\nMaximum: 10 words\nDefault: 6 words\n\nSee https://go.microsoft.com/fwlink/?linkid=2188435 for more information.\n\nPassphrase list taken from \"Deep Dive: EFF's New Wordlists for Random Passphrases\" by Electronic Frontier Foundation, and is used under a CC-BY-3.0 Attribution license. See https://go.microsoft.com/fwlink/?linkid=2255471 for more information.", "KeyPath": [ "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\LAPS" ], "Elements": [ { "Type": "Enum", "ValueName": "PasswordComplexity", "Items": [ { "DisplayName": "Large letters", "Data": "1" }, { "DisplayName": "Large letters + small letters", "Data": "2" }, { "DisplayName": "Large letters + small letters + numbers", "Data": "3" }, { "DisplayName": "Large letters + small letters + numbers + specials", "Data": "4" }, { "DisplayName": "Large letters + small letters + numbers + specials (improved readability)", "Data": "5" }, { "DisplayName": "Passphrase (long words)", "Data": "6" }, { "DisplayName": "Passphrase (short words)", "Data": "7" }, { "DisplayName": "Passphrase (short words with unique prefixes)", "Data": "8" } ] }, { "Type": "Decimal", "ValueName": "PasswordLength", "MinValue": "8", "MaxValue": "64" }, { "Type": "Decimal", "ValueName": "PasswordAgeDays", "MinValue": "1", "MaxValue": "365" }, { "Type": "Decimal", "ValueName": "PassphraseLength", "MinValue": "3", "MaxValue": "10" } ] }, { "File": "LAPS.admx", "CategoryName": "LAPS_CAT", "PolicyName": "LAPS_AdminName", "Class": "Machine", "NameSpace": "Microsoft.Policies.LAPS", "Supported": "Windows10 - At least Microsoft Windows 10 or later", "DisplayName": "Name of administrator account to manage", "ExplainText": "This policy setting specifies a custom Administrator account name to manage the password for.\n\nIf this policy setting is enabled, LAPS will manage the password for a local account with this name.\n\nIf this policy setting is disabled or not configured, LAPS will manage the password for the well known Administrator account.\n\nDO NOT enable this policy setting to manage the built-in administrator account. The built-in administrator account is auto-detected by well-known SID and does not depend on the account name.\n\nSee https://go.microsoft.com/fwlink/?linkid=2188435 for more information.", "KeyPath": [ "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\LAPS" ], "Elements": [ { "Type": "Text", "ValueName": "AdministratorAccountName", "MaxLength": "64" } ] }, { "File": "LAPS.admx", "CategoryName": "LAPS_CAT", "PolicyName": "LAPS_DontAllowPwdExpirationBehindPolicy", "Class": "Machine", "NameSpace": "Microsoft.Policies.LAPS", "Supported": "Windows10 - At least Microsoft Windows 10 or later", "DisplayName": "Do not allow password expiration time longer than required by policy", "ExplainText": "If this setting is enabled or not configured, planned password expiration longer than the password age dictated by the \"Password Settings\" policy is NOT allowed. When such expiration is detected, the password is changed immediately and password expiration is set according to policy.\n\nIf this setting is disabled, password expiration time may be longer than required by \"Password Settings\" policy.\n\nSee https://go.microsoft.com/fwlink/?linkid=2188435 for more information.", "KeyPath": [ "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\LAPS" ], "ValueName": "PasswordExpirationProtectionEnabled", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "LAPS.admx", "CategoryName": "LAPS_CAT", "PolicyName": "LAPS_ADPasswordEncryptionEnabled", "Class": "Machine", "NameSpace": "Microsoft.Policies.LAPS", "Supported": "Windows10 - At least Microsoft Windows 10 or later", "DisplayName": "Enable password encryption", "ExplainText": "When you enable this setting, the managed password is encrypted before being sent to Active Directory.\n\nEnabling this setting has no effect unless 1) the password has been configured to be backed up to Active Directory and 2) the Active Directory domain functional level is at Windows Server 2016 or above.\n\nIf this setting is enabled, and the domain functional level is at or above Windows Server 2016, the managed account password is encrypted.\n\nIf this setting is enabled, and the domain functional level is less than Windows Server 2016, the managed account password is not backed up to the directory.\n\nIf this setting is disabled, the managed account password is not encrypted.\n\nThis setting will default to enabled if not configured.\n\nSee https://go.microsoft.com/fwlink/?linkid=2188435 for more information.", "KeyPath": [ "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\LAPS" ], "ValueName": "ADPasswordEncryptionEnabled", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "LAPS.admx", "CategoryName": "LAPS_CAT", "PolicyName": "LAPS_ADPasswordEncryptionPrincipal", "Class": "Machine", "NameSpace": "Microsoft.Policies.LAPS", "Supported": "Windows10 - At least Microsoft Windows 10 or later", "DisplayName": "Configure authorized password decryptors", "ExplainText": "Configure this setting to control the specific user or group who is authorized to decrypt encrypted passwords.\n\nConfiguring this setting has no effect unless password encryption has been enabled.\n\nIf this setting is enabled, encrypted passwords will be decryptable by the specified group.\n\nIf this setting is disabled or not configured, encrypted passwords will be decryptable by the Domain Admins group.\n\nThis setting must be configured with either a domain-qualified name of a group or user, or a SID in string format. Valid examples include:\n\ncontoso\\LAPSAdmins\n\nlapsadmins@contoso.com\n\nS-1-5-21-2127521184-1604012920-1887927527-35197\n\nDo not enclose the user\\group name or SID in enclosing quotes or parentheses.\n\nThe specified user or group must be resolvable by the managed device, otherwise passwords will not be backed up.\n\nNOTE: this setting is ignored when Directory Services Repair Mode (DSRM) account passwords are backed up on a domain controller. In that scenario, this setting always defaults to the Domain Admins group of the domain controller's domain.\n\nSee https://go.microsoft.com/fwlink/?linkid=2188435 for more information.", "KeyPath": [ "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\LAPS" ], "Elements": [ { "Type": "Text", "ValueName": "ADPasswordEncryptionPrincipal", "MaxLength": "128" } ] }, { "File": "LAPS.admx", "CategoryName": "LAPS_CAT", "PolicyName": "LAPS_ADEncryptedPasswordHistorySize", "Class": "Machine", "NameSpace": "Microsoft.Policies.LAPS", "Supported": "Windows10 - At least Microsoft Windows 10 or later", "DisplayName": "Configure size of encrypted password history", "ExplainText": "Use this setting to configure how many previous encrypted passwords will be stored in Active Directory.\n\nConfiguring this setting has no effect unless 1) the password has been configured to be backed up to Active Directory and 2) password encryption has been enabled.\n\nIf this setting is enabled, the specified number of older passwords will be stored in Active Directory.\n\nIf this setting is disabled or not configured, zero older passwords will be stored in Active Directory.\n\nThis setting has a minimum allowed value of 0 passwords.\n\nThis setting has a maximum allowed value of 12 passwords.\n\nSee https://go.microsoft.com/fwlink/?linkid=2188435 for more information.", "KeyPath": [ "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\LAPS" ], "Elements": [ { "Type": "Decimal", "ValueName": "ADEncryptedPasswordHistorySize", "MinValue": "0", "MaxValue": "12" } ] }, { "File": "LAPS.admx", "CategoryName": "LAPS_CAT", "PolicyName": "LAPS_ADBackupDSRMPassword", "Class": "Machine", "NameSpace": "Microsoft.Policies.LAPS", "Supported": "Windows10 - At least Microsoft Windows 10 or later", "DisplayName": "Enable password backup for DSRM accounts", "ExplainText": "When you enable this setting, the DSRM administrator account password will be managed and backed up to Active Directory.\n\nEnabling this setting has no effect unless the managed device is a domain controller and password encryption is also enabled.\n\nIf this setting is enabled, the password for the DSRM administrator account on the domain controller will be backed up to Active Directory.\n\nIf this setting is disabled or not configured, the password for the DSRM administrator account on the domain controller will not be backed up to Active Directory.\n\nSee https://go.microsoft.com/fwlink/?linkid=2188435 for more information.", "KeyPath": [ "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\LAPS" ], "ValueName": "ADBackupDSRMPassword", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "LAPS.admx", "CategoryName": "LAPS_CAT", "PolicyName": "LAPS_PostAuthenticationActions", "Class": "Machine", "NameSpace": "Microsoft.Policies.LAPS", "Supported": "Windows10 - At least Microsoft Windows 10 or later", "DisplayName": "Post-authentication actions", "ExplainText": "This policy configures post-authentication actions which will be executed after detecting an authentication by the managed account.\n\nGrace period: specifies the amount of time (in hours) to wait after an authentication before executing the specified post-authentication actions.\n\nIf this setting is enabled and greater than zero, the specified post-authentication actions will be executed upon expiration of the grace period.\n\nIf this setting is disabled or not configured, the specified post-authentication actions will be executed after a default 24 hour grace period.\n\nIf this setting is equal to zero, no post-authentication actions will be executed.\n\nActions: specifies the actions to take upon expiration of the grace period.\n\nReset password: upon expiration of the grace period, the managed account password is reset.\n\nReset the password and logoff the managed account: upon expiration of the grace period, the managed account password is reset and any interactive logon sessions using the managed account are logged off.\n\nReset the password and reboot: upon expiration of the grace period, the managed account password is reset and the managed device is rebooted.\n\nReset the password, logoff the managed account, and terminate any remaining processes: upon expiration of the grace period, the managed account password is reset, any interactive logon sessions using the managed account are logged off, and any remaining processes are terminated.\n\n(NOTE: after any interactive logon sessions are terminated there may still be other authenticated sessions in use by the managed account. The only robust way to ensure that the previous password is longer in use is to reboot the device.)\n\nIf this setting is disabled or not configured, post-authentication actions will default to \"Reset the password and logoff the managed account\".\n\nNote: the DSRM account on domain controllers cannot be configured for post-authentication actions. This policy has no effect on domain controllers and will be ignored even if configured for a DC.\n\nSee https://go.microsoft.com/fwlink/?linkid=2188435 for more information.", "KeyPath": [ "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\LAPS" ], "Elements": [ { "Type": "Decimal", "ValueName": "PostAuthenticationResetDelay", "MinValue": "0", "MaxValue": "24" }, { "Type": "Enum", "ValueName": "PostAuthenticationActions", "Items": [ { "DisplayName": "Disabled - take no actions", "Data": "0" }, { "DisplayName": "Reset the password", "Data": "1" }, { "DisplayName": "Reset the password and logoff the managed account", "Data": "3" }, { "DisplayName": "Reset the password and reboot the device", "Data": "5" }, { "DisplayName": "Reset the password, logoff the managed account, and terminate any remaining processes", "Data": "11" } ] } ] }, { "File": "LAPS.admx", "CategoryName": "LAPS_CAT", "PolicyName": "LAPS_AutomaticAccountManagementPolicy", "Class": "Machine", "NameSpace": "Microsoft.Policies.LAPS", "Supported": "Windows10 - At least Microsoft Windows 10 or later", "DisplayName": "Configure automatic account management", "ExplainText": "This policy configures automatic account management policy options.\n\nSpecify the target account to manage: specifies whether the built-in admin account or a custom account should be managed.\n\nAutomatic account name (or name prefix): specifies the name, or name prefix, to use for the managed account.\n\nIf this policy setting is configured, Windows LAPS will use it as the account name or name prefix for the target account.\n\nIf this policy setting is not configured, Windows LAPS will use \"WLapsAdmin\" as the account name or name prefix.\n\nNote: this name is treated as a prefix when account name randomization is configured, see comments below.\n\nEnable the managed account: specifies whether the managed account should be enabled or not.\n\nIf this policy setting is configured, Windows LAPS will enable the specified managed account.\n\nIf this policy setting is not configured, Windows LAPS will disable the specified managed account.\n\nNote: Windows LAPS will regularly maintain and rotate the password of the managed account regardless of whether the account is maintained in an enabled\\disabled status.\n\nRandomize the name of the managed account: specifies whether the name of the managed account should be randomized with a random numeric suffix.\n\nIf this policy setting is configured, Windows LAPS will add an eight digit random numeric suffix to the managed automatic account name, and will re-randomize the name of the managed account every time the password is rotated.\n\nIf this policy setting is not configured, Windows LAPS will use the managed automatic account name as configured.\n\nIf the managed automatic account name prefix is configured, Windows LAPS will use up to the first twelve (12) characters of that name as a prefix for the random name. If the managed automatic account name is not configured, Windows LAPS will use \"WLapsAdmin\" as the name prefix.\n\nNote: the DSRM account on domain controllers cannot be configured for automatic account management. This policy has no effect on domain controllers and will be ignored even if configured for a DC.\n\nSee https://go.microsoft.com/fwlink/?linkid=2188435 for more information.", "KeyPath": [ "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\LAPS" ], "ValueName": "AutomaticAccountManagementEnabled", "Elements": [ { "Type": "Enum", "ValueName": "AutomaticAccountManagementTarget", "Items": [ { "DisplayName": "Manage the built-in admin account", "Data": "0" }, { "DisplayName": "Manage a custom admin account", "Data": "1" } ] }, { "Type": "Text", "ValueName": "AutomaticAccountManagementNameOrPrefix", "MaxLength": "20" }, { "Type": "Boolean", "ValueName": "AutomaticAccountManagementEnableAccount", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "AutomaticAccountManagementRandomizeName", "TrueValue": "1", "FalseValue": "0" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "LeakDiagnostic.admx", "CategoryName": "WdiScenarioCategory", "PolicyName": "WdiScenarioExecutionPolicy", "Class": "Machine", "NameSpace": "Microsoft.Policies.LeakDiagnostics", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Configure Scenario Execution Level", "ExplainText": "This policy setting determines whether Diagnostic Policy Service (DPS) diagnoses memory leak problems.\n\nIf you enable or do not configure this policy setting, the DPS enables Windows Memory Leak Diagnosis by default.\n\nIf you disable this policy setting, the DPS is not able to diagnose memory leak problems.\n\nThis policy setting takes effect only under the following conditions:\n-- If the diagnostics-wide scenario execution policy is not configured.\n-- When the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios are not executed.\n\nNote: The DPS can be configured with the Services snap-in to the Microsoft Management Console.\n\nNo operating system restart or service restart is required for this policy to take effect. Changes take effect immediately.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WDI\\{eb73b633-3f4e-4ba0-8f60-8f3c6f53168f}" ], "Elements": [ { "Type": "EnabledList", "ValueName": "ScenarioExecutionEnabled", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WDI\\{eb73b633-3f4e-4ba0-8f60-8f3c6f53168f}" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "EnabledScenarioExecutionLevel", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WDI\\{eb73b633-3f4e-4ba0-8f60-8f3c6f53168f}" ], "Data": "2" }, { "Type": "DisabledList", "ValueName": "ScenarioExecutionEnabled", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WDI\\{eb73b633-3f4e-4ba0-8f60-8f3c6f53168f}" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "EnabledScenarioExecutionLevel", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WDI\\{eb73b633-3f4e-4ba0-8f60-8f3c6f53168f}" ], "Data": "1" } ] }, { "File": "LinkLayerTopologyDiscovery.admx", "CategoryName": "LLTD_Category", "PolicyName": "LLTD_EnableLLTDIO", "Class": "Machine", "NameSpace": "Microsoft.Policies.LinkLayerTopology", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn on Mapper I/O (LLTDIO) driver", "ExplainText": "This policy setting changes the operational behavior of the Mapper I/O network protocol driver.\n\nLLTDIO allows a computer to discover the topology of a network it's connected to. It also allows a computer to initiate Quality-of-Service requests such as bandwidth estimation and network health analysis.\n\nIf you enable this policy setting, additional options are available to fine-tune your selection. You may choose the \"Allow operation while in domain\" option to allow LLTDIO to operate on a network interface that's connected to a managed network. On the other hand, if a network interface is connected to an unmanaged network, you may choose the \"Allow operation while in public network\" and \"Prohibit operation while in private network\" options instead.\n\nIf you disable or do not configure this policy setting, the default behavior of LLTDIO will apply.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\LLTD" ], "ValueName": "EnableLLTDIO", "Elements": [ { "Type": "Boolean", "ValueName": "AllowLLTDIOOnDomain", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "AllowLLTDIOOnPublicNet", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "ProhibitLLTDIOOnPrivateNet", "TrueValue": "1", "FalseValue": "0" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "LinkLayerTopologyDiscovery.admx", "CategoryName": "LLTD_Category", "PolicyName": "LLTD_EnableRspndr", "Class": "Machine", "NameSpace": "Microsoft.Policies.LinkLayerTopology", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn on Responder (RSPNDR) driver", "ExplainText": "This policy setting changes the operational behavior of the Responder network protocol driver.\n\nThe Responder allows a computer to participate in Link Layer Topology Discovery requests so that it can be discovered and located on the network. It also allows a computer to participate in Quality-of-Service activities such as bandwidth estimation and network health analysis.\n\nIf you enable this policy setting, additional options are available to fine-tune your selection. You may choose the \"Allow operation while in domain\" option to allow the Responder to operate on a network interface that's connected to a managed network. On the other hand, if a network interface is connected to an unmanaged network, you may choose the \"Allow operation while in public network\" and \"Prohibit operation while in private network\" options instead.\n\nIf you disable or do not configure this policy setting, the default behavior for the Responder will apply.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\LLTD" ], "ValueName": "EnableRspndr", "Elements": [ { "Type": "Boolean", "ValueName": "AllowRspndrOnDomain", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "AllowRspndrOnPublicNet", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "ProhibitRspndrOnPrivateNet", "TrueValue": "1", "FalseValue": "0" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "LocalSecurityAuthority.admx", "CategoryName": "LocalSecurityAuthority", "PolicyName": "AllowCustomSSPsAPs", "Class": "Machine", "NameSpace": "Microsoft.Policies.LocalSecurityAuthority", "Supported": "Windows_10_0_RS6_NOSERVER - At least Windows 10 Version 1903", "DisplayName": "Allow Custom SSPs and APs to be loaded into LSASS", "ExplainText": "This policy controls the configuration under which LSASS loads custom SSPs and APs.\n\nIf you enable this setting or do not configure it, LSA allows custom SSPs and APs to be loaded.\n\nIf you disable this setting, LSA does not load custom SSPs and APs.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "AllowCustomSSPsAPs", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "LocalSecurityAuthority.admx", "CategoryName": "LocalSecurityAuthority", "PolicyName": "ConfigureLsaProtectedProcess", "Class": "Machine", "NameSpace": "Microsoft.Policies.LocalSecurityAuthority", "Supported": "Windows_10_0_RS6_NOSERVER - At least Windows 10 Version 1903", "DisplayName": "Configures LSASS to run as a protected process", "ExplainText": "This policy controls the configuration under which LSASS is run.\n\nIf you do not configure this policy and there is no current setting in the registry, LSA will run as protected process for all clean installed, HVCI capable, client SKUs. This configuration is not UEFI locked. This can be overridden if the policy is configured.\n\nIf you configure and set this policy setting to \"Disabled\", LSA will not run as a protected process.\n\nIf you configure and set this policy setting to \"EnabledWithUEFILock,\" LSA will run as a protected process and this configuration is UEFI locked.\n\nIf you configure and set this policy setting to \"EnabledWithoutUEFILock\", LSA will run as a protected process and this configuration is not UEFI locked.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "Elements": [ { "Type": "Enum", "ValueName": "RunAsPPL", "Items": [ { "DisplayName": "Disabled", "Data": "0" }, { "DisplayName": "Enabled with UEFI Lock", "Data": "1" }, { "DisplayName": "Enabled without UEFI Lock", "Data": "2" } ] } ] }, { "File": "LocationProviderAdm.admx", "CategoryName": "WindowsLocationProvider", "PolicyName": "DisableWindowsLocationProvider_1", "Class": "Machine", "NameSpace": "Microsoft.Policies.Sensors.WindowsLocationProvider", "Supported": "Windows8_Or_Windows_6_3_Only - Windows Server 2012, Windows 8, Windows RT, Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1 only", "DisplayName": "Turn off Windows Location Provider", "ExplainText": "This policy setting turns off the Windows Location Provider feature for this computer.\n\nIf you enable this policy setting, the Windows Location Provider feature will be turned off, and all programs on this computer will not be able to use the Windows Location Provider feature.\n\nIf you disable or do not configure this policy setting, all programs on this computer can use the Windows Location Provider feature.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\LocationAndSensors" ], "ValueName": "DisableWindowsLocationProvider", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Logon.admx", "CategoryName": "Logon", "PolicyName": "DisableExplorerRunLegacy_1", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsLogon", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Do not process the legacy run list", "ExplainText": "This policy setting ignores the customized run list.\n\nYou can create a customized list of additional programs and documents that the system starts automatically when it runs on Windows Vista, Windows XP Professional, and Windows 2000 Professional. These programs are added to the standard run list of programs and services that the system starts.\n\nIf you enable this policy setting, the system ignores the run list for Windows Vista, Windows XP Professional, and Windows 2000 Professional.\n\nIf you disable or do not configure this policy setting, Windows Vista adds any customized run list configured to its run list.\n\nThis policy setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy setting in Computer Configuration takes precedence over the policy setting in User Configuration.\n\nNote: To create a customized run list by using a policy setting, use the \"\"Run these applications at startup\"\" policy setting.\n\nAlso, see the \"\"Do not process the run once list\"\" policy setting.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "DisableCurrentUserRun", "Elements": [] }, { "File": "Logon.admx", "CategoryName": "Logon", "PolicyName": "DisableExplorerRunLegacy_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsLogon", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Do not process the legacy run list", "ExplainText": "This policy setting ignores the customized run list.\n\nYou can create a customized list of additional programs and documents that the system starts automatically when it runs on Windows Vista, Windows XP Professional, and Windows 2000 Professional. These programs are added to the standard run list of programs and services that the system starts.\n\nIf you enable this policy setting, the system ignores the run list for Windows Vista, Windows XP Professional, and Windows 2000 Professional.\n\nIf you disable or do not configure this policy setting, Windows Vista adds any customized run list configured to its run list.\n\nThis policy setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy setting in Computer Configuration takes precedence over the policy setting in User Configuration.\n\nNote: To create a customized run list by using a policy setting, use the \"\"Run these applications at startup\"\" policy setting.\n\nAlso, see the \"\"Do not process the run once list\"\" policy setting.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "DisableLocalMachineRun", "Elements": [] }, { "File": "Logon.admx", "CategoryName": "Logon", "PolicyName": "DisableExplorerRunOnceLegacy_1", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsLogon", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Do not process the run once list", "ExplainText": "This policy setting ignores customized run-once lists.\n\nYou can create a customized list of additional programs and documents that are started automatically the next time the system starts (but not thereafter). These programs are added to the standard list of programs and services that the system starts.\n\nIf you enable this policy setting, the system ignores the run-once list.\n\nIf you disable or do not configure this policy setting, the system runs the programs in the run-once list.\n\nThis policy setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy setting in Computer Configuration takes precedence over the policy setting in User Configuration.\n\nNote: Customized run-once lists are stored in the registry in HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce.\n\nAlso, see the \"\"Do not process the legacy run list\"\" policy setting.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "DisableCurrentUserRunOnce", "Elements": [] }, { "File": "Logon.admx", "CategoryName": "Logon", "PolicyName": "DisableExplorerRunOnceLegacy_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsLogon", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Do not process the run once list", "ExplainText": "This policy setting ignores customized run-once lists.\n\nYou can create a customized list of additional programs and documents that are started automatically the next time the system starts (but not thereafter). These programs are added to the standard list of programs and services that the system starts.\n\nIf you enable this policy setting, the system ignores the run-once list.\n\nIf you disable or do not configure this policy setting, the system runs the programs in the run-once list.\n\nThis policy setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy setting in Computer Configuration takes precedence over the policy setting in User Configuration.\n\nNote: Customized run-once lists are stored in the registry in HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce.\n\nAlso, see the \"\"Do not process the legacy run list\"\" policy setting.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "DisableLocalMachineRunOnce", "Elements": [] }, { "File": "Logon.admx", "CategoryName": "Logon", "PolicyName": "LogonType", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsLogon", "Supported": "WindowsServer_And_XPproTo7 - Windows Server 2003 and versions of Windows from Windows XP Professional through Windows 7.", "DisplayName": "Always use classic logon", "ExplainText": "This policy is not available in this version of Windows.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "ValueName": "LogonType", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "Logon.admx", "CategoryName": "Logon", "PolicyName": "NoWelcomeTips_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsLogon", "Supported": "Win2kOnly - Windows 2000 only", "DisplayName": "Do not display the Getting Started welcome screen at logon", "ExplainText": "This policy setting hides the welcome screen that is displayed on Windows 2000 Professional each time the user logs on.\n\nIf you enable this policy setting, the welcome screen is hidden from the user logging on to a computer where this policy is applied.\n\nUsers can still display the welcome screen by selecting it on the Start menu or by typing \"\"Welcome\"\" in the Run dialog box.\n\nIf you disable or do not configure this policy, the welcome screen is displayed each time a user logs on to the computer.\n\nThis setting applies only to Windows 2000 Professional. It does not affect the \"\"Configure Your Server on a Windows 2000 Server\"\" screen on Windows 2000 Server.\n\nNote: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.\n\nTip: To display the welcome screen, click Start, point to Programs, point to Accessories, point to System Tools, and then click \"\"Getting Started.\"\" To suppress the welcome screen without specifying a setting, clear the \"\"Show this screen at startup\"\" check box on the welcome screen.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoWelcomeScreen", "Elements": [] }, { "File": "Logon.admx", "CategoryName": "Logon", "PolicyName": "Run_1", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsLogon", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Run these programs at user logon", "ExplainText": "This policy setting specifies additional programs or documents that Windows starts automatically when a user logs on to the system.\n\nIf you enable this policy setting, you can specify which programs can run at the time the user logs on to this computer that has this policy applied.\n\nTo specify values for this policy setting, click Show. In the Show Contents dialog box in the Value column, type the name of the executable program (.exe) file or document file. To specify another name, press ENTER, and type the name. Unless the file is located in the %Systemroot% directory, you must specify the fully qualified path to the file.\n\nIf you disable or do not configure this policy setting, the user will have to start the appropriate programs after logon.\n\nNote: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the system starts the programs specified in the Computer Configuration setting just before it starts the programs specified in the User Configuration setting.\n\nAlso, see the \"\"Do not process the legacy run list\"\" and the \"\"Do not process the run once list\"\" settings.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies" ], "ValueName": "Explorer", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run" ] } ] }, { "File": "Logon.admx", "CategoryName": "Logon", "PolicyName": "Run_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsLogon", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Run these programs at user logon", "ExplainText": "This policy setting specifies additional programs or documents that Windows starts automatically when a user logs on to the system.\n\nIf you enable this policy setting, you can specify which programs can run at the time the user logs on to this computer that has this policy applied.\n\nTo specify values for this policy setting, click Show. In the Show Contents dialog box in the Value column, type the name of the executable program (.exe) file or document file. To specify another name, press ENTER, and type the name. Unless the file is located in the %Systemroot% directory, you must specify the fully qualified path to the file.\n\nIf you disable or do not configure this policy setting, the user will have to start the appropriate programs after logon.\n\nNote: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the system starts the programs specified in the Computer Configuration setting just before it starts the programs specified in the User Configuration setting.\n\nAlso, see the \"\"Do not process the legacy run list\"\" and the \"\"Do not process the run once list\"\" settings.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies" ], "ValueName": "Explorer", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run" ] } ] }, { "File": "Logon.admx", "CategoryName": "Logon", "PolicyName": "SyncForegroundPolicy", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsLogon", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Always wait for the network at computer startup and logon", "ExplainText": "This policy setting determines whether Group Policy processing is synchronous (that is, whether computers wait for the network to be fully initialized during computer startup and user logon). By default, on client computers, Group Policy processing is not synchronous; client computers typically do not wait for the network to be fully initialized at startup and logon. Existing users are logged on using cached credentials, which results in shorter logon times. Group Policy is applied in the background after the network becomes available.\n\nNote that because this is a background refresh, extensions such as Software Installation and Folder Redirection take two logons to apply changes. To be able to operate safely, these extensions require that no users be logged on. Therefore, they must be processed in the foreground before users are actively using the computer. In addition, changes that are made to the user object, such as adding a roaming profile path, home directory, or user object logon script, may take up to two logons to be detected.\n\nIf a user with a roaming profile, home directory, or user object logon script logs on to a computer, computers always wait for the network to be initialized before logging the user on. If a user has never logged on to this computer before, computers always wait for the network to be initialized.\n\nIf you enable this policy setting, computers wait for the network to be fully initialized before users are logged on. Group Policy is applied in the foreground, synchronously.\n\nOn servers running Windows Server 2008 or later, this policy setting is ignored during Group Policy processing at computer startup and Group Policy processing will be synchronous (these servers wait for the network to be initialized during computer startup).\n\nIf the server is configured as follows, this policy setting takes effect during Group Policy processing at user logon:\n\u2022 The server is configured as a terminal server (that is, the Terminal Server role service is installed and configured on the server); and\n\u2022 The \"Allow asynchronous user Group Policy processing when logging on through Terminal Services\" policy setting is enabled. This policy setting is located under Computer Configuration\\Policies\\Administrative templates\\System\\Group Policy\\.\n\nIf this configuration is not implemented on the server, this policy setting is ignored. In this case, Group Policy processing at user logon is synchronous (these servers wait for the network to be initialized during user logon).\n\nIf you disable or do not configure this policy setting and users log on to a client computer or a server running Windows Server 2008 or later and that is configured as described earlier, the computer typically does not wait for the network to be fully initialized. In this case, users are logged on with cached credentials. Group Policy is applied asynchronously in the background.\n\nNotes:\n-If you want to guarantee the application of Folder Redirection, Software Installation, or roaming user profile settings in just one logon, enable this policy setting to ensure that Windows waits for the network to be available before applying policy.\n-If Folder Redirection policy will apply during the next logon, security policies will be applied asynchronously during the next update cycle, if network connectivity is available.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon" ], "ValueName": "SyncForegroundPolicy", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Logon.admx", "CategoryName": "System", "PolicyName": "DisableStatusMessages", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsLogon", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Remove Boot / Shutdown / Logon / Logoff status messages", "ExplainText": "This policy setting suppresses system status messages.\n\nIf you enable this setting, the system does not display a message reminding users to wait while their system starts or shuts down, or while users log on or off.\n\nIf you disable or do not configure this policy setting, the system displays the message reminding users to wait while their system starts or shuts down, or while users log on or off.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "ValueName": "DisableStatusMessages", "Elements": [] }, { "File": "Logon.admx", "CategoryName": "System", "PolicyName": "NoWelcomeTips_1", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsLogon", "Supported": "Win2kOnly - Windows 2000 only", "DisplayName": "Do not display the Getting Started welcome screen at logon", "ExplainText": "This policy setting hides the welcome screen that is displayed on Windows 2000 Professional each time the user logs on.\n\nIf you enable this policy setting, the welcome screen is hidden from the user logging on to a computer where this policy is applied.\n\nUsers can still display the welcome screen by selecting it on the Start menu or by typing \"\"Welcome\"\" in the Run dialog box.\n\nIf you disable or do not configure this policy, the welcome screen is displayed each time a user logs on to the computer.\n\nThis setting applies only to Windows 2000 Professional. It does not affect the \"\"Configure Your Server on a Windows 2000 Server\"\" screen on Windows 2000 Server.\n\nNote: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.\n\nTip: To display the welcome screen, click Start, point to Programs, point to Accessories, point to System Tools, and then click \"\"Getting Started.\"\" To suppress the welcome screen without specifying a setting, clear the \"\"Show this screen at startup\"\" check box on the welcome screen.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoWelcomeScreen", "Elements": [] }, { "File": "Logon.admx", "CategoryName": "System", "PolicyName": "VerboseStatus", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsLogon", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Display highly detailed status messages", "ExplainText": "This policy setting directs the system to display highly detailed status messages.\n\nThis policy setting is designed for advanced users who require this information.\n\nIf you enable this policy setting, the system displays status messages that reflect each step in the process of starting, shutting down, logging on, or logging off the system.\n\nIf you disable or do not configure this policy setting, only the default status messages are displayed to the user during these processes.\n\nNote: This policy setting is ignored if the \"\"Remove Boot/Shutdown/Logon/Logoff status messages\"\" policy setting is enabled.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "ValueName": "VerboseStatus", "Elements": [] }, { "File": "Logon.admx", "CategoryName": "Logon", "PolicyName": "HideFastUserSwitching", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsLogon", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Hide entry points for Fast User Switching", "ExplainText": "This policy setting allows you to hide the Switch User interface in the Logon UI, the Start menu and the Task Manager.\n\nIf you enable this policy setting, the Switch User interface is hidden from the user who is attempting to log on or is logged on to the computer that has this policy applied.\n\nThe locations that Switch User interface appear are in the Logon UI, the Start menu and the Task Manager.\n\nIf you disable or do not configure this policy setting, the Switch User interface is accessible to the user in the three locations.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "ValueName": "HideFastUserSwitching", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Logon.admx", "CategoryName": "Logon", "PolicyName": "DisableStartupSound", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsLogon", "Supported": "WindowsVistaTo7 - Windows operating systems from Windows Vista through Windows 7", "DisplayName": "Turn off Windows Startup sound", "ExplainText": "This policy is not available in this version of Windows.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "ValueName": "DisableStartupSound", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Logon.admx", "CategoryName": "Logon", "PolicyName": "EnableFirstLogonAnimation", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsLogon", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Show first sign-in animation", "ExplainText": "This policy setting allows you to control whether users see the first sign-in animation when signing in to the computer for the first time. This applies to both the first user of the computer who completes the initial setup and users who are added to the computer later. It also controls if Microsoft account users will be offered the opt-in prompt for services during their first sign-in.\n\nIf you enable this policy setting, Microsoft account users will see the opt-in prompt for services, and users with other accounts will see the sign-in animation.\n\nIf you disable this policy setting, users will not see the animation and Microsoft account users will not see the opt-in prompt for services.\n\nIf you do not configure this policy setting, the user who completes the initial Windows setup will see the animation during their first sign-in. If the first user had already completed the initial setup and this policy setting is not configured, users new to this computer will not see the animation.\n\nNote: The first sign-in animation will not be shown on Server, so this policy will have no effect.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "ValueName": "EnableFirstLogonAnimation", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Logon.admx", "CategoryName": "Logon", "PolicyName": "UseOEMBackground", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsLogon", "Supported": "Windows7Only - Windows Server 2008 R2 and Windows 7", "DisplayName": "Always use custom logon background", "ExplainText": "This policy setting ignores Windows Logon Background.\n\nThis policy setting may be used to make Windows give preference to a custom logon background.\n\nIf you enable this policy setting, the logon screen always attempts to load a custom background instead of the Windows-branded logon background.\n\nIf you disable or do not configure this policy setting, Windows uses the default Windows logon background or custom background.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "UseOEMBackground", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Logon.admx", "CategoryName": "Logon", "PolicyName": "DontDisplayNetworkSelectionUI", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsLogon", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Do not display network selection UI", "ExplainText": "This policy setting allows you to control whether anyone can interact with available networks UI on the logon screen.\n\nIf you enable this policy setting, the PC's network connectivity state cannot be changed without signing into Windows.\n\nIf you disable or don't configure this policy setting, any user can disconnect the PC from the network or can connect the PC to other available networks without signing into Windows.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "DontDisplayNetworkSelectionUI", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Logon.admx", "CategoryName": "Logon", "PolicyName": "DontEnumerateConnectedUsers", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsLogon", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Do not enumerate connected users on domain-joined computers", "ExplainText": "This policy setting prevents connected users from being enumerated on domain-joined computers.\n\nIf you enable this policy setting, the Logon UI will not enumerate any connected users on domain-joined computers.\n\nIf you disable or do not configure this policy setting, connected users will be enumerated on domain-joined computers.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "DontEnumerateConnectedUsers", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Logon.admx", "CategoryName": "Logon", "PolicyName": "EnumerateLocalUsers", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsLogon", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Enumerate local users on domain-joined computers", "ExplainText": "This policy setting allows local users to be enumerated on domain-joined computers.\n\nIf you enable this policy setting, Logon UI will enumerate all local users on domain-joined computers.\n\nIf you disable or do not configure this policy setting, the Logon UI will not enumerate local users on domain-joined computers.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "EnumerateLocalUsers", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Logon.admx", "CategoryName": "Logon", "PolicyName": "BlockUserFromShowingAccountDetailsOnSignin", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsLogon", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Block user from showing account details on sign-in", "ExplainText": "This policy prevents the user from showing account details (email address or user name) on the sign-in screen.\n\nIf you enable this policy setting, the user cannot choose to show account details on the sign-in screen.\n\nIf you disable or do not configure this policy setting, the user may choose to show account details on the sign-in screen.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "BlockUserFromShowingAccountDetailsOnSignin", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Logon.admx", "CategoryName": "Logon", "PolicyName": "DisableLockScreenAppNotifications", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsLogon", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Turn off app notifications on the lock screen", "ExplainText": "This policy setting allows you to prevent app notifications from appearing on the lock screen.\n\nIf you enable this policy setting, no app notifications are displayed on the lock screen.\n\nIf you disable or do not configure this policy setting, users can choose which apps display notifications on the lock screen.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "DisableLockScreenAppNotifications", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Logon.admx", "CategoryName": "Logon", "PolicyName": "DisableAcrylicBackgroundOnLogon", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsLogon", "Supported": "Windows_10_0_RS6 - At least Windows Server 2016, Windows 10 Version 1903", "DisplayName": "Show clear logon background", "ExplainText": "This policy setting disables the acrylic blur effect on logon background image.\n\nIf you enable this policy, the logon background image shows without blur.\nIf you disable or do not configure this policy, the logon background image adopts the acrylic blur effect.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "DisableAcrylicBackgroundOnLogon", "Elements": [] }, { "File": "MDM.admx", "CategoryName": "MDM", "PolicyName": "MDM_MDM_DisplayName", "Class": "Machine", "NameSpace": "Microsoft.Policies.MDM", "Supported": "Windows_10_0_NOSERVER - At least Windows 10", "DisplayName": "Disable MDM Enrollment", "ExplainText": "This policy setting specifies whether Mobile Device Management (MDM) Enrollment is allowed. When MDM is enabled, it allows the user to have the computer remotely managed by a MDM Server.\n\nIf you do not configure this policy setting, MDM Enrollment will be enabled.\n\nIf you enable this policy setting, MDM Enrollment will be disabled for all users. It will not unenroll existing MDM enrollments.\n\nIf you disable this policy setting, MDM Enrollment will be enabled for all users.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\MDM" ], "ValueName": "DisableRegistration", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MDM.admx", "CategoryName": "MDM", "PolicyName": "MDM_JoinMDM_DisplayName", "Class": "Machine", "NameSpace": "Microsoft.Policies.MDM", "Supported": "Windows_10_0_NOSERVER - At least Windows 10", "DisplayName": "Enable automatic MDM enrollment using default Azure AD credentials", "ExplainText": "This policy setting specifies whether to automatically enroll the device to the Mobile Device Management (MDM) service configured in Azure Active Directory (Azure AD). If the enrollment is successful, the device will remotely managed by the MDM service.\n\nImportant: The device must be registered in Azure AD for enrollment to succeed.\n\nIf you do not configure this policy setting, automatic MDM enrollment will not be initiated.\n\nIf you enable this policy setting, a task is created to initiate enrollment of the device to MDM service specified in the Azure AD.\n\nIf you disable this policy setting, MDM will be unenrolled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\MDM" ], "ClientExtension": "{7909AD9E-09EE-4247-BAB9-7029D5F0A278}", "ValueName": "AutoEnrollMDM", "Elements": [ { "Type": "Enum", "ValueName": "UseAADCredentialType", "Items": [ { "DisplayName": "User Credential", "Data": "1" }, { "DisplayName": "Device Credential", "Data": "2" } ] }, { "Type": "Text", "ValueName": "MDMApplicationId", "Required": false, "MaxLength": "255" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "messaging.admx", "CategoryName": "Messaging_Category", "PolicyName": "AllowMessageSync", "Class": "Machine", "NameSpace": "Microsoft.Policies.Messaging", "Supported": "Windows_10_0_RS3 - At least Windows Server 2016, Windows 10 Version 1709", "DisplayName": "Allow Message Service Cloud Sync", "ExplainText": "This policy setting allows backup and restore of cellular text messages to Microsoft's cloud services.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Messaging" ], "ValueName": "AllowMessageSync", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "AllowAddressBarDropdown", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_WIN10V1703 - Microsoft Edge on Windows 10, Version 1703 or later", "DisplayName": "Allow Address bar drop-down list suggestions", "ExplainText": "This policy setting lets you decide whether the Address bar drop-down functionality is available in Microsoft Edge. We recommend disabling this setting if you want to minimize network connections from Microsoft Edge to Microsoft services.\n\nNote: Disabling this setting turns off the Address bar drop-down functionality. Therefore, because search suggestions are shown in the drop-down, this setting takes precedence over the \"Configure search suggestions in Address bar\" setting.\n\nIf you enable or don't configure this setting, employees can see the Address bar drop-down functionality in Microsoft Edge.\n\nIf you disable this setting, employees won't see the Address bar drop-down functionality in Microsoft Edge. This setting also disables the user-defined setting, \"Show search and site suggestions as I type\".", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\ServiceUI", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\ServiceUI" ], "ValueName": "ShowOneBox", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "AllowAutofill", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_WIN10 - Microsoft Edge on Windows 10 or later", "DisplayName": "Configure Autofill", "ExplainText": "This policy setting lets you decide whether employees can use Autofill to automatically fill in form fields while using Microsoft Edge. By default, employees can choose whether to use Autofill.\n\nIf you enable this setting, employees can use Autofill to automatically fill in forms while using Microsoft Edge.\n\nIf you disable this setting, employees can't use Autofill to automatically fill in forms while using Microsoft Edge.\n\nIf you don't configure this setting, employees can choose whether to use Autofill to automatically fill in forms while using Microsoft Edge.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main" ], "ValueName": "Use FormSuggest", "Elements": [ { "Type": "EnabledValue", "Data": "yes" }, { "Type": "DisabledValue", "Data": "no" } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "AllowConfigurationUpdateForBooksLibrary", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_RS4 - Microsoft Edge on Windows 10, Version 1803 or later", "DisplayName": "Allow configuration updates for the Books Library", "ExplainText": "This policy setting lets you decide whether Microsoft Edge can automatically update the configuration data for the Books Library.\n\nIf you enable (default) or don't configure this setting, Microsoft Edge automatically updates the configuration data for the Books Library.\n\nIf you disable this setting, Microsoft Edge won't automatically download updated configuration data for the Books Library.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\BooksLibrary", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\BooksLibrary" ], "ValueName": "AllowConfigurationUpdateForBooksLibrary", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "AllowDeveloperTools", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_WIN10V1511 - Microsoft Edge on Windows 10, Version 1511 or later", "DisplayName": "Allow Developer Tools", "ExplainText": "This policy setting lets you decide whether F12 Developer Tools are available on Microsoft Edge.\n\nIf you enable or don't configure this setting, the F12 Developer Tools are available in Microsoft Edge.\n\nIf you disable this setting, the F12 Developer Tools aren't available in Microsoft Edge.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\F12", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\F12" ], "ValueName": "AllowDeveloperTools", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "AllowDoNotTrack", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_WIN10 - Microsoft Edge on Windows 10 or later", "DisplayName": "Configure Do Not Track", "ExplainText": "This policy setting lets you decide whether employees can send Do Not Track requests to websites that ask for tracking info. By default, Do Not Track requests aren't sent, but employees can choose to turn on and send requests.\n\nIf you enable this setting, Do Not Tracker requests are always sent to websites asking for tracking info.\n\nIf you disable this setting, Do Not Track requests are never sent to websites asking for tracking info.\n\nIf you don't configure this setting, employees can choose whether to send Do Not Track requests to websites asking for tracking info.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main" ], "ValueName": "DoNotTrack", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "AllowExtensions", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_WIN10V1607 - Microsoft Edge on Windows 10, Version 1607 or later", "DisplayName": "Allow Extensions", "ExplainText": "This setting lets you decide whether employees can load extensions in Microsoft Edge.\n\nIf you enable or don't configure this setting, employees can use Microsoft Edge Extensions.\n\nIf you disable this setting, employees can't use Microsoft Edge Extensions.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Extensions", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Extensions" ], "ValueName": "ExtensionsEnabled", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "AllowSideloadingOfExtensions", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_RS5 - Microsoft Edge on Windows 10, Version 1809 or later", "DisplayName": "Allow Sideloading of extension", "ExplainText": "Sideloading installs and runs unverified extensions in Microsoft Edge. With this policy, you can specify whether unverified extensions can be sideloaded in Microsoft Edge.\n\nIf enabled or not configured, sideloading of unverified extensions in Microsoft Edge is allowed.\n\nIf disabled, sideloading of unverified extensions in Microsoft Edge is not allowed. Extensions can be installed only through Microsoft store (including a store for business), enterprise storefront (such as Company Portal) or PowerShell (using Add-AppxPackage). When disabled, this policy does not prevent sideloading of extensions using Add-AppxPackage via PowerShell. To prevent this, in Group Policy Editor, enable Allows development of Windows Store apps and installing them from an integrated development environment (IDE), which is located at:\n\nComputer Configuration > Administrative Templates > Windows Components > App Package Deployment\n\nSupported versions: Microsoft Edge on Windows 10, version 1809\nDefault setting: Disabled or not configured\nRelated policies:\n- Allows development of Windows Store apps and installing them from an integrated development environment (IDE)\n- Allow all trusted apps to install\u200b", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Extensions", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Extensions" ], "ValueName": "AllowSideloadingOfExtensions", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "AllowFullScreenMode", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_WIN10 - Microsoft Edge on Windows 10 or later", "DisplayName": "Allow FullScreen Mode", "ExplainText": "With this policy, you can specify whether to allow full-screen mode, which shows only the web content and hides the Microsoft Edge UI.\n\nIf enabled or not configured, full-screen mode is available for use in Microsoft Edge. Your users and extensions must have the proper permissions.\n\nIf disabled, full-screen mode is unavailable for use in Microsoft Edge.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main" ], "ValueName": "AllowFullScreenMode", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "AllowInPrivate", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_WIN10V1511 - Microsoft Edge on Windows 10, Version 1511 or later", "DisplayName": "Allow InPrivate browsing", "ExplainText": "This policy setting lets you decide whether employees can browse using InPrivate website browsing.\n\nIf you enable or don't configure this setting, employees can use InPrivate website browsing.\n\nIf you disable this setting, employees can't use InPrivate website browsing.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main" ], "ValueName": "AllowInPrivate", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "AllowPasswordManager", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_WIN10 - Microsoft Edge on Windows 10 or later", "DisplayName": "Configure Password Manager", "ExplainText": "This policy setting lets you decide whether employees can save their passwords locally, using Password Manager. By default, Password Manager is turned on.\n\nIf you enable this setting, employees can use Password Manager to save their passwords locally.\n\nIf you disable this setting, employees can't use Password Manager to save their passwords locally.\n\nIf you don't configure this setting, employees can choose whether to use Password Manager to save their passwords locally.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main" ], "ValueName": "FormSuggest Passwords", "Elements": [ { "Type": "EnabledValue", "Data": "yes" }, { "Type": "DisabledValue", "Data": "no" } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "AllowPopups", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_WIN10 - Microsoft Edge on Windows 10 or later", "DisplayName": "Configure Pop-up Blocker", "ExplainText": "This policy setting lets you decide whether to turn on Pop-up Blocker. By default, Pop-up Blocker is turned on..\n\nIf you enable this setting, Pop-up Blocker is turned on, stopping pop-up windows from appearing.\n\nIf you disable this setting, Pop-up Blocker is turned off, letting pop-ups windows appear.\n\nIf you don't configure this setting, employees can choose whether to use Pop-up Blocker.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main" ], "ValueName": "AllowPopups", "Elements": [ { "Type": "EnabledValue", "Data": "yes" }, { "Type": "DisabledValue", "Data": "no" } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "AllowPrinting", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_RS5 - Microsoft Edge on Windows 10, Version 1809 or later", "DisplayName": "Allow printing", "ExplainText": "With this policy, you can restrict whether printing web content in Microsoft Edge is allowed.\n\nIf enabled, printing is allowed.\n\nIf disabled, printing is not allowed.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main" ], "ValueName": "AllowPrinting", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "AllowMixedModePrintingInPdf", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_RS5 - Microsoft Edge on Windows 10, Version 1809 or later", "DisplayName": "For PDF files that have both landscape and portrait pages, print each in its own orientation.", "ExplainText": "With this policy, you can print PDF files based on per page orientation in Microsoft Edge.\n\nIf enabled, mixed mode printing is allowed.\n\nIf disabled, mixed mode printing is not allowed.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main" ], "ValueName": "AllowMixedModePrintingInPDF", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "AllowSavingHistory", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_RS5 - Microsoft Edge on Windows 10, Version 1809 or later", "DisplayName": "Allow Saving History", "ExplainText": "Microsoft Edge saves your user's browsing history, which is made up of info about the websites they visit, on their devices.\n\nIf enabled or not configured, the browsing history is saved and visible in the History pane.\n\nIf disabled, the browsing history stops saving and is not visible in the History pane. If browsing history exists before this policy was disabled, the previous browsing history remains visible in the History pane. This policy, when disabled, does not stop roaming of existing history or history coming from other roamed devices.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main" ], "ValueName": "AllowSavingHistory", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "AllowSearchEngineCustomization", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_WIN10V1703 - Microsoft Edge on Windows 10, Version 1703 or later", "DisplayName": "Allow search engine customization", "ExplainText": "This policy setting lets you decide whether users can change their search engine. If you disable this setting, users can't add new search engines or change the default used in the address bar.\n\nImportant\nThis setting can only be used with domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy).\n\nIf you enable or don't configure this policy, users can add new search engines and change the default used in the address bar from within Microsoft Edge Settings.\n\nIf you disable this setting, users can't add search engines or change the default used in the address bar.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy" ], "ValueName": "AllowSearchEngineCustomization", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "AllowSearchSuggestionsinAddressBar", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_WIN10 - Microsoft Edge on Windows 10 or later", "DisplayName": "Configure search suggestions in Address bar", "ExplainText": "This policy setting lets you decide whether search suggestions appear in the Address bar of Microsoft Edge. By default, employees can choose whether search suggestions appear in the Address bar of Microsoft Edge.\n\nIf you enable this setting, employees can see search suggestions in the Address bar of Microsoft Edge.\n\nIf you disable this setting, employees can't see search suggestions in the Address bar of Microsoft Edge.\n\nIf you don't configure this setting, employees can choose whether search suggestions appear in the Address bar of Microsoft Edge.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\SearchScopes", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\SearchScopes" ], "ValueName": "ShowSearchSuggestionsGlobal", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "AllowSmartScreen", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_WIN10 - Microsoft Edge on Windows 10 or later", "DisplayName": "Configure Windows Defender SmartScreen", "ExplainText": "This policy setting lets you configure whether to turn on Windows Defender SmartScreen. Windows Defender SmartScreen provides warning messages to help protect your employees from potential phishing scams and malicious software. By default, Windows Defender SmartScreen is turned on.\n\nIf you enable this setting, Windows Defender SmartScreen is turned on and employees can't turn it off.\n\nIf you disable this setting, Windows Defender SmartScreen is turned off and employees can't turn it on.\n\nIf you don't configure this setting, employees can choose whether to use Windows Defender SmartScreen.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\PhishingFilter", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\PhishingFilter" ], "ValueName": "EnabledV9", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "AllowWebContentOnNewTabPage", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_WIN10 - Microsoft Edge on Windows 10 or later", "DisplayName": "Allow web content on New Tab page", "ExplainText": "This policy setting lets you configure what appears when Microsoft Edge opens a new tab. By default, Microsoft Edge opens the New Tab page.\n\nIf you enable this setting, Microsoft Edge opens a new tab with the New Tab page.\n\nIf you disable this setting, Microsoft Edge opens a new tab with a blank page. If you use this setting, employees can't change it.\n\nIf you don't configure this setting, employees can choose how new tabs appears.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\ServiceUI", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\ServiceUI" ], "ValueName": "AllowWebContentOnNewTabPage", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "AlwaysEnableBooksLibrary", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_RS3 - Microsoft Edge on Windows 10, Version 1708 or later", "DisplayName": "Always show the Books Library in Microsoft Edge", "ExplainText": "This policy setting helps you to decide whether to make the Books tab visible, regardless of a device's country or region setting, as configured in the Country or region area of Windows settings.\n\nIf you enable this setting, Microsoft Edge shows the Books Library, regardless of the device's country or region.\n\nIf you disable or don't configure this setting, Microsoft Edge shows the Books Library only in countries or regions where it's supported.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main" ], "ValueName": "AlwaysEnableBooksLibrary", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "ConfigureFavoritesBar", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_RS5 - Microsoft Edge on Windows 10, Version 1809 or later", "DisplayName": "Configure Favorites Bar", "ExplainText": "The favorites bar shows your user's links to sites they have added to it. With this policy, you can specify whether to set the favorites bar to always be visible or hidden on any page.\n\nIf enabled, favorites bar is always visible on any page, and the favorites bar toggle in Settings sets to On, but disabled preventing your users from making changes. An error message also shows at the top of the Settings pane indicating that your organization manages some settings. The show bar/hide bar option is hidden from the context menu.\n\nIf disabled, the favorites bar is hidden, and the favorites bar toggle resets to Off, but disabled preventing your users from making changes. An error message also shows at the top of the Settings pane indicating that your organization manages some settings.\n\nIf not configured, the favorites bar is hidden but is visible on the Start and New Tab pages, and the favorites bar toggle in Settings sets to Off but is enabled allowing the user to make changes.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main" ], "ValueName": "ConfigureFavoritesBar", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "DataCollectionAndPreviewBuilds", "PolicyName": "ConfigureTelemetryForMicrosoft365Analytics", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_RS4 - Microsoft Edge on Windows 10, Version 1803 or later", "DisplayName": "Configure collection of browsing data for Desktop Analytics", "ExplainText": "You can configure Microsoft Edge to send intranet history only, internet history only, or both to Desktop Analytics for enterprise devices with a configured Commercial ID. If disabled or not configured, Microsoft Edge does not send browsing history data to Desktop Analytics.\n\nSupported versions: Microsoft Edge on Windows 10, version 1809\nDefault setting: Disabled or not configured (no data collected or sent)", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\DataCollection", "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\DataCollection" ], "Elements": [ { "Type": "Enum", "ValueName": "MicrosoftEdgeDataOptIn", "Items": [ { "DisplayName": "Do not allow sending intranet or internet history", "Data": "0" }, { "DisplayName": "Allow sending intranet history only", "Data": "1" }, { "DisplayName": "Allow sending internet history only", "Data": "2" }, { "DisplayName": "Allow sending both intranet and internet history", "Data": "3" } ], "Required": true } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "Cookies", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_WIN10 - Microsoft Edge on Windows 10 or later", "DisplayName": "Configure cookies", "ExplainText": "This setting lets you configure how to work with cookies.\n\nIf you enable this setting, you must also decide whether to:\nAllow all cookies (default): Allows all cookies from all websites.\nBlock all cookies: Blocks all cookies from all websites.\nBlock only 3rd-party cookies: Blocks only cookies from 3rd-party websites.\n\nIf you disable or don't configure this setting, all cookies are allowed from all sites.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main" ], "Elements": [ { "Type": "Enum", "ValueName": "Cookies", "Items": [ { "DisplayName": "Block all cookies", "Data": "0" }, { "DisplayName": "Block only 3rd-party cookies", "Data": "1" }, { "DisplayName": "Allow all cookies (default)", "Data": "2" } ], "Required": true } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "SetDefaultSearchEngine", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_WIN10V1703 - Microsoft Edge on Windows 10, Version 1703 or later", "DisplayName": "Set default search engine", "ExplainText": "This policy setting lets you configure the default search engine for your employees. Your employees can change the default search engine at any time.\n\nImportant\nThis setting can only be used with domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy).\n\nIf you enable this setting, you can choose a default search engine for your employees. If this setting is enabled, you must also add the default engine to the \"Set default search engine\" setting, by adding a link to your OpenSearch XML file, including at least the short name and https: URL of the search engine. For more info about creating the OpenSearch XML file, see the Understanding OpenSearch Standards (https://msdn.microsoft.com/en-us/library/dd163546.aspx) topic. Use this format to specify the link you wish to add: \n\nNote\nIf you'd like your employees to use the default Microsoft Edge settings for each market, you can set the string to EDGEDEFAULT. If you'd like your employees to use Microsoft Bing as the default search engine, you can set the string to EDGEBING.\n\nEmployees can change the default search engine at any time, unless you disable the \"Allow search engine customization\" setting, which restricts any changes.\n\nIf you disable this setting, the policy-set default search engine is removed. If this is also the current in-use default, the engine changes to the Microsoft Edge specified engine for the market.\n\nIf you don't configure this setting, the default search engine is set to the one specified in App settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\OpenSearch", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\OpenSearch" ], "Elements": [ { "Type": "Text", "ValueName": "SetDefaultSearchEngine", "Required": true } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "ConfigureAdditionalSearchEngines", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_WIN10V1703 - Microsoft Edge on Windows 10, Version 1703 or later", "DisplayName": "Configure additional search engines", "ExplainText": "This policy setting lets you add up to 5 additional search engines, which can't be removed by your employees, but can be made a personal default engine. This setting doesn't set the default search engine. For that, you must use the \"Set default search engine\" setting.\n\nImportant\nThis setting can only be used with domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy).\n\nIf you enable this setting, you can add up to 5 additional search engines. For each additional engine, you must also add a link to your OpenSearch XML file, including at least the short name and https: URL of the search engine. For more info about creating the OpenSearch XML file, see the Understanding OpenSearch Standards (https://msdn.microsoft.com/en-us/library/dd163546.aspx) topic. Use this format to specify the link(s) you wish to add: \n\nIf you disable this setting, any added search engines are removed from your employee's devices.\n\nIf you don't configure this setting, the search engine list is set to what is specified in App settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\OpenSearch", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\OpenSearch" ], "Elements": [ { "Type": "Text", "ValueName": "ConfigureAdditionalSearchEngines", "Required": true } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "ConfiguredFavorites", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_WIN10RS3RELEASE - Microsoft Edge on Windows 10, Version 1709 or later", "DisplayName": "Provision Favorites", "ExplainText": "This policy setting allows you to configure a default set of favorites, which will appear for employees. Employees cannot modify, sort, move, export or delete these provisioned favorites.\n\nIf you enable this setting, you can set favorite URL's and favorite folders to appear on top of users' favorites list (either in the Hub or Favorites Bar). The user favorites will appear after these provisioned favorites.\n\nImportant\nDon't enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge.\n\nIf you disable or don't configure this setting, employees will see the favorites they set in the Hub and Favorites Bar.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Favorites", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Favorites" ], "Elements": [ { "Type": "Text", "ValueName": "ConfiguredFavorites" } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "ConfigureHomeButton", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_RS5 - Microsoft Edge on Windows 10, Version 1809 or later", "DisplayName": "Configure Home Button", "ExplainText": "The Home button loads either the default Start page, the New tab page, or a URL defined in the Set Home Button URL policy.\n\nBy default, this policy is disabled or not configured and clicking the home button loads the default Start page.\n\nWhen enabled, the home button is locked down preventing your users from making changes in Microsoft Edge's UI settings. To let your users change the Microsoft Edge UI settings, enable the Unlock Home Button policy.\n\nIf Enabled AND:\n- Show home button & set to Start page is selected, clicking the home button loads the Start page.\n- Show home button & set to New tab page is selected, clicking the home button loads a New tab page.\n- Show home button & set a specific page is selected, clicking the home button loads the URL specified in the Set Home Button URL policy.\n- Hide home button is selected, the home button is hidden in Microsoft Edge.\n\nDefault setting: Disabled or not configured\nRelated policies:\n- Set Home Button URL\n- Unlock Home Button", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Internet Settings", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Internet Settings" ], "Elements": [ { "Type": "Enum", "ValueName": "ConfigureHomeButton", "Items": [ { "DisplayName": "Show home button & set to Start page", "Data": "0" }, { "DisplayName": "Show home button & set to New tab page", "Data": "1" }, { "DisplayName": "Show home button & set a specific page", "Data": "2" }, { "DisplayName": "Hide home button", "Data": "3" } ], "Required": true } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "ConfigureOpenEdgeWith", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_RS5 - Microsoft Edge on Windows 10, Version 1809 or later", "DisplayName": "Configure Open Microsoft Edge With", "ExplainText": "You can configure Microsoft Edge to lock down the Start page, preventing users from changing or customizing it.\n\nIf enabled, you can choose one of the following options:\n- Start page: the Start page loads ignoring the Configure Start Pages policy.\n- New tab page: the New tab page loads ignoring the Configure Start Pages policy.\n- Previous pages: all tabs the user had open when Microsoft Edge last closed loads ignoring the Configure Start Pages policy.\n- A specific page or pages: the URL(s) specified with Configure Start Pages policy load(s). If selected, you must specify at least one URL in Configure Start Pages; otherwise, this policy is ignored.\n\nWhen enabled, and you want to make changes, you must first set the Disable Lockdown of Start Pages to not configured, make the changes to the Configure Open Microsoft Edge With policy, and then enable the Disable Lockdown of Start Pages policy.\n\nIf disabled or not configured, and you enable the Disable Lockdown of Start Pages policy, your users can change or customize the Start page.\n\nDefault setting: A specific page or pages (default)\nRelated policies:\n-Disable Lockdown of Start Pages\n-Configure Start Pages", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Internet Settings", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Internet Settings" ], "Elements": [ { "Type": "Enum", "ValueName": "ConfigureOpenMicrosoftEdgeWith", "Items": [ { "DisplayName": "Start page", "Data": "0" }, { "DisplayName": "New tab page", "Data": "1" }, { "DisplayName": "Previous pages", "Data": "2" }, { "DisplayName": "A specific page or pages (default)", "Data": "3" } ], "Required": true } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "EnableExtendedBooksTelemetry", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_RS4 - Microsoft Edge on Windows 10, Version 1803 or later", "DisplayName": "Allow extended telemetry for the Books tab", "ExplainText": "This policy setting lets you decide how much data to send to Microsoft about the book you're reading from the Books tab in Microsoft Edge.\n\nIf you enable this setting, Microsoft Edge sends additional telemetry data, on top of the basic telemetry data, from the Books tab.\n\nIf you disable or don't configure this setting, Microsoft Edge only sends basic telemetry data, depending on your device configuration.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\BooksLibrary", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\BooksLibrary" ], "ValueName": "EnableExtendedBooksTelemetry", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "EnterpriseModeSiteList", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_WIN10 - Microsoft Edge on Windows 10 or later", "DisplayName": "Configure the Enterprise Mode Site List", "ExplainText": "This policy setting lets you configure whether to use Enterprise Mode and the Enterprise Mode Site List to address common compatibility problems with legacy apps.\n\nIf you enable this setting, Microsoft Edge looks for the Enterprise Mode Site List XML file. This file includes the sites and domains that need to be viewed using Internet Explorer 11 and Enterprise Mode.\n\nIf you disable or don't configure this setting, Microsoft Edge won't use the Enterprise Mode Site List XML file. In this case, employees might experience compatibility problems while using legacy apps.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main\\EnterpriseMode", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main\\EnterpriseMode" ], "Elements": [ { "Type": "Text", "ValueName": "SiteList", "Required": true } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "PreventTurningOffRequiredExtensions", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_RS5 - Microsoft Edge on Windows 10, Version 1809 or later", "DisplayName": "Prevent turning off required extensions", "ExplainText": "You can define a list of extensions in Microsoft Edge that users cannot turn off. You must deploy extensions through any available enterprise deployment channel, such as Microsoft Intune. When you enable this policy, users cannot uninstall extensions from their computer, but they can configure options for extensions defined in this policy, such as allow for InPrivate browsing. Any additional permissions requested by future updates of the extension gets granted automatically.\n\nWhen you enable this policy, you must provide a semi-colon delimited list of extension package family names (PFNs). For example, adding Microsoft.OneNoteWebClipper_8wekyb3d8bbwe;Microsoft.OfficeOnline_8wekyb3d8bbwe prevents a user from turning off the OneNote Web Clipper and Office Online extension.\n\nWhen enabled, removing extensions from the list does not uninstall the extension from the user\u2019s computer automatically. To uninstall the extension, use any available enterprise deployment channel.\n\nIf you enable the Allow Developer Tools policy, then this policy does not prevent users from debugging and altering the logic on an extension.\n\nIf disabled or not configured, extensions defined as part of this policy get ignored.\n\nDefault setting: Disabled or not configured\nRelated policies: Allow Developer Tools\nRelated Documents:\n- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/en-us/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn)\n- How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/en-us/intune/windows-store-for-business)\n- How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/en-us/intune/apps-deploy)\n- Manage apps from the Microsoft Store for Business with System Center Configuration Manager (https://docs.microsoft.com/en-us/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business)\n- How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/en-us/intune/lob-apps-windows)", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Extensions", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Extensions" ], "Elements": [ { "Type": "Text", "ValueName": "PreventTurningOffRequiredExtensions", "Required": true, "MaxLength": "2048" } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "HideLocalHostIPAddress", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_WIN10V1511 - Microsoft Edge on Windows 10, Version 1511 or later", "DisplayName": "Prevent using Localhost IP address for WebRTC", "ExplainText": "This policy setting lets you decide whether an employee's LocalHost IP address shows while making calls using the WebRTC protocol.\n\nIf you enable this setting, LocalHost IP addresses are hidden while making calls using the WebRTC protocol.\n\nIf you disable or don't configure this setting, LocalHost IP addresses are shown while making calls using the WebRTC protocol.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main" ], "ValueName": "HideLocalHostIP", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "HomePages", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_WIN10V1511 - Microsoft Edge on Windows 10, Version 1511 or later", "DisplayName": "Configure Start pages", "ExplainText": "When you enable the Configure Open Microsoft Edge With policy, you can configure one or more Start pages. When you enable this policy, users are not allowed to make changes to their Start pages.\n\nIf enabled, you must include URLs to the pages, separating multiple pages using angle brackets in the following format:\n\n\n\nIf disabled or not configured, the webpages specified in App settings loads as the default Start pages.\n\nVersion 1703 or later:\nIf you do not want to send traffic to Microsoft, enable this policy and use the value, which honors domain- and non-domain-joined devices, when it is the only configured URL.\n\nVersion 1809:\nIf enabled, and you select either Start page, New Tab page, or previous page in the Configure Open Microsoft Edge With policy, Microsoft Edge ignores the Configure Start Pages policy. If not configured or you set the Configure Open Microsoft Edge With policy to a specific page or pages, Microsoft Edge uses the Configure Start Pages policy.\n\nSupported devices: Domain-joined or MDM-enrolled\nRelated policy:\n- Configure Open Microsoft Edge With\n- Disable Lockdown of Start Pages", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Internet Settings", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Internet Settings" ], "Elements": [ { "Type": "Text", "ValueName": "ProvisionedHomePages", "Required": true } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "DisableLockdownOfStartPages", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_WIN10V1703 - Microsoft Edge on Windows 10, Version 1703 or later", "DisplayName": "Disable lockdown of Start pages", "ExplainText": "You can configure Microsoft Edge to disable the lockdown of Start pages allowing users to change or customize their start pages. To do this, you must also enable the Configure Start Pages or Configure Open Microsoft With policy. When enabled, all configured start pages are editable. Any Start page configured using the Configure Start pages policy is not locked down allowing users to edit their Start pages.\n\nIf disabled or not configured, the Start pages configured in the Configure Start Pages policy cannot be changed and remain locked down.\n\nSupported devices: Domain-joined or MDM-enrolled\nRelated policy:\n- Configure Start Pages\n- Configure Open Microsoft Edge With", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Internet Settings", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Internet Settings" ], "ValueName": "DisableLockdownOfStartPages", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "LockdownFavorites", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_WIN10RS3RELEASE - Microsoft Edge on Windows 10, Version 1709 or later", "DisplayName": "Prevent changes to Favorites on Microsoft Edge", "ExplainText": "This policy setting lets you decide whether employees can add, import, sort, or edit the Favorites list on Microsoft Edge.\n\nIf you enable this setting, employees won't be able to add, import, or change anything in the Favorites list. Also as part of this, Save a Favorite, Import settings, and the context menu items (such as, Create a new folder) are all turned off.\n\nImportant\nDon't enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge.\n\nIf you disable or don't configure this setting (default), employees can add, import and make changes to the Favorites list.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Favorites", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Favorites" ], "ValueName": "LockdownFavorites", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "PreventCertErrorOverrides", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_RS5 - Microsoft Edge on Windows 10, Version 1809 or later", "DisplayName": "Prevent certificate error overrides", "ExplainText": "Web security certificates are used to ensure a site your users go to is legitimate, and in some circumstances encrypts the data. With this policy, you can specify whether to prevent users from bypassing the security warning to sites that have SSL errors.\n\nIf enabled, overriding certificate errors are not allowed.\n\nIf disabled or not configured, overriding certificate errors are allowed.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Internet Settings", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Internet Settings" ], "ValueName": "PreventCertErrorOverrides", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "PreventSmartScreenPromptOverride", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_WIN10V1511 - Microsoft Edge on Windows 10, Version 1511 or later", "DisplayName": "Prevent bypassing Windows Defender SmartScreen prompts for sites", "ExplainText": "This policy setting lets you decide whether employees can override the Windows Defender SmartScreen warnings about potentially malicious websites.\n\nIf you enable this setting, employees can't ignore Windows Defender SmartScreen warnings and they are blocked from continuing to the site.\n\nIf you disable or don't configure this setting, employees can ignore Windows Defender SmartScreen warnings and continue to the site.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\PhishingFilter", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\PhishingFilter" ], "ValueName": "PreventOverride", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "PreventSmartScreenPromptOverrideForFiles", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_WIN10V1511 - Microsoft Edge on Windows 10, Version 1511 or later", "DisplayName": "Prevent bypassing Windows Defender SmartScreen prompts for files", "ExplainText": "This policy setting lets you decide whether employees can override the Windows Defender SmartScreen warnings about downloading unverified files.\n\nIf you enable this setting, employees can't ignore Windows Defender SmartScreen warnings and they are blocked from downloading the unverified files.\n\nIf you disable or don't configure this setting, employees can ignore Windows Defender SmartScreen warnings and continue the download process.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\PhishingFilter", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\PhishingFilter" ], "ValueName": "PreventOverrideAppRepUnknown", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "Favorites", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_WIN10V1511 - Microsoft Edge on Windows 10, Version 1511 or later", "DisplayName": "Configure Favorites", "ExplainText": "This policy setting lets you configure the default list of Favorites that appear for your employees. Employees can change their favorites by adding or removing items at any time.\n\nIf you enable this setting, you can configure what default Favorites appear for your employees. If this setting is enabled, you must also provide a list of Favorites in the Options section. This list is imported after your policy is deployed.\n\nIf you disable or don't configure this setting, employees will see the Favorites that they set in the Favorites hub.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Internet Settings", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Internet Settings" ], "ValueName": "ProvisionedFavorites", "Elements": [ { "Type": "List", "ValueName": null } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "SetHomeButtonURL", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_RS5 - Microsoft Edge on Windows 10, Version 1809 or later", "DisplayName": "Set Home Button URL", "ExplainText": "The home button can be configured to load a custom URL when your user clicks the home button.\n\nIf enabled, or configured, and the Configure Home Button policy is enabled, and the Show home button & set a specific page is selected, a custom URL loads when your user clicks the home button.\n\nDefault setting: Blank or not configured\nRelated policy: Configure Home Button", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Internet Settings", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Internet Settings" ], "Elements": [ { "Type": "Text", "ValueName": "HomeButtonURL", "Required": true } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "SendIntranetTraffictoInternetExplorer", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_WIN10 - Microsoft Edge on Windows 10 or later", "DisplayName": "Send all intranet sites to Internet Explorer 11", "ExplainText": "This policy setting lets you decide whether your intranet sites should all open using Internet Explorer 11. This setting should only be used if there are known compatibility problems with Microsoft Edge.\n\nIf you enable this setting, all intranet sites are automatically opened using Internet Explorer 11.\n\nIf you disable or don't configure this setting, all intranet sites are automatically opened using Microsoft Edge.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main" ], "ValueName": "SendIntranetTraffictoInternetExplorer", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "SetNewTabPageURL", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_RS5 - Microsoft Edge on Windows 10, Version 1809 or later", "DisplayName": "Set New Tab page URL", "ExplainText": "You can set the default New Tab page URL in Microsoft Edge. Enabling this policy prevents your users from changing the New tab page setting. When enabled and the Allow web content on New Tab page policy is disabled, Microsoft Edge ignores the URL specified in this policy and opens about:blank.\n\nIf enabled, you can set the default New Tab page URL.\n\nIf disabled or not configured, the default Microsoft Edge new tab page is used.\n\nDefault setting: Disabled or not configured\nRelated policy: Allow web content on New Tab page", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Internet Settings", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Internet Settings" ], "Elements": [ { "Type": "Text", "ValueName": "NewTabPageURL", "Required": true } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "ShowMessageWhenOpeningSitesInInternetExplorer", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_WIN10V1607 - Microsoft Edge on Windows 10, Version 1607 or later", "DisplayName": "Show message when opening sites in Internet Explorer", "ExplainText": "You can configure Microsoft Edge to open a site automatically in Internet Explorer 11 and choose to display a notification before the site opens. If you want to display a notification, you must enable Configure the Enterprise Mode Site List or Send all intranets sites to Internet Explorer 11 or both.\n\nIf enabled, the notification appears on a new page. If you want users to continue in Microsoft Edge, select the Show Keep going in Microsoft Edge option from the drop-down list under Options.\n\nIf disabled or not configured, the default app behavior occurs and no additional page displays.\n\nDefault setting: Disabled or not configured\nRelated policies:\n-Configure the Enterprise Mode Site List\n-Send all intranet sites to Internet Explorer 11", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main" ], "Elements": [ { "Type": "Enum", "ValueName": "ShowMessageWhenOpeningSitesInInternetExplorer", "Items": [ { "DisplayName": "Hide Keep going in Microsoft Edge link", "Data": "1" }, { "DisplayName": "Show Keep going in Microsoft Edge link", "Data": "2" } ], "Required": true } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "PreventAccessToAboutFlagsInMicrosoftEdge", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_WIN10V1607 - Microsoft Edge on Windows 10, Version 1607 or later", "DisplayName": "Prevent access to the about:flags page in Microsoft Edge", "ExplainText": "This policy settings lets you decide whether employees can access the about:flags page, which is used to change developer settings and to enable experimental features.\n\nIf you enable this policy setting, employees can't access the about:flags page.\n\nIf you disable or don't configure this setting, employees can access the about:flags page.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main" ], "ValueName": "PreventAccessToAboutFlagsInMicrosoftEdge", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "PreventLiveTileDataCollection", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_WIN10V1703 - Microsoft Edge on Windows 10, Version 1703 or later", "DisplayName": "Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start", "ExplainText": "This policy lets you decide whether Microsoft Edge can gather Live Tile metadata from the ieonline.microsoft.com service to provide a better experience while pinning a Live Tile to the Start menu.\n\nIf you enable this setting, Microsoft Edge won't gather the Live Tile metadata, providing a minimal experience when a user pins a Live Tile to the Start menu.\n\nIf you disable or don't configure this setting, Microsoft Edge gathers the Live Tile metadata, providing a fuller and more complete experience when a user pins a Live Tile to the Start menu.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main" ], "ValueName": "PreventLiveTileDataCollection", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "PreventFirstRunPage", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_WIN10V1703 - Microsoft Edge on Windows 10, Version 1703 or later", "DisplayName": "Prevent the First Run webpage from opening on Microsoft Edge", "ExplainText": "This policy setting lets you decide whether employees see Microsoft's First Run webpage when opening Microsoft Edge for the first time.\n\nIf you enable this setting, employees won't see the First Run page when opening Microsoft Edge for the first time.\n\nIf you disable or don't configure this setting, employees will see the First Run page when opening Microsoft Edge for the first time.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main" ], "ValueName": "PreventFirstRunPage", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "SyncFavoritesBetweenIEAndMicrosoftEdge", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_WIN10V1703 - Microsoft Edge on Windows 10, Version 1703 or later", "DisplayName": "Keep favorites in sync between Internet Explorer and Microsoft Edge", "ExplainText": "This setting lets you decide whether people can sync their favorites between Internet Explorer and Microsoft Edge.\n\nIf you enable this setting, employees can sync their favorites between Internet Explorer and Microsoft Edge.\n\nIf you disable or don't configure this setting, employees can\u2019t sync their favorites between Internet Explorer and Microsoft Edge.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main" ], "ValueName": "SyncFavoritesBetweenIEAndMicrosoftEdge", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "UnlockHomeButton", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_RS5 - Microsoft Edge on Windows 10, Version 1809 or later", "DisplayName": "Unlock Home Button", "ExplainText": "By default, when enabling Configure Home Button or Set Home Button URL, the home button is locked down to prevent your users from changing what page loads when clicking the home button. Use this policy to let users change the home button even when Configure Home Button or Set Home Button URL are enabled.\n\nIf enabled, the UI settings for the home button are enabled allowing your users to make changes, including hiding and showing the home button as well as configuring a custom URL.\n\nIf disabled or not configured, the UI settings for the home button are disabled preventing your users from making changes.\n\nDefault setting: Disabled or not configured\nRelated policy:\n-Configure Home Button\n-Set Home Button URL", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Internet Settings", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Internet Settings" ], "ValueName": "UnlockHomeButton", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "UseSharedFolderForBooks", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_RS4 - Microsoft Edge on Windows 10, Version 1803 or later", "DisplayName": "Allow a shared Books folder", "ExplainText": "This policy setting lets you decide whether Microsoft Edge stores books from the Books tab to a default, shared folder for Windows.\n\nIf you enable this setting, Microsoft Edge automatically downloads book files to a common, shared folder and prevents students and teachers from removing the book from the Books tab. For this to work properly, your students and teachers must be signed in using a school account.\n\nIf you disable or don't configure this setting, Microsoft Edge downloads book files to a per-user folder for each student or teacher.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\BooksLibrary", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\BooksLibrary" ], "ValueName": "UseSharedFolderForBooks", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "AllowFlashClickToRun", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_WIN10V1703 - Microsoft Edge on Windows 10, Version 1703 or later", "DisplayName": "Configure the Adobe Flash Click-to-Run setting", "ExplainText": "If you enable or don\u2019t configure the Adobe Flash Click-to-Run setting, Microsoft Edge will require a user to click the Click-to-Run button, to click the content, or for the site to appear on the auto-allowed list, before loading and running the content.\n\nSites get onto the auto-allowed list based on user feedback, specifically by how often the content is allowed to load and run.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Security", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Security" ], "ValueName": "FlashClickToRunMode", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "AllowClearingBrowsingDataOnExit", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_WIN10V1703 - Microsoft Edge on Windows 10, Version 1703 or later", "DisplayName": "Allow clearing browsing data on exit", "ExplainText": "This policy setting allows the automatic clearing of browsing data when Microsoft Edge closes.\n\nIf you enable this policy setting, clearing browsing history on exit is turned on.\n\nIf you disable or don't configure this policy setting, it can be turned on and configured by the employee in the Clear browsing data options under Settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Privacy", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Privacy" ], "ValueName": "ClearBrowsingHistoryOnExit", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "AllowFlash", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_WIN10 - Microsoft Edge on Windows 10 or later", "DisplayName": "Allow Adobe Flash", "ExplainText": "This setting lets you decide whether employees can run Adobe Flash in Microsoft Edge.\n\nIf you enable or don't configure this setting, employees can use Adobe Flash.\n\nIf you disable this setting, employees can't use Adobe Flash.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Addons", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Addons" ], "ValueName": "FlashPlayerEnabled", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "AllowCVList", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_WIN10V1607 - Microsoft Edge on Windows 10, Version 1607 or later", "DisplayName": "Allow Microsoft Compatibility List", "ExplainText": "This policy setting lets you decide whether to use the Microsoft Compatibility List (a Microsoft-provided list that helps sites with known compatibility issues to display properly) in Microsoft Edge. By default, the Microsoft Compatibility List is enabled and can be viewed by visiting about:compat.\n\nIf you enable or don\u2019t configure this setting, Microsoft Edge periodically downloads the latest version of the list from Microsoft, applying the updates during browser navigation. Visiting any site on the Microsoft Compatibility List prompts the employee to use Internet Explorer 11, where the site is automatically rendered as though it\u2019s in whatever version of IE is necessary for it to appear properly.\n\nIf you disable this setting, the Microsoft Compatibility List isn\u2019t used during browser navigation.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\BrowserEmulation", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\BrowserEmulation" ], "ValueName": "MSCompatibilityMode", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "AllowTabPreloading", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_RS4 - Microsoft Edge on Windows 10, Version 1803 or later", "DisplayName": "Allow Microsoft Edge to start and load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed", "ExplainText": "This policy setting lets you decide whether Microsoft Edge can load the Start and New Tab page during Windows sign in and each time Microsoft Edge is closed. By default this setting is to allow preloading.\n\nIf you allow preloading, disable, or don\u2019t configure this policy setting, Microsoft Edge loads the Start and New Tab page during Windows sign in and each time Microsoft Edge is closed; minimizing the amount of time required to start up Microsoft Edge and to start a new tab.\n\nIf you prevent preloading, Microsoft Edge won\u2019t load the Start or New Tab page during Windows sign in and each time Microsoft Edge is closed.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\TabPreloader", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\TabPreloader" ], "Elements": [ { "Type": "Enum", "ValueName": "AllowTabPreloading", "Items": [ { "DisplayName": "Allow tab preloading", "Data": "1" }, { "DisplayName": "Prevent tab preloading", "Data": "0" } ], "Required": true } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "AllowPrelaunch", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_RS5 - Microsoft Edge on Windows 10, Version 1809 or later", "DisplayName": "Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed", "ExplainText": "This policy setting lets you decide whether Microsoft Edge can pre-launch during Windows sign in, when the system is idle, and each time Microsoft Edge is closed. By default this setting is to allow pre-launch.\n\nIf you allow pre-launch, disable, or don\u2019t configure this policy setting, Microsoft Edge pre-launches during Windows sign in, when the system is idle, and each time Microsoft Edge is closed; minimizing the amount of time required to start up Microsoft Edge.\n\nIf you prevent pre-launch, Microsoft Edge won\u2019t pre-launch during Windows sign in, when the system is idle, or each time Microsoft Edge is closed.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main" ], "Elements": [ { "Type": "Enum", "ValueName": "AllowPrelaunch", "Items": [ { "DisplayName": "Allow pre-launching", "Data": "1" }, { "DisplayName": "Prevent pre-launching", "Data": "0" } ], "Required": true } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "ConfigureKioskMode", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_RS5 - Microsoft Edge on Windows 10, Version 1809 or later", "DisplayName": "Configure kiosk mode", "ExplainText": "Configure how Microsoft Edge behaves when it\u2019s running in kiosk mode with assigned access, either as a single app or as one of multiple apps running on the kiosk device. You can control whether Microsoft Edge runs InPrivate full screen, InPrivate multi-tab with limited functionality, or normal Microsoft Edge.\n\nYou need to configure Microsoft Edge in assigned access for this policy to take effect; otherwise, these settings are ignored. To learn more about assigned access and kiosk configuration, see \"Configure kiosk and shared devices running Windows desktop editions\" (https://aka.ms/E489vw).\n\nIf enabled and set to 0 (Default or not configured):\n- If it\u2019s a single app, it runs InPrivate full screen for digital signage or interactive displays.\n- If it\u2019s one of many apps, Microsoft Edge runs as normal.\nIf enabled and set to 1:\n- If it\u2019s a single app, it runs a limited multi-tab version of InPrivate and is the only app available for public browsing. Users can\u2019t minimize, close, or open windows or customize Microsoft Edge, but can clear browsing data and downloads and restart by clicking \"End session.\" You can configure Microsoft Edge to restart after a period of inactivity by using the \"Configure kiosk reset after idle timeout\" policy.\n- If it\u2019s one of many apps, it runs in a limited multi-tab version of InPrivate for public browsing with other apps. Users can minimize, close, and open multiple InPrivate windows, but they can\u2019t customize Microsoft Edge.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\KioskMode", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\KioskMode" ], "Elements": [ { "Type": "Decimal", "ValueName": "ConfigureKioskMode", "MinValue": "0", "MaxValue": "1" } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "ConfigureKioskResetAfterIdleTimeout", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_RS5 - Microsoft Edge on Windows 10, Version 1809 or later", "DisplayName": "Configure kiosk reset after idle timeout", "ExplainText": "You can configure Microsoft Edge to reset to the configured start experience after a specified amount of idle time. The reset timer begins after the last user interaction. Resetting to the configured start experience deletes the current user\u2019s browsing data.\n\nIf enabled, you can set the idle time in minutes (0-1440). You must set the Configure kiosk mode policy to 1 and configure Microsoft Edge in assigned access as a single app for this policy to work. Once the idle time meets the time specified, a confirmation message prompts the user to continue, and if no user action, Microsoft Edge resets after 30 seconds.\n\nIf you set this policy to 0, Microsoft Edge does not use an idle timer.\n\nIf disabled or not configured, the default value is 5 minutes.\n\nIf you do not configure Microsoft Edge in assigned access, then this policy does not take effect.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\KioskMode", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\KioskMode" ], "Elements": [ { "Type": "Decimal", "ValueName": "ConfigureKioskResetAfterIdleTimeout", "MinValue": "0", "MaxValue": "1440" } ] }, { "File": "MicrosoftEdge.admx", "CategoryName": "MicrosoftEdge", "PolicyName": "SuppressEdgeDeprecationNotification", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftEdge", "Supported": "INTERNET_BROWSER_WIN10 - Microsoft Edge on Windows 10 or later", "DisplayName": "Suppress the display of Edge Deprecation Notification", "ExplainText": "You can configure Microsoft Edge to suppress the display of the notification that informs users that support of this version of Microsoft Edge ended on March 9th, 2021. If enabled, the notification will not show.\n\nIf disabled or not configured, the notification will show every time Edge is launched.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\EdgeDeprecation", "HKCU\\Software\\Policies\\Microsoft\\MicrosoftEdge\\EdgeDeprecation" ], "ValueName": "SuppressEdgeDeprecationNotification", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MMC.admx", "CategoryName": "MMC", "PolicyName": "MMC_Restrict_Author", "Class": "User", "NameSpace": "Microsoft.Policies.ManagementConsole", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Restrict the user from entering author mode", "ExplainText": "Prevents users from entering author mode.\n\nThis setting prevents users from opening the Microsoft Management Console (MMC) in author mode, explicitly opening console files in author mode, and opening any console files that open in author mode by default.\n\nAs a result, users cannot create console files or add or remove snap-ins. Also, because they cannot open author-mode console files, they cannot use the tools that the files contain.\n\nThis setting permits users to open MMC user-mode console files, such as those on the Administrative Tools menu in Windows 2000 Server family or Windows Server 2003 family. However, users cannot open a blank MMC console window on the Start menu. (To open the MMC, click Start, click Run, and type mmc.) Users also cannot open a blank MMC console window from a command prompt.\n\nIf you disable this setting or do not configure it, users can enter author mode and open author-mode console files.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC" ], "ValueName": "RestrictAuthorMode", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MMC.admx", "CategoryName": "MMC", "PolicyName": "MMC_Restrict_To_Permitted_Snapins", "Class": "User", "NameSpace": "Microsoft.Policies.ManagementConsole", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Restrict users to the explicitly permitted list of snap-ins", "ExplainText": "Lets you selectively permit or prohibit the use of Microsoft Management Console (MMC) snap-ins.\n\n-- If you enable this setting, all snap-ins are prohibited, except those that you explicitly permit. Use this setting if you plan to prohibit use of most snap-ins.\n\nTo explicitly permit a snap-in, open the Restricted/Permitted snap-ins setting folder and enable the settings representing the snap-in you want to permit. If a snap-in setting in the folder is disabled or not configured, the snap-in is prohibited.\n\n-- If you disable this setting or do not configure it, all snap-ins are permitted, except those that you explicitly prohibit. Use this setting if you plan to permit use of most snap-ins.\n\nTo explicitly prohibit a snap-in, open the Restricted/Permitted snap-ins setting folder and then disable the settings representing the snap-ins you want to prohibit. If a snap-in setting in the folder is enabled or not configured, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.\n\nNote: If you enable this setting, and you do not enable any settings in the Restricted/Permitted snap-ins folder, users cannot use any MMC snap-ins.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC" ], "ValueName": "RestrictToPermittedSnapins", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MMC.admx", "CategoryName": "MMC_ExtensionSnapins", "PolicyName": "MMC_ExtendView", "Class": "User", "NameSpace": "Microsoft.Policies.ManagementConsole", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Extended View (Web View)", "ExplainText": "Permits or prohibits use of this snap-in.\n\nIf you enable this setting, the snap-in is permitted. If you disable the setting, the snap-in is prohibited.\n\nIf this setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted.\n\nTo explicitly permit use of this snap-in, enable this setting. If this setting is not configured (or disabled), this snap-in is prohibited.\n\n-- If \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited.\n\nTo explicitly prohibit use of this snap-in, disable this setting. If this setting is not configured (or enabled), the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{B708457E-DB61-4C55-A92F-0D4B5E9B1224}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMC.admx", "CategoryName": "MMC_RESTRICT", "PolicyName": "MMC_ActiveXControl", "Class": "User", "NameSpace": "Microsoft.Policies.ManagementConsole", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "ActiveX Control", "ExplainText": "Permits or prohibits use of this snap-in.\n\nIf you enable this setting, the snap-in is permitted. If you disable the setting, the snap-in is prohibited.\n\nIf this setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted.\n\nTo explicitly permit use of this snap-in, enable this setting. If this setting is not configured (or disabled), this snap-in is prohibited.\n\n-- If \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited.\n\nTo explicitly prohibit use of this snap-in, disable this setting. If this setting is not configured (or enabled), the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{C96401CF-0E17-11D3-885B-00C04F72C717}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMC.admx", "CategoryName": "MMC_RESTRICT", "PolicyName": "MMC_LinkToWeb", "Class": "User", "NameSpace": "Microsoft.Policies.ManagementConsole", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Link to Web Address", "ExplainText": "Permits or prohibits use of this snap-in.\n\nIf you enable this setting, the snap-in is permitted. If you disable the setting, the snap-in is prohibited.\n\nIf this setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted.\n\nTo explicitly permit use of this snap-in, enable this setting. If this setting is not configured (or disabled), this snap-in is prohibited.\n\n-- If \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited.\n\nTo explicitly prohibit use of this snap-in, disable this setting. If this setting is not configured (or enabled), the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{C96401D1-0E17-11D3-885B-00C04F72C717}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_ExtensionSnapins", "PolicyName": "MMC_AppleTalkRouting", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "AppleTalk Routing", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{1AA7F83C-C7F5-11D0-A376-00C04FC9DA04}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_ExtensionSnapins", "PolicyName": "MMC_AuthMan", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Authorization Manager", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{1F5EEC01-1214-4D94-80C5-4BDCD2014DDD}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_ExtensionSnapins", "PolicyName": "MMC_CertAuthPolSet", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Certification Authority Policy Settings", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{3F276EB4-70EE-11D1-8A0F-00C04FB93753}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_ExtensionSnapins", "PolicyName": "MMC_ConnectionSharingNAT", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Connection Sharing (NAT)", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{C2FE450B-D6C2-11D0-A37B-00C04FC9DA04}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_ExtensionSnapins", "PolicyName": "MMC_DCOMCFG", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "DCOM Configuration Extension", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{9EC88934-C774-11d1-87F4-00C04FC2C17B}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_ExtensionSnapins", "PolicyName": "MMC_DeviceManager_1", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Device Manager", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{90087284-d6d6-11d0-8353-00a0c90640bf}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_ExtensionSnapins", "PolicyName": "MMC_DHCPRelayMgmt", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "DHCP Relay Management", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{C2FE4502-D6C2-11D0-A37B-00C04FC9DA04}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_RESTRICT", "PolicyName": "MMC_EnterprisePKI", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Enterprise PKI", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{634BDE40-E5E1-49A1-B2CD-140FFFC830F9}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_ExtensionSnapins", "PolicyName": "MMC_EventViewer_1", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Event Viewer", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{394C052E-B830-11D0-9A86-00C04FD8DBF7}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_ExtensionSnapins", "PolicyName": "MMC_EventViewer_2", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Event Viewer (Windows Vista)", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\FX:{b05566ae-fe9c-4363-be05-7a4cbb7cb510}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_ExtensionSnapins", "PolicyName": "MMC_IASLogging", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "IAS Logging", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{2E19B602-48EB-11d2-83CA-00104BCA42CF}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_ExtensionSnapins", "PolicyName": "MMC_IGMPRouting", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "IGMP Routing", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{C2FE4508-D6C2-11D0-A37B-00C04FC9DA04}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_ExtensionSnapins", "PolicyName": "MMC_IPRouting", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "IP Routing", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{C2FE4500-D6C2-11D0-A37B-00C04FC9DA04}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_ExtensionSnapins", "PolicyName": "MMC_IPXRIPRouting", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "IPX RIP Routing", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{90810502-38F1-11D1-9345-00C04FC9DA04}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_ExtensionSnapins", "PolicyName": "MMC_IPXRouting", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "IPX Routing", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{90810500-38F1-11D1-9345-00C04FC9DA04}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_ExtensionSnapins", "PolicyName": "MMC_IPXSAPRouting", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "IPX SAP Routing", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{90810504-38F1-11D1-9345-00C04FC9DA04}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_ExtensionSnapins", "PolicyName": "MMC_LogicalMappedDrives", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Logical and Mapped Drives", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{6E8E0081-19CD-11D1-AD91-00AA00B8E05A}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_RESTRICT", "PolicyName": "MMC_OCSP", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Online Responder", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\FX:{6d8880af-e518-43a8-986c-1ad21c4c976e}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_ExtensionSnapins", "PolicyName": "MMC_OSPFRouting", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "OSPF Routing", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{C2FE4506-D6C2-11D0-A37B-00C04FC9DA04}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_ExtensionSnapins", "PolicyName": "MMC_PublicKey", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Public Key Policies", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{34AB8E82-C27E-11D1-A6C0-00C04FB94F17}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_ExtensionSnapins", "PolicyName": "MMC_RAS_DialinUser", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "RAS Dialin - User Node", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_ExtensionSnapins", "PolicyName": "MMC_RemoteAccess", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Remote Access", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{5880CD5C-8EC0-11d1-9570-0060B0576642}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_ExtensionSnapins", "PolicyName": "MMC_RemStore", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Removable Storage", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{243E20B0-48ED-11D2-97DA-00A024D77700}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_ExtensionSnapins", "PolicyName": "MMC_RIPRouting", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "RIP Routing", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{C2FE4504-D6C2-11D0-A37B-00C04FC9DA04}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_ExtensionSnapins", "PolicyName": "MMC_Routing", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Routing", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{DAB1A262-4FD7-11D1-842C-00C04FB6C218}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_ExtensionSnapins", "PolicyName": "MMC_SendConsoleMessage", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Send Console Message", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{B1AFF7D0-0C49-11D1-BB12-00C04FC9A3A3}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_ExtensionSnapins", "PolicyName": "MMC_ServiceDependencies", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Service Dependencies", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{BD95BA60-2E26-AAD1-AD99-00AA00B8E05A}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_ExtensionSnapins", "PolicyName": "MMC_SharedFolders_Ext", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Shared Folders Ext", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{58221C69-EA27-11CF-ADCF-00AA00A80033}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_ExtensionSnapins", "PolicyName": "MMC_SMTPProtocol", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "SMTP Protocol", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{03f1f940-a0f2-11d0-bb77-00aa00a1eab7}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_ExtensionSnapins", "PolicyName": "MMC_SNMP", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "SNMP", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{7AF60DD3-4979-11D1-8A6C-00C04FC33566}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_ExtensionSnapins", "PolicyName": "MMC_SysProp", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "System Properties", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{0F3621F1-23C6-11D1-AD97-00AA00B88E5A}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_GroupPolicy", "PolicyName": "MMC_GroupPolicyManagementSnapIn", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "WindowsXPSP1 - At least Windows Server 2003 operating systems or Windows XP Professional with SP1", "DisplayName": "Group Policy Management", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{E12BBB5D-D59D-4E61-947A-301D25AE8C23}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_GroupPolicy", "PolicyName": "MMC_GroupPolicySnapIn", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Group Policy Object Editor", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{8FC0B734-A0E1-11D1-A7D3-0000F87571E3}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_GroupPolicy", "PolicyName": "MMC_GroupPolicyTab", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Group Policy tab for Active Directory Tools", "ExplainText": "Permits or prohibits use of the Group Policy tab in property sheets for the Active Directory Users and Computers and Active Directory Sites and Services snap-ins.\n\nIf you enable this setting, the Group Policy tab is displayed in the property sheet for a site, domain, or organizational unit displayed by the Active Directory Users and Computers and Active Directory Sites and Services snap-ins. If you disable the setting, the Group Policy tab is not displayed in those snap-ins.\n\nIf this setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this tab is displayed.\n\n-- If \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users will not have access to the Group Policy tab.\n\nTo explicitly permit use of the Group Policy tab, enable this setting. If this setting is not configured (or disabled), the Group Policy tab is inaccessible.\n\n-- If \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users will have access to the Group Policy tab.\n\nTo explicitly prohibit use of the Group Policy tab, disable this setting. If this setting is not configured (or enabled), the Group Policy tab is accessible.\n\nWhen the Group Policy tab is inaccessible, it does not appear in the site, domain, or organizational unit property sheets.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{D70A2BEA-A63E-11D1-A7D4-0000F87571E3}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_GroupPolicy", "PolicyName": "MMC_ResultantSetOfPolicySnapIn", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Resultant Set of Policy snap-in", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{6DC3804B-7212-458D-ADB0-9A07E2AE1FA2}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_GroupPolicy_GPSnapin", "PolicyName": "MMC_ADMComputers_1", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Administrative Templates (Computers)", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{0F6B957D-509E-11D1-A7CC-0000F87571E3}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" }, { "Type": "EnabledList", "ValueName": "Restrict_Run", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{D02B1F72-3407-48ae-BA88-E8213C6761F1}" ], "Data": "0" }, { "Type": "EnabledList", "ValueName": "Restrict_Run", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{84DE202D-5D95-4764-9014-A46F994CE856}" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "Restrict_Run", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{D02B1F72-3407-48ae-BA88-E8213C6761F1}" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "Restrict_Run", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{84DE202D-5D95-4764-9014-A46F994CE856}" ], "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_GroupPolicy_GPSnapin", "PolicyName": "MMC_ADMUsers_1", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Administrative Templates (Users)", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{0F6B957E-509E-11D1-A7CC-0000F87571E3}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" }, { "Type": "EnabledList", "ValueName": "Restrict_Run", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{D02B1F73-3407-48ae-BA88-E8213C6761F1}" ], "Data": "0" }, { "Type": "EnabledList", "ValueName": "Restrict_Run", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{84DE202E-5D95-4764-9014-A46F994CE856}" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "Restrict_Run", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{D02B1F73-3407-48ae-BA88-E8213C6761F1}" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "Restrict_Run", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{84DE202E-5D95-4764-9014-A46F994CE856}" ], "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_GroupPolicy_GPSnapin", "PolicyName": "MMC_FolderRedirection_1", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Folder Redirection", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_GroupPolicy_GPSnapin", "PolicyName": "MMC_IEMaintenance_1", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Internet Explorer Maintenance", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{FC715823-C5FB-11D1-9EEF-00A0C90347FF}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_GroupPolicy_GPSnapin", "PolicyName": "MMC_IPSecManage_GP", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "IP Security Policy Management", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{DEA8AFA0-CC85-11d0-9CE2-0080C7221EBD}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_GroupPolicy_GPSnapin", "PolicyName": "MMC_WindowsFirewall_GP", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Windows Firewall with Advanced Security", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{0E752416-F29E-4195-A9DD-7F0D4D5A9D71}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_GroupPolicy_GPSnapin", "PolicyName": "MMC_NapSnap_GP", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "NAP Client Configuration", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\FX:{a1bc4ecb-66b2-44e8-9915-be02e84438ba}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_GroupPolicy_GPSnapin", "PolicyName": "MMC_RIS", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Remote Installation Services", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{3060E8CE-7020-11D2-842D-00C04FA372D4}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_GroupPolicy_GPSnapin", "PolicyName": "MMC_ScriptsMachine_1", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Scripts (Startup/Shutdown)", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{40B6664F-4972-11D1-A7CA-0000F87571E3}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_GroupPolicy_GPSnapin", "PolicyName": "MMC_ScriptsUser_1", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Scripts (Logon/Logoff)", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{40B66650-4972-11D1-A7CA-0000F87571E3}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_GroupPolicy_GPSnapin", "PolicyName": "MMC_SecuritySettings_1", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Security Settings", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_GroupPolicy_GPSnapin", "PolicyName": "MMC_SoftwareInstalationComputers_1", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Software Installation (Computers)", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{942A8E4F-A261-11D1-A760-00C04FB9603F}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_GroupPolicy_GPSnapin", "PolicyName": "MMC_SoftwareInstallationUsers_1", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Software Installation (Users)", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{BACF5C8A-A3C7-11D1-A760-00C04FB9603F}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_GroupPolicy_GPSnapin", "PolicyName": "MMC_WiredNetworkPolicy", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Wired Network (IEEE 802.3) Policies", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{06993B16-A5C7-47EB-B61C-B1CB7EE600AC}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_GroupPolicy_GPSnapin", "PolicyName": "MMC_WirelessNetworkPolicy", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Wireless Network (IEEE 802.11) Policies", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{2DA6AA7F-8C88-4194-A558-0D36E7FD3E64}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_GroupPolicy_RSoPSnapin", "PolicyName": "MMC_ADMComputers_2", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Administrative Templates (Computers)", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{B6F9C8AE-EF3A-41C8-A911-37370C331DD4}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_GroupPolicy_RSoPSnapin", "PolicyName": "MMC_ADMUsers_2", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Administrative Templates (Users)", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{B6F9C8AF-EF3A-41C8-A911-37370C331DD4}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_GroupPolicy_RSoPSnapin", "PolicyName": "MMC_FolderRedirection_2", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Folder Redirection", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{c40d66a0-e90c-46c6-aa3b-473e38c72bf2}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_GroupPolicy_RSoPSnapin", "PolicyName": "MMC_IEMaintenance_2", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Internet Explorer Maintenance", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{d524927d-6c08-46bf-86af-391534d779d3}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_GroupPolicy_RSoPSnapin", "PolicyName": "MMC_ScriptsMachine_2", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Scripts (Startup/Shutdown)", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{40B66660-4972-11d1-A7CA-0000F87571E3}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_GroupPolicy_RSoPSnapin", "PolicyName": "MMC_ScriptsUser_2", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Scripts (Logon/Logoff)", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{40B66661-4972-11d1-A7CA-0000F87571E3}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_GroupPolicy_RSoPSnapin", "PolicyName": "MMC_SecuritySettings_2", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Security Settings", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{fe883157-cebd-4570-b7a2-e4fe06abe626}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_GroupPolicy_RSoPSnapin", "PolicyName": "MMC_SoftwareInstalationComputers_2", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Software Installation (Computers)", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{7E45546F-6D52-4D10-B702-9C2E67232E62}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_GroupPolicy_RSoPSnapin", "PolicyName": "MMC_SoftwareInstallationUsers_2", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Software Installation (Users)", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{1BC972D6-555C-4FF7-BE2C-C584021A0A6A}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_RESTRICT", "PolicyName": "MMC_ActiveDirDomTrusts", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Active Directory Domains and Trusts", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{EBC53A38-A23F-11D0-B09B-00C04FD8DCA6}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_RESTRICT", "PolicyName": "MMC_ActiveDirSitesServices", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Active Directory Sites and Services", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{D967F824-9968-11D0-B936-00C04FD8D5B0}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_RESTRICT", "PolicyName": "MMC_ActiveDirUsersComp", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Active Directory Users and Computers", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{E355E538-1C2E-11D0-8C37-00C04FD8FE93}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_RESTRICT", "PolicyName": "MMC_ADSI", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "ADSI Edit", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{1C5DACFA-16BA-11D2-81D0-0000F87A7AA3}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_RESTRICT", "PolicyName": "MMC_CertAuth", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Certification Authority", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{de751566-4cc6-11d1-8ca0-00c04fc297eb}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_RESTRICT", "PolicyName": "MMC_Certs", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Certificates", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{53D6AB1D-2488-11D1-A28C-00C04FB94F17}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_RESTRICT", "PolicyName": "MMC_CertsTemplate", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "WindowsNET - At least Windows Server 2003", "DisplayName": "Certificate Templates", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{A994E107-6854-4F3D-917C-E6F01670F6D3}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_RESTRICT", "PolicyName": "MMC_ComponentServices", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Component Services", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{C9BC92DF-5B9A-11D1-8F00-00C04FC2C17B}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_RESTRICT", "PolicyName": "MMC_ComputerManagement", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Computer Management", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{58221C67-EA27-11CF-ADCF-00AA00A80033}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_RESTRICT", "PolicyName": "MMC_DeviceManager_2", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Device Manager", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{74246bfc-4c96-11d0-abef-0020af6b0b7a}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_RESTRICT", "PolicyName": "MMC_DFS", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Distributed File System", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{677A2D94-28D9-11D1-A95B-008048918FB1}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_RESTRICT", "PolicyName": "MMC_DiskDefrag", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Disk Defragmenter", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{43668E21-2636-11D1-A1CE-0080C88593A5}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_RESTRICT", "PolicyName": "MMC_DiskMgmt", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Disk Management", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{8EAD3A12-B2C1-11d0-83AA-00A0C92C9D5D}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_RESTRICT", "PolicyName": "MMC_EventViewer_3", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Event Viewer", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{975797FC-4E2A-11D0-B702-00C04FD8DBF7}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_RESTRICT", "PolicyName": "MMC_EventViewer_4", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Event Viewer (Windows Vista)", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\FX:{b05566ad-fe9c-4363-be05-7a4cbb7cb510}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_RESTRICT", "PolicyName": "MMC_FailoverClusters", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Failover Clusters Manager", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\FX:{D2779945-405B-4ACE-8618-508F3E3054AC}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_RESTRICT", "PolicyName": "MMC_FAXService", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "FAX Service", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{753EDB4D-2E1B-11D1-9064-00A0C90AB504}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_RESTRICT", "PolicyName": "MMC_FrontPageExt", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "FrontPage Server Extensions", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{FF5903A8-78D6-11D1-92F6-006097B01056}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_RESTRICT", "PolicyName": "MMC_HRA", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Health Registration Authority (HRA)", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\FX:{89cc9588-7628-4d29-8e4a-6550d0087059}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_RESTRICT", "PolicyName": "MMC_IAS", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "WindowsNETOnly - Windows Server 2003 only", "DisplayName": "Internet Authentication Service (IAS)", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{8F8F8DC0-5713-11D1-9551-0060B0576642}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_RESTRICT", "PolicyName": "MMC_IIS", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Internet Information Services", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{A841B6C2-7577-11D0-BB1F-00A0C922E79C}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_RESTRICT", "PolicyName": "MMC_IndexingService", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Indexing Service", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{95AD72F0-44CE-11D0-AE29-00AA004B9986}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_RESTRICT", "PolicyName": "MMC_IpSecManage", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "IP Security Policy Management", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{DEA8AFA2-CC85-11d0-9CE2-0080C7221EBD}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_RESTRICT", "PolicyName": "MMC_IpSecMonitor", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "IP Security Monitor", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{57C596D0-9370-40C0-BA0D-AB491B63255D}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_RESTRICT", "PolicyName": "MMC_LocalUsersGroups", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Local Users and Groups", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{5D6179C8-17EC-11D1-9AA9-00C04FD8FE93}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_RESTRICT", "PolicyName": "MMC_NapSnap", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "NAP Client Configuration", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\FX:{a1bc4eca-66b2-44e8-9915-be02e84438ba}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_RESTRICT", "PolicyName": "MMC_Net_Framework", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": ".Net Framework Configuration", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{18BA7139-D98B-43c2-94DA-2604E34E175D}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_RESTRICT", "PolicyName": "MMC_NPSUI", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Network Policy Server (NPS)", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\FX:{6630f2d7-bd52-4072-bfa7-863f3d0c5da0}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_RESTRICT", "PolicyName": "MMC_PerfLogsAlerts", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Performance Logs and Alerts", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{7478EF61-8C46-11d1-8D99-00A0C913CAD4}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_RESTRICT", "PolicyName": "MMC_QoSAdmission", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "QoS Admission Control", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{FD57D297-4FD9-11D1-854E-00C04FC31FD3}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_RESTRICT", "PolicyName": "MMC_RemoteDesktop", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Remote Desktops", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{3D5D035E-7721-4B83-A645-6C07A3D403B7}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_RESTRICT", "PolicyName": "MMC_RRA", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Routing and Remote Access", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{1AA7F839-C7F5-11D0-A376-00C04FC9DA04}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_RESTRICT", "PolicyName": "MMC_RSM", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Removable Storage Management", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{3CB6973D-3E6F-11D0-95DB-00A024D77700}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_RESTRICT", "PolicyName": "MMC_SCA", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Security Configuration and Analysis", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{011BE22D-E453-11D1-945A-00C04FB984F9}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_RESTRICT", "PolicyName": "MMC_SecurityTemplates", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Security Templates", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{5ADF5BF6-E452-11D1-945A-00C04FB984F9}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_RESTRICT", "PolicyName": "MMC_ServerManager", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Server Manager", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\FX:{18ea3f92-d6aa-41d9-a205-2023400c8fbb}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_RESTRICT", "PolicyName": "MMC_Services", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Services", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{58221C66-EA27-11CF-ADCF-00AA00A80033}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_RESTRICT", "PolicyName": "MMC_SharedFolders", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Shared Folders", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{58221C65-EA27-11CF-ADCF-00AA00A80033}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_RESTRICT", "PolicyName": "MMC_SysInfo", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "System Information", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{45ac8c63-23e2-11d1-a696-00c04fd58bc3}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_RESTRICT", "PolicyName": "MMC_Telephony", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Telephony", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{E26D02A0-4C1F-11D1-9AA1-00C04FC3357A}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_RESTRICT", "PolicyName": "MMC_TerminalServices", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Remote Desktop Services Configuration", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{B91B6008-32D2-11D2-9888-00A0C925F917}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_RESTRICT", "PolicyName": "MMC_TPMManagement", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "TPM Management", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\FX:{7d3830aa-e69e-4e17-8bd1-1b87b97099da}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_RESTRICT", "PolicyName": "MMC_WindowsFirewall", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Windows Firewall with Advanced Security", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\FX:{b05566ac-fe9c-4368-be02-7a4cbb7cbe11}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_RESTRICT", "PolicyName": "MMC_WirelessMon", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Wireless Monitor", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{23DC5869-BD9F-46fd-AADD-1F869BA64FC3}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MMCSnapins.admx", "CategoryName": "MMC_RESTRICT", "PolicyName": "MMC_WMI", "Class": "User", "NameSpace": "Microsoft.Policies.MMCSnapIns", "Supported": "Win2k - At least Windows 2000", "DisplayName": "WMI Control", "ExplainText": "This policy setting permits or prohibits the use of this snap-in.\n\nIf you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.\n\nIf you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.\n\nIf this policy setting is not configured, the setting of the \"Restrict users to the explicitly permitted list of snap-ins\" setting determines whether this snap-in is permitted or prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.\n\n-- If the policy setting \"Restrict users to the explicitly permitted list of snap-ins\" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\MMC\\{5C659257-E236-11D2-8899-00104B2AFB46}" ], "ValueName": "Restrict_Run", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "MobilePCMobilityCenter.admx", "CategoryName": "MobilityCenterCat", "PolicyName": "MobilityCenterEnable_1", "Class": "User", "NameSpace": "Microsoft.Policies.MobilePCMobilityCenter", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn off Windows Mobility Center", "ExplainText": "This policy setting turns off Windows Mobility Center.\n\nIf you enable this policy setting, the user is unable to invoke Windows Mobility Center. The Windows Mobility Center UI is removed from all shell entry points and the .exe file does not launch it.\n\nIf you disable this policy setting, the user is able to invoke Windows Mobility Center and the .exe file launches it.\n\nIf you do not configure this policy setting, Windows Mobility Center is on by default.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\MobilityCenter" ], "ValueName": "NoMobilityCenter", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MobilePCMobilityCenter.admx", "CategoryName": "MobilityCenterCat", "PolicyName": "MobilityCenterEnable_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.MobilePCMobilityCenter", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn off Windows Mobility Center", "ExplainText": "This policy setting turns off Windows Mobility Center.\n\nIf you enable this policy setting, the user is unable to invoke Windows Mobility Center. The Windows Mobility Center UI is removed from all shell entry points and the .exe file does not launch it.\n\nIf you disable this policy setting, the user is able to invoke Windows Mobility Center and the .exe file launches it.\n\nIf you do not configure this policy setting, Windows Mobility Center is on by default.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\MobilityCenter" ], "ValueName": "NoMobilityCenter", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MobilePCPresentationSettings.admx", "CategoryName": "PresentationSettingsCat", "PolicyName": "PresentationSettingsEnable_1", "Class": "User", "NameSpace": "Microsoft.Policies.MobilePCPresentationSettings", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn off Windows presentation settings", "ExplainText": "This policy setting turns off Windows presentation settings.\n\nIf you enable this policy setting, Windows presentation settings cannot be invoked.\n\nIf you disable this policy setting, Windows presentation settings can be invoked. The presentation settings icon will be displayed in the notification area. This will give users a quick and easy way to configure their system settings before a presentation to block system notifications and screen blanking, adjust speaker volume, and apply a custom background image.\n\nNote: Users will be able to customize their system settings for presentations in Windows Mobility Center.\n\nIf you do not configure this policy setting, Windows presentation settings can be invoked.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\PresentationSettings" ], "ValueName": "NoPresentationSettings", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MobilePCPresentationSettings.admx", "CategoryName": "PresentationSettingsCat", "PolicyName": "PresentationSettingsEnable_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.MobilePCPresentationSettings", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn off Windows presentation settings", "ExplainText": "This policy setting turns off Windows presentation settings.\n\nIf you enable this policy setting, Windows presentation settings cannot be invoked.\n\nIf you disable this policy setting, Windows presentation settings can be invoked. The presentation settings icon will be displayed in the notification area. This will give users a quick and easy way to configure their system settings before a presentation to block system notifications and screen blanking, adjust speaker volume, and apply a custom background image.\n\nNote: Users will be able to customize their system settings for presentations in Windows Mobility Center.\n\nIf you do not configure this policy setting, Windows presentation settings can be invoked.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\PresentationSettings" ], "ValueName": "NoPresentationSettings", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MSAPolicy.admx", "CategoryName": "MicrosoftAccountCategory", "PolicyName": "MicrosoftAccount_DisableUserAuth", "Class": "Machine", "NameSpace": "Microsoft.Policies.MicrosoftAccount", "Supported": "Windows_10_0_RS2 - At least Windows Server 2016, Windows 10 Version 1703", "DisplayName": "Block all consumer Microsoft account user authentication", "ExplainText": "This setting controls whether users can provide Microsoft accounts for authentication for applications or services. If this setting is enabled, all applications and services on the device are prevented from using Microsoft accounts for authentication.\nThis applies both to existing users of a device and new users who may be added. However, any application or service that has already authenticated a user will not be affected by enabling this setting until the authentication cache expires.\nIt is recommended to enable this setting before any user signs in to a device to prevent cached tokens from being present. If this setting is disabled or not configured, applications and services can use Microsoft accounts for authentication.\nBy default, this setting is Disabled. This setting does not affect whether users can sign in to devices by using Microsoft accounts, or the ability for users to provide Microsoft accounts via the browser for authentication with web-based applications.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\MicrosoftAccount" ], "ValueName": "DisableUserAuth", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MSAPolicy.admx", "CategoryName": "MicrosoftAccountCategory", "PolicyName": "MicrosoftAccount_RestrictToEnterpriseDeviceAuthenticationOnly", "Class": "Machine", "NameSpace": "Microsoft.Policies.MicrosoftAccount", "Supported": "Windows_11_0_22H2 - At least Windows 11 Version 22H2", "DisplayName": "Only allow device authentication for the Microsoft Account Sign-In Assistant", "ExplainText": "This setting determines whether to only allow enterprise device authentication for the Microsoft Account Sign-in Assistant service (wlidsvc). By default, this setting is disabled and allows both user and device authentication. When the value is set to 1, only allow device authentication, and block user authentication.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "ValueName": "EnterpriseDeviceAuthOnly", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "msched.admx", "CategoryName": "MaintenanceScheduler", "PolicyName": "ActivationBoundaryPolicy", "Class": "Machine", "NameSpace": "Microsoft.Policies.MaintenanceScheduler", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Automatic Maintenance Activation Boundary", "ExplainText": "This policy setting allows you to configure Automatic Maintenance activation boundary.\n\nThe maintenance activation boundary is the daily schduled time at which Automatic Maintenance starts\n\nIf you enable this policy setting, this will override the default daily scheduled time as specified in Security and Maintenance/Automatic Maintenance Control Panel.\n\nIf you disable or do not configure this policy setting, the daily scheduled time as specified in Security and Maintenance/Automatic Maintenance Control Panel will apply.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Task Scheduler\\Maintenance" ], "Elements": [ { "Type": "Text", "ValueName": "Activation Boundary" } ] }, { "File": "msched.admx", "CategoryName": "MaintenanceScheduler", "PolicyName": "RandomDelayPolicy", "Class": "Machine", "NameSpace": "Microsoft.Policies.MaintenanceScheduler", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Automatic Maintenance Random Delay", "ExplainText": "This policy setting allows you to configure Automatic Maintenance activation random delay.\n\nThe maintenance random delay is the amount of time up to which Automatic Maintenance will delay starting from its Activation Boundary.\n\nIf you enable this policy setting, Automatic Maintenance will delay starting from its Activation Boundary, by upto this time.\n\nIf you do not configure this policy setting, 4 hour random delay will be applied to Automatic Maintenance.\n\nIf you disable this policy setting, no random delay will be applied to Automatic Maintenance.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Task Scheduler\\Maintenance" ], "ValueName": "Randomized", "Elements": [ { "Type": "Text", "ValueName": "Random Delay" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "msched.admx", "CategoryName": "MaintenanceScheduler", "PolicyName": "WakeUpPolicy", "Class": "Machine", "NameSpace": "Microsoft.Policies.MaintenanceScheduler", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Automatic Maintenance WakeUp Policy", "ExplainText": "This policy setting allows you to configure Automatic Maintenance wake up policy.\n\nThe maintenance wakeup policy specifies if Automatic Maintenance should make a wake request to the OS for the daily scheduled maintenance. Note, that if the OS power wake policy is explicitly disabled, then this setting has no effect.\n\nIf you enable this policy setting, Automatic Maintenance will attempt to set OS wake policy and make a wake request for the daily scheduled time, if required.\n\nIf you disable or do not configure this policy setting, the wake setting as specified in Security and Maintenance/Automatic Maintenance Control Panel will apply.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Task Scheduler\\Maintenance" ], "ValueName": "WakeUp", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MSDT.admx", "CategoryName": "WdiScenarioCategory", "PolicyName": "WdiScenarioExecutionPolicy", "Class": "Machine", "NameSpace": "Microsoft.Policies.MSDT", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Microsoft Support Diagnostic Tool: Configure execution level", "ExplainText": "This policy setting determines the execution level for Microsoft Support Diagnostic Tool.\n\nMicrosoft Support Diagnostic Tool (MSDT) gathers diagnostic data for analysis by support professionals.\n\nIf you enable this policy setting, administrators can use MSDT to collect and send diagnostic data to a support professional to resolve a problem.\n\nIf you disable this policy setting, MSDT cannot gather diagnostic data.\n\nIf you do not configure this policy setting, MSDT is turned on by default.\n\nThis policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured.\n\nNo reboots or service restarts are required for this policy setting to take effect. Changes take effect immediately.\n\nThis policy setting will only take effect when the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios will not be executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WDI\\{C295FBBA-FD47-46ac-8BEE-B1715EC634E5}" ], "Elements": [ { "Type": "EnabledList", "ValueName": "ScenarioExecutionEnabled", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WDI\\{C295FBBA-FD47-46ac-8BEE-B1715EC634E5}" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "EnabledScenarioExecutionLevel", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WDI\\{C295FBBA-FD47-46ac-8BEE-B1715EC634E5}" ], "Data": "2" }, { "Type": "DisabledList", "ValueName": "ScenarioExecutionEnabled", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WDI\\{C295FBBA-FD47-46ac-8BEE-B1715EC634E5}" ], "Data": "0" } ] }, { "File": "MSDT.admx", "CategoryName": "WdiScenarioCategory", "PolicyName": "MsdtToolDownloadPolicy", "Class": "Machine", "NameSpace": "Microsoft.Policies.MSDT", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Microsoft Support Diagnostic Tool: Restrict tool download", "ExplainText": "This policy setting restricts the tool download policy for Microsoft Support Diagnostic Tool.\n\nMicrosoft Support Diagnostic Tool (MSDT) gathers diagnostic data for analysis by support professionals. For some problems, MSDT may prompt the user to download additional tools for troubleshooting.\n\nThese tools are required to completely troubleshoot the problem. If tool download is restricted, it may not be possible to find the root cause of the problem.\n\nIf you enable this policy setting for remote troubleshooting, MSDT prompts the user to download additional tools to diagnose problems on remote computers only. If you enable this policy setting for local and remote troubleshooting, MSDT always prompts for additional tool downloading.\n\nIf you disable this policy setting, MSDT never downloads tools, and is unable to diagnose problems on remote computers.\n\nIf you do not configure this policy setting, MSDT prompts the user before downloading any additional tools.\n\nNo reboots or service restarts are required for this policy setting to take effect. Changes take effect immediately.\n\nThis policy setting will take effect only when MSDT is enabled.\n\nThis policy setting will only take effect when the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios are not executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WDI\\{C295FBBA-FD47-46ac-8BEE-B1715EC634E5}" ], "ValueName": "DownloadToolsEnabled", "Elements": [ { "Type": "Enum", "ValueName": "DownloadToolsLevel", "Items": [ { "DisplayName": "Remote troubleshooting only", "Data": "1" }, { "DisplayName": "Local and remote troubleshooting", "Data": "2" } ], "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MSDT.admx", "CategoryName": "WdiScenarioCategory", "PolicyName": "MsdtSupportProvider", "Class": "Machine", "NameSpace": "Microsoft.Policies.MSDT", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider", "ExplainText": "This policy setting configures Microsoft Support Diagnostic Tool (MSDT) interactive communication with the support provider. MSDT gathers diagnostic data for analysis by support professionals.\n\nIf you enable this policy setting, users can use MSDT to collect and send diagnostic data to a support professional to resolve a problem.\n\nBy default, the support provider is set to Microsoft Corporation.\n\nIf you disable this policy setting, MSDT cannot run in support mode, and no data can be collected or sent to the support provider.\n\nIf you do not configure this policy setting, MSDT support mode is enabled by default.\n\nNo reboots or service restarts are required for this policy setting to take effect. Changes take effect immediately.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\ScriptedDiagnosticsProvider\\Policy" ], "ValueName": "DisableQueryRemoteServer", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MSDT.admx", "CategoryName": "WdiScenarioCategory", "PolicyName": "TroubleshootingAllowRecommendations", "Class": "Machine", "NameSpace": "Microsoft.Policies.MSDT", "Supported": "Windows_10_0_RS6 - At least Windows Server 2016, Windows 10 Version 1903", "DisplayName": "Troubleshooting: Allow users to access recommended troubleshooting for known problems", "ExplainText": "This policy setting configures how troubleshooting for known problems can be applied on the device and lets administrators configure how it's applied to their domains/IT environments.\n\nNot configuring this policy setting will allow the user to configure how troubleshooting is applied.\n\nEnabling this policy allows you to configure how troubleshooting is applied on the user's device. You can select from one of the following values:\n0 = Do not allow users, system features, or Microsoft to apply troubleshooting.\n1 = Only automatically apply troubleshooting for critical problems by system features and Microsoft.\n2 = Automatically apply troubleshooting for critical problems by system features and Microsoft. Notify users when troubleshooting for other problems is available and allow users to choose to apply or ignore.\n3 = Automatically apply troubleshooting for critical and other problems by system features and Microsoft. Notify users when troubleshooting has solved a problem.\n4 = Automatically apply troubleshooting for critical and other problems by system features and Microsoft. Do not notify users when troubleshooting has solved a problem.\n5 = Allow the user to choose their own troubleshooting settings.\n\nAfter setting this policy, you can use the following instructions to check devices in your domain for available troubleshooting from Microsoft:\n1. Create a bat script with the following contents:\nrem The following batch script triggers Recommended Troubleshooting\nschtasks /run /TN \"\\Microsoft\\Windows\\Diagnosis\\RecommendedTroubleshootingScanner\"\n\n2. To create a new immediate task, navigate to the Group Policy Management Editor > Computer Configuration > Preferences and select Control Panel Settings.\n3. Under Control Panel settings, right-click on Scheduled Tasks and select New. Select Immediate Task (At least Windows 7).\n4. Provide name and description as appropriate, then under Security Options set the user account to System and select the Run with highest privileges checkbox.\n5. In the Actions tab, create a new action, select Start a Program as its type, then enter the file created in step 1.\n6. Configure the task to deploy to your domain.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Troubleshooting\\AllowRecommendations" ], "Elements": [ { "Type": "Enum", "ValueName": "TroubleshootingAllowRecommendations", "Items": [ { "DisplayName": "Do not allow users, system features, or Microsoft to apply troubleshooting.", "Data": "0" }, { "DisplayName": "Only automatically apply troubleshooting for critical problems by system features and Microsoft.", "Data": "1" }, { "DisplayName": "Automatically apply troubleshooting for critical problems by system features and Microsoft. Notify users when troubleshooting for other problems is available and allow users to choose to apply or ignore.", "Data": "2" }, { "DisplayName": "Automatically apply troubleshooting for critical and other problems by system features and Microsoft. Notify users when troubleshooting has solved a problem.", "Data": "3" }, { "DisplayName": "Automatically apply troubleshooting for critical and other problems by system features and Microsoft. Do not notify users when troubleshooting has solved a problem.", "Data": "4" }, { "DisplayName": "Allow the user to choose their own troubleshooting settings.", "Data": "5" } ] } ] }, { "File": "Msi-FileRecovery.admx", "CategoryName": "WdiScenarioCategory", "PolicyName": "WdiScenarioExecutionPolicy", "Class": "Machine", "NameSpace": "Microsoft.Policies.MSIFileRecovery", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Configure MSI Corrupted File Recovery behavior", "ExplainText": "This policy setting allows you to configure the recovery behavior for corrupted MSI files to one of three states:\n\nPrompt for Resolution: Detection, troubleshooting, and recovery of corrupted MSI applications will be turned on. Windows will prompt the user with a dialog box when application reinstallation is required. This is the default recovery behavior on Windows client.\n\nSilent: Detection, troubleshooting, and notification of MSI application to reinstall will occur with no UI. Windows will log an event when corruption is determined and will suggest the application that should be re-installed. This behavior is recommended for headless operation and is the default recovery behavior on Windows server.\n\nTroubleshooting Only: Detection and verification of file corruption will be performed without UI. Recovery is not attempted.\n\nIf you enable this policy setting, the recovery behavior for corrupted files is set to either the Prompt For Resolution (default on Windows client), Silent (default on Windows server), or Troubleshooting Only.\n\nIf you disable this policy setting, the troubleshooting and recovery behavior for corrupted files will be disabled. No troubleshooting or resolution will be attempted.\n\nIf you do not configure this policy setting, the recovery behavior for corrupted files will be set to the default recovery behavior.\n\nNo system or service restarts are required for changes to this policy setting to take immediate effect after a Group Policy refresh.\n\nNote: This policy setting will take effect only when the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, system file recovery will not be attempted. The DPS can be configured with the Services snap-in to the Microsoft Management Console.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WDI\\{54077489-683b-4762-86c8-02cf87a33423}" ], "ValueName": "ScenarioExecutionEnabled", "Elements": [ { "Type": "Enum", "ValueName": "EnabledScenarioExecutionLevel", "Items": [ { "DisplayName": "Troubleshooting Only", "Data": "1" }, { "DisplayName": "Prompt for Resolution", "Data": "2" }, { "DisplayName": "Silent", "Data": "3" } ], "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MSI.admx", "CategoryName": "MSI", "PolicyName": "AllowLockdownBrowse", "Class": "Machine", "NameSpace": "Microsoft.Policies.MSI", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Allow users to browse for source while elevated", "ExplainText": "This policy setting allows users to search for installation files during privileged installations.\n\nIf you enable this policy setting, the Browse button in the \"Use feature from\" dialog box is enabled. As a result, users can search for installation files even when the installation program is running with elevated system privileges.\n\nBecause the installation is running with elevated system privileges, users can browse through directories that their own permissions would not allow.\n\nThis policy setting does not affect installations that run in the user's security context. Also, see the \"Remove browse dialog box for new source\" policy setting.\n\nIf you disable or do not configure this policy setting, by default, only system administrators can browse during installations with elevated privileges, such as installations offered on the desktop or displayed in Add or Remove Programs.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Installer" ], "ValueName": "AllowLockdownBrowse", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MSI.admx", "CategoryName": "MSI", "PolicyName": "AllowLockdownMedia", "Class": "Machine", "NameSpace": "Microsoft.Policies.MSI", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Allow users to use media source while elevated", "ExplainText": "This policy setting allows users to install programs from removable media during privileged installations.\n\nIf you enable this policy setting, all users are permitted to install programs from removable media, such as floppy disks and CD-ROMs, even when the installation program is running with elevated system privileges.\n\nThis policy setting does not affect installations that run in the user's security context. By default, users can install from removable media when the installation runs in their own security context.\n\nIf you disable or do not configure this policy setting, by default, users can install programs from removable media only when the installation runs in the user's security context. During privileged installations, such as those offered on the desktop or displayed in Add or Remove Programs, only system administrators can install from removable media.\n\nAlso, see the \"Prevent removable media source for any install\" policy setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Installer" ], "ValueName": "AllowLockdownMedia", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MSI.admx", "CategoryName": "MSI", "PolicyName": "AllowLockdownPatch", "Class": "Machine", "NameSpace": "Microsoft.Policies.MSI", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Allow users to patch elevated products", "ExplainText": "This policy setting allows users to patch elevated products.\n\nIf you enable this policy setting, all users are permitted to install patches, even when the installation program is running with elevated system privileges. Patches are updates or upgrades that replace only those program files that have changed. Because patches can easily be vehicles for malicious programs, some installations prohibit their use.\n\nIf you disable or do not configure this policy setting, by default, only system administrators can apply patches during installations with elevated privileges, such as installations offered on the desktop or displayed in Add or Remove Programs.\n\nThis policy setting does not affect installations that run in the user's security context. By default, users can install patches to programs that run in their own security context. Also, see the \"Prohibit patching\" policy setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Installer" ], "ValueName": "AllowLockdownPatch", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MSI.admx", "CategoryName": "MSI", "PolicyName": "AlwaysInstallElevated", "Class": "Both", "NameSpace": "Microsoft.Policies.MSI", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Always install with elevated privileges", "ExplainText": "This policy setting directs Windows Installer to use elevated permissions when it installs any program on the system.\n\nIf you enable this policy setting, privileges are extended to all programs. These privileges are usually reserved for programs that have been assigned to the user (offered on the desktop), assigned to the computer (installed automatically), or made available in Add or Remove Programs in Control Panel. This profile setting lets users install programs that require access to directories that the user might not have permission to view or change, including directories on highly restricted computers.\n\nIf you disable or do not configure this policy setting, the system applies the current user's permissions when it installs programs that a system administrator does not distribute or offer.\n\nNote: This policy setting appears both in the Computer Configuration and User Configuration folders. To make this policy setting effective, you must enable it in both folders.\n\nCaution: Skilled users can take advantage of the permissions this policy setting grants to change their privileges and gain permanent access to restricted files and folders. Note that the User Configuration version of this policy setting is not guaranteed to be secure.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Installer", "HKCU\\Software\\Policies\\Microsoft\\Windows\\Installer" ], "ValueName": "AlwaysInstallElevated", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MSI.admx", "CategoryName": "MSI", "PolicyName": "DisableAutomaticApplicationShutdown", "Class": "Machine", "NameSpace": "Microsoft.Policies.MSI", "Supported": "MSI40 - Windows Installer v4.0", "DisplayName": "Prohibit use of Restart Manager", "ExplainText": "This policy setting controls Windows Installer's interaction with the Restart Manager. The Restart Manager API can eliminate or reduce the number of system restarts that are required to complete an installation or update.\n\nIf you enable this policy setting, you can use the options in the Prohibit Use of Restart Manager box to control file in use detection behavior.\n\n-- The \"Restart Manager On\" option instructs Windows Installer to use Restart Manager to detect files in use and mitigate a system restart, when possible.\n\n-- The \"Restart Manager Off\" option turns off Restart Manager for file in use detection and the legacy file in use behavior is used.\n\n-- The \"Restart Manager Off for Legacy App Setup\" option applies to packages that were created for Windows Installer versions lesser than 4.0. This option lets those packages display the legacy files in use UI while still using Restart Manager for detection.\n\nIf you disable or do not configure this policy setting, Windows Installer will use Restart Manager to detect files in use and mitigate a system restart, when possible.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Installer" ], "Elements": [ { "Type": "Enum", "ValueName": "DisableAutomaticApplicationShutdown", "Items": [ { "DisplayName": "Restart Manager On", "Data": "0" }, { "DisplayName": "Restart Manager Off", "Data": "1" }, { "DisplayName": "Restart Manager Off for Legacy App Setup", "Data": "2" } ], "Required": true } ] }, { "File": "MSI.admx", "CategoryName": "MSI", "PolicyName": "DisableBrowse", "Class": "Machine", "NameSpace": "Microsoft.Policies.MSI", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Remove browse dialog box for new source", "ExplainText": "This policy setting prevents users from searching for installation files when they add features or components to an installed program.\n\nIf you enable this policy setting, the Browse button beside the \"Use feature from\" list in the Windows Installer dialog box is disabled. As a result, users must select an installation file source from the \"Use features from\" list that the system administrator configures.\n\nThis policy setting applies even when the installation is running in the user's security context.\n\nIf you disable or do not configure this policy setting, the Browse button is enabled when an installation is running in the user's security context. But only system administrators can browse when an installation is running with elevated system privileges, such as installations offered on the desktop or in Add or Remove Programs.\n\nThis policy setting affects Windows Installer only. It does not prevent users from selecting other browsers, such as File Explorer or Network Locations, to search for installation files.\n\nAlso, see the \"Enable user to browse for source while elevated\" policy setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Installer" ], "ValueName": "DisableBrowse", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MSI.admx", "CategoryName": "MSI", "PolicyName": "DisableFlyweightPatching", "Class": "Machine", "NameSpace": "Microsoft.Policies.MSI", "Supported": "MSI30 - Windows Installer v3.0", "DisplayName": "Prohibit flyweight patching", "ExplainText": "This policy setting controls the ability to turn off all patch optimizations.\n\nIf you enable this policy setting, all Patch Optimization options are turned off during the installation.\n\nIf you disable or do not configure this policy setting, it enables faster application of patches by removing execution of unnecessary actions. The flyweight patching mode is primarily designed for patches that just update a few files or registry values. The Installer will analyze the patch for specific changes to determine if optimization is possible. If so, the patch will be applied using a minimal set of processing.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Installer" ], "Elements": [ { "Type": "Enum", "ValueName": "DisableFlyweightPatching", "Items": [ { "DisplayName": "Patch Optimization Off", "Data": "1" }, { "DisplayName": "Patch Optimization On", "Data": "0" } ], "Required": true } ] }, { "File": "MSI.admx", "CategoryName": "MSI", "PolicyName": "DisableLoggingFromPackage", "Class": "Machine", "NameSpace": "Microsoft.Policies.MSI", "Supported": "MSI40 - Windows Installer v4.0", "DisplayName": "Turn off logging via package settings", "ExplainText": "This policy setting controls Windows Installer's processing of the MsiLogging property. The MsiLogging property in an installation package can be used to enable automatic logging of all install operations for the package.\n\nIf you enable this policy setting, you can use the options in the Disable logging via package settings box to control automatic logging via package settings behavior.\n\n-- The \"Logging via package settings on\" option instructs Windows Installer to automatically generate log files for packages that include the MsiLogging property.\n\n-- The \"Logging via package settings off\" option turns off the automatic logging behavior when specified via the MsiLogging policy. Log files can still be generated using the logging command line switch or the Logging policy.\n\nIf you disable or do not configure this policy setting, Windows Installer will automatically generate log files for those packages that include the MsiLogging property.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Installer" ], "Elements": [ { "Type": "Enum", "ValueName": "DisableLoggingFromPackage", "Items": [ { "DisplayName": "Disable logging via package settings off", "Data": "1" }, { "DisplayName": "Disable logging via package settings on", "Data": "0" } ], "Required": true } ] }, { "File": "MSI.admx", "CategoryName": "MSI", "PolicyName": "DisableMedia", "Class": "User", "NameSpace": "Microsoft.Policies.MSI", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Prevent removable media source for any installation", "ExplainText": "This policy setting prevents users from installing any programs from removable media.\n\nIf you enable this policy setting, if a user tries to install a program from removable media, such as CD-ROMs, floppy disks, and DVDs, a message appears stating that the feature cannot be found.\n\nThis policy setting applies even when the installation is running in the user's security context.\n\nIf you disable or do not configure this policy setting, users can install from removable media when the installation is running in their own security context, but only system administrators can use removable media when an installation is running with elevated system privileges, such as installations offered on the desktop or in Add or Remove Programs.\n\nAlso, see the \"Enable user to use media source while elevated\" and \"Hide the 'Add a program from CD-ROM or floppy disk' option\" policy settings.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Installer" ], "ValueName": "DisableMedia", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MSI.admx", "CategoryName": "MSI", "PolicyName": "DisableMSI", "Class": "Machine", "NameSpace": "Microsoft.Policies.MSI", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Turn off Windows Installer", "ExplainText": "This policy setting restricts the use of Windows Installer.\n\nIf you enable this policy setting, you can prevent users from installing software on their systems or permit users to install only those programs offered by a system administrator. You can use the options in the Disable Windows Installer box to establish an installation setting.\n\n-- The \"Never\" option indicates Windows Installer is fully enabled. Users can install and upgrade software. This is the default behavior for Windows Installer on Windows 2000 Professional, Windows XP Professional and Windows Vista when the policy is not configured.\n\n-- The \"For non-managed applications only\" option permits users to install only those programs that a system administrator assigns (offers on the desktop) or publishes (adds them to Add or Remove Programs). This is the default behavior of Windows Installer on Windows Server 2003 family when the policy is not configured.\n\n-- The \"Always\" option indicates that Windows Installer is disabled.\n\nThis policy setting affects Windows Installer only. It does not prevent users from using other methods to install and upgrade programs.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Installer" ], "Elements": [ { "Type": "Enum", "ValueName": "DisableMSI", "Items": [ { "DisplayName": "Always", "Data": "2" }, { "DisplayName": "For non-managed applications only", "Data": "1" }, { "DisplayName": "Never", "Data": "0" } ], "Required": true } ] }, { "File": "MSI.admx", "CategoryName": "MSI", "PolicyName": "DisablePatch", "Class": "Machine", "NameSpace": "Microsoft.Policies.MSI", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Prevent users from using Windows Installer to install updates and upgrades", "ExplainText": "This policy setting prevents users from using Windows Installer to install patches.\n\nIf you enable this policy setting, users are prevented from using Windows Installer to install patches. Patches are updates or upgrades that replace only those program files that have changed. Because patches can be easy vehicles for malicious programs, some installations prohibit their use.\n\nNote: This policy setting applies only to installations that run in the user's security context.\n\nIf you disable or do not configure this policy setting, by default, users who are not system administrators cannot apply patches to installations that run with elevated system privileges, such as those offered on the desktop or in Add or Remove Programs.\n\nAlso, see the \"Enable user to patch elevated products\" policy setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Installer" ], "ValueName": "DisablePatch", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MSI.admx", "CategoryName": "MSI", "PolicyName": "DisableRollback_1", "Class": "User", "NameSpace": "Microsoft.Policies.MSI", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Prohibit rollback", "ExplainText": "This policy setting prohibits Windows Installer from generating and saving the files it needs to reverse an interrupted or unsuccessful installation.\n\nIf you enable this policy setting, Windows Installer is prevented from recording the original state of the system and sequence of changes it makes during installation. It also prevents Windows Installer from retaining files it intends to delete later. As a result, Windows Installer cannot restore the computer to its original state if the installation does not complete.\n\nThis policy setting is designed to reduce the amount of temporary disk space required to install programs. Also, it prevents malicious users from interrupting an installation to gather data about the internal state of the computer or to search secure system files. However, because an incomplete installation can render the system or a program inoperable, do not use this policy setting unless it is essential.\n\nThis policy setting appears in the Computer Configuration and User Configuration folders. If the policy setting is enabled in either folder, it is considered be enabled, even if it is explicitly disabled in the other folder.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Installer" ], "ValueName": "DisableRollback", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MSI.admx", "CategoryName": "MSI", "PolicyName": "DisableRollback_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.MSI", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Prohibit rollback", "ExplainText": "This policy setting prohibits Windows Installer from generating and saving the files it needs to reverse an interrupted or unsuccessful installation.\n\nIf you enable this policy setting, Windows Installer is prevented from recording the original state of the system and sequence of changes it makes during installation. It also prevents Windows Installer from retaining files it intends to delete later. As a result, Windows Installer cannot restore the computer to its original state if the installation does not complete.\n\nThis policy setting is designed to reduce the amount of temporary disk space required to install programs. Also, it prevents malicious users from interrupting an installation to gather data about the internal state of the computer or to search secure system files. However, because an incomplete installation can render the system or a program inoperable, do not use this policy setting unless it is essential.\n\nThis policy setting appears in the Computer Configuration and User Configuration folders. If the policy setting is enabled in either folder, it is considered be enabled, even if it is explicitly disabled in the other folder.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Installer" ], "ValueName": "DisableRollback", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MSI.admx", "CategoryName": "MSI", "PolicyName": "EnableUserControl", "Class": "Machine", "NameSpace": "Microsoft.Policies.MSI", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Allow user control over installs", "ExplainText": "This policy setting permits users to change installation options that typically are available only to system administrators.\n\nIf you enable this policy setting, some of the security features of Windows Installer are bypassed. It permits installations to complete that otherwise would be halted due to a security violation.\n\nIf you disable or do not configure this policy setting, the security features of Windows Installer prevent users from changing installation options typically reserved for system administrators, such as specifying the directory to which files are installed.\n\nIf Windows Installer detects that an installation package has permitted the user to change a protected option, it stops the installation and displays a message. These security features operate only when the installation program is running in a privileged security context in which it has access to directories denied to the user.\n\nThis policy setting is designed for less restrictive environments. It can be used to circumvent errors in an installation program that prevents software from being installed.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Installer" ], "ValueName": "EnableUserControl", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MSI.admx", "CategoryName": "MSI", "PolicyName": "MSI_DisableLUAPatching", "Class": "Machine", "NameSpace": "Microsoft.Policies.MSI", "Supported": "MSI30 - Windows Installer v3.0", "DisplayName": "Prohibit non-administrators from applying vendor signed updates", "ExplainText": "This policy setting controls the ability of non-administrators to install updates that have been digitally signed by the application vendor.\n\nNon-administrator updates provide a mechanism for the author of an application to create digitally signed updates that can be applied by non-privileged users.\n\nIf you enable this policy setting, only administrators or users with administrative privileges can apply updates to Windows Installer based applications.\n\nIf you disable or do not configure this policy setting, users without administrative privileges can install non-administrator updates.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Installer" ], "ValueName": "DisableLUAPatching", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MSI.admx", "CategoryName": "MSI", "PolicyName": "MSI_DisablePatchUninstall", "Class": "Machine", "NameSpace": "Microsoft.Policies.MSI", "Supported": "MSI30 - Windows Installer v3.0", "DisplayName": "Prohibit removal of updates", "ExplainText": "This policy setting controls the ability for users or administrators to remove Windows Installer based updates.\n\nThis policy setting should be used if you need to maintain a tight control over updates. One example is a lockdown environment where you want to ensure that updates once installed cannot be removed by users or administrators.\n\nIf you enable this policy setting, updates cannot be removed from the computer by a user or an administrator. The Windows Installer can still remove an update that is no longer applicable to the product.\n\nIf you disable or do not configure this policy setting, a user can remove an update from the computer only if the user has been granted privileges to remove the update. This can depend on whether the user is an administrator, whether \"Disable Windows Installer\" and \"Always install with elevated privileges\" policy settings are set, and whether the update was installed in a per-user managed, per-user unmanaged, or per-machine context.\"", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Installer" ], "ValueName": "DisablePatchUninstall", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MSI.admx", "CategoryName": "MSI", "PolicyName": "MSI_DisableSRCheckPoints", "Class": "Machine", "NameSpace": "Microsoft.Policies.MSI", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Turn off creation of System Restore checkpoints", "ExplainText": "This policy setting prevents Windows Installer from creating a System Restore checkpoint each time an application is installed. System Restore enables users, in the event of a problem, to restore their computers to a previous state without losing personal data files.\n\nIf you enable this policy setting, the Windows Installer does not generate System Restore checkpoints when installing applications.\n\nIf you disable or do not configure this policy setting, by default, the Windows Installer automatically creates a System Restore checkpoint each time an application is installed, so that users can restore their computer to the state it was in before installing the application.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Installer" ], "ValueName": "LimitSystemRestoreCheckpointing", "Elements": [] }, { "File": "MSI.admx", "CategoryName": "MSI", "PolicyName": "MSI_DisableUserInstalls", "Class": "Machine", "NameSpace": "Microsoft.Policies.MSI", "Supported": "MSI15 - Microsoft Windows XP or Windows 2000 with Windows Installer v2.0", "DisplayName": "Prohibit User Installs", "ExplainText": "This policy setting allows you to configure user installs. To configure this policy setting, set it to enabled and use the drop-down list to select the behavior you want.\n\nIf you do not configure this policy setting, or if the policy setting is enabled and \"Allow User Installs\" is selected, the installer allows and makes use of products that are installed per user, and products that are installed per computer. If the installer finds a per-user install of an application, this hides a per-computer installation of that same product.\n\nIf you enable this policy setting and \"Hide User Installs\" is selected, the installer ignores per-user applications. This causes a per-computer installed application to be visible to users, even if those users have a per-user install of the product registered in their user profile.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Installer" ], "Elements": [ { "Type": "Enum", "ValueName": "DisableUserInstalls", "Items": [ { "DisplayName": "Allow User Installs", "Data": "0" }, { "DisplayName": "Hide User Installs", "Data": "1" } ], "Required": true } ] }, { "File": "MSI.admx", "CategoryName": "MSI", "PolicyName": "MSI_EnforceUpgradeComponentRules", "Class": "Machine", "NameSpace": "Microsoft.Policies.MSI", "Supported": "MSI30 - Windows Installer v3.0", "DisplayName": "Enforce upgrade component rules", "ExplainText": "This policy setting causes the Windows Installer to enforce strict rules for component upgrades.\n\nIf you enable this policy setting, strict upgrade rules will be enforced by the Windows Installer which may cause some upgrades to fail. Upgrades can fail if they attempt to do one of the following:\n\n(1) Remove a component from a feature.\nThis can also occur if you change the GUID of a component. The component identified by the original GUID appears to be removed and the component as identified by the new GUID appears as a new component.\n\n(2) Add a new feature to the top or middle of an existing feature tree.\nThe new feature must be added as a new leaf feature to an existing feature tree.\n\nIf you disable or do not configure this policy setting, the Windows Installer will use less restrictive rules for component upgrades.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Installer" ], "ValueName": "EnforceUpgradeComponentRules", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MSI.admx", "CategoryName": "MSI", "PolicyName": "MSI_MaxPatchCacheSize", "Class": "Machine", "NameSpace": "Microsoft.Policies.MSI", "Supported": "MSI30 - Windows Installer v3.0", "DisplayName": "Control maximum size of baseline file cache", "ExplainText": "This policy controls the percentage of disk space available to the Windows Installer baseline file cache.\n\nThe Windows Installer uses the baseline file cache to save baseline files modified by binary delta difference updates. The cache is used to retrieve the baseline file for future updates. The cache eliminates user prompts for source media when new updates are applied.\n\nIf you enable this policy setting you can modify the maximum size of the Windows Installer baseline file cache.\n\nIf you set the baseline cache size to 0, the Windows Installer will stop populating the baseline cache for new updates. The existing cached files will remain on disk and will be deleted when the product is removed.\n\nIf you set the baseline cache to 100, the Windows Installer will use available free space for the baseline file cache.\n\nIf you disable or do not configure this policy setting, the Windows Installer will uses a default value of 10 percent for the baseline file cache maximum size.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Installer" ], "Elements": [ { "Type": "Decimal", "ValueName": "MaxPatchCacheSize", "MinValue": "0", "MaxValue": "100" } ] }, { "File": "MSI.admx", "CategoryName": "MSI", "PolicyName": "MSILogging", "Class": "Machine", "NameSpace": "Microsoft.Policies.MSI", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Specify the types of events Windows Installer records in its transaction log", "ExplainText": "Specifies the types of events that Windows Installer records in its transaction log for each installation. The log, Msi.log, appears in the Temp directory of the system volume.\n\nWhen you enable this policy setting, you can specify the types of events you want Windows Installer to record. To indicate that an event type is recorded, type the letter representing the event type. You can type the letters in any order and list as many or as few event types as you want.\n\nTo disable logging, delete all of the letters from the box.\n\nIf you disable or do not configure this policy setting, Windows Installer logs the default event types, represented by the letters \"iweap.\"", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Installer" ], "Elements": [ { "Type": "Text", "ValueName": "Logging" } ] }, { "File": "MSI.admx", "CategoryName": "MSI", "PolicyName": "SafeForScripting", "Class": "Machine", "NameSpace": "Microsoft.Policies.MSI", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Prevent Internet Explorer security prompt for Windows Installer scripts", "ExplainText": "This policy setting allows Web-based programs to install software on the computer without notifying the user.\n\nIf you disable or do not configure this policy setting, by default, when a script hosted by an Internet browser tries to install a program on the system, the system warns users and allows them to select or refuse the installation.\n\nIf you enable this policy setting, the warning is suppressed and allows the installation to proceed.\n\nThis policy setting is designed for enterprises that use Web-based tools to distribute programs to their employees. However, because this policy setting can pose a security risk, it should be applied cautiously.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Installer" ], "ValueName": "SafeForScripting", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MSI.admx", "CategoryName": "MSI", "PolicyName": "SearchOrder", "Class": "User", "NameSpace": "Microsoft.Policies.MSI", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Specify the order in which Windows Installer searches for installation files", "ExplainText": "This policy setting specifies the order in which Windows Installer searches for installation files.\n\nIf you disable or do not configure this policy setting, by default, the Windows Installer searches the network first, then removable media (floppy drive, CD-ROM, or DVD), and finally, the Internet (URL).\n\nIf you enable this policy setting, you can change the search order by specifying the letters representing each file source in the order that you want Windows Installer to search:\n\n-- \"n\" represents the network;\n\n-- \"m\" represents media;\n\n-- \"u\" represents URL, or the Internet.\n\nTo exclude a file source, omit or delete the letter representing that source type.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Installer" ], "Elements": [ { "Type": "Text", "ValueName": "SearchOrder" } ] }, { "File": "MSI.admx", "CategoryName": "MSI", "PolicyName": "TransformsSecure", "Class": "Machine", "NameSpace": "Microsoft.Policies.MSI", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Save copies of transform files in a secure location on workstation", "ExplainText": "This policy setting saves copies of transform files in a secure location on the local computer.\n\nTransform files consist of instructions to modify or customize a program during installation.\n\nIf you enable this policy setting, the transform file is saved in a secure location on the user's computer.\n\nIf you do not configure this policy setting on Windows Server 2003, Windows Installer requires the transform file in order to repeat an installation in which the transform file was used, therefore, the user must be using the same computer or be connected to the original or identical media to reinstall, remove, or repair the installation.\n\nThis policy setting is designed for enterprises to prevent unauthorized or malicious editing of transform files.\n\nIf you disable this policy setting, Windows Installer stores transform files in the Application Data directory in the user's profile.\n\nIf you do not configure this policy setting on Windows 2000 Professional, Windows XP Professional and Windows Vista, when a user reinstalls, removes, or repairs an installation, the transform file is available, even if the user is on a different computer or is not connected to the network.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Installer" ], "ValueName": "TransformsSecure", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MSI.admx", "CategoryName": "MSI", "PolicyName": "DisableSharedComponent", "Class": "Machine", "NameSpace": "Microsoft.Policies.MSI", "Supported": "MSI45 - Windows Installer v4.5", "DisplayName": "Turn off shared components", "ExplainText": "This policy setting controls the ability to turn off shared components.\n\nIf you enable this policy setting, no packages on the system get the shared component functionality enabled by the msidbComponentAttributesShared attribute in the Component Table.\n\nIf you disable or do not configure this policy setting, by default, the shared component functionality is allowed.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Installer" ], "ValueName": "DisableSharedComponent", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "MSI.admx", "CategoryName": "MSI", "PolicyName": "MsiDisableEmbeddedUI", "Class": "Machine", "NameSpace": "Microsoft.Policies.MSI", "Supported": "MSI45 - Windows Installer v4.5", "DisplayName": "Prevent embedded UI", "ExplainText": "This policy setting controls the ability to prevent embedded UI.\n\nIf you enable this policy setting, no packages on the system can run embedded UI.\n\nIf you disable or do not configure this policy setting, embedded UI is allowed to run.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Installer" ], "ValueName": "MsiDisableEmbeddedUI", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Multitasking.admx", "CategoryName": "MULTITASKING", "PolicyName": "BrowserAltTabBlowout", "Class": "User", "NameSpace": "Microsoft.Policies.Multitasking", "Supported": "Windows_10_0_RS7 - At least Windows Server 2016, Windows 10 Version 1909", "DisplayName": "Configure the inclusion of app tabs into Alt-Tab", "ExplainText": "This setting controls the inclusion of app tabs into Alt+Tab.\n\nThis can be set to show the most recent 3, 5 or 20 tabs, or no tabs from apps.\n\nIf this is set to show \"Open windows only\", the whole feature will be disabled.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "Elements": [ { "Type": "Enum", "ValueName": "MultiTaskingAltTabFilter", "Items": [ { "DisplayName": "Open windows and 20 most recent tabs in apps", "Data": "1" }, { "DisplayName": "Open windows and 5 most recent tabs in apps", "Data": "2" }, { "DisplayName": "Open windows and 3 most recent tabs in apps", "Data": "3" }, { "DisplayName": "Open windows only", "Data": "4" } ], "Required": true } ] }, { "File": "nca.admx", "CategoryName": "NetworkConnectivityAssistant", "PolicyName": "SupportEmail", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetworkConnectivityAssistant", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Support Email Address", "ExplainText": "Specifies the e-mail address to be used when sending the log files that are generated by NCA to the network administrator.\n\nWhen the user sends the log files to the Administrator, NCA uses the default e-mail client to open a new message with the support email address in the To: field of the message, then attaches the generated log files as a .html file. The user can review the message and add additional information before sending the message.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\NetworkConnectivityAssistant" ], "Elements": [ { "Type": "Text", "ValueName": "SupportEmail", "Required": true, "MaxLength": "50", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\NetworkConnectivityAssistant" ] } ] }, { "File": "nca.admx", "CategoryName": "NetworkConnectivityAssistant", "PolicyName": "FriendlyName", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetworkConnectivityAssistant", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Friendly Name", "ExplainText": "Specifies the string that appears for DirectAccess connectivity when the user clicks the Networking notification area icon. For example, you can specify \"Contoso Intranet Access\" for the DirectAccess clients of the Contoso Corporation.\n\nIf this setting is not configured, the string that appears for DirectAccess connectivity is \"Corporate Connection\".", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\NetworkConnectivityAssistant" ], "Elements": [ { "Type": "Text", "ValueName": "FriendlyName", "Required": true, "MaxLength": "50", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\NetworkConnectivityAssistant" ] } ] }, { "File": "nca.admx", "CategoryName": "NetworkConnectivityAssistant", "PolicyName": "ShowUI", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetworkConnectivityAssistant", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "User Interface", "ExplainText": "Specifies whether an entry for DirectAccess connectivity appears when the user clicks the Networking notification area icon.\n\nSet this to Disabled to prevent user confusion when you are just using DirectAccess to remotely manage DirectAccess client computers from your intranet and not providing seamless intranet access.\n\nIf this setting is not configured, the entry for DirectAccess connectivity appears.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\NetworkConnectivityAssistant" ], "ValueName": "ShowUI", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "nca.admx", "CategoryName": "NetworkConnectivityAssistant", "PolicyName": "LocalNamesOn", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetworkConnectivityAssistant", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Prefer Local Names Allowed", "ExplainText": "Specifies whether the user has Connect and Disconnect options for the DirectAccess entry when the user clicks the Networking notification area icon.\n\nIf the user clicks the Disconnect option, NCA removes the DirectAccess rules from the Name Resolution Policy Table (NRPT) and the DirectAccess client computer uses whatever normal name resolution is available to the client computer in its current network configuration, including sending all DNS queries to the local intranet or Internet DNS servers. Note that NCA does not remove the existing IPsec tunnels and users can still access intranet resources across the DirectAccess server by specifying IPv6 addresses rather than names.\n\nThe ability to disconnect allows users to specify single-label, unqualified names (such as \"PRINTSVR\") for local resources when connected to a different intranet and for temporary access to intranet resources when network location detection has not correctly determined that the DirectAccess client computer is connected to its own intranet.\n\nTo restore the DirectAccess rules to the NRPT and resume normal DirectAccess functionality, the user clicks Connect.\n\nNote\nIf the DirectAccess client computer is on the intranet and has correctly determined its network location, the Disconnect option has no effect because the rules for DirectAccess are already removed from the NRPT.\n\nIf this setting is not configured, users do not have Connect or Disconnect options.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\NetworkConnectivityAssistant" ], "ValueName": "NamePreferenceAllowed", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "nca.admx", "CategoryName": "NetworkConnectivityAssistant", "PolicyName": "PassiveMode", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetworkConnectivityAssistant", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "DirectAccess Passive Mode", "ExplainText": "Specifies whether NCA service runs in Passive Mode or not.\n\nSet this to Disabled to keep NCA probing actively all the time. If this setting is not configured, NCA probing is in active mode by default.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\NetworkConnectivityAssistant" ], "ValueName": "PassiveMode", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "nca.admx", "CategoryName": "NetworkConnectivityAssistant", "PolicyName": "CorporateResources", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetworkConnectivityAssistant", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Corporate Resources", "ExplainText": "Specifies resources on your intranet that are normally accessible to DirectAccess clients. Each entry is a string that identifies the type of resource and the location of the resource.\n\nEach string can be one of the following types:\n\n- A DNS name or IPv6 address that NCA pings. The syntax is \"PING:\" followed by a fully qualified domain name (FQDN) that resolves to an IPv6 address, or an IPv6 address. Examples: PING:myserver.corp.contoso.com or PING:2002:836b:1::1.\n\nNote\n\nWe recommend that you use FQDNs instead of IPv6 addresses wherever possible.\n\nImportant\n\nAt least one of the entries must be a PING: resource.\n\n- A Uniform Resource Locator (URL) that NCA queries with a Hypertext Transfer Protocol (HTTP) request. The contents of the web page do not matter. The syntax is \"HTTP:\" followed by a URL. The host portion of the URL must resolve to an IPv6 address of a Web server or contain an IPv6 address. Examples: HTTP:http://myserver.corp.contoso.com/ or HTTP:http://2002:836b:1::1/.\n\n- A Universal Naming Convention (UNC) path to a file that NCA checks for existence. The contents of the file do not matter. The syntax is \"FILE:\" followed by a UNC path. The ComputerName portion of the UNC path must resolve to an IPv6 address or contain an IPv6 address. Examples: FILE:\\\\myserver\\myshare\\test.txt or FILE:\\\\2002:836b:1::1\\myshare\\test.txt.\n\nYou must configure this setting to have complete NCA functionality.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\NetworkConnectivityAssistant" ], "Elements": [ { "Type": "List", "ValueName": "Probe", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\NetworkConnectivityAssistant\\Probes" ] } ] }, { "File": "nca.admx", "CategoryName": "NetworkConnectivityAssistant", "PolicyName": "DTEs", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetworkConnectivityAssistant", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "IPsec Tunnel Endpoints", "ExplainText": "Specifies the IPv6 addresses of the endpoints of the Internet Protocol security (IPsec) tunnels that enable DirectAccess. NCA attempts to access the resources that are specified in the Corporate Resources setting through these configured tunnel endpoints.\n\nBy default, NCA uses the same DirectAccess server that the DirectAccess client computer connection is using. In default configurations of DirectAccess, there are typically two IPsec tunnel endpoints: one for the infrastructure tunnel and one for the intranet tunnel. You should configure one endpoint for each tunnel.\n\nEach entry consists of the text PING: followed by the IPv6 address of an IPsec tunnel endpoint. Example: PING:2002:836b:1::836b:1.\n\nYou must configure this setting to have complete NCA functionality.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\NetworkConnectivityAssistant\\DTEs" ], "Elements": [ { "Type": "List", "ValueName": "DTE", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\NetworkConnectivityAssistant\\DTEs" ] } ] }, { "File": "nca.admx", "CategoryName": "NetworkConnectivityAssistant", "PolicyName": "CustomCommands", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetworkConnectivityAssistant", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Custom Commands", "ExplainText": "Specifies commands configured by the administrator for custom logging. These commands will run in addition to default log commands.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\NetworkConnectivityAssistant\\CustomCommands" ], "Elements": [ { "Type": "List", "ValueName": "CustomCommand", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\NetworkConnectivityAssistant\\CustomCommands" ] } ] }, { "File": "NCSI.admx", "CategoryName": "NCSI_Category", "PolicyName": "NCSI_CorpWebProbeUrl", "Class": "Machine", "NameSpace": "Microsoft.Policies.NCSI", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Specify corporate Website probe URL", "ExplainText": "This policy setting enables you to specify the URL of the corporate website, against which an active probe is performed.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\NetworkConnectivityStatusIndicator\\CorporateConnectivity" ], "Elements": [ { "Type": "Text", "ValueName": "WebProbeUrl", "Required": true } ] }, { "File": "NCSI.admx", "CategoryName": "NCSI_Category", "PolicyName": "NCSI_CorpDnsProbeHost", "Class": "Machine", "NameSpace": "Microsoft.Policies.NCSI", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Specify corporate DNS probe host name", "ExplainText": "This policy setting enables you to specify the host name of a computer known to be on the corporate network. Successful resolution of this host name to the expected address indicates corporate connectivity.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\NetworkConnectivityStatusIndicator\\CorporateConnectivity" ], "Elements": [ { "Type": "Text", "ValueName": "DnsProbeHost", "Required": true } ] }, { "File": "NCSI.admx", "CategoryName": "NCSI_Category", "PolicyName": "NCSI_CorpDnsProbeContent", "Class": "Machine", "NameSpace": "Microsoft.Policies.NCSI", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Specify corporate DNS probe host address", "ExplainText": "This policy setting enables you to specify the expected address of the host name used for the DNS probe. Successful resolution of the host name to this address indicates corporate connectivity.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\NetworkConnectivityStatusIndicator\\CorporateConnectivity" ], "Elements": [ { "Type": "Text", "ValueName": "DnsProbeContent", "Required": true } ] }, { "File": "NCSI.admx", "CategoryName": "NCSI_Category", "PolicyName": "NCSI_CorpSitePrefixes", "Class": "Machine", "NameSpace": "Microsoft.Policies.NCSI", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Specify corporate site prefix list", "ExplainText": "This policy setting enables you to specify the list of IPv6 corporate site prefixes to monitor for corporate connectivity. Reachability of addresses with any of these prefixes indicates corporate connectivity.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\NetworkConnectivityStatusIndicator\\CorporateConnectivity" ], "Elements": [ { "Type": "Text", "ValueName": "SitePrefixes", "Required": true } ] }, { "File": "NCSI.admx", "CategoryName": "NCSI_Category", "PolicyName": "NCSI_DomainLocationDeterminationUrl", "Class": "Machine", "NameSpace": "Microsoft.Policies.NCSI", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Specify domain location determination URL", "ExplainText": "This policy setting enables you to specify the HTTPS URL of the corporate website that clients use to determine the current domain location (i.e. whether the computer is inside or outside the corporate network). Reachability of the URL destination indicates that the client location is inside corporate network; otherwise it is outside the network.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\NetworkConnectivityStatusIndicator\\CorporateConnectivity" ], "Elements": [ { "Type": "Text", "ValueName": "DomainLocationDeterminationUrl", "Required": true } ] }, { "File": "NCSI.admx", "CategoryName": "NCSI_Category", "PolicyName": "NCSI_PassivePolling", "Class": "Machine", "NameSpace": "Microsoft.Policies.NCSI", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Specify passive polling", "ExplainText": "This Policy setting enables you to specify passive polling behavior. NCSI polls various measurements throughout the network stack on a frequent interval to determine if network connectivity has been lost. Use the options to control the passive polling behavior.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\NetworkConnectivityStatusIndicator" ], "Elements": [ { "Type": "Boolean", "ValueName": "DisablePassivePolling", "TrueValue": "1", "FalseValue": "0", "Required": false } ] }, { "File": "NCSI.admx", "CategoryName": "NCSI_Category", "PolicyName": "NCSI_GlobalDns", "Class": "Machine", "NameSpace": "Microsoft.Policies.NCSI", "Supported": "Windows_10_0_RS3 - At least Windows Server 2016, Windows 10 Version 1709", "DisplayName": "Specify global DNS", "ExplainText": "This policy setting enables you to specify DNS binding behavior. NCSI by default will restrict DNS lookups to the interface it is currently probing on. If you enable this setting, NCSI will allow the DNS lookups to happen on any interface.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\NetworkConnectivityStatusIndicator" ], "Elements": [ { "Type": "Boolean", "ValueName": "UseGlobalDns", "TrueValue": "1", "FalseValue": "0", "Required": false } ] }, { "File": "Netlogon.admx", "CategoryName": "Netlogon", "PolicyName": "Netlogon_AvoidPdcOnWan", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetLogon", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Contact PDC on logon failure", "ExplainText": "This policy setting defines whether a domain controller (DC) should attempt to verify the password provided by a client with the PDC emulator if the DC failed to validate the password.\n\nContacting the PDC emulator is useful in case the client\u2019s password was recently changed and did not propagate to the DC yet. Users may want to disable this feature if the PDC emulator is located over a slow WAN connection.\n\nIf you enable this policy setting, the DCs to which this policy setting applies will attempt to verify a password with the PDC emulator if the DC fails to validate the password.\n\nIf you disable this policy setting, the DCs will not attempt to verify any passwords with the PDC emulator.\n\nIf you do not configure this policy setting, it is not applied to any DCs.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Netlogon\\Parameters" ], "ValueName": "AvoidPdcOnWan", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "Netlogon.admx", "CategoryName": "Netlogon", "PolicyName": "Netlogon_BackgroundRetryInitialPeriod", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetLogon", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Use initial DC discovery retry setting for background callers", "ExplainText": "This policy setting determines the amount of time (in seconds) to wait before the first retry for applications that perform periodic searches for domain controllers (DC) that are unable to find a DC.\n\nThe default value for this setting is 10 minutes (10*60). The maximum value for this setting is 49 days (0x49*24*60*60=4233600). The minimum value for this setting is 0.\n\nThis setting is relevant only to those callers of DsGetDcName that have specified the DS_BACKGROUND_ONLY flag.\n\nIf the value of this setting is less than the value specified in the NegativeCachePeriod subkey, the value in the NegativeCachePeriod subkey is used.\n\nWarning: If the value for this setting is too large, a client will not attempt to find any DCs that were initially unavailable. If the value set in this setting is very small and the DC is not available, the traffic caused by periodic DC discoveries may be excessive.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Netlogon\\Parameters" ], "Elements": [ { "Type": "Decimal", "ValueName": "BackgroundRetryInitialPeriod", "MinValue": "0", "MaxValue": "4233600" } ] }, { "File": "Netlogon.admx", "CategoryName": "Netlogon", "PolicyName": "Netlogon_BackgroundRetryMaximumPeriod", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetLogon", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Use maximum DC discovery retry interval setting for background callers", "ExplainText": "This policy setting determines the maximum retry interval allowed when applications performing periodic searches for Domain Controllers (DCs) are unable to find a DC.\n\nFor example, the retry intervals may be set at 10 minutes, then 20 minutes and then 40 minutes, but when the interval reaches the value set in this setting, that value becomes the retry interval for all subsequent retries until the value set in Final DC Discovery Retry Setting is reached.\n\nThe default value for this setting is 60 minutes (60*60). The maximum value for this setting is 49 days (0x49*24*60*60=4233600). The minimum value for this setting is 0.\n\nIf the value for this setting is smaller than the value specified for the Initial DC Discovery Retry Setting, the Initial DC Discovery Retry Setting is used.\n\nWarning: If the value for this setting is too large, a client may take very long periods to try to find a DC.\n\nIf the value for this setting is too small and the DC is not available, the frequent retries may produce excessive network traffic.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Netlogon\\Parameters" ], "Elements": [ { "Type": "Decimal", "ValueName": "BackgroundRetryMaximumPeriod", "MinValue": "0", "MaxValue": "4233600" } ] }, { "File": "Netlogon.admx", "CategoryName": "Netlogon", "PolicyName": "Netlogon_BackgroundRetryQuitTime", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetLogon", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Use final DC discovery retry setting for background callers", "ExplainText": "This policy setting determines when retries are no longer allowed for applications that perform periodic searches for domain controllers (DC) are unable to find a DC. For example, retires may be set to occur according to the Use maximum DC discovery retry interval policy setting, but when the value set in this policy setting is reached, no more retries occur. If a value for this policy setting is smaller than the value in the Use maximum DC discovery retry interval policy setting, the value for Use maximum DC discovery retry interval policy setting is used.\n\nThe default value for this setting is to not quit retrying (0). The maximum value for this setting is 49 days (0x49*24*60*60=4233600). The minimum value for this setting is 0.\n\nWarning: If the value for this setting is too small, a client will stop trying to find a DC too soon.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Netlogon\\Parameters" ], "Elements": [ { "Type": "Decimal", "ValueName": "BackgroundRetryQuitTime", "MinValue": "0", "MaxValue": "4233600" } ] }, { "File": "Netlogon.admx", "CategoryName": "Netlogon", "PolicyName": "Netlogon_BackgroundSuccessfulRefreshPeriod", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetLogon", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Use positive periodic DC cache refresh for background callers", "ExplainText": "This policy setting determines when a successful DC cache entry is refreshed. This policy setting is applied to caller programs that periodically attempt to locate DCs, and it is applied before returning the DC information to the caller program. The default value for this setting is infinite (4294967200). The maximum value for this setting is (4294967200), while the maximum that is not treated as infinity is 49 days (49*24*60*60=4233600). Any larger value is treated as infinity. The minimum value for this setting is to always refresh (0).", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Netlogon\\Parameters" ], "Elements": [ { "Type": "Decimal", "ValueName": "BackgroundSuccessfulRefreshPeriod", "MinValue": "0", "MaxValue": "4294967200" } ] }, { "File": "Netlogon.admx", "CategoryName": "Netlogon", "PolicyName": "Netlogon_DebugFlag", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetLogon", "Supported": "WindowsNET - At least Windows Server 2003", "DisplayName": "Specify log file debug output level", "ExplainText": "This policy setting specifies the level of debug output for the Net Logon service.\n\nThe Net Logon service outputs debug information to the log file netlogon.log in the directory %windir%\\debug. By default, no debug information is logged.\n\nIf you enable this policy setting and specify a non-zero value, debug information will be logged to the file. Higher values result in more verbose logging; the value of 536936447 is commonly used as an optimal setting.\n\nIf you specify zero for this policy setting, the default behavior occurs as described above.\n\nIf you disable this policy setting or do not configure it, the default behavior occurs as described above.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Netlogon\\Parameters" ], "Elements": [ { "Type": "Decimal", "ValueName": "dbFlag", "MinValue": "0", "MaxValue": "4294967295", "Required": true } ] }, { "File": "Netlogon.admx", "CategoryName": "Netlogon", "PolicyName": "Netlogon_ExpectedDialupDelay", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetLogon", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Specify expected dial-up delay on logon", "ExplainText": "This policy setting specifies the additional time for the computer to wait for the domain controller\u2019s (DC) response when logging on to the network.\n\nTo specify the expected dial-up delay at logon, click Enabled, and then enter the desired value in seconds (for example, the value \"60\" is 1 minute).\n\nIf you do not configure this policy setting, it is not applied to any computers, and computers use their local configuration.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Netlogon\\Parameters" ], "Elements": [ { "Type": "Decimal", "ValueName": "ExpectedDialupDelay", "MinValue": "0", "MaxValue": "600" } ] }, { "File": "Netlogon.admx", "CategoryName": "Netlogon", "PolicyName": "Netlogon_MaximumLogFileSize", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetLogon", "Supported": "WindowsNET - At least Windows Server 2003", "DisplayName": "Specify maximum log file size", "ExplainText": "This policy setting specifies the maximum size in bytes of the log file netlogon.log in the directory %windir%\\debug when logging is enabled.\n\nBy default, the maximum size of the log file is 20MB. If you enable this policy setting, the maximum size of the log file is set to the specified size. Once this size is reached the log file is saved to netlogon.bak and netlogon.log is truncated. A reasonable value based on available storage should be specified.\n\nIf you disable or do not configure this policy setting, the default behavior occurs as indicated above.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Netlogon\\Parameters" ], "Elements": [ { "Type": "Decimal", "ValueName": "MaximumLogFileSize", "MinValue": "0", "MaxValue": "4294967295", "Required": true } ] }, { "File": "Netlogon.admx", "CategoryName": "Netlogon", "PolicyName": "Netlogon_NegativeCachePeriod", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetLogon", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Specify negative DC Discovery cache setting", "ExplainText": "This policy setting specifies the amount of time (in seconds) the DC locator remembers that a domain controller (DC) could not be found in a domain. When a subsequent attempt to locate the DC occurs within the time set in this setting, DC Discovery immediately fails, without attempting to find the DC.\n\nThe default value for this setting is 45 seconds. The maximum value for this setting is 7 days (7*24*60*60). The minimum value for this setting is 0.\n\nWarning: If the value for this setting is too large, a client will not attempt to find any DCs that were initially unavailable. If the value for this setting is too small, clients will attempt to find DCs even when none are available.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Netlogon\\Parameters" ], "Elements": [ { "Type": "Decimal", "ValueName": "NegativeCachePeriod", "MinValue": "0", "MaxValue": "604800" } ] }, { "File": "Netlogon.admx", "CategoryName": "Netlogon", "PolicyName": "Netlogon_NetlogonShareCompatibilityMode", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetLogon", "Supported": "WindowsNET - At least Windows Server 2003", "DisplayName": "Set Netlogon share compatibility", "ExplainText": "This policy setting controls whether or not the Netlogon share created by the Net Logon service on a domain controller (DC) should support compatibility in file sharing semantics with earlier applications.\n\nIf you enable this policy setting, the Netlogon share will honor file sharing semantics that grant requests for exclusive read access to files on the share even when the caller has only read permission.\n\nIf you disable or do not configure this policy setting, the Netlogon share will grant shared read access to files on the share when exclusive access is requested and the caller has only read permission.\n\nBy default, the Netlogon share will grant shared read access to files on the share when exclusive access is requested.\n\nNote: The Netlogon share is a share created by the Net Logon service for use by client machines in the domain. The default behavior of the Netlogon share ensures that no application with only read permission to files on the Netlogon share can lock the files by requesting exclusive read access, which might prevent Group Policy settings from being updated on clients in the domain. When this setting is enabled, an application that relies on the ability to lock files on the Netlogon share with only read permission will be able to deny Group Policy clients from reading the files, and in general the availability of the Netlogon share on the domain will be decreased.\n\nIf you enable this policy setting, domain administrators should ensure that the only applications using the exclusive read capability in the domain are those approved by the administrator.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Netlogon\\Parameters" ], "ValueName": "AllowExclusiveScriptsShareAccess", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Netlogon.admx", "CategoryName": "Netlogon", "PolicyName": "Netlogon_NonBackgroundSuccessfulRefreshPeriod", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetLogon", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Specify positive periodic DC Cache refresh for non-background callers", "ExplainText": "This policy setting determines when a successful DC cache entry is refreshed. This policy setting is applied to caller programs that do not periodically attempt to locate DCs, and it is applied before the returning the DC information to the caller program. This policy setting is relevant to only those callers of DsGetDcName that have not specified the DS_BACKGROUND_ONLY flag.\n\nThe default value for this setting is 30 minutes (1800). The maximum value for this setting is (4294967200), while the maximum that is not treated as infinity is 49 days (49*24*60*60=4233600). Any larger value will be treated as infinity. The minimum value for this setting is to always refresh (0).", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Netlogon\\Parameters" ], "Elements": [ { "Type": "Decimal", "ValueName": "NonBackgroundSuccessfulRefreshPeriod", "MinValue": "0", "MaxValue": "4294967200" } ] }, { "File": "Netlogon.admx", "CategoryName": "Netlogon", "PolicyName": "Netlogon_ScavengeInterval", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetLogon", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Set scavenge interval", "ExplainText": "This policy setting determines the interval at which Netlogon performs the following scavenging operations:\n\n- Checks if a password on a secure channel needs to be modified, and modifies it if necessary.\n\n- On the domain controllers (DC), discovers a DC that has not been discovered.\n\n- On the PDC, attempts to add the [1B] NetBIOS name if it hasn\u2019t already been successfully added.\n\nNone of these operations are critical. 15 minutes is optimal in all but extreme cases. For instance, if a DC is separated from a trusted domain by an expensive (e.g., ISDN) line, this parameter might be adjusted upward to avoid frequent automatic discovery of DCs in a trusted domain.\n\nTo enable the setting, click Enabled, and then specify the interval in seconds.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Netlogon\\Parameters" ], "Elements": [ { "Type": "Decimal", "ValueName": "ScavengeInterval", "MinValue": "0", "MaxValue": "4294967200" } ] }, { "File": "Netlogon.admx", "CategoryName": "Netlogon", "PolicyName": "Netlogon_SiteName", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetLogon", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Specify site name", "ExplainText": "This policy setting specifies the Active Directory site to which computers belong.\n\nAn Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication.\n\nTo specify the site name for this setting, click Enabled, and then enter the site name. When the site to which a computer belongs is not specified, the computer automatically discovers its site from Active Directory.\n\nIf you do not configure this policy setting, it is not applied to any computers, and computers use their local configuration.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Netlogon\\Parameters" ], "Elements": [ { "Type": "Text", "ValueName": "SiteName", "Required": true } ] }, { "File": "Netlogon.admx", "CategoryName": "Netlogon", "PolicyName": "Netlogon_SysvolShareCompatibilityMode", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetLogon", "Supported": "WindowsNET - At least Windows Server 2003", "DisplayName": "Set SYSVOL share compatibility", "ExplainText": "This policy setting controls whether or not the SYSVOL share created by the Net Logon service on a domain controller (DC) should support compatibility in file sharing semantics with earlier applications.\n\nWhen this setting is enabled, the SYSVOL share will honor file sharing semantics that grant requests for exclusive read access to files on the share even when the caller has only read permission.\n\nWhen this setting is disabled or not configured, the SYSVOL share will grant shared read access to files on the share when exclusive access is requested and the caller has only read permission.\n\nBy default, the SYSVOL share will grant shared read access to files on the share when exclusive access is requested.\n\nNote: The SYSVOL share is a share created by the Net Logon service for use by Group Policy clients in the domain. The default behavior of the SYSVOL share ensures that no application with only read permission to files on the sysvol share can lock the files by requesting exclusive read access, which might prevent Group Policy settings from being updated on clients in the domain. When this setting is enabled, an application that relies on the ability to lock files on the SYSVOL share with only read permission will be able to deny Group Policy clients from reading the files, and in general the availability of the SYSVOL share on the domain will be decreased.\n\nIf you enable this policy setting, domain administrators should ensure that the only applications using the exclusive read capability in the domain are those approved by the administrator.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Netlogon\\Parameters" ], "ValueName": "AllowExclusiveSysvolShareAccess", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Netlogon.admx", "CategoryName": "Netlogon_DC_Locator_DNS_Records", "PolicyName": "Netlogon_AllowSingleLabelDnsDomain", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetLogon", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Use DNS name resolution with a single-label domain name instead of NetBIOS name resolution to locate the DC", "ExplainText": "This policy setting specifies whether the computers to which this setting is applied attempt DNS name resolution of a single-label domain names.\n\nBy default, the behavior specified in the AllowDnsSuffixSearch is used. If the AllowDnsSuffixSearch policy is disabled, then NetBIOS name resolution is used exclusively, to locate a domain controller hosting an Active Directory domain specified with a single-label name.\n\nIf you enable this policy setting, computers to which this policy is applied will attempt to locate a domain controller hosting an Active Directory domain specified with a single-label name using DNS name resolution.\n\nIf you disable this policy setting, computers to which this setting is applied will use the AllowDnsSuffixSearch policy, if it is not disabled or perform NetBIOS name resolution otherwise, to attempt to locate a domain controller that hosts an Active Directory domain specified with a single-label name. the computers will not the DNS name resolution in this case, unless the computer is searching for a domain with a single label DNS name that exists in the Active Directory forest to which this computer is joined.\n\nIf you do not configure this policy setting, it is not applied to any computers, and computers use their local configuration.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Netlogon\\Parameters" ], "ValueName": "AllowSingleLabelDnsDomain", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Netlogon.admx", "CategoryName": "Netlogon_DC_Locator_DNS_Records", "PolicyName": "Netlogon_AllowDnsSuffixSearch", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetLogon", "Supported": "Windows_6_3_NOARM - At least Windows Server 2012 R2 or Windows 8.1", "DisplayName": "Use DNS name resolution when a single-label domain name is used, by appending different registered DNS suffixes, if the AllowSingleLabelDnsDomain setting is not enabled.", "ExplainText": "This policy setting specifies whether the computers to which this setting is applied attemps DNS name resolution of single-lablel domain names, by appending different registered DNS suffixes, and uses NetBIOS name resolution only if DNS name resolution fails. This policy, including the specified default behavior, is not used if the AllowSingleLabelDnsDomain policy setting is enabled.\n\nBy default, when no setting is specified for this policy, the behavior is the same as explicitly enabling this policy, unless the AllowSingleLabelDnsDomain policy setting is enabled.\n\nIf you enable this policy setting, when the AllowSingleLabelDnsDomain policy is not enabled, computers to which this policy is applied, will locate a domain controller hosting an Active Directory domain specified with a single-label name, by appending different registered DNS suffixes to perform DNS name resolution. The single-label name is not used without appending DNS suffixes unless the computer is joined to a domain that has a single-label DNS name in the Active Directory forest. NetBIOS name resolution is performed on the single-label name only, in the event that DNS resolution fails.\n\nIf you disable this policy setting, when the AllowSingleLabelDnsDomain policy is not enabled, computers to which this policy is applied, will only use NetBIOS name resolution to attempt to locate a domain controller hosting an Active Directory domain specified with a single-label name. The computers will not attempt DNS name resolution in this case, unless the computer is searching for a domain with a single label DNS name to which this computer is joined, in the Active Directory forest.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Netlogon\\Parameters" ], "ValueName": "AllowDnsSuffixSearch", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Netlogon.admx", "CategoryName": "Netlogon_DC_Locator_DNS_Records", "PolicyName": "Netlogon_AutoSiteCoverage", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetLogon", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Use automated site coverage by the DC Locator DNS SRV Records", "ExplainText": "This policy setting determines whether domain controllers (DC) will dynamically register DC Locator site-specific SRV records for the closest sites where no DC for the same domain exists (or no Global Catalog for the same forest exists). These DNS records are dynamically registered by the Net Logon service, and they are used to locate the DC.\n\nIf you enable this policy setting, the DCs to which this setting is applied dynamically register DC Locator site-specific DNS SRV records for the closest sites where no DC for the same domain, or no Global Catalog for the same forest, exists.\n\nIf you disable this policy setting, the DCs will not register site-specific DC Locator DNS SRV records for any other sites but their own.\n\nIf you do not configure this policy setting, it is not applied to any DCs, and DCs use their local configuration.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Netlogon\\Parameters" ], "ValueName": "AutoSiteCoverage", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Netlogon.admx", "CategoryName": "Netlogon_DC_Locator_DNS_Records", "PolicyName": "Netlogon_DnsAvoidRegisterRecords", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetLogon", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Specify DC Locator DNS records not registered by the DCs", "ExplainText": "This policy setting determines which DC Locator DNS records are not registered by the Net Logon service.\n\nIf you enable this policy setting, select Enabled and specify a list of space-delimited mnemonics (instructions) for the DC Locator DNS records that will not be registered by the DCs to which this setting is applied.\n\nSelect the mnemonics from the following list:\n\nMnemonic Type DNS Record\n\nLdapIpAddress A \nLdap SRV _ldap._tcp.\nLdapAtSite SRV _ldap._tcp.._sites.\nPdc SRV _ldap._tcp.pdc._msdcs.\nGc SRV _ldap._tcp.gc._msdcs.\nGcAtSite SRV _ldap._tcp.._sites.gc._msdcs.\nDcByGuid SRV _ldap._tcp..domains._msdcs.\nGcIpAddress A gc._msdcs.\nDsaCname CNAME ._msdcs.\nKdc SRV _kerberos._tcp.dc._msdcs.\nKdcAtSite SRV _kerberos._tcp.._sites.dc._msdcs.\nDc SRV _ldap._tcp.dc._msdcs.\nDcAtSite SRV _ldap._tcp.._sites.dc._msdcs.\nRfc1510Kdc SRV _kerberos._tcp.\nRfc1510KdcAtSite SRV _kerberos._tcp.._sites.\nGenericGc SRV _gc._tcp.\nGenericGcAtSite SRV _gc._tcp.._sites.\nRfc1510UdpKdc SRV _kerberos._udp.\nRfc1510Kpwd SRV _kpasswd._tcp.\nRfc1510UdpKpwd SRV _kpasswd._udp.\n\nIf you disable this policy setting, DCs configured to perform dynamic registration of DC Locator DNS records register all DC Locator DNS resource records.\n\nIf you do not configure this policy setting, DCs use their local configuration.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Netlogon\\Parameters" ], "Elements": [ { "Type": "Text", "ValueName": "DnsAvoidRegisterRecords", "Required": true } ] }, { "File": "Netlogon.admx", "CategoryName": "Netlogon_DC_Locator_DNS_Records", "PolicyName": "Netlogon_DnsRefreshInterval", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetLogon", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Specify Refresh Interval of the DC Locator DNS records", "ExplainText": "This policy setting specifies the Refresh Interval of the DC Locator DNS resource records for DCs to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used by the DC Locator algorithm to locate the DC. This setting may be applied only to DCs using dynamic update.\n\nDCs configured to perform dynamic registration of the DC Locator DNS resource records periodically reregister their records with DNS servers, even if their records\u2019 data has not changed. If authoritative DNS servers are configured to perform scavenging of the stale records, this reregistration is required to instruct the DNS servers configured to automatically remove (scavenge) stale records that these records are current and should be preserved in the database.\n\nWarning: If the DNS resource records are registered in zones with scavenging enabled, the value of this setting should never be longer than the Refresh Interval configured for these zones. Setting the Refresh Interval of the DC Locator DNS records to longer than the Refresh Interval of the DNS zones may result in the undesired deletion of DNS resource records.\n\nTo specify the Refresh Interval of the DC records, click Enabled, and then enter a value larger than 1800. This value specifies the Refresh Interval of the DC records in seconds (for example, the value 3600 is 60 minutes).\n\nIf you do not configure this policy setting, it is not applied to any DCs, and DCs use their local configuration.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Netlogon\\Parameters" ], "Elements": [ { "Type": "Decimal", "ValueName": "DnsRefreshInterval", "MinValue": "1800", "MaxValue": "4294967200" } ] }, { "File": "Netlogon.admx", "CategoryName": "Netlogon_DC_Locator_DNS_Records", "PolicyName": "Netlogon_DnsTtl", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetLogon", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Set TTL in the DC Locator DNS Records", "ExplainText": "This policy setting specifies the value for the Time-To-Live (TTL) field in SRV resource records that are registered by the Net Logon service. These DNS records are dynamically registered, and they are used to locate the domain controller (DC).\n\nTo specify the TTL for DC Locator DNS records, click Enabled, and then enter a value in seconds (for example, the value \"900\" is 15 minutes).\n\nIf you do not configure this policy setting, it is not applied to any DCs, and DCs use their local configuration.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Netlogon\\Parameters" ], "Elements": [ { "Type": "Decimal", "ValueName": "DnsTtl", "MinValue": "0", "MaxValue": "4294967200" } ] }, { "File": "Netlogon.admx", "CategoryName": "Netlogon_DC_Locator_DNS_Records", "PolicyName": "Netlogon_GcSiteCoverage", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetLogon", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Specify sites covered by the GC Locator DNS SRV Records", "ExplainText": "This policy setting specifies the sites for which the global catalogs (GC) should register site-specific GC locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the GC resides, and records registered by a GC configured to register GC Locator DNS SRV records for those sites without a GC that are closest to it.\n\nThe GC Locator DNS records and the site-specific SRV records are dynamically registered by the Net Logon service, and they are used to locate the GC. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication. A GC is a domain controller that contains a partial replica of every domain in Active Directory.\n\nTo specify the sites covered by the GC Locator DNS SRV records, click Enabled, and enter the sites' names in a space-delimited format.\n\nIf you do not configure this policy setting, it is not applied to any GCs, and GCs use their local configuration.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Netlogon\\Parameters" ], "Elements": [ { "Type": "Text", "ValueName": "GcSiteCoverage", "Required": true } ] }, { "File": "Netlogon.admx", "CategoryName": "Netlogon_DC_Locator_DNS_Records", "PolicyName": "Netlogon_LdapSrvPriority", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetLogon", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Set Priority in the DC Locator DNS SRV records", "ExplainText": "This policy setting specifies the Priority field in the SRV resource records registered by domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used to locate the DC.\n\nThe Priority field in the SRV record sets the preference for target hosts (specified in the SRV record\u2019s Target field). DNS clients that query for SRV resource records attempt to contact the first reachable host with the lowest priority number listed.\n\nTo specify the Priority in the DC Locator DNS SRV resource records, click Enabled, and then enter a value. The range of values is from 0 to 65535.\n\nIf you do not configure this policy setting, it is not applied to any DCs, and DCs use their local configuration.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Netlogon\\Parameters" ], "Elements": [ { "Type": "Decimal", "ValueName": "LdapSrvPriority", "MinValue": "0", "MaxValue": "65535" } ] }, { "File": "Netlogon.admx", "CategoryName": "Netlogon_DC_Locator_DNS_Records", "PolicyName": "Netlogon_LdapSrvWeight", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetLogon", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Set Weight in the DC Locator DNS SRV records", "ExplainText": "This policy setting specifies the Weight field in the SRV resource records registered by the domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service, and they are used to locate the DC.\n\nThe Weight field in the SRV record can be used in addition to the Priority value to provide a load-balancing mechanism where multiple servers are specified in the SRV records Target field and are all set to the same priority. The probability with which the DNS client randomly selects the target host to be contacted is proportional to the Weight field value in the SRV record.\n\nTo specify the Weight in the DC Locator DNS SRV records, click Enabled, and then enter a value. The range of values is from 0 to 65535.\n\nIf you do not configure this policy setting, it is not applied to any DCs, and DCs use their local configuration.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Netlogon\\Parameters" ], "Elements": [ { "Type": "Decimal", "ValueName": "LdapSrvWeight", "MinValue": "0", "MaxValue": "65535" } ] }, { "File": "Netlogon.admx", "CategoryName": "Netlogon_DC_Locator_DNS_Records", "PolicyName": "Netlogon_NdncSiteCoverage", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetLogon", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Specify sites covered by the application directory partition DC Locator DNS SRV records", "ExplainText": "This policy setting specifies the sites for which the domain controllers (DC) that host the application directory partition should register the site-specific, application directory partition-specific DC Locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the DC resides, and records registered by a DC configured to register DC Locator DNS SRV records for those sites without a DC that are closest to it.\n\nThe application directory partition DC Locator DNS records and the site-specific SRV records are dynamically registered by the Net Logon service, and they are used to locate the application directory partition-specific DC. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication.\n\nTo specify the sites covered by the DC Locator application directory partition-specific DNS SRV records, click Enabled, and then enter the site names in a space-delimited format.\n\nIf you do not configure this policy setting, it is not applied to any DCs, and DCs use their local configuration.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Netlogon\\Parameters" ], "Elements": [ { "Type": "Text", "ValueName": "NdncSiteCoverage", "Required": true } ] }, { "File": "Netlogon.admx", "CategoryName": "Netlogon_DC_Locator_DNS_Records", "PolicyName": "Netlogon_SiteCoverage", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetLogon", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Specify sites covered by the DC Locator DNS SRV records", "ExplainText": "This policy setting specifies the sites for which the domain controllers (DC) register the site-specific DC Locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the DC resides, and records registered by a DC configured to register DC Locator DNS SRV records for those sites without a DC that are closest to it.\n\nThe DC Locator DNS records are dynamically registered by the Net Logon service, and they are used to locate the DC. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication.\n\nTo specify the sites covered by the DC Locator DNS SRV records, click Enabled, and then enter the sites names in a space-delimited format.\n\nIf you do not configure this policy setting, it is not applied to any DCs, and DCs use their local configuration.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Netlogon\\Parameters" ], "Elements": [ { "Type": "Text", "ValueName": "SiteCoverage", "Required": true } ] }, { "File": "Netlogon.admx", "CategoryName": "Netlogon_DC_Locator_DNS_Records", "PolicyName": "Netlogon_UseDynamicDns", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetLogon", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Specify dynamic registration of the DC Locator DNS Records", "ExplainText": "This policy setting determines if dynamic registration of the domain controller (DC) locator DNS resource records is enabled. These DNS records are dynamically registered by the Net Logon service and are used by the Locator algorithm to locate the DC.\n\nIf you enable this policy setting, DCs to which this setting is applied dynamically register DC Locator DNS resource records through dynamic DNS update-enabled network connections.\n\nIf you disable this policy setting, DCs will not register DC Locator DNS resource records.\n\nIf you do not configure this policy setting, it is not applied to any DCs, and DCs use their local configuration.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Netlogon\\Parameters" ], "ValueName": "UseDynamicDns", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Netlogon.admx", "CategoryName": "Netlogon_DC_Locator_DNS_Records", "PolicyName": "Netlogon_TryNextClosestSite", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetLogon", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Try Next Closest Site", "ExplainText": "This policy setting enables DC Locator to attempt to locate a DC in the nearest site based on the site link cost if a DC in same the site is not found. In scenarios with multiple sites, failing over to the try next closest site during DC Location streamlines network traffic more effectively.\n\nThe DC Locator service is used by clients to find domain controllers for their Active Directory domain. The default behavior for DC Locator is to find a DC in the same site. If none are found in the same site, a DC in another site, which might be several site-hops away, could be returned by DC Locator. Site proximity between two sites is determined by the total site-link cost between them. A site is closer if it has a lower site link cost than another site with a higher site link cost.\n\nIf you enable this policy setting, Try Next Closest Site DC Location will be turned on for the computer.\n\nIf you disable this policy setting, Try Next Closest Site DC Location will not be used by default for the computer. However, if a DC Locator call is made using the DS_TRY_NEXTCLOSEST_SITE flag explicitly, the Try Next Closest Site behavior is honored.\n\nIf you do not configure this policy setting, Try Next Closest Site DC Location will not be used by default for the machine. If the DS_TRY_NEXTCLOSEST_SITE flag is used explicitly, the Next Closest Site behavior will be used.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Netlogon\\Parameters" ], "ValueName": "TryNextClosestSite", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Netlogon.admx", "CategoryName": "Netlogon_DC_Locator_DNS_Records", "PolicyName": "Netlogon_ForceRediscoveryInterval", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetLogon", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Force Rediscovery Interval", "ExplainText": "This policy setting determines the interval for when a Force Rediscovery is carried out by DC Locator.\n\nThe Domain Controller Locator (DC Locator) service is used by clients to find domain controllers for their Active Directory domain. When DC Locator finds a domain controller, it caches domain controllers to improve the efficiency of the location algorithm. As long as the cached domain controller meets the requirements and is running, DC Locator will continue to return it. If a new domain controller is introduced, existing clients will only discover it when a Force Rediscovery is carried out by DC Locator. To adapt to changes in network conditions DC Locator will by default carry out a Force Rediscovery according to a specific time interval and maintain efficient load-balancing of clients across all available domain controllers in all domains or forests. The default time interval for Force Rediscovery by DC Locator is 12 hours. Force Rediscovery can also be triggered if a call to DC Locator uses the DS_FORCE_REDISCOVERY flag. Rediscovery resets the timer on the cached domain controller entries.\n\nIf you enable this policy setting, DC Locator on the machine will carry out Force Rediscovery periodically according to the configured time interval. The minimum time interval is 3600 seconds (1 hour) to avoid excessive network traffic from rediscovery. The maximum allowed time interval is 4294967200 seconds, while any value greater than 4294967 seconds (~49 days) will be treated as infinity.\n\nIf you disable this policy setting, Force Rediscovery will be used by default for the machine at every 12 hour interval.\n\nIf you do not configure this policy setting, Force Rediscovery will be used by default for the machine at every 12 hour interval, unless the local machine setting in the registry is a different value.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Netlogon\\Parameters" ], "Elements": [ { "Type": "Decimal", "ValueName": "ForceRediscoveryInterval", "MinValue": "3600", "MaxValue": "4294967200" } ] }, { "File": "Netlogon.admx", "CategoryName": "Netlogon_DC_Locator_DNS_Records", "PolicyName": "Netlogon_AddressTypeReturned", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetLogon", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Return domain controller address type", "ExplainText": "This policy setting detremines the type of IP address that is returned for a domain controller. The DC Locator APIs return the IP address of the DC with the other parts of information. Before the support of IPv6, the returned DC IP address was IPv4. But with the support of IPv6, the DC Locator APIs can return IPv6 DC address. The returned IPv6 DC address may not be correctly handled by some of the existing applications. So this policy is provided to support such scenarios.\n\nBy default, DC Locator APIs can return IPv4/IPv6 DC address. But if some applications are broken due to the returned IPv6 DC address, this policy can be used to disable the default behavior and enforce to return only IPv4 DC address. Once applications are fixed, this policy can be used to enable the default behavior.\n\nIf you enable this policy setting, DC Locator APIs can return IPv4/IPv6 DC address. This is the default behavior of the DC Locator.\n\nIf you disable this policy setting, DC Locator APIs will ONLY return IPv4 DC address if any. So if the domain controller supports both IPv4 and IPv6 addresses, DC Locator APIs will return IPv4 address. But if the domain controller supports only IPv6 address, then DC Locator APIs will fail.\n\nIf you do not configure this policy setting, DC Locator APIs can return IPv4/IPv6 DC address. This is the default behavior of the DC Locator.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Netlogon\\Parameters" ], "ValueName": "AddressTypeReturned", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Netlogon.admx", "CategoryName": "Netlogon", "PolicyName": "Netlogon_AllowNT4Crypto", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetLogon", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Allow cryptography algorithms compatible with Windows NT 4.0", "ExplainText": "This policy setting controls whether the Net Logon service will allow the use of older cryptography algorithms that are used in Windows NT 4.0. The cryptography algorithms used in Windows NT 4.0 and earlier are not as secure as newer algorithms used in Windows 2000 or later, including this version of Windows.\n\nBy default, Net Logon will not allow the older cryptography algorithms to be used and will not include them in the negotiation of cryptography algorithms. Therefore, computers running Windows NT 4.0 will not be able to establish a connection to this domain controller.\n\nIf you enable this policy setting, Net Logon will allow the negotiation and use of older cryptography algorithms compatible with Windows NT 4.0. However, using the older algorithms represents a potential security risk.\n\nIf you disable this policy setting, Net Logon will not allow the negotiation and use of older cryptography algorithms.\n\nIf you do not configure this policy setting, Net Logon will not allow the negotiation and use of older cryptography algorithms.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Netlogon\\Parameters" ], "ValueName": "AllowNT4Crypto", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Netlogon.admx", "CategoryName": "Netlogon_DC_Locator_DNS_Records", "PolicyName": "Netlogon_IgnoreIncomingMailslotMessages", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetLogon", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Do not process incoming mailslot messages used for domain controller location based on NetBIOS domain names", "ExplainText": "This policy setting allows you to control the processing of incoming mailslot messages by a local domain controller (DC).\n\nNote: To locate a remote DC based on its NetBIOS (single-label) domain name, DC Locator first gets the list of DCs from a WINS server that is configured in its local client settings. DC Locator then sends a mailslot message to each remote DC to get more information. DC location succeeds only if a remote DC responds to the mailslot message.\n\nThis policy setting is recommended to reduce the attack surface on a DC, and can be used in an environment without WINS, in an IPv6-only environment, and whenever DC location based on a NetBIOS domain name is not required. This policy setting does not affect DC location based on DNS names.\n\nIf you enable this policy setting, this DC does not process incoming mailslot messages that are used for NetBIOS domain name based DC location.\n\nIf you disable or do not configure this policy setting, this DC processes incoming mailslot messages. This is the default behavior of DC Locator.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Netlogon\\Parameters" ], "ValueName": "IgnoreIncomingMailslotMessages", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Netlogon.admx", "CategoryName": "Netlogon_DC_Locator_DNS_Records", "PolicyName": "Netlogon_AvoidFallbackNetbiosDiscovery", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetLogon", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Do not use NetBIOS-based discovery for domain controller location when DNS-based discovery fails", "ExplainText": "This policy setting allows you to control the domain controller (DC) location algorithm. By default, the DC location algorithm prefers DNS-based discovery if the DNS domain name is known. If DNS-based discovery fails and the NetBIOS domain name is known, the algorithm then uses NetBIOS-based discovery as a fallback mechanism.\n\nNetBIOS-based discovery uses a WINS server and mailslot messages but does not use site information. Hence it does not ensure that clients will discover the closest DC. It also allows a hub-site client to discover a branch-site DC even if the branch-site DC only registers site-specific DNS records (as recommended). For these reasons, NetBIOS-based discovery is not recommended.\n\nNote that this policy setting does not affect NetBIOS-based discovery for DC location if only the NetBIOS domain name is known.\n\nIf you enable or do not configure this policy setting, the DC location algorithm does not use NetBIOS-based discovery as a fallback mechanism when DNS-based discovery fails. This is the default behavior.\n\nIf you disable this policy setting, the DC location algorithm can use NetBIOS-based discovery as a fallback mechanism when DNS based discovery fails.\n\nThis setting has no effect unless the BlockNetbiosDiscovery setting is disabled. NetBIOS-based discovery is considered unsecure, has many limitations, and will be deprecated in a future release. For these reasons, NetBIOS-based discovery is not recommended. See https://aka.ms/dclocatornetbiosdeprecation for more information.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Netlogon\\Parameters" ], "ValueName": "AvoidFallbackNetbiosDiscovery", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Netlogon.admx", "CategoryName": "Netlogon_DC_Locator_DNS_Records", "PolicyName": "Netlogon_BlockNetbiosDiscovery", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetLogon", "Supported": "Windows10 - At least Microsoft Windows 10 or later", "DisplayName": "Block NetBIOS-based discovery for domain controller location", "ExplainText": "This policy setting allows you to control whether domain controller (DC) location algorithm uses NetBIOS_based discovery for domain controller location.\n\nIf you enable or do not configure this policy setting, the DC location algorithm will never use NetBIOS-based discovery. This is the default behavior.\n\nIf you disable this policy setting, the DC location algorithm may use NetBIOS-based discovery when necessary. The final behavior is further governed by the AvoidFallbackNetbiosDiscovery setting.\n\nNetBIOS-based discovery is considered unsecure, has many limitations, and will be deprecated in a future release. For these reasons, NetBIOS-based discovery is not recommended. See https://aka.ms/dclocatornetbiosdeprecation for more information.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Netlogon\\Parameters" ], "ValueName": "BlockNetbiosDiscovery", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Netlogon.admx", "CategoryName": "Netlogon_DC_Locator_DNS_Records", "PolicyName": "Netlogon_AddressLookupOnPingBehavior", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetLogon", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Specify address lookup behavior for DC locator ping", "ExplainText": "This policy setting configures how a domain controller (DC) behaves when responding to a client whose IP address does not map to any configured site.\n\nDomain controllers use the client IP address during a DC locator ping request to compute which Active Directory site the client belongs to. If no site mapping can be computed, the DC may do an address lookup on the client network name to discover other IP addresses which may then be used to compute a matching site for the client.\n\nThe allowable values for this setting result in the following behaviors:\n\n0 - DCs will never perform address lookups.\n1 - DCs will perform an exhaustive address lookup to discover additional client IP addresses.\n2 - DCs will perform a fast, DNS-only address lookup to discover additional client IP addresses.\n\nTo specify this behavior in the DC Locator DNS SRV records, click Enabled, and then enter a value. The range of values is from 0 to 2.\n\nIf you do not configure this policy setting, it is not applied to any DCs, and DCs use their local configuration.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Netlogon\\Parameters" ], "Elements": [ { "Type": "Decimal", "ValueName": "AddressLookupOnPingBehavior", "MinValue": "0", "MaxValue": "2" } ] }, { "File": "Netlogon.admx", "CategoryName": "Netlogon", "PolicyName": "Netlogon_PingUrgencyMode", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetLogon", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Use urgent mode when pinging domain controllers", "ExplainText": "This policy setting configures whether the computers to which this setting is applied are more aggressive when trying to locate a domain controller (DC).\n\nWhen an environment has a large number of DCs running both old and new operating systems, the default DC locator discovery behavior may be insufficient to find DCs running a newer operating system. This policy setting can be enabled to configure DC locator to be more aggressive about trying to locate a DC in such an environment, by pinging DCs at a higher frequency. Enabling this setting may result in additional network traffic and increased load on DCs. You should disable this setting once all DCs are running the same OS version.\n\nThe allowable values for this setting result in the following behaviors:\n\n1 - Computers will ping DCs at the normal frequency.\n2 - Computers will ping DCs at the higher frequency.\n\nTo specify this behavior, click Enabled and then enter a value. The range of values is from 1 to 2.\n\nIf you do not configure this policy setting, it is not applied to any computers, and computers use their local configuration.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Netlogon\\Parameters" ], "Elements": [ { "Type": "Decimal", "ValueName": "PingUrgencyMode", "MinValue": "0", "MaxValue": "2" } ] }, { "File": "Netlogon.admx", "CategoryName": "Netlogon_DC_Locator_DNS_Records", "PolicyName": "Netlogon_DnsSrvRecordUseLowerCaseHostNames", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetLogon", "Supported": "WindowsServer2008", "DisplayName": "Use lowercase DNS host names when registering domain controller SRV records", "ExplainText": "This policy setting configures whether the domain controllers to which this setting is applied will lowercase their DNS host name when registering SRV records.\n\nIf enabled, domain controllers will lowercase their DNS host name when registering domain controller SRV records. A best-effort attempt will be made to delete any previously registered SRV records that contain mixed-case DNS host names. For more information and potential manual cleanup procedures, see the link below.\n\nIf disabled, domain controllers will use their configured DNS host name as-is when registering domain controller SRV records.\n\nIf not configured, domain controllers will default to using their local configuration.\n\nThe default local configuration is enabled.\n\nA reboot is not required for changes to this setting to take effect.\n\nMore information is available at https://aka.ms/lowercasehostnamesrvrecord", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Netlogon\\Parameters" ], "ValueName": "DnsSrvRecordUseLowerCaseHostNames", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Netlogon.admx", "CategoryName": "Netlogon", "PolicyName": "Netlogon_EnhancedDomainNtlmLogs", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetLogon", "Supported": "Windows_11_0_24H2 - At least Windows 11 Version 24H2", "DisplayName": "Log Enhanced Domain-wide NTLM Logs", "ExplainText": "This policy setting configures whether the domain controllers to which this setting is applied will log the new, enhanced domain-wide NTLM logs. These logs contain more information about NTLM authentication on a domain-wide level, including NTLMv1 usage.\n\nIf enabled, domain controllers will log the new domain-wide NTLM logs.\n\nIf disabled, domain controllers will not log the new domain-wide NTLM logs.\n\nIf not configured, domain controllers will default to logging the new domain-wide NTLM logs.\n\nMore information is available at aka.ms/ntlmlogandblock.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Netlogon\\Parameters" ], "ValueName": "EnableEnhancedDomainNtlmLogs", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "NetworkConnections.admx", "CategoryName": "NetworkConnections", "PolicyName": "NC_AddRemoveComponents", "Class": "User", "NameSpace": "Microsoft.Policies.NetworkConnections", "Supported": "Win2kSP1_WindowsPreVista - Microsoft Windows Server 2003, Windows XP, and Windows 2000 Service Pack 1 operating systems only", "DisplayName": "Prohibit adding and removing components for a LAN or remote access connection", "ExplainText": "Determines whether administrators can add and remove network components for a LAN or remote access connection. This setting has no effect on nonadministrators.\n\nIf you enable this setting (and enable the \"Enable Network Connections settings for Administrators\" setting), the Install and Uninstall buttons for components of connections are disabled, and administrators are not permitted to access network components in the Windows Components Wizard.\n\nImportant: If the \"Enable Network Connections settings for Administrators\" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.\n\nIf you disable this setting or do not configure it, the Install and Uninstall buttons for components of connections in the Network Connections folder are enabled. Also, administrators can gain access to network components in the Windows Components Wizard.\n\nThe Install button opens the dialog boxes used to add network components. Clicking the Uninstall button removes the selected component in the components list (above the button).\n\nThe Install and Uninstall buttons appear in the properties dialog box for connections. These buttons are on the General tab for LAN connections and on the Networking tab for remote access connections.\n\nNote: When the \"Prohibit access to properties of a LAN connection\", \"Ability to change properties of an all user remote access connection\", or \"Prohibit changing properties of a private remote access connection\" settings are set to deny access to the connection properties dialog box, the Install and Uninstall buttons for connections are blocked.\n\nNote: Nonadministrators are already prohibited from adding and removing connection components, regardless of this setting.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Network Connections" ], "ValueName": "NC_AddRemoveComponents", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "NetworkConnections.admx", "CategoryName": "NetworkConnections", "PolicyName": "NC_AdvancedSettings", "Class": "User", "NameSpace": "Microsoft.Policies.NetworkConnections", "Supported": "Win2kSP1_WindowsPreVista - Microsoft Windows Server 2003, Windows XP, and Windows 2000 Service Pack 1 operating systems only", "DisplayName": "Prohibit access to the Advanced Settings item on the Advanced menu", "ExplainText": "Determines whether the Advanced Settings item on the Advanced menu in Network Connections is enabled for administrators.\n\nThe Advanced Settings item lets users view and change bindings and view and change the order in which the computer accesses connections, network providers, and print providers.\n\nIf you enable this setting (and enable the \"Enable Network Connections settings for Administrators\" setting), the Advanced Settings item is disabled for administrators.\n\nImportant: If the \"Enable Network Connections settings for Administrators\" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.\n\nIf you disable this setting or do not configure it, the Advanced Settings item is enabled for administrators.\n\nNote: Nonadministrators are already prohibited from accessing the Advanced Settings dialog box, regardless of this setting.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Network Connections" ], "ValueName": "NC_AdvancedSettings", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "NetworkConnections.admx", "CategoryName": "NetworkConnections", "PolicyName": "NC_AllowAdvancedTCPIPConfig", "Class": "User", "NameSpace": "Microsoft.Policies.NetworkConnections", "Supported": "Win2kSP1_WindowsPreVista - Microsoft Windows Server 2003, Windows XP, and Windows 2000 Service Pack 1 operating systems only", "DisplayName": "Prohibit TCP/IP advanced configuration", "ExplainText": "Determines whether users can configure advanced TCP/IP settings.\n\nIf you enable this setting (and enable the \"Enable Network Connections settings for Administrators\" setting), the Advanced button on the Internet Protocol (TCP/IP) Properties dialog box is disabled for all users (including administrators). As a result, users cannot open the Advanced TCP/IP Settings Properties page and modify IP settings, such as DNS and WINS server information.\n\nImportant: If the \"Enable Network Connections settings for Administrators\" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.\n\nIf you disable this setting, the Advanced button is enabled, and all users can open the Advanced TCP/IP Setting dialog box.\n\nNote: This setting is superseded by settings that prohibit access to properties of connections or connection components. When these policies are set to deny access to the connection properties dialog box or Properties button for connection components, users cannot gain access to the Advanced button for TCP/IP configuration.\n\nNote: Nonadministrators (excluding Network Configuration Operators) do not have permission to access TCP/IP advanced configuration for a LAN connection, regardless of this setting.\n\nTip: To open the Advanced TCP/IP Setting dialog box, in the Network Connections folder, right-click a connection icon, and click Properties. For remote access connections, click the Networking tab. In the \"Components checked are used by this connection\" box, click Internet Protocol (TCP/IP), click the Properties button, and then click the Advanced button.\n\nNote: Changing this setting from Enabled to Not Configured does not enable the Advanced button until the user logs off.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Network Connections" ], "ValueName": "NC_AllowAdvancedTCPIPConfig", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "NetworkConnections.admx", "CategoryName": "NetworkConnections", "PolicyName": "NC_AllowNetBridge_NLA", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetworkConnections", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Prohibit installation and configuration of Network Bridge on your DNS domain network", "ExplainText": "Determines whether a user can install and configure the Network Bridge.\n\nImportant: This settings is location aware. It only applies when a computer is connected to the same DNS domain network it was connected to when the setting was refreshed on that computer. If a computer is connected to a DNS domain network other than the one it was connected to when the setting was refreshed, this setting does not apply.\n\nThe Network Bridge allows users to create a layer 2 MAC bridge, enabling them to connect two or more network segements together. This connection appears in the Network Connections folder.\n\nIf you disable this setting or do not configure it, the user will be able to create and modify the configuration of a Network Bridge. Enabling this setting does not remove an existing Network Bridge from the user's computer.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Network Connections" ], "ValueName": "NC_AllowNetBridge_NLA", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "NetworkConnections.admx", "CategoryName": "NetworkConnections", "PolicyName": "NC_ChangeBindState", "Class": "User", "NameSpace": "Microsoft.Policies.NetworkConnections", "Supported": "Win2kSP1_WindowsPreVista - Microsoft Windows Server 2003, Windows XP, and Windows 2000 Service Pack 1 operating systems only", "DisplayName": "Prohibit Enabling/Disabling components of a LAN connection", "ExplainText": "Determines whether administrators can enable and disable the components used by LAN connections.\n\nIf you enable this setting (and enable the \"Enable Network Connections settings for Administrators\" setting), the check boxes for enabling and disabling components are disabled. As a result, administrators cannot enable or disable the components that a connection uses.\n\nImportant: If the \"Enable Network Connections settings for Administrators\" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.\n\nIf you disable this setting or do not configure it, the Properties dialog box for a connection includes a check box beside the name of each component that the connection uses. Selecting the check box enables the component, and clearing the check box disables the component.\n\nNote: When the \"Prohibit access to properties of a LAN connection\" setting is enabled, users are blocked from accessing the check boxes for enabling and disabling the components of a LAN connection.\n\nNote: Nonadministrators are already prohibited from enabling or disabling components for a LAN connection, regardless of this setting.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Network Connections" ], "ValueName": "NC_ChangeBindState", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "NetworkConnections.admx", "CategoryName": "NetworkConnections", "PolicyName": "NC_DeleteAllUserConnection", "Class": "User", "NameSpace": "Microsoft.Policies.NetworkConnections", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Ability to delete all user remote access connections", "ExplainText": "Determines whether users can delete all user remote access connections.\n\nTo create an all-user remote access connection, on the Connection Availability page in the New Connection Wizard, click the \"For all users\" option.\n\nIf you enable this setting, all users can delete shared remote access connections. In addition, if your file system is NTFS, users need to have Write access to Documents and Settings\\All Users\\Application Data\\Microsoft\\Network\\Connections\\Pbk to delete a shared remote access connection.\n\nIf you disable this setting (and enable the \"Enable Network Connections settings for Administrators\" setting), users (including administrators) cannot delete all-user remote access connections. (By default, users can still delete their private connections, but you can change the default by using the \"Prohibit deletion of remote access connections\" setting.)\n\nImportant: If the \"Enable Network Connections settings for Administrators\" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.\n\nIf you do not configure this setting, only Administrators and Network Configuration Operators can delete all user remote access connections.\n\nImportant: When enabled, the \"Prohibit deletion of remote access connections\" setting takes precedence over this setting. Users (including administrators) cannot delete any remote access connections, and this setting is ignored.\n\nNote: LAN connections are created and deleted automatically by the system when a LAN adapter is installed or removed. You cannot use the Network Connections folder to create or delete a LAN connection.\n\nNote: This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Network Connections" ], "ValueName": "NC_DeleteAllUserConnection", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "NetworkConnections.admx", "CategoryName": "NetworkConnections", "PolicyName": "NC_DeleteConnection", "Class": "User", "NameSpace": "Microsoft.Policies.NetworkConnections", "Supported": "Win2kSP1 - At least Windows 2000 Service Pack 1", "DisplayName": "Prohibit deletion of remote access connections", "ExplainText": "Determines whether users can delete remote access connections.\n\nIf you enable this setting (and enable the \"Enable Network Connections settings for Administrators\" setting), users (including administrators) cannot delete any remote access connections. This setting also disables the Delete option on the context menu for a remote access connection and on the File menu in the Network Connections folder.\n\nImportant: If the \"Enable Network Connections settings for Administrators\" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.\n\nIf you disable this setting or do not configure it, all users can delete their private remote access connections. Private connections are those that are available only to one user. (By default, only Administrators and Network Configuration Operators can delete connections available to all users, but you can change the default by using the \"Ability to delete all user remote access connections\" setting.)\n\nImportant: When enabled, this setting takes precedence over the \"Ability to delete all user remote access connections\" setting. Users cannot delete any remote access connections, and the \"Ability to delete all user remote access connections\" setting is ignored.\n\nNote: LAN connections are created and deleted automatically when a LAN adapter is installed or removed. You cannot use the Network Connections folder to create or delete a LAN connection.\n\nNote: This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Network Connections" ], "ValueName": "NC_DeleteConnection", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "NetworkConnections.admx", "CategoryName": "NetworkConnections", "PolicyName": "NC_DialupPrefs", "Class": "User", "NameSpace": "Microsoft.Policies.NetworkConnections", "Supported": "Win2kSP1 - At least Windows 2000 Service Pack 1", "DisplayName": "Prohibit access to the Remote Access Preferences item on the Advanced menu", "ExplainText": "Determines whether the Remote Acccess Preferences item on the Advanced menu in Network Connections folder is enabled.\n\nThe Remote Access Preferences item lets users create and change connections before logon and configure automatic dialing and callback features.\n\nIf you enable this setting (and enable the \"Enable Network Connections settings for Administrators\" setting), the Remote Access Preferences item is disabled for all users (including administrators).\n\nImportant: If the \"Enable Network Connections settings for Administrators\" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.\n\nIf you disable this setting or do not configure it, the Remote Access Preferences item is enabled for all users.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Network Connections" ], "ValueName": "NC_DialupPrefs", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "NetworkConnections.admx", "CategoryName": "NetworkConnections", "PolicyName": "NC_EnableAdminProhibits", "Class": "User", "NameSpace": "Microsoft.Policies.NetworkConnections", "Supported": "WindowsNET_XP - Windows Server 2003 and Windows XP only", "DisplayName": "Enable Windows 2000 Network Connections settings for Administrators", "ExplainText": "Determines whether settings that existed in Windows 2000 Server family will apply to Administrators.\n\nThe set of Network Connections group settings that existed in Windows 2000 Professional also exists in Windows XP Professional. In Windows 2000 Professional, all of these settings had the ability to prohibit the use of certain features from Administrators.\n\nBy default, Network Connections group settings in Windows XP Professional do not have the ability to prohibit the use of features from Administrators.\n\nIf you enable this setting, the Windows XP settings that existed in Windows 2000 Professional will have the ability to prohibit Administrators from using certain features. These settings are \"Ability to rename LAN connections or remote access connections available to all users\", \"Prohibit access to properties of components of a LAN connection\", \"Prohibit access to properties of components of a remote access connection\", \"Ability to access TCP/IP advanced configuration\", \"Prohibit access to the Advanced Settings Item on the Advanced Menu\", \"Prohibit adding and removing components for a LAN or remote access connection\", \"Prohibit access to properties of a LAN connection\", \"Prohibit Enabling/Disabling components of a LAN connection\", \"Ability to change properties of an all user remote access connection\", \"Prohibit changing properties of a private remote access connection\", \"Prohibit deletion of remote access connections\", \"Ability to delete all user remote access connections\", \"Prohibit connecting and disconnecting a remote access connection\", \"Ability to Enable/Disable a LAN connection\", \"Prohibit access to the New Connection Wizard\", \"Prohibit renaming private remote access connections\", \"Prohibit access to the Remote Access Preferences item on the Advanced menu\", \"Prohibit viewing of status for an active connection\". When this setting is enabled, settings that exist in both Windows 2000 Professional and Windows XP Professional behave the same for administrators.\n\nIf you disable this setting or do not configure it, Windows XP settings that existed in Windows 2000 will not apply to administrators.\n\nNote: This setting is intended to be used in a situation in which the Group Policy object that these settings are being applied to contains both Windows 2000 Professional and Windows XP Professional computers, and identical Network Connections policy behavior is required between all Windows 2000 Professional and Windows XP Professional computers.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Network Connections" ], "ValueName": "NC_EnableAdminProhibits", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "NetworkConnections.admx", "CategoryName": "NetworkConnections", "PolicyName": "NC_IpStateChecking", "Class": "User", "NameSpace": "Microsoft.Policies.NetworkConnections", "Supported": "WindowsXPSP2_WindowsNET - Microsoft Windows XP Professional with SP2 and Windows Server 2003 family only", "DisplayName": "Turn off notifications when a connection has only limited or no connectivity", "ExplainText": "This policy setting allows you to manage whether notifications are shown to the user when a DHCP-configured connection is unable to retrieve an IP address from a DHCP server. This is often signified by the assignment of an automatic private IP address\"(i.e. an IP address in the range 169.254.*.*). This indicates that a DHCP server could not be reached or the DHCP server was reached but unable to respond to the request with a valid IP address. By default, a notification is displayed providing the user with information on how the problem can be resolved.\n\nIf you enable this policy setting, this condition will not be reported as an error to the user.\n\nIf you disable or do not configure this policy setting, a DHCP-configured connection that has not been assigned an IP address will be reported via a notification, providing the user with information as to how the problem can be resolved.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Network Connections" ], "ValueName": "NC_IpStateChecking", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "NetworkConnections.admx", "CategoryName": "NetworkConnections", "PolicyName": "NC_LanChangeProperties", "Class": "User", "NameSpace": "Microsoft.Policies.NetworkConnections", "Supported": "Win2kSP1_WindowsPreVista - Microsoft Windows Server 2003, Windows XP, and Windows 2000 Service Pack 1 operating systems only", "DisplayName": "Prohibit access to properties of components of a LAN connection", "ExplainText": "Determines whether Administrators and Network Configuration Operators can change the properties of components used by a LAN connection.\n\nThis setting determines whether the Properties button for components of a LAN connection is enabled.\n\nIf you enable this setting (and enable the \"Enable Network Connections settings for Administrators\" setting), the Properties button is disabled for Administrators. Network Configuration Operators are prohibited from accessing connection components, regardless of the \"Enable Network Connections settings for Administrators\" setting.\n\nImportant: If the \"Enable Network Connections settings for Administrators\" is disabled or not configured, this setting does not apply to administrators on post-Windows 2000 computers.\n\nIf you disable this setting or do not configure it, the Properties button is enabled for administrators and Network Configuration Operators.\n\nThe Local Area Connection Properties dialog box includes a list of the network components that the connection uses. To view or change the properties of a component, click the name of the component, and then click the Properties button beneath the component list.\n\nNote: Not all network components have configurable properties. For components that are not configurable, the Properties button is always disabled.\n\nNote: When the \"Prohibit access to properties of a LAN connection\" setting is enabled, users are blocked from accessing the Properties button for LAN connection components.\n\nNote: Network Configuration Operators only have permission to change TCP/IP properties. Properties for all other components are unavailable to these users.\n\nNote: Nonadministrators are already prohibited from accessing properties of components for a LAN connection, regardless of this setting.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Network Connections" ], "ValueName": "NC_LanChangeProperties", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "NetworkConnections.admx", "CategoryName": "NetworkConnections", "PolicyName": "NC_LanConnect", "Class": "User", "NameSpace": "Microsoft.Policies.NetworkConnections", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Ability to Enable/Disable a LAN connection", "ExplainText": "Determines whether users can enable/disable LAN connections.\n\nIf you enable this setting, the Enable and Disable options for LAN connections are available to users (including nonadministrators). Users can enable/disable a LAN connection by double-clicking the icon representing the connection, by right-clicking it, or by using the File menu.\n\nIf you disable this setting (and enable the \"Enable Network Connections settings for Administrators\" setting), double-clicking the icon has no effect, and the Enable and Disable menu items are disabled for all users (including administrators).\n\nImportant: If the \"Enable Network Connections settings for Administrators\" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.\n\nIf you do not configure this setting, only Administrators and Network Configuration Operators can enable/disable LAN connections.\n\nNote: Administrators can still enable/disable LAN connections from Device Manager when this setting is disabled.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Network Connections" ], "ValueName": "NC_LanConnect", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "NetworkConnections.admx", "CategoryName": "NetworkConnections", "PolicyName": "NC_LanProperties", "Class": "User", "NameSpace": "Microsoft.Policies.NetworkConnections", "Supported": "Win2kSP1 - At least Windows 2000 Service Pack 1", "DisplayName": "Prohibit access to properties of a LAN connection", "ExplainText": "Determines whether users can change the properties of a LAN connection.\n\nThis setting determines whether the Properties menu item is enabled, and thus, whether the Local Area Connection Properties dialog box is available to users.\n\nIf you enable this setting (and enable the \"Enable Network Connections settings for Administrators\" setting), the Properties menu items are disabled for all users, and users cannot open the Local Area Connection Properties dialog box.\n\nImportant: If the \"Enable Network Connections settings for Administrators\" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.\n\nIf you disable this setting or do not configure it, a Properties menu item appears when users right-click the icon representing a LAN connection. Also, when users select the connection, Properties is enabled on the File menu.\n\nNote: This setting takes precedence over settings that manipulate the availability of features inside the Local Area Connection Properties dialog box. If this setting is enabled, nothing within the properties dialog box for a LAN connection is available to users.\n\nNote: Nonadministrators have the right to view the properties dialog box for a connection but not to make changes, regardless of this setting.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Network Connections" ], "ValueName": "NC_LanProperties", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "NetworkConnections.admx", "CategoryName": "NetworkConnections", "PolicyName": "NC_NewConnectionWizard", "Class": "User", "NameSpace": "Microsoft.Policies.NetworkConnections", "Supported": "Win2kSP1_WindowsPreVista - Microsoft Windows Server 2003, Windows XP, and Windows 2000 Service Pack 1 operating systems only", "DisplayName": "Prohibit access to the New Connection Wizard", "ExplainText": "Determines whether users can use the New Connection Wizard, which creates new network connections.\n\nIf you enable this setting (and enable the \"Enable Network Connections settings for Administrators\" setting), the Make New Connection icon does not appear in the Start Menu on in the Network Connections folder. As a result, users (including administrators) cannot start the New Connection Wizard.\n\nImportant: If the \"Enable Network Connections settings for Administrators\" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.\n\nIf you disable this setting or do not configure it, the Make New Connection icon appears in the Start menu and in the Network Connections folder for all users. Clicking the Make New Connection icon starts the New Connection Wizard.\n\nNote: Changing this setting from Enabled to Not Configured does not restore the Make New Connection icon until the user logs off or on. When other changes to this setting are applied, the icon does not appear or disappear in the Network Connections folder until the folder is refreshed.\n\nNote: This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Network Connections" ], "ValueName": "NC_NewConnectionWizard", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "NetworkConnections.admx", "CategoryName": "NetworkConnections", "PolicyName": "NC_PersonalFirewallConfig", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetworkConnections", "Supported": "WindowsNET_XP - Windows Server 2003 and Windows XP only", "DisplayName": "Prohibit use of Internet Connection Firewall on your DNS domain network", "ExplainText": "Prohibits use of Internet Connection Firewall on your DNS domain network.\n\nDetermines whether users can enable the Internet Connection Firewall feature on a connection, and if the Internet Connection Firewall service can run on a computer.\n\nImportant: This setting is location aware. It only applies when a computer is connected to the same DNS domain network it was connected to when the setting was refreshed on that computer. If a computer is connected to a DNS domain network other than the one it was connected to when the setting was refreshed, this setting does not apply.\n\nThe Internet Connection Firewall is a stateful packet filter for home and small office users to protect them from Internet network security threats.\n\nIf you enable this setting, Internet Connection Firewall cannot be enabled or configured by users (including administrators), and the Internet Connection Firewall service cannot run on the computer. The option to enable the Internet Connection Firewall through the Advanced tab is removed. In addition, the Internet Connection Firewall is not enabled for remote access connections created through the Make New Connection Wizard. The Network Setup Wizard is disabled.\n\nNote: If you enable the \"Windows Firewall: Protect all network connections\" policy setting, the \"Prohibit use of Internet Connection Firewall on your DNS domain network\" policy setting has no effect on computers that are running Windows Firewall, which replaces Internet Connection Firewall when you install Windows XP Service Pack 2.\n\nIf you disable this setting or do not configure it, the Internet Connection Firewall is disabled when a LAN Connection or VPN connection is created, but users can use the Advanced tab in the connection properties to enable it. The Internet Connection Firewall is enabled by default on the connection for which Internet Connection Sharing is enabled. In addition, remote access connections created through the Make New Connection Wizard have the Internet Connection Firewall enabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Network Connections" ], "ValueName": "NC_PersonalFirewallConfig", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "NetworkConnections.admx", "CategoryName": "NetworkConnections", "PolicyName": "NC_RasAllUserProperties", "Class": "User", "NameSpace": "Microsoft.Policies.NetworkConnections", "Supported": "Win2kSP1 - At least Windows 2000 Service Pack 1", "DisplayName": "Ability to change properties of an all user remote access connection", "ExplainText": "Determines whether a user can view and change the properties of remote access connections that are available to all users of the computer.\n\nTo create an all-user remote access connection, on the Connection Availability page in the New Connection Wizard, click the \"For all users\" option.\n\nThis setting determines whether the Properties menu item is enabled, and thus, whether the Remote Access Connection Properties dialog box is available to users.\n\nIf you enable this setting, a Properties menu item appears when any user right-clicks the icon for a remote access connection. Also, when any user selects the connection, Properties appears on the File menu.\n\nIf you disable this setting (and enable the \"Enable Network Connections settings for Administrators\" setting), the Properties menu items are disabled, and users (including administrators) cannot open the remote access connection properties dialog box.\n\nImportant: If the \"Enable Network Connections settings for Administrators\" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.\n\nIf you do not configure this setting, only Administrators and Network Configuration Operators can change properties of all-user remote access connections.\n\nNote: This setting takes precedence over settings that manipulate the availability of features inside the Remote Access Connection Properties dialog box. If this setting is disabled, nothing within the properties dialog box for a remote access connection will be available to users.\n\nNote: This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Network Connections" ], "ValueName": "NC_RasAllUserProperties", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "NetworkConnections.admx", "CategoryName": "NetworkConnections", "PolicyName": "NC_RasChangeProperties", "Class": "User", "NameSpace": "Microsoft.Policies.NetworkConnections", "Supported": "Win2kSP1_WindowsPreVista - Microsoft Windows Server 2003, Windows XP, and Windows 2000 Service Pack 1 operating systems only", "DisplayName": "Prohibit access to properties of components of a remote access connection", "ExplainText": "Determines whether users can view and change the properties of components used by a private or all-user remote access connection.\n\nThis setting determines whether the Properties button for components used by a private or all-user remote access connection is enabled.\n\nIf you enable this setting (and enable the \"Enable Network Connections settings for Administrators\" setting), the Properties button is disabled for all users (including administrators).\n\nImportant: If the \"Enable Network Connections settings for Administrators\" is disabled or not configured, this setting does not apply to administrators on post-Windows 2000 computers.\n\nIf you disable this setting or do not configure it, the Properties button is enabled for all users.\n\nThe Networking tab of the Remote Access Connection Properties dialog box includes a list of the network components that the connection uses. To view or change the properties of a component, click the name of the component, and then click the Properties button beneath the component list.\n\nNote: Not all network components have configurable properties. For components that are not configurable, the Properties button is always disabled.\n\nNote: When the \"Ability to change properties of an all user remote access connection\" or \"Prohibit changing properties of a private remote access connection\" settings are set to deny access to the Remote Access Connection Properties dialog box, the Properties button for remote access connection components is blocked.\n\nNote: This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Network Connections" ], "ValueName": "NC_RasChangeProperties", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "NetworkConnections.admx", "CategoryName": "NetworkConnections", "PolicyName": "NC_RasConnect", "Class": "User", "NameSpace": "Microsoft.Policies.NetworkConnections", "Supported": "Win2kSP1 - At least Windows 2000 Service Pack 1", "DisplayName": "Prohibit connecting and disconnecting a remote access connection", "ExplainText": "Determines whether users can connect and disconnect remote access connections.\n\nIf you enable this setting (and enable the \"Enable Network Connections settings for Administrators\" setting), double-clicking the icon has no effect, and the Connect and Disconnect menu items are disabled for all users (including administrators).\n\nImportant: If the \"Enable Network Connections settings for Administrators\" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.\n\nIf you disable this setting or do not configure it, the Connect and Disconnect options for remote access connections are available to all users. Users can connect or disconnect a remote access connection by double-clicking the icon representing the connection, by right-clicking it, or by using the File menu.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Network Connections" ], "ValueName": "NC_RasConnect", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "NetworkConnections.admx", "CategoryName": "NetworkConnections", "PolicyName": "NC_RasMyProperties", "Class": "User", "NameSpace": "Microsoft.Policies.NetworkConnections", "Supported": "Win2kSP1 - At least Windows 2000 Service Pack 1", "DisplayName": "Prohibit changing properties of a private remote access connection", "ExplainText": "Determines whether users can view and change the properties of their private remote access connections.\n\nPrivate connections are those that are available only to one user. To create a private connection, on the Connection Availability page in the New Connection Wizard, click the \"Only for myself\" option.\n\nThis setting determines whether the Properties menu item is enabled, and thus, whether the Remote Access Connection Properties dialog box for a private connection is available to users.\n\nIf you enable this setting (and enable the \"Enable Network Connections settings for Administrators\" setting), the Properties menu items are disabled, and no users (including administrators) can open the Remote Access Connection Properties dialog box for a private connection.\n\nImportant: If the \"Enable Network Connections settings for Administrators\" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.\n\nIf you disable this setting or do not configure it, a Properties menu item appears when any user right-clicks the icon representing a private remote access connection. Also, when any user selects the connection, Properties appears on the File menu.\n\nNote: This setting takes precedence over settings that manipulate the availability of features in the Remote Access Connection Properties dialog box. If this setting is enabled, nothing within the properties dialog box for a remote access connection will be available to users.\n\nNote: This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Network Connections" ], "ValueName": "NC_RasMyProperties", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "NetworkConnections.admx", "CategoryName": "NetworkConnections", "PolicyName": "NC_RenameAllUserRasConnection", "Class": "User", "NameSpace": "Microsoft.Policies.NetworkConnections", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Ability to rename all user remote access connections", "ExplainText": "Determines whether nonadministrators can rename all-user remote access connections.\n\nTo create an all-user connection, on the Connection Availability page in the New Connection Wizard, click the \"For all users\" option.\n\nIf you enable this setting, the Rename option is enabled for all-user remote access connections. Any user can rename all-user connections by clicking an icon representing the connection or by using the File menu.\n\nIf you disable this setting, the Rename option is disabled for nonadministrators only.\n\nIf you do not configure the setting, only Administrators and Network Configuration Operators can rename all-user remote access connections.\n\nNote: This setting does not apply to Administrators\n\nNote: When the \"Ability to rename LAN connections or remote access connections available to all users\" setting is configured (set to either Enabled or Disabled), this setting does not apply.\n\nNote: This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Network Connections" ], "ValueName": "NC_RenameAllUserRasConnection", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "NetworkConnections.admx", "CategoryName": "NetworkConnections", "PolicyName": "NC_RenameConnection", "Class": "User", "NameSpace": "Microsoft.Policies.NetworkConnections", "Supported": "Win2kSP1_WindowsPreVista - Microsoft Windows Server 2003, Windows XP, and Windows 2000 Service Pack 1 operating systems only", "DisplayName": "Ability to rename LAN connections or remote access connections available to all users", "ExplainText": "Determines whether users can rename LAN or all user remote access connections.\n\nIf you enable this setting, the Rename option is enabled for all users. Users can rename connections by clicking the icon representing a connection or by using the File menu.\n\nIf you disable this setting (and enable the \"Enable Network Connections settings for Administrators\" setting), the Rename option for LAN and all user remote access connections is disabled for all users (including Administrators and Network Configuration Operators).\n\nImportant: If the \"Enable Network Connections settings for Administrators\" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.\n\nIf this setting is not configured, only Administrators and Network Configuration Operators have the right to rename LAN or all user remote access connections.\n\nNote: When configured, this setting always takes precedence over the \"Ability to rename LAN connections\" and \"Ability to rename all user remote access connections\" settings.\n\nNote: This setting does not prevent users from using other programs, such as Internet Explorer, to rename remote access connections.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Network Connections" ], "ValueName": "NC_RenameConnection", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "NetworkConnections.admx", "CategoryName": "NetworkConnections", "PolicyName": "NC_RenameLanConnection", "Class": "User", "NameSpace": "Microsoft.Policies.NetworkConnections", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Ability to rename LAN connections", "ExplainText": "Determines whether nonadministrators can rename a LAN connection.\n\nIf you enable this setting, the Rename option is enabled for LAN connections. Nonadministrators can rename LAN connections by clicking an icon representing the connection or by using the File menu.\n\nIf you disable this setting, the Rename option is disabled for nonadministrators only.\n\nIf you do not configure this setting, only Administrators and Network Configuration Operators can rename LAN connections\n\nNote: This setting does not apply to Administrators.\n\nNote: When the \"Ability to rename LAN connections or remote access connections available to all users\" setting is configured (set to either enabled or disabled), this setting does not apply.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Network Connections" ], "ValueName": "NC_RenameLanConnection", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "NetworkConnections.admx", "CategoryName": "NetworkConnections", "PolicyName": "NC_RenameMyRasConnection", "Class": "User", "NameSpace": "Microsoft.Policies.NetworkConnections", "Supported": "Win2kSP1 - At least Windows 2000 Service Pack 1", "DisplayName": "Prohibit renaming private remote access connections", "ExplainText": "Determines whether users can rename their private remote access connections.\n\nPrivate connections are those that are available only to one user. To create a private connection, on the Connection Availability page in the New Connection Wizard, click the \"Only for myself\" option.\n\nIf you enable this setting (and enable the \"Enable Network Connections settings for Administrators\" setting), the Rename option is disabled for all users (including administrators).\n\nImportant: If the \"Enable Network Connections settings for Administrators\" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.\n\nIf you disable this setting or do not configure it, the Rename option is enabled for all users' private remote access connections. Users can rename their private connection by clicking an icon representing the connection or by using the File menu.\n\nNote: This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Network Connections" ], "ValueName": "NC_RenameMyRasConnection", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "NetworkConnections.admx", "CategoryName": "NetworkConnections", "PolicyName": "NC_ShowSharedAccessUI", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetworkConnections", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Prohibit use of Internet Connection Sharing on your DNS domain network", "ExplainText": "Determines whether administrators can enable and configure the Internet Connection Sharing (ICS) feature of an Internet connection and if the ICS service can run on the computer.\n\nICS lets administrators configure their system as an Internet gateway for a small network and provides network services, such as name resolution and addressing through DHCP, to the local private network.\n\nIf you enable this setting, ICS cannot be enabled or configured by administrators, and the ICS service cannot run on the computer. The Advanced tab in the Properties dialog box for a LAN or remote access connection is removed. The Internet Connection Sharing page is removed from the New Connection Wizard. The Network Setup Wizard is disabled.\n\nIf you disable this setting or do not configure it and have two or more connections, administrators can enable ICS. The Advanced tab in the properties dialog box for a LAN or remote access connection is available. In addition, the user is presented with the option to enable Internet Connection Sharing in the Network Setup Wizard and Make New Connection Wizard. (The Network Setup Wizard is available only in Windows XP Professional.)\n\nBy default, ICS is disabled when you create a remote access connection, but administrators can use the Advanced tab to enable it. When running the New Connection Wizard or Network Setup Wizard, administrators can choose to enable ICS.\n\nNote: Internet Connection Sharing is only available when two or more network connections are present.\n\nNote: When the \"Prohibit access to properties of a LAN connection,\" \"Ability to change properties of an all user remote access connection,\" or \"Prohibit changing properties of a private remote access connection\" settings are set to deny access to the Connection Properties dialog box, the Advanced tab for the connection is blocked.\n\nNote: Nonadministrators are already prohibited from configuring Internet Connection Sharing, regardless of this setting.\n\nNote: Disabling this setting does not prevent Wireless Hosted Networking from using the ICS service for DHCP services. To prevent the ICS service from running, on the Network Permissions tab in the network's policy properties, select the \"Don't use hosted networks\" check box.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Network Connections" ], "ValueName": "NC_ShowSharedAccessUI", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "NetworkConnections.admx", "CategoryName": "NetworkConnections", "PolicyName": "NC_Statistics", "Class": "User", "NameSpace": "Microsoft.Policies.NetworkConnections", "Supported": "Win2kSP1_WindowsPreVista - Microsoft Windows Server 2003, Windows XP, and Windows 2000 Service Pack 1 operating systems only", "DisplayName": "Prohibit viewing of status for an active connection", "ExplainText": "Determines whether users can view the status for an active connection.\n\nConnection status is available from the connection status taskbar icon or from the Status dialog box. The Status dialog box displays information about the connection and its activity. It also provides buttons to disconnect and to configure the properties of the connection.\n\nIf you enable this setting, the connection status taskbar icon and Status dialog box are not available to users (including administrators). The Status option is disabled in the context menu for the connection and on the File menu in the Network Connections folder. Users cannot choose to show the connection icon in the taskbar from the Connection Properties dialog box.\n\nImportant: If the \"Enable Network Connections settings for Administrators\" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.\n\nIf you disable this setting or do not configure it, the connection status taskbar icon and Status dialog box are available to all users.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Network Connections" ], "ValueName": "NC_Statistics", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "NetworkConnections.admx", "CategoryName": "NetworkConnections", "PolicyName": "NC_StdDomainUserSetLocation", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetworkConnections", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Require domain users to elevate when setting a network's location", "ExplainText": "This policy setting determines whether to require domain users to elevate when setting a network's location.\n\nIf you enable this policy setting, domain users must elevate when setting a network's location.\n\nIf you disable or do not configure this policy setting, domain users can set a network's location without elevating.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Network Connections" ], "ValueName": "NC_StdDomainUserSetLocation", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "NetworkConnections.admx", "CategoryName": "NetworkConnections", "PolicyName": "NC_DoNotShowLocalOnlyIcon", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetworkConnections", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Do not show the \"local access only\" network icon", "ExplainText": "Specifies whether or not the \"local access only\" network icon will be shown.\n\nWhen enabled, the icon for Internet access will be shown in the system tray even when a user is connected to a network with local access only.\n\nIf you disable this setting or do not configure it, the \"local access only\" icon will be used when a user is connected to a network with local access only.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Network Connections" ], "ValueName": "NC_DoNotShowLocalOnlyIcon", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "NetworkConnections.admx", "CategoryName": "NetworkConnections", "PolicyName": "NC_ForceTunneling", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetworkConnections", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Route all traffic through the internal network", "ExplainText": "This policy setting determines whether a remote client computer routes Internet traffic through the internal network or whether the client accesses the Internet directly.\n\nWhen a remote client computer connects to an internal network using DirectAccess, it can access the Internet in two ways: through the secure tunnel that DirectAccess establishes between the computer and the internal network, or directly through the local default gateway.\n\nIf you enable this policy setting, all traffic between a remote client computer running DirectAccess and the Internet is routed through the internal network.\n\nIf you disable this policy setting, traffic between remote client computers running DirectAccess and the Internet is not routed through the internal network.\n\nIf you do not configure this policy setting, traffic between remote client computers running DirectAccess and the Internet is not routed through the internal network.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\TCPIP\\v6Transition" ], "ClientExtension": "{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}", "Elements": [ { "Type": "Enum", "ValueName": "Force_Tunneling", "Items": [ { "DisplayName": "Enabled State", "Data": "Enabled" }, { "DisplayName": "Disabled State", "Data": "Disabled" } ], "Required": true } ] }, { "File": "NetworkIsolation.admx", "CategoryName": "WF_Isolation", "PolicyName": "WF_NetIsolation_Domain_Proxies", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetworkIsolation", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Internet proxy servers for apps", "ExplainText": "This setting does not apply to desktop apps.\n\nA semicolon-separated list of Internet proxy server IP addresses. These addresses are categorized as Internet by Windows Network Isolation and are accessible to apps that have the Internet Client or Internet Client/Server capabilities.\n\nIf you enable this policy setting, apps on proxied networks can access the Internet without relying on the Private Network capability. However, in most situations Windows Network Isolation will be able to correctly discover proxies. By default, any proxies configured with this setting are merged with proxies that are auto-discovered. To make this policy configuration the sole list of allowed proxies, enable the \"Proxy definitions are authoritative\" setting.\n\nIf you disable or do not configure this policy setting, apps will use the Internet proxies auto-discovered by Windows Network Isolation.\n\nExample: [3efe:3022::1000];18.0.0.1;18.0.0.2\n\nFor more information see: http://go.microsoft.com/fwlink/p/?LinkId=234043", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\NetworkIsolation" ], "Elements": [ { "Type": "Text", "ValueName": "DomainProxies", "Required": true, "MaxLength": "16383" } ] }, { "File": "NetworkIsolation.admx", "CategoryName": "WF_Isolation", "PolicyName": "WF_NetIsolation_Intranet_Proxies", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetworkIsolation", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Intranet proxy servers for apps", "ExplainText": "This setting does not apply to desktop apps.\n\nA semicolon-separated list of intranet proxy server IP addresses. These addresses are categorized as private by Windows Network Isolation and are accessible to apps that have the Home/Work Networking capability.\n\nIf you enable this policy setting, it allows an administrator to configure a set of proxies that provide access to intranet resources.\n\nIf you disable or do not configure this policy setting, Windows Network Isolation attempts to discover proxies and configures them as Internet nodes.\n\nThis setting should NOT be used to configure Internet proxies.\n\nExample: [3efe:3022::1000]; 18.0.0.1; 18.0.0.2\n\nFor more information see: http://go.microsoft.com/fwlink/p/?LinkId=234043", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\NetworkIsolation" ], "Elements": [ { "Type": "Text", "ValueName": "DomainLocalProxies", "Required": true } ] }, { "File": "NetworkIsolation.admx", "CategoryName": "WF_Isolation", "PolicyName": "WF_NetIsolation_PrivateSubnet", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetworkIsolation", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Private network ranges for apps", "ExplainText": "This setting does not apply to desktop apps.\n\nA comma-separated list of IP address ranges that are in your corporate network.\n\nIf you enable this policy setting, it ensures that apps with the Home/Work Networking capability have appropriate access to your corporate network. These addresses are only accessible to apps if and only if the app has declared the Home/Work Networking capability.\n\nWindows Network Isolation attempts to automatically discover private network hosts. By default, the addresses configured with this policy setting are merged with the hosts that are declared as private through automatic discovery.\n\nTo ensure that these addresses are the only addresses ever classified as private, enable the \"Subnet definitions are authoritative\" policy setting.\n\nIf you disable or do not configure this policy setting, Windows Network Isolation attempts to automatically discover your private network hosts.\n\nExample: 3efe:1092::/96,18.1.1.1/10\n\nFor more information see: http://go.microsoft.com/fwlink/p/?LinkId=234043", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\NetworkIsolation" ], "Elements": [ { "Type": "Text", "ValueName": "DomainSubnets", "Required": true, "MaxLength": "16383" } ] }, { "File": "NetworkIsolation.admx", "CategoryName": "WF_Isolation", "PolicyName": "WF_NetIsolation_Authoritative_Proxies", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetworkIsolation", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Proxy definitions are authoritative", "ExplainText": "This setting does not apply to desktop apps.\n\nTurns off Windows Network Isolation's automatic proxy discovery in the domain corporate environment.\n\nIf you enable this policy setting, it turns off Windows Network Isolation's automatic proxy discovery in the domain corporate environment. Only proxies configured with Group Policy are authoritative. This applies to both Internet and intranet proxies.\n\nIf you disable or do not configure this policy setting, Windows Network Isolation attempts to automatically discover your proxy server addresses.\n\nFor more information see: http://go.microsoft.com/fwlink/p/?LinkId=234043", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\NetworkIsolation" ], "ValueName": "DProxiesAuthoritive", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "NetworkIsolation.admx", "CategoryName": "WF_Isolation", "PolicyName": "WF_NetIsolation_Authoritative_Subnet", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetworkIsolation", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Subnet definitions are authoritative", "ExplainText": "This setting does not apply to desktop apps.\n\nTurns off Windows Network Isolation's automatic discovery of private network hosts in the domain corporate environment.\n\nIf you enable this policy setting, it turns off Windows Network Isolation's automatic discovery of private network hosts in the domain corporate environment. Only network hosts within the address ranges configured via Group Policy will be classified as private.\n\nIf you disable or do not configure this policy setting, Windows Network Isolation attempts to automatically discover your private network hosts in the domain corporate environment.\n\nFor more information see: http://go.microsoft.com/fwlink/p/?LinkId=234043", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\NetworkIsolation" ], "ValueName": "DSubnetsAuthoritive", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "NetworkIsolation.admx", "CategoryName": "WF_Isolation", "PolicyName": "WF_NetIsolation_EnterpriseCloudResources", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetworkIsolation", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Enterprise resource domains hosted in the cloud", "ExplainText": "This setting does not apply to desktop apps.\n\nA pipe-separated list of domain cloud resources. Each cloud resource can also be paired optionally with an internal proxy server by using a trailing comma followed by the proxy address.\n\nContains a list of Enterprise resource domains hosted in the cloud. Connections to these resources are considered connections to enterprise networks.\n\nIf a proxy is paired with a cloud resource, traffic to the cloud resource will be routed through the enterprise network via the denoted proxy server (on Port 80). A proxy server used for this purpose must also be configured using the Intranet proxy servers for apps policy.\n\nExample: [cloudresource]|[cloudresource]|[cloudresource],[proxy]|[cloudresource]|[cloudresource],[proxy]|\n\nFor more information see: http://go.microsoft.com/fwlink/p/?LinkId=234043", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\NetworkIsolation" ], "Elements": [ { "Type": "Text", "ValueName": "CloudResources", "Required": true, "MaxLength": "16383" } ] }, { "File": "NetworkIsolation.admx", "CategoryName": "WF_Isolation", "PolicyName": "WF_NetIsolation_NeutralResources", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetworkIsolation", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Domains categorized as both work and personal", "ExplainText": "This setting does not apply to desktop apps.\n\nA comma-separated list of domain names that can be used as both work or personal resource.\n\nFor more information see: http://go.microsoft.com/fwlink/p/?LinkId=234043", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\NetworkIsolation" ], "Elements": [ { "Type": "Text", "ValueName": "NeutralResources", "Required": true, "MaxLength": "16383" } ] }, { "File": "NetworkProvider.admx", "CategoryName": "Cat_NetworkProvider", "PolicyName": "Pol_HardenedPaths", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetworkProvider", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Hardened UNC Paths", "ExplainText": "This policy setting configures secure access to UNC paths.\n\nIf you enable this policy, Windows only allows access to the specified UNC paths after fulfilling additional security requirements.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\NetworkProvider" ], "ValueName": "HardenedPaths", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\NetworkProvider\\HardenedPaths" ] } ] }, { "File": "NewsAndInterests.admx", "CategoryName": "NewsAndInterests", "PolicyName": "AllowNewsAndInterests", "Class": "Machine", "NameSpace": "Microsoft.Policies.NewsAndInterests", "Supported": "Windows_10_0_NOSERVER - At least Windows 10", "DisplayName": "Allow widgets", "ExplainText": "This policy specifies whether the widgets feature is allowed on the device.\nWidgets will be turned on by default unless you change this in your settings.\nIf you turned this feature on before, it will stay on automatically unless you turn it off.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Dsh" ], "ValueName": "AllowNewsAndInterests", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "NewsAndInterests.admx", "CategoryName": "NewsAndInterests", "PolicyName": "DisableWidgetsOnLockScreen", "Class": "Machine", "NameSpace": "Microsoft.Policies.NewsAndInterests", "Supported": "Windows_11_0_22H2_NOSERVER - At least Windows 11 Version 22H2", "DisplayName": "Disable Widgets On Lock Screen", "ExplainText": "This policy specifies whether to disable the Widgets feature on the lock screen.\nIf you disable or do not configure this policy setting, widgets will appear on the lock screen and can be managed in the Windows Settings app.\nIf you enable this policy setting, widgets will not appear on the lock screen.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Dsh" ], "ValueName": "DisableWidgetsOnLockScreen", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "NewsAndInterests.admx", "CategoryName": "NewsAndInterests", "PolicyName": "DisableWidgetsBoard", "Class": "Machine", "NameSpace": "Microsoft.Policies.NewsAndInterests", "Supported": "Windows_11_0_22H2_NOSERVER - At least Windows 11 Version 22H2", "DisplayName": "Disable Widgets Board", "ExplainText": "This policy specifies whether to disable the Widgets Board experience.\nIf you disable or do not configure this policy setting, you will be able to invoke the Widgets Board and see its entry point on the taskbar. The Widgets Board experience can be managed in Widgets Settings whose entry-point is located on the Widgets Board.\nIf you enable this policy setting, you will not be able to invoke the Widgets board and its entry point will no longer appear on the taskbar.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Dsh" ], "ValueName": "DisableWidgetsBoard", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "Ntlm.admx", "CategoryName": "NTLM", "PolicyName": "LogEnhancedNtlmAudits", "Class": "Machine", "NameSpace": "Microsoft.Policies.NTLM", "Supported": "Windows_11_0_24H2 - At least Windows 11 Version 24H2", "DisplayName": "NTLM Enhanced Logging", "ExplainText": "This policy setting allows the NTLM security package to log the new, enhanced auditing logs for both clients and servers.\n\nThese enhanced logs have information about what is using NTLM, why NTLM is being used, and the destination of the NTLM authentication request. They also have information about NTLMv1 usage and other security downgrades.\n\nIf you enabled or do not configure this policy, the new auditing logs will be generated. If you disable the policy, the new logs are not generated.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\NTLM\\Parameters" ], "ValueName": "LogEnhancedAuditEvents", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "OfflineFiles.admx", "CategoryName": "Cat_OfflineFiles", "PolicyName": "Pol_AlwaysPinSubFolders", "Class": "Machine", "NameSpace": "Microsoft.Policies.OfflineFiles", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Subfolders always available offline", "ExplainText": "Makes subfolders available offline whenever their parent folder is made available offline.\n\nThis setting automatically extends the \"make available offline\" setting to all new and existing subfolders of a folder. Users do not have the option of excluding subfolders.\n\nIf you enable this setting, when you make a folder available offline, all folders within that folder are also made available offline. Also, new folders that you create within a folder that is available offline are made available offline when the parent folder is synchronized.\n\nIf you disable this setting or do not configure it, the system asks users whether they want subfolders to be made available offline when they make a parent folder available offline.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\NetCache" ], "ValueName": "AlwaysPinSubFolders", "Elements": [] }, { "File": "OfflineFiles.admx", "CategoryName": "Cat_OfflineFiles", "PolicyName": "Pol_AssignedOfflineFiles_1", "Class": "User", "NameSpace": "Microsoft.Policies.OfflineFiles", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Specify administratively assigned Offline Files", "ExplainText": "This policy setting lists network files and folders that are always available for offline use. This ensures that the specified files and folders are available offline to users of the computer.\n\nIf you enable this policy setting, the files you enter are always available offline to users of the computer. To specify a file or folder, click Show. In the Show Contents dialog box in the Value Name column, type the fully qualified UNC path to the file or folder. Leave the Value column field blank.\n\nIf you disable this policy setting, the list of files or folders made always available offline (including those inherited from lower precedence GPOs) is deleted and no files or folders are made available for offline use by Group Policy (though users can still specify their own files and folders for offline use).\n\nIf you do not configure this policy setting, no files or folders are made available for offline use by Group Policy.\n\nNote: This setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy settings will be combined and all specified files will be available for offline use.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows" ], "ClientExtension": "{C631DF4C-088F-4156-B058-4375F0853CD8}", "ValueName": "NetCache", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\NetCache\\AssignedOfflineFolders" ] } ] }, { "File": "OfflineFiles.admx", "CategoryName": "Cat_OfflineFiles", "PolicyName": "Pol_AssignedOfflineFiles_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.OfflineFiles", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Specify administratively assigned Offline Files", "ExplainText": "This policy setting lists network files and folders that are always available for offline use. This ensures that the specified files and folders are available offline to users of the computer.\n\nIf you enable this policy setting, the files you enter are always available offline to users of the computer. To specify a file or folder, click Show. In the Show Contents dialog box in the Value Name column, type the fully qualified UNC path to the file or folder. Leave the Value column field blank.\n\nIf you disable this policy setting, the list of files or folders made always available offline (including those inherited from lower precedence GPOs) is deleted and no files or folders are made available for offline use by Group Policy (though users can still specify their own files and folders for offline use).\n\nIf you do not configure this policy setting, no files or folders are made available for offline use by Group Policy.\n\nNote: This setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy settings will be combined and all specified files will be available for offline use.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows" ], "ClientExtension": "{C631DF4C-088F-4156-B058-4375F0853CD8}", "ValueName": "NetCache", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\NetCache\\AssignedOfflineFolders" ] } ] }, { "File": "OfflineFiles.admx", "CategoryName": "Cat_OfflineFiles", "PolicyName": "Pol_CustomGoOfflineActions_1", "Class": "User", "NameSpace": "Microsoft.Policies.OfflineFiles", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Non-default server disconnect actions", "ExplainText": "Determines how computers respond when they are disconnected from particular offline file servers. This setting overrides the default response, a user-specified response, and the response specified in the \"Action on server disconnect\" setting.\n\nTo use this setting, click Show. In the Show Contents dialog box in the Value Name column box, type the server's computer name. Then, in the Value column box, type \"0\" if users can work offline when they are disconnected from this server, or type \"1\" if they cannot.\n\nThis setting appears in the Computer Configuration and User Configuration folders. If both settings are configured for a particular server, the setting in Computer Configuration takes precedence over the setting in User Configuration. Both Computer and User configuration take precedence over a user's setting. This setting does not prevent users from setting custom actions through the Offline Files tab. However, users are unable to change any custom actions established via this setting.\n\nTip: To configure this setting without establishing a setting, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, and then click Advanced. This setting corresponds to the settings in the \"Exception list\" section.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows" ], "ValueName": "NetCache", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\NetCache\\CustomGoOfflineActions" ] } ] }, { "File": "OfflineFiles.admx", "CategoryName": "Cat_OfflineFiles", "PolicyName": "Pol_CustomGoOfflineActions_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.OfflineFiles", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Non-default server disconnect actions", "ExplainText": "Determines how computers respond when they are disconnected from particular offline file servers. This setting overrides the default response, a user-specified response, and the response specified in the \"Action on server disconnect\" setting.\n\nTo use this setting, click Show. In the Show Contents dialog box in the Value Name column box, type the server's computer name. Then, in the Value column box, type \"0\" if users can work offline when they are disconnected from this server, or type \"1\" if they cannot.\n\nThis setting appears in the Computer Configuration and User Configuration folders. If both settings are configured for a particular server, the setting in Computer Configuration takes precedence over the setting in User Configuration. Both Computer and User configuration take precedence over a user's setting. This setting does not prevent users from setting custom actions through the Offline Files tab. However, users are unable to change any custom actions established via this setting.\n\nTip: To configure this setting without establishing a setting, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, and then click Advanced. This setting corresponds to the settings in the \"Exception list\" section.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows" ], "ValueName": "NetCache", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\NetCache\\CustomGoOfflineActions" ] } ] }, { "File": "OfflineFiles.admx", "CategoryName": "Cat_OfflineFiles", "PolicyName": "Pol_DefCacheSize", "Class": "Machine", "NameSpace": "Microsoft.Policies.OfflineFiles", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Default cache size", "ExplainText": "Limits the percentage of the computer's disk space that can be used to store automatically cached offline files.\n\nThis setting also disables the \"Amount of disk space to use for temporary offline files\" option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it.\n\nAutomatic caching can be set on any network share. When a user opens a file on the share, the system automatically stores a copy of the file on the user's computer.\n\nThis setting does not limit the disk space available for files that user's make available offline manually.\n\nIf you enable this setting, you can specify an automatic-cache disk space limit.\n\nIf you disable this setting, the system limits the space that automatically cached files occupy to 10 percent of the space on the system drive.\n\nIf you do not configure this setting, disk space for automatically cached files is limited to 10 percent of the system drive by default, but users can change it.\n\nTip: To change the amount of disk space used for automatic caching without specifying a setting, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, and then use the slider bar associated with the \"Amount of disk space to use for temporary offline files\" option.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\NetCache" ], "Elements": [ { "Type": "Decimal", "ValueName": "DefCacheSize", "MinValue": "0", "MaxValue": "10000" } ] }, { "File": "OfflineFiles.admx", "CategoryName": "Cat_OfflineFiles", "PolicyName": "Pol_Enabled", "Class": "Machine", "NameSpace": "Microsoft.Policies.OfflineFiles", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Allow or Disallow use of the Offline Files feature", "ExplainText": "This policy setting determines whether the Offline Files feature is enabled. Offline Files saves a copy of network files on the user's computer for use when the computer is not connected to the network.\n\nIf you enable this policy setting, Offline Files is enabled and users cannot disable it.\n\nIf you disable this policy setting, Offline Files is disabled and users cannot enable it.\n\nIf you do not configure this policy setting, Offline Files is enabled on Windows client computers, and disabled on computers running Windows Server, unless changed by the user.\n\nNote: Changes to this policy setting do not take effect until the affected computer is restarted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\NetCache" ], "ClientExtension": "{C631DF4C-088F-4156-B058-4375F0853CD8}", "ValueName": "Enabled", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "OfflineFiles.admx", "CategoryName": "Cat_OfflineFiles", "PolicyName": "Pol_EncryptOfflineFiles", "Class": "Machine", "NameSpace": "Microsoft.Policies.OfflineFiles", "Supported": "WindowsXP_SP2_W2K_SP5_NETSERVER_SP1 - At least Windows Server 2003 operating systems Service Pack 1, Windows XP Professional Service Pack 2, or Windows 2000 Service Pack 5", "DisplayName": "Encrypt the Offline Files cache", "ExplainText": "This policy setting determines whether offline files are encrypted.\n\nOffline files are locally cached copies of files from a network share. Encrypting this cache reduces the likelihood that a user could access files from the Offline Files cache without proper permissions.\n\nIf you enable this policy setting, all files in the Offline Files cache are encrypted. This includes existing files as well as files added later. The cached copy on the local computer is affected, but the associated network copy is not. The user cannot unencrypt Offline Files through the user interface.\n\nIf you disable this policy setting, all files in the Offline Files cache are unencrypted. This includes existing files as well as files added later, even if the files were stored using NTFS encryption or BitLocker Drive Encryption while on the server. The cached copy on the local computer is affected, but the associated network copy is not. The user cannot encrypt Offline Files through the user interface.\n\nIf you do not configure this policy setting, encryption of the Offline Files cache is controlled by the user through the user interface. The current cache state is retained, and if the cache is only partially encrypted, the operation completes so that it is fully encrypted. The cache does not return to the unencrypted state. The user must be an administrator on the local computer to encrypt or decrypt the Offline Files cache.\n\nNote: By default, this cache is protected on NTFS partitions by ACLs.\n\nThis setting is applied at user logon. If this setting is changed after user logon then user logoff and logon is required for this setting to take effect.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\NetCache" ], "ClientExtension": "{C631DF4C-088F-4156-B058-4375F0853CD8}", "ValueName": "EncryptCache", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "OfflineFiles.admx", "CategoryName": "Cat_OfflineFiles", "PolicyName": "Pol_EventLoggingLevel_1", "Class": "User", "NameSpace": "Microsoft.Policies.OfflineFiles", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Event logging level", "ExplainText": "Determines which events the Offline Files feature records in the event log.\n\nOffline Files records events in the Application log in Event Viewer when it detects errors. By default, Offline Files records an event only when the offline files storage cache is corrupted. However, you can use this setting to specify additional events you want Offline Files to record.\n\nTo use this setting, in the \"Enter\" box, select the number corresponding to the events you want the system to log. The levels are cumulative; that is, each level includes the events in all preceding levels.\n\n\"0\" records an error when the offline storage cache is corrupted.\n\n\"1\" also records an event when the server hosting the offline file is disconnected from the network.\n\n\"2\" also records events when the local computer is connected and disconnected from the network.\n\n\"3\" also records an event when the server hosting the offline file is reconnected to the network.\n\nNote: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\NetCache" ], "Elements": [ { "Type": "Decimal", "ValueName": "EventLoggingLevel", "MinValue": "0", "MaxValue": "3" } ] }, { "File": "OfflineFiles.admx", "CategoryName": "Cat_OfflineFiles", "PolicyName": "Pol_EventLoggingLevel_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.OfflineFiles", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Event logging level", "ExplainText": "Determines which events the Offline Files feature records in the event log.\n\nOffline Files records events in the Application log in Event Viewer when it detects errors. By default, Offline Files records an event only when the offline files storage cache is corrupted. However, you can use this setting to specify additional events you want Offline Files to record.\n\nTo use this setting, in the \"Enter\" box, select the number corresponding to the events you want the system to log. The levels are cumulative; that is, each level includes the events in all preceding levels.\n\n\"0\" records an error when the offline storage cache is corrupted.\n\n\"1\" also records an event when the server hosting the offline file is disconnected from the network.\n\n\"2\" also records events when the local computer is connected and disconnected from the network.\n\n\"3\" also records an event when the server hosting the offline file is reconnected to the network.\n\nNote: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\NetCache" ], "Elements": [ { "Type": "Decimal", "ValueName": "EventLoggingLevel", "MinValue": "0", "MaxValue": "3" } ] }, { "File": "OfflineFiles.admx", "CategoryName": "Cat_OfflineFiles", "PolicyName": "Pol_ExtExclusionList", "Class": "Machine", "NameSpace": "Microsoft.Policies.OfflineFiles", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Files not cached", "ExplainText": "Lists types of files that cannot be used offline.\n\nThis setting lets you exclude certain types of files from automatic and manual caching for offline use. The system does not cache files of the type specified in this setting even when they reside on a network share configured for automatic caching. Also, if users try to make a file of this type available offline, the operation will fail and the following message will be displayed in the Synchronization Manager progress dialog box: \"Files of this type cannot be made available offline.\"\n\nThis setting is designed to protect files that cannot be separated, such as database components.\n\nTo use this setting, type the file name extension in the \"Extensions\" box. To type more than one extension, separate the extensions with a semicolon (;).\n\nNote: To make changes to this setting effective, you must log off and log on again.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\NetCache" ], "Elements": [ { "Type": "Text", "ValueName": "ExcludeExtensions" } ] }, { "File": "OfflineFiles.admx", "CategoryName": "Cat_OfflineFiles", "PolicyName": "Pol_GoOfflineAction_1", "Class": "User", "NameSpace": "Microsoft.Policies.OfflineFiles", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Action on server disconnect", "ExplainText": "Determines whether network files remain available if the computer is suddenly disconnected from the server hosting the files.\n\nThis setting also disables the \"When a network connection is lost\" option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it.\n\nIf you enable this setting, you can use the \"Action\" box to specify how computers in the group respond.\n\n-- \"Work offline\" indicates that the computer can use local copies of network files while the server is inaccessible.\n\n-- \"Never go offline\" indicates that network files are not available while the server is inaccessible.\n\nIf you disable this setting or select the \"Work offline\" option, users can work offline if disconnected.\n\nIf you do not configure this setting, users can work offline by default, but they can change this option.\n\nThis setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.\n\nTip: To configure this setting without establishing a setting, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, click Advanced, and then select an option in the \"When a network connection is lost\" section.\n\nAlso, see the \"Non-default server disconnect actions\" setting.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\NetCache" ], "Elements": [ { "Type": "Enum", "ValueName": "GoOfflineAction", "Items": [ { "DisplayName": "Work offline", "Data": "0" }, { "DisplayName": "Never go offline", "Data": "1" } ], "Required": true } ] }, { "File": "OfflineFiles.admx", "CategoryName": "Cat_OfflineFiles", "PolicyName": "Pol_GoOfflineAction_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.OfflineFiles", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Action on server disconnect", "ExplainText": "Determines whether network files remain available if the computer is suddenly disconnected from the server hosting the files.\n\nThis setting also disables the \"When a network connection is lost\" option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it.\n\nIf you enable this setting, you can use the \"Action\" box to specify how computers in the group respond.\n\n-- \"Work offline\" indicates that the computer can use local copies of network files while the server is inaccessible.\n\n-- \"Never go offline\" indicates that network files are not available while the server is inaccessible.\n\nIf you disable this setting or select the \"Work offline\" option, users can work offline if disconnected.\n\nIf you do not configure this setting, users can work offline by default, but they can change this option.\n\nThis setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.\n\nTip: To configure this setting without establishing a setting, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, click Advanced, and then select an option in the \"When a network connection is lost\" section.\n\nAlso, see the \"Non-default server disconnect actions\" setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\NetCache" ], "Elements": [ { "Type": "Enum", "ValueName": "GoOfflineAction", "Items": [ { "DisplayName": "Work offline", "Data": "0" }, { "DisplayName": "Never go offline", "Data": "1" } ], "Required": true } ] }, { "File": "OfflineFiles.admx", "CategoryName": "Cat_OfflineFiles", "PolicyName": "Pol_NoCacheViewer_1", "Class": "User", "NameSpace": "Microsoft.Policies.OfflineFiles", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Prevent use of Offline Files folder", "ExplainText": "Disables the Offline Files folder.\n\nThis setting disables the \"View Files\" button on the Offline Files tab. As a result, users cannot use the Offline Files folder to view or open copies of network files stored on their computer. Also, they cannot use the folder to view characteristics of offline files, such as their server status, type, or location.\n\nThis setting does not prevent users from working offline or from saving local copies of files available offline. Also, it does not prevent them from using other programs, such as Windows Explorer, to view their offline files.\n\nThis setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.\n\nTip: To view the Offline Files Folder, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, and then click \"View Files.\"", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\NetCache" ], "ValueName": "NoCacheViewer", "Elements": [] }, { "File": "OfflineFiles.admx", "CategoryName": "Cat_OfflineFiles", "PolicyName": "Pol_NoCacheViewer_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.OfflineFiles", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Prevent use of Offline Files folder", "ExplainText": "Disables the Offline Files folder.\n\nThis setting disables the \"View Files\" button on the Offline Files tab. As a result, users cannot use the Offline Files folder to view or open copies of network files stored on their computer. Also, they cannot use the folder to view characteristics of offline files, such as their server status, type, or location.\n\nThis setting does not prevent users from working offline or from saving local copies of files available offline. Also, it does not prevent them from using other programs, such as Windows Explorer, to view their offline files.\n\nThis setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.\n\nTip: To view the Offline Files Folder, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, and then click \"View Files.\"", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\NetCache" ], "ValueName": "NoCacheViewer", "Elements": [] }, { "File": "OfflineFiles.admx", "CategoryName": "Cat_OfflineFiles", "PolicyName": "Pol_NoConfigCache_1", "Class": "User", "NameSpace": "Microsoft.Policies.OfflineFiles", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Prohibit user configuration of Offline Files", "ExplainText": "Prevents users from enabling, disabling, or changing the configuration of Offline Files.\n\nThis setting removes the Offline Files tab from the Folder Options dialog box. It also removes the Settings item from the Offline Files context menu and disables the Settings button on the Offline Files Status dialog box. As a result, users cannot view or change the options on the Offline Files tab or Offline Files dialog box.\n\nThis is a comprehensive setting that locks down the configuration you establish by using other settings in this folder.\n\nThis setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.\n\nTip: This setting provides a quick method for locking down the default settings for Offline Files. To accept the defaults, just enable this setting. You do not have to disable any other settings in this folder.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\NetCache" ], "ValueName": "NoConfigCache", "Elements": [] }, { "File": "OfflineFiles.admx", "CategoryName": "Cat_OfflineFiles", "PolicyName": "Pol_NoConfigCache_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.OfflineFiles", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Prohibit user configuration of Offline Files", "ExplainText": "Prevents users from enabling, disabling, or changing the configuration of Offline Files.\n\nThis setting removes the Offline Files tab from the Folder Options dialog box. It also removes the Settings item from the Offline Files context menu and disables the Settings button on the Offline Files Status dialog box. As a result, users cannot view or change the options on the Offline Files tab or Offline Files dialog box.\n\nThis is a comprehensive setting that locks down the configuration you establish by using other settings in this folder.\n\nThis setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.\n\nTip: This setting provides a quick method for locking down the default settings for Offline Files. To accept the defaults, just enable this setting. You do not have to disable any other settings in this folder.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\NetCache" ], "ValueName": "NoConfigCache", "Elements": [] }, { "File": "OfflineFiles.admx", "CategoryName": "Cat_OfflineFiles", "PolicyName": "Pol_NoMakeAvailableOffline_1", "Class": "User", "NameSpace": "Microsoft.Policies.OfflineFiles", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Remove \"Make Available Offline\" command", "ExplainText": "This policy setting prevents users from making network files and folders available offline.\n\nIf you enable this policy setting, users cannot designate files to be saved on their computer for offline use. However, Windows will still cache local copies of files that reside on network shares designated for automatic caching.\n\nIf you disable or do not configure this policy setting, users can manually specify files and folders that they want to make available offline.\n\nNotes:\n\nThis policy setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy setting in Computer Configuration takes precedence.\n\nThe \"Make Available Offline\" command is called \"Always available offline\" on computers running Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, or Windows Vista.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\NetCache" ], "ValueName": "NoMakeAvailableOffline", "Elements": [] }, { "File": "OfflineFiles.admx", "CategoryName": "Cat_OfflineFiles", "PolicyName": "Pol_NoMakeAvailableOffline_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.OfflineFiles", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Remove \"Make Available Offline\" command", "ExplainText": "This policy setting prevents users from making network files and folders available offline.\n\nIf you enable this policy setting, users cannot designate files to be saved on their computer for offline use. However, Windows will still cache local copies of files that reside on network shares designated for automatic caching.\n\nIf you disable or do not configure this policy setting, users can manually specify files and folders that they want to make available offline.\n\nNotes:\n\nThis policy setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy setting in Computer Configuration takes precedence.\n\nThe \"Make Available Offline\" command is called \"Always available offline\" on computers running Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, or Windows Vista.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\NetCache" ], "ValueName": "NoMakeAvailableOffline", "Elements": [] }, { "File": "OfflineFiles.admx", "CategoryName": "Cat_OfflineFiles", "PolicyName": "Pol_NoPinFiles_1", "Class": "User", "NameSpace": "Microsoft.Policies.OfflineFiles", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Remove \"Make Available Offline\" for these files and folders", "ExplainText": "This policy setting allows you to manage a list of files and folders for which you want to block the \"Make Available Offline\" command.\n\nIf you enable this policy setting, the \"Make Available Offline\" command is not available for the files and folders that you list. To specify these files and folders, click Show. In the Show Contents dialog box, in the Value Name column box, type the fully qualified UNC path to the file or folder. Leave the Value column field blank.\n\nIf you disable this policy setting, the list of files and folders is deleted, including any lists inherited from lower precedence GPOs, and the \"Make Available Offline\" command is displayed for all files and folders.\n\nIf you do not configure this policy setting, the \"Make Available Offline\" command is available for all files and folders.\n\nNotes:\n\nThis policy setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy settings are combined, and the \"Make Available Offline\" command is unavailable for all specified files and folders.\n\nThe \"Make Available Offline\" command is called \"Always available offline\" on computers running Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, or Windows Vista.\n\nThis policy setting does not prevent files from being automatically cached if the network share is configured for \"Automatic Caching.\" It only affects the display of the \"Make Available Offline\" command in File Explorer.\n\nIf the \"Remove 'Make Available Offline' command\" policy setting is enabled, this setting has no effect.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows" ], "ValueName": "NetCache", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\NetCache\\NoMakeAvailableOfflineList" ] } ] }, { "File": "OfflineFiles.admx", "CategoryName": "Cat_OfflineFiles", "PolicyName": "Pol_NoPinFiles_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.OfflineFiles", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Remove \"Make Available Offline\" for these files and folders", "ExplainText": "This policy setting allows you to manage a list of files and folders for which you want to block the \"Make Available Offline\" command.\n\nIf you enable this policy setting, the \"Make Available Offline\" command is not available for the files and folders that you list. To specify these files and folders, click Show. In the Show Contents dialog box, in the Value Name column box, type the fully qualified UNC path to the file or folder. Leave the Value column field blank.\n\nIf you disable this policy setting, the list of files and folders is deleted, including any lists inherited from lower precedence GPOs, and the \"Make Available Offline\" command is displayed for all files and folders.\n\nIf you do not configure this policy setting, the \"Make Available Offline\" command is available for all files and folders.\n\nNotes:\n\nThis policy setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy settings are combined, and the \"Make Available Offline\" command is unavailable for all specified files and folders.\n\nThe \"Make Available Offline\" command is called \"Always available offline\" on computers running Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, or Windows Vista.\n\nThis policy setting does not prevent files from being automatically cached if the network share is configured for \"Automatic Caching.\" It only affects the display of the \"Make Available Offline\" command in File Explorer.\n\nIf the \"Remove 'Make Available Offline' command\" policy setting is enabled, this setting has no effect.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows" ], "ValueName": "NetCache", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\NetCache\\NoMakeAvailableOfflineList" ] } ] }, { "File": "OfflineFiles.admx", "CategoryName": "Cat_OfflineFiles", "PolicyName": "Pol_NoReminders_1", "Class": "User", "NameSpace": "Microsoft.Policies.OfflineFiles", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Turn off reminder balloons", "ExplainText": "Hides or displays reminder balloons, and prevents users from changing the setting.\n\nReminder balloons appear above the Offline Files icon in the notification area to notify users when they have lost the connection to a networked file and are working on a local copy of the file. Users can then decide how to proceed.\n\nIf you enable this setting, the system hides the reminder balloons, and prevents users from displaying them.\n\nIf you disable the setting, the system displays the reminder balloons and prevents users from hiding them.\n\nIf this setting is not configured, reminder balloons are displayed by default when you enable offline files, but users can change the setting.\n\nTo prevent users from changing the setting while a setting is in effect, the system disables the \"Enable reminders\" option on the Offline Files tab\n\nThis setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.\n\nTip: To display or hide reminder balloons without establishing a setting, in Windows Explorer, on the Tools menu, click Folder Options, and then click the Offline Files tab. This setting corresponds to the \"Enable reminders\" check box.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\NetCache" ], "ValueName": "NoReminders", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "OfflineFiles.admx", "CategoryName": "Cat_OfflineFiles", "PolicyName": "Pol_NoReminders_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.OfflineFiles", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Turn off reminder balloons", "ExplainText": "Hides or displays reminder balloons, and prevents users from changing the setting.\n\nReminder balloons appear above the Offline Files icon in the notification area to notify users when they have lost the connection to a networked file and are working on a local copy of the file. Users can then decide how to proceed.\n\nIf you enable this setting, the system hides the reminder balloons, and prevents users from displaying them.\n\nIf you disable the setting, the system displays the reminder balloons and prevents users from hiding them.\n\nIf this setting is not configured, reminder balloons are displayed by default when you enable offline files, but users can change the setting.\n\nTo prevent users from changing the setting while a setting is in effect, the system disables the \"Enable reminders\" option on the Offline Files tab\n\nThis setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.\n\nTip: To display or hide reminder balloons without establishing a setting, in Windows Explorer, on the Tools menu, click Folder Options, and then click the Offline Files tab. This setting corresponds to the \"Enable reminders\" check box.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\NetCache" ], "ValueName": "NoReminders", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "OfflineFiles.admx", "CategoryName": "Cat_OfflineFiles", "PolicyName": "Pol_PurgeAtLogoff", "Class": "Machine", "NameSpace": "Microsoft.Policies.OfflineFiles", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "At logoff, delete local copy of user\u2019s offline files", "ExplainText": "Deletes local copies of the user's offline files when the user logs off.\n\nThis setting specifies that automatically and manually cached offline files are retained only while the user is logged on to the computer. When the user logs off, the system deletes all local copies of offline files.\n\nIf you disable this setting or do not configure it, automatically and manually cached copies are retained on the user's computer for later offline use.\n\nCaution: Files are not synchronized before they are deleted. Any changes to local files since the last synchronization are lost.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\NetCache\\PurgeAtLogoff" ], "Elements": [ { "Type": "Boolean", "ValueName": "PurgeOnlyAutoCacheAtLogoff", "TrueValue": "1", "FalseValue": "0" } ] }, { "File": "OfflineFiles.admx", "CategoryName": "Cat_OfflineFiles", "PolicyName": "Pol_ReminderFreq_1", "Class": "User", "NameSpace": "Microsoft.Policies.OfflineFiles", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Reminder balloon frequency", "ExplainText": "Determines how often reminder balloon updates appear.\n\nIf you enable this setting, you can select how often reminder balloons updates appear and also prevent users from changing this setting.\n\nReminder balloons appear when the user's connection to a network file is lost or reconnected, and they are updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the update interval.\n\nThis setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.\n\nTip: To set reminder balloon frequency without establishing a setting, in Windows Explorer, on the Tools menu, click Folder Options, and then click the Offline Files tab. This setting corresponds to the \"Display reminder balloons every ... minutes\" option.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\NetCache" ], "Elements": [ { "Type": "Decimal", "ValueName": "ReminderFreqMinutes", "MinValue": "0", "MaxValue": "1440" } ] }, { "File": "OfflineFiles.admx", "CategoryName": "Cat_OfflineFiles", "PolicyName": "Pol_ReminderFreq_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.OfflineFiles", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Reminder balloon frequency", "ExplainText": "Determines how often reminder balloon updates appear.\n\nIf you enable this setting, you can select how often reminder balloons updates appear and also prevent users from changing this setting.\n\nReminder balloons appear when the user's connection to a network file is lost or reconnected, and they are updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the update interval.\n\nThis setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.\n\nTip: To set reminder balloon frequency without establishing a setting, in Windows Explorer, on the Tools menu, click Folder Options, and then click the Offline Files tab. This setting corresponds to the \"Display reminder balloons every ... minutes\" option.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\NetCache" ], "Elements": [ { "Type": "Decimal", "ValueName": "ReminderFreqMinutes", "MinValue": "0", "MaxValue": "1440" } ] }, { "File": "OfflineFiles.admx", "CategoryName": "Cat_OfflineFiles", "PolicyName": "Pol_ReminderInitTimeout_1", "Class": "User", "NameSpace": "Microsoft.Policies.OfflineFiles", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Initial reminder balloon lifetime", "ExplainText": "Determines how long the first reminder balloon for a network status change is displayed.\n\nReminder balloons appear when the user's connection to a network file is lost or reconnected, and they are updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the duration of the first reminder.\n\nThis setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\NetCache" ], "Elements": [ { "Type": "Decimal", "ValueName": "InitialBalloonTimeoutSeconds", "MinValue": "10", "MaxValue": "60" } ] }, { "File": "OfflineFiles.admx", "CategoryName": "Cat_OfflineFiles", "PolicyName": "Pol_ReminderInitTimeout_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.OfflineFiles", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Initial reminder balloon lifetime", "ExplainText": "Determines how long the first reminder balloon for a network status change is displayed.\n\nReminder balloons appear when the user's connection to a network file is lost or reconnected, and they are updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the duration of the first reminder.\n\nThis setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\NetCache" ], "Elements": [ { "Type": "Decimal", "ValueName": "InitialBalloonTimeoutSeconds", "MinValue": "10", "MaxValue": "60" } ] }, { "File": "OfflineFiles.admx", "CategoryName": "Cat_OfflineFiles", "PolicyName": "Pol_ReminderTimeout_1", "Class": "User", "NameSpace": "Microsoft.Policies.OfflineFiles", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Reminder balloon lifetime", "ExplainText": "Determines how long updated reminder balloons are displayed.\n\nReminder balloons appear when the user's connection to a network file is lost or reconnected, and they are updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the duration of the update reminder.\n\nThis setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\NetCache" ], "Elements": [ { "Type": "Decimal", "ValueName": "ReminderBalloonTimeoutSeconds", "MinValue": "10", "MaxValue": "60" } ] }, { "File": "OfflineFiles.admx", "CategoryName": "Cat_OfflineFiles", "PolicyName": "Pol_ReminderTimeout_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.OfflineFiles", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Reminder balloon lifetime", "ExplainText": "Determines how long updated reminder balloons are displayed.\n\nReminder balloons appear when the user's connection to a network file is lost or reconnected, and they are updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the duration of the update reminder.\n\nThis setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\NetCache" ], "Elements": [ { "Type": "Decimal", "ValueName": "ReminderBalloonTimeoutSeconds", "MinValue": "10", "MaxValue": "60" } ] }, { "File": "OfflineFiles.admx", "CategoryName": "Cat_OfflineFiles", "PolicyName": "Pol_SlowLinkSpeed", "Class": "Machine", "NameSpace": "Microsoft.Policies.OfflineFiles", "Supported": "WindowsXPOnly - Windows XP Professional only", "DisplayName": "Configure Slow link speed", "ExplainText": "Configures the threshold value at which Offline Files considers a network connection to be \"slow\". Any network speed below this value is considered to be slow.\n\nWhen a connection is considered slow, Offline Files automatically adjust its behavior to avoid excessive synchronization traffic and will not automatically reconnect to a server when the presence of a server is detected.\n\nIf you enable this setting, you can configure the threshold value that will be used to determine a slow network connection.\n\nIf this setting is disabled or not configured, the default threshold value of 64,000 bps is used to determine if a network connection is considered to be slow.\n\nNote: Use the following formula when entering the slow link value: [ bps / 100]. For example, if you want to set a threshold value of 128,000 bps, enter a value of 1280.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\NetCache" ], "Elements": [ { "Type": "Decimal", "ValueName": "SlowLinkSpeed", "MinValue": "0", "MaxValue": "100000000" } ] }, { "File": "OfflineFiles.admx", "CategoryName": "Cat_OfflineFiles", "PolicyName": "Pol_SyncAtLogoff_1", "Class": "User", "NameSpace": "Microsoft.Policies.OfflineFiles", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Synchronize all offline files before logging off", "ExplainText": "Determines whether offline files are fully synchronized when users log off.\n\nThis setting also disables the \"Synchronize all offline files before logging off\" option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it.\n\nIf you enable this setting, offline files are fully synchronized. Full synchronization ensures that offline files are complete and current.\n\nIf you disable this setting, the system only performs a quick synchronization. Quick synchronization ensures that files are complete, but does not ensure that they are current.\n\nIf you do not configure this setting, the system performs a quick synchronization by default, but users can change this option.\n\nThis setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.\n\nTip: To change the synchronization method without changing a setting, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, and then select the \"Synchronize all offline files before logging off\" option.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\NetCache" ], "ValueName": "SyncAtLogoff", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "OfflineFiles.admx", "CategoryName": "Cat_OfflineFiles", "PolicyName": "Pol_SyncAtLogoff_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.OfflineFiles", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Synchronize all offline files before logging off", "ExplainText": "Determines whether offline files are fully synchronized when users log off.\n\nThis setting also disables the \"Synchronize all offline files before logging off\" option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it.\n\nIf you enable this setting, offline files are fully synchronized. Full synchronization ensures that offline files are complete and current.\n\nIf you disable this setting, the system only performs a quick synchronization. Quick synchronization ensures that files are complete, but does not ensure that they are current.\n\nIf you do not configure this setting, the system performs a quick synchronization by default, but users can change this option.\n\nThis setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.\n\nTip: To change the synchronization method without changing a setting, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, and then select the \"Synchronize all offline files before logging off\" option.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\NetCache" ], "ValueName": "SyncAtLogoff", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "OfflineFiles.admx", "CategoryName": "Cat_OfflineFiles", "PolicyName": "Pol_SyncAtLogon_1", "Class": "User", "NameSpace": "Microsoft.Policies.OfflineFiles", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Synchronize all offline files when logging on", "ExplainText": "Determines whether offline files are fully synchronized when users log on.\n\nThis setting also disables the \"Synchronize all offline files before logging on\" option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it.\n\nIf you enable this setting, offline files are fully synchronized at logon. Full synchronization ensures that offline files are complete and current. Enabling this setting automatically enables logon synchronization in Synchronization Manager.\n\nIf this setting is disabled and Synchronization Manager is configured for logon synchronization, the system performs only a quick synchronization. Quick synchronization ensures that files are complete but does not ensure that they are current.\n\nIf you do not configure this setting and Synchronization Manager is configured for logon synchronization, the system performs a quick synchronization by default, but users can change this option.\n\nThis setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.\n\nTip: To change the synchronization method without setting a setting, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, and then select the \"Synchronize all offline files before logging on\" option.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\NetCache" ], "ValueName": "SyncAtLogon", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "OfflineFiles.admx", "CategoryName": "Cat_OfflineFiles", "PolicyName": "Pol_SyncAtLogon_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.OfflineFiles", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Synchronize all offline files when logging on", "ExplainText": "Determines whether offline files are fully synchronized when users log on.\n\nThis setting also disables the \"Synchronize all offline files before logging on\" option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it.\n\nIf you enable this setting, offline files are fully synchronized at logon. Full synchronization ensures that offline files are complete and current. Enabling this setting automatically enables logon synchronization in Synchronization Manager.\n\nIf this setting is disabled and Synchronization Manager is configured for logon synchronization, the system performs only a quick synchronization. Quick synchronization ensures that files are complete but does not ensure that they are current.\n\nIf you do not configure this setting and Synchronization Manager is configured for logon synchronization, the system performs a quick synchronization by default, but users can change this option.\n\nThis setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.\n\nTip: To change the synchronization method without setting a setting, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, and then select the \"Synchronize all offline files before logging on\" option.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\NetCache" ], "ValueName": "SyncAtLogon", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "OfflineFiles.admx", "CategoryName": "Cat_OfflineFiles", "PolicyName": "Pol_SyncAtSuspend_1", "Class": "User", "NameSpace": "Microsoft.Policies.OfflineFiles", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Synchronize offline files before suspend", "ExplainText": "Determines whether offline files are synchonized before a computer is suspended.\n\nIf you enable this setting, offline files are synchronized whenever the computer is suspended. Setting the synchronization action to \"Quick\" ensures only that all files in the cache are complete. Setting the synchronization action to \"Full\" ensures that all cached files and folders are up-to-date with the most current version.\n\nIf you disable or do not configuring this setting, files are not synchronized when the computer is suspended.\n\nNote: If the computer is suspended by closing the display on a portable computer, files are not synchronized. If multiple users are logged on to the computer at the time the computer is suspended, a synchronization is not performed.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\NetCache" ], "Elements": [ { "Type": "Enum", "ValueName": "SyncAtSuspend", "Items": [ { "DisplayName": "Quick", "Data": "0" }, { "DisplayName": "Full", "Data": "1" } ], "Required": true } ] }, { "File": "OfflineFiles.admx", "CategoryName": "Cat_OfflineFiles", "PolicyName": "Pol_SyncAtSuspend_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.OfflineFiles", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Synchronize offline files before suspend", "ExplainText": "Determines whether offline files are synchonized before a computer is suspended.\n\nIf you enable this setting, offline files are synchronized whenever the computer is suspended. Setting the synchronization action to \"Quick\" ensures only that all files in the cache are complete. Setting the synchronization action to \"Full\" ensures that all cached files and folders are up-to-date with the most current version.\n\nIf you disable or do not configuring this setting, files are not synchronized when the computer is suspended.\n\nNote: If the computer is suspended by closing the display on a portable computer, files are not synchronized. If multiple users are logged on to the computer at the time the computer is suspended, a synchronization is not performed.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\NetCache" ], "Elements": [ { "Type": "Enum", "ValueName": "SyncAtSuspend", "Items": [ { "DisplayName": "Quick", "Data": "0" }, { "DisplayName": "Full", "Data": "1" } ], "Required": true } ] }, { "File": "OfflineFiles.admx", "CategoryName": "Cat_OfflineFiles", "PolicyName": "Pol_QuickAdimPin", "Class": "Machine", "NameSpace": "Microsoft.Policies.OfflineFiles", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn on economical application of administratively assigned Offline Files", "ExplainText": "This policy setting allows you to turn on economical application of administratively assigned Offline Files.\n\nIf you enable or do not configure this policy setting, only new files and folders in administratively assigned folders are synchronized at logon. Files and folders that are already available offline are skipped and are synchronized later.\n\nIf you disable this policy setting, all administratively assigned folders are synchronized at logon.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\NetCache" ], "ValueName": "EconomicalAdminPinning", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "OfflineFiles.admx", "CategoryName": "Cat_OfflineFiles", "PolicyName": "Pol_SlowLinkSettings", "Class": "Machine", "NameSpace": "Microsoft.Policies.OfflineFiles", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Configure slow-link mode", "ExplainText": "This policy setting controls the network latency and throughput thresholds that will cause a client computers to transition files and folders that are already available offline to the slow-link mode so that the user's access to this data is not degraded due to network slowness. When Offline Files is operating in the slow-link mode, all network file requests are satisfied from the Offline Files cache. This is similar to a user working offline.\n\nIf you enable this policy setting, Offline Files uses the slow-link mode if the network throughput between the client and the server is below (slower than) the Throughput threshold parameter, or if the round-trip network latency is above (slower than) the Latency threshold parameter.\n\nYou can configure the slow-link mode by specifying threshold values for Throughput (in bits per second) and/or Latency (in milliseconds) for specific UNC paths. We recommend that you always specify a value for Latency, since the round-trip network latency detection is faster. You can use wildcard characters (*) for specifying UNC paths. If you do not specify a Latency or Throughput value, computers running Windows Vista or Windows Server 2008 will not use the slow-link mode.\n\nIf you do not configure this policy setting, computers running Windows Vista or Windows Server 2008 will not transition a shared folder to the slow-link mode. Computers running Windows 7 or Windows Server 2008 R2 will use the default latency value of 80 milliseconds when transitioning a folder to the slow-link mode. Computers running Windows 8 or Windows Server 2012 will use the default latency value of 35 milliseconds when transitioning a folder to the slow-link mode. To avoid extra charges on cell phone or broadband plans, it may be necessary to configure the latency threshold to be lower than the round-trip network latency.\n\nIn Windows Vista or Windows Server 2008, once transitioned to slow-link mode, users will continue to operate in slow-link mode until the user clicks the Work Online button on the toolbar in Windows Explorer. Data will only be synchronized to the server if the user manually initiates synchronization by using Sync Center.\n\nIn Windows 7, Windows Server 2008 R2, Windows 8 or Windows Server 2012, when operating in slow-link mode Offline Files synchronizes the user's files in the background at regular intervals, or as configured by the \"Configure Background Sync\" policy. While in slow-link mode, Windows periodically checks the connection to the folder and brings the folder back online if network speeds improve.\n\nIn Windows 8 or Windows Server 2012, set the Latency threshold to 1ms to keep users always working offline in slow-link mode.\n\nIf you disable this policy setting, computers will not use the slow-link mode.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\NetCache" ], "ValueName": "SlowLinkEnabled", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\NetCache\\SlowLinkParams" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "OfflineFiles.admx", "CategoryName": "Cat_OfflineFiles", "PolicyName": "Pol_CacheSize", "Class": "Machine", "NameSpace": "Microsoft.Policies.OfflineFiles", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Limit disk space used by Offline Files", "ExplainText": "This policy setting limits the amount of disk space that can be used to store offline files. This includes the space used by automatically cached files and files that are specifically made available offline. Files can be automatically cached if the user accesses a file on an automatic caching network share.\n\nThis setting also disables the ability to adjust, through the Offline Files control panel applet, the disk space limits on the Offline Files cache. This prevents users from trying to change the option while a policy setting controls it.\n\nIf you enable this policy setting, you can specify the disk space limit (in megabytes) for offline files and also specify how much of that disk space can be used by automatically cached files.\n\nIf you disable this policy setting, the system limits the space that offline files occupy to 25 percent of the total space on the drive where the Offline Files cache is located. The limit for automatically cached files is 100 percent of the total disk space limit.\n\nIf you do not configure this policy setting, the system limits the space that offline files occupy to 25 percent of the total space on the drive where the Offline Files cache is located. The limit for automatically cached files is 100 percent of the total disk space limit. However, the users can change these values using the Offline Files control applet.\n\nIf you enable this setting and specify a total size limit greater than the size of the drive hosting the Offline Files cache, and that drive is the system drive, the total size limit is automatically adjusted downward to 75 percent of the size of the drive. If the cache is located on a drive other than the system drive, the limit is automatically adjusted downward to 100 percent of the size of the drive.\n\nIf you enable this setting and specify a total size limit less than the amount of space currently used by the Offline Files cache, the total size limit is automatically adjusted upward to the amount of space currently used by offline files. The cache is then considered full.\n\nIf you enable this setting and specify an auto-cached space limit greater than the total size limit, the auto-cached limit is automatically adjusted downward to equal the total size limit.\n\nThis setting replaces the Default Cache Size setting used by pre-Windows Vista systems.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\NetCache" ], "ClientExtension": "{C631DF4C-088F-4156-B058-4375F0853CD8}", "Elements": [ { "Type": "Decimal", "ValueName": "CacheQuotaLimit", "MinValue": "0", "MaxValue": "100000000" }, { "Type": "Decimal", "ValueName": "CacheQuotaLimitUnpinned", "MinValue": "0", "MaxValue": "100000000" } ] }, { "File": "OfflineFiles.admx", "CategoryName": "Cat_OfflineFiles", "PolicyName": "Pol_BackgroundSyncSettings", "Class": "Machine", "NameSpace": "Microsoft.Policies.OfflineFiles", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Configure Background Sync", "ExplainText": "This policy setting controls when background synchronization occurs while operating in slow-link mode, and applies to any user who logs onto the specified machine while this policy is in effect. To control slow-link mode, use the \"Configure slow-link mode\" policy setting.\n\nIf you enable this policy setting, you can control when Windows synchronizes in the background while operating in slow-link mode. Use the 'Sync Interval' and 'Sync Variance' values to override the default sync interval and variance settings. Use 'Blockout Start Time' and 'Blockout Duration' to set a period of time where background sync is disabled. Use the 'Maximum Allowed Time Without A Sync' value to ensure that all network folders on the machine are synchronized with the server on a regular basis.\n\nYou can also configure Background Sync for network shares that are in user selected Work Offline mode. This mode is in effect when a user selects the Work Offline button for a specific share. When selected, all configured settings will apply to shares in user selected Work Offline mode as well.\n\nIf you disable or do not configure this policy setting, Windows performs a background sync of offline folders in the slow-link mode at a default interval with the start of the sync varying between 0 and 60 additional minutes. In Windows 7 and Windows Server 2008 R2, the default sync interval is 360 minutes. In Windows 8 and Windows Server 2012, the default sync interval is 120 minutes.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\NetCache" ], "ValueName": "BackgroundSyncEnabled", "Elements": [ { "Type": "Decimal", "ValueName": "BackgroundSyncPeriodMin", "MinValue": "1", "MaxValue": "1440" }, { "Type": "Decimal", "ValueName": "BackgroundSyncMaxStartMin", "MinValue": "0", "MaxValue": "3600" }, { "Type": "Decimal", "ValueName": "BackgroundSyncIgnoreBlockOutAfterMin", "MinValue": "0", "MaxValue": "4294967295" }, { "Type": "Decimal", "ValueName": "BackgroundSyncBlockOutStartTime", "MinValue": "0", "MaxValue": "2400" }, { "Type": "Decimal", "ValueName": "BackgroundSyncBlockOutDurationMin", "MinValue": "0", "MaxValue": "1440" }, { "Type": "Boolean", "ValueName": "BackgroundSyncEnabledForForcedOffline", "TrueValue": "1", "FalseValue": "0" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "OfflineFiles.admx", "CategoryName": "Cat_OfflineFiles", "PolicyName": "Pol_OnlineCachingSettings", "Class": "Machine", "NameSpace": "Microsoft.Policies.OfflineFiles", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Enable Transparent Caching", "ExplainText": "This policy setting controls whether files read from file shares over a slow network are transparently cached in the Offline Files cache for future reads. When a user tries to access a file that has been transparently cached, Windows reads from the cached copy after verifying its integrity. This improves end-user response times and decreases bandwidth consumption over WAN links.\n\nThe cached files are temporary and are not available to the user when offline. The cached files are not kept in sync with the version on the server, and the most current version from the server is always available for subsequent reads.\n\nThis policy setting is triggered by the configured round trip network latency value. We recommend using this policy setting when the network connection to the server is slow. For example, you can configure a value of 60 ms as the round trip latency of the network above which files should be transparently cached in the Offline Files cache. If the round trip latency of the network is less than 60ms, reads to remote files will not be cached.\n\nIf you enable this policy setting, transparent caching is enabled and configurable.\n\nIf you disable or do not configure this policy setting, remote files will be not be transparently cached on client computers.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\NetCache" ], "Elements": [ { "Type": "Decimal", "ValueName": "OnlineCachingLatencyThreshold", "MinValue": "0", "MaxValue": "100000000" } ] }, { "File": "OfflineFiles.admx", "CategoryName": "Cat_OfflineFiles", "PolicyName": "Pol_ExclusionListSettings", "Class": "Machine", "NameSpace": "Microsoft.Policies.OfflineFiles", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Enable file screens", "ExplainText": "This policy setting enables administrators to block certain file types from being created in the folders that have been made available offline.\n\nIf you enable this policy setting, a user will be unable to create files with the specified file extensions in any of the folders that have been made available offline.\n\nIf you disable or do not configure this policy setting, a user can create a file of any type in the folders that have been made available offline.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\NetCache" ], "Elements": [ { "Type": "Text", "ValueName": "ExcludedFileTypes", "MaxLength": "4096" } ] }, { "File": "OfflineFiles.admx", "CategoryName": "Cat_OfflineFiles", "PolicyName": "Pol_WorkOfflineDisabled_1", "Class": "User", "NameSpace": "Microsoft.Policies.OfflineFiles", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Remove \"Work offline\" command", "ExplainText": "This policy setting removes the \"Work offline\" command from Explorer, preventing users from manually changing whether Offline Files is in online mode or offline mode.\n\nIf you enable this policy setting, the \"Work offline\" command is not displayed in File Explorer.\n\nIf you disable or do not configure this policy setting, the \"Work offline\" command is displayed in File Explorer.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\NetCache" ], "ValueName": "WorkOfflineDisabled", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "OfflineFiles.admx", "CategoryName": "Cat_OfflineFiles", "PolicyName": "Pol_WorkOfflineDisabled_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.OfflineFiles", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Remove \"Work offline\" command", "ExplainText": "This policy setting removes the \"Work offline\" command from Explorer, preventing users from manually changing whether Offline Files is in online mode or offline mode.\n\nIf you enable this policy setting, the \"Work offline\" command is not displayed in File Explorer.\n\nIf you disable or do not configure this policy setting, the \"Work offline\" command is displayed in File Explorer.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\NetCache" ], "ValueName": "WorkOfflineDisabled", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "OfflineFiles.admx", "CategoryName": "Cat_OfflineFiles", "PolicyName": "Pol_SyncOnCostedNetwork", "Class": "Machine", "NameSpace": "Microsoft.Policies.OfflineFiles", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Enable file synchronization on costed networks", "ExplainText": "This policy setting determines whether offline files are synchronized in the background when it could result in extra charges on cell phone or broadband plans.\n\nIf you enable this setting, synchronization can occur in the background when the user's network is roaming, near, or over the plan's data limit. This may result in extra charges on cell phone or broadband plans.\n\nIf this setting is disabled or not configured, synchronization will not run in the background on network folders when the user's network is roaming, near, or over the plan's data limit. The network folder must also be in \"slow-link\" mode, as specified by the \"Configure slow-link mode\" policy to avoid network usage.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\NetCache" ], "ValueName": "SyncEnabledForCostedNetwork", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "OOBE.admx", "CategoryName": "OOBECategory", "PolicyName": "DisablePrivacyExperience", "Class": "Both", "NameSpace": "Microsoft.Policies.OOBE ", "Supported": "Windows_10_0_RS5 - At least Windows Server 2016, Windows 10 Version 1809", "DisplayName": "Don't launch privacy settings experience on user logon", "ExplainText": "When logging into a new user account for the first time or after an upgrade in some scenarios, that user may be presented with a screen or series of screens that prompts the user to choose privacy settings for their account. Enable this policy to prevent this experience from launching.\n\nIf this policy is enabled, the privacy experience will not launch for newly-created user accounts or for accounts that would have been prompted to choose their privacy settings after an upgrade.\n\nIf this policy is disabled or not configured, then the privacy experience may launch for newly-created user accounts or for accounts that should be prompted to choose their privacy settings after an upgrade.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\OOBE", "HKCU\\Software\\Policies\\Microsoft\\Windows\\OOBE" ], "ValueName": "DisablePrivacyExperience", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "OOBE.admx", "CategoryName": "OOBECategory", "PolicyName": "AllowOOBEUpdates", "Class": "Machine", "NameSpace": "Microsoft.Policies.OOBE ", "Supported": "Windows_11_0_NOSERVER - At least Windows 11", "DisplayName": "Allow Updates in OOBE", "ExplainText": "This policy allows you to configure whether a new device gets critical updates during the out-of-box experience.\n\nIf you disable or do not configure this policy, new devices will not receive critical updates during the out-of-box experience.\n\nIf you enable the policy, new devices will receive the latest approved critical updates during the out-of-box experience.\n\nNotes:\nThis policy does not control the zero-day patch (ZDP) updates page in OOBE.\n\nIf you have paused quality updates through Windows quality update deferrals and pause policies, no quality updates will be delivered during the out-of-box experience.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\OOBE" ], "ValueName": "AllowOOBEUpdates", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "OSPolicy.admx", "CategoryName": "PolicyPolicies", "PolicyName": "EnableActivityFeed", "Class": "Machine", "NameSpace": "Microsoft.Policies.OSPolicy", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Enables Activity Feed", "ExplainText": "This policy setting determines whether ActivityFeed is enabled.\nIf you enable this policy setting, all activity types (as applicable) are allowed to be published and ActivityFeed shall roam these activities across device graph of the user.\nIf you disable this policy setting, activities can't be published and ActivityFeed shall disable cloud sync.\nPolicy change takes effect immediately.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "EnableActivityFeed", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "OSPolicy.admx", "CategoryName": "PolicyPolicies", "PolicyName": "PublishUserActivities", "Class": "Machine", "NameSpace": "Microsoft.Policies.OSPolicy", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Allow publishing of User Activities", "ExplainText": "This policy setting determines whether User Activities can be published.\nIf you enable this policy setting, activities of type User Activity are allowed to be published.\nIf you disable this policy setting, activities of type User Activity are not allowed to be published.\nPolicy change takes effect immediately.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "PublishUserActivities", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "OSPolicy.admx", "CategoryName": "PolicyPolicies", "PolicyName": "UploadUserActivities", "Class": "Machine", "NameSpace": "Microsoft.Policies.OSPolicy", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Allow upload of User Activities", "ExplainText": "This policy setting determines whether published User Activities can be uploaded.\nIf you enable this policy setting, activities of type User Activity are allowed to be uploaded.\nIf you disable this policy setting, activities of type User Activity are not allowed to be uploaded.\nDeletion of activities of type User Activity are independent of this setting.\nPolicy change takes effect immediately.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "UploadUserActivities", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "OSPolicy.admx", "CategoryName": "PolicyPolicies", "PolicyName": "AllowCrossDeviceClipboard", "Class": "Machine", "NameSpace": "Microsoft.Policies.OSPolicy", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Allow Clipboard synchronization across devices", "ExplainText": "This policy setting determines whether Clipboard contents can be synchronized across devices.\nIf you enable this policy setting, Clipboard contents are allowed to be synchronized across devices logged in under the same Microsoft account or Azure AD account.\nIf you disable this policy setting, Clipboard contents cannot be shared to other devices.\nPolicy change takes effect immediately.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "AllowCrossDeviceClipboard", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "OSPolicy.admx", "CategoryName": "PolicyPolicies", "PolicyName": "AllowClipboardHistory", "Class": "Machine", "NameSpace": "Microsoft.Policies.OSPolicy", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Allow Clipboard History", "ExplainText": "This policy setting determines whether history of Clipboard contents can be stored in memory.\nIf you enable this policy setting, history of Clipboard contents are allowed to be stored.\nIf you disable this policy setting, history of Clipboard contents are not allowed to be stored.\nPolicy change takes effect immediately.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "AllowClipboardHistory", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Passport.admx", "CategoryName": "MSPassportForWorkCategory", "PolicyName": "MSPassport_UsePassportForWork", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftPassportForWork", "Supported": "Windows_10_0_NOSERVER - At least Windows 10", "DisplayName": "Use Windows Hello for Business", "ExplainText": "Windows Hello for Business is an alternative method for signing into Windows using your Active Directory or Azure Active Directory account that can replace passwords, Smart Cards, and Virtual Smart Cards.\n\nIf you enable this policy, the device provisions Windows Hello for Business using keys or certificates for all users.\n\nIf you disable this policy setting, the device does not provision Windows Hello for Business for any user.\n\nIf you do not configure this policy setting, users can provision Windows Hello for Business as a convenience credential that encrypts their domain password.\n\nSelect \"Do not start Windows Hello provisioning after sign-in\" when you use a third-party solution to provision Windows Hello for Business.\n\nIf you select \"Do not start Windows Hello provisioning after sign-in\", Windows Hello for Business does not automatically start provisioning after the user has signed in.\n\nIf you do not select \"Do not start Windows Hello provisioning after sign-in\", Windows Hello for Business automatically starts provisioning after the user has signed in.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\PassportForWork", "HKCU\\SOFTWARE\\Policies\\Microsoft\\PassportForWork" ], "ValueName": "Enabled", "Elements": [ { "Type": "Boolean", "ValueName": "DisablePostLogonProvisioning", "TrueValue": "1", "FalseValue": "0", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\PassportForWork", "HKCU\\SOFTWARE\\Policies\\Microsoft\\PassportForWork" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Passport.admx", "CategoryName": "MSPassportForWorkCategory", "PolicyName": "MSPassport_RequireSecurityDevice", "Class": "Machine", "NameSpace": "Microsoft.Policies.MicrosoftPassportForWork", "Supported": "Windows_10_0_NOSERVER - At least Windows 10", "DisplayName": "Use a hardware security device", "ExplainText": "A Trusted Platform Module (TPM) provides additional security benefits over software because data protected by it cannot be used on other devices.\n\nIf you enable this policy setting, Windows Hello for Business provisioning only occurs on devices with usable 1.2 or 2.0 TPMs. You can optionally exclude security devices, which prevents Windows Hello for Business provisioning from using those devices.\n\nIf you disable or do not configure this policy setting, the TPM is still preferred, but all devices may provision Windows Hello for Business using software if the TPM is non-functional or unavailable.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\PassportForWork" ], "ValueName": "RequireSecurityDevice", "Elements": [ { "Type": "Boolean", "ValueName": "TPM12", "TrueValue": "1", "FalseValue": "0", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\PassportForWork\\ExcludeSecurityDevices" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Passport.admx", "CategoryName": "MSPassportForWorkCategory", "PolicyName": "MSPassport_UseBiometrics", "Class": "Machine", "NameSpace": "Microsoft.Policies.MicrosoftPassportForWork", "Supported": "Windows_10_0_NOSERVER - At least Windows 10", "DisplayName": "Use biometrics", "ExplainText": "Windows Hello for Business enables users to use biometric gestures, such as face and fingerprints, as an alternative to the PIN gesture. However users must still configure a PIN to use in case of failures.\n\nIf you enable or do not configure this policy setting, Windows Hello for Business allows the use biometric gestures.\n\nIf you disable this policy setting, Windows Hello for Business prevents the use of biometric gestures.\n\nNOTE: Disabling this policy prevents the user of biometric gestures on the device for all account types.", "KeyPath": [ "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WinBio\\Credential Provider" ], "ValueName": "Domain Accounts", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Passport.admx", "CategoryName": "MSPassportForWorkCategory", "PolicyName": "MSPassport_EnableEnhancedSignInSecurity", "Class": "Machine", "NameSpace": "Microsoft.Policies.MicrosoftPassportForWork", "Supported": "Windows_11_0_22H2_NOSERVER - At least Windows 11 Version 22H2", "DisplayName": "Enable ESS with Supported Peripherals", "ExplainText": "Enhanced Sign-in Security (ESS) isolates Windows Hello biometric (face and fingerprint) template data and matching operations to trusted hardware or specified memory regions, meaning the rest of the operating system cannot access or tamper with them. Because the channel of communication between the sensors and the algorithm is also secured, it is impossible for malware to inject or replay data in order to simulate a user signing in or to lock a user out of their machine.\nIf you enable this policy then it can have following possible values:\n\n0 - Enhanced Sign-in Security disabled with peripheral sensors\nESS will be disabled on systems with capable software and hardware. Authentication operations of peripheral Windows Hello capable devices will be allowed, subject to current feature limitations.\n\n1 - Enhanced Sign-in Security enabled without peripheral sensors (default and recommended)\nESS will be enabled on systems with capable software and hardware, following the existing default behavior in Windows. Authentication operations of any peripheral biometric device will be blocked and not available for Windows Hello.\n\nIf you disable or not configure this policy then non-ESS sensors will be blocked on the ESS device.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Policies\\PassportForWork\\Biometrics" ], "Elements": [ { "Type": "Decimal", "ValueName": "EnableESSwithSupportedPeripherals", "MinValue": "0", "MaxValue": "1" } ] }, { "File": "Passport.admx", "CategoryName": "MSPassportForWorkCategory", "PolicyName": "MSPassport_EnablePinRecovery", "Class": "Machine", "NameSpace": "Microsoft.Policies.MicrosoftPassportForWork", "Supported": "Windows_10_0_NOSERVER - At least Windows 10", "DisplayName": "Use PIN Recovery", "ExplainText": "PIN recovery enables a user to change a forgotten PIN using the Windows Hello for Business PIN recovery service, without losing any associated credentials or certificates, including any keys associated with the user's personal accounts on the device. To achieve this, the Azure-based PIN recovery service encrypts a recovery secret, which is stored on the device, and requires both the PIN recovery service and the device to decrypt. PIN recovery requires the user to perform multi-factor authentication to Azure Active Directory.\n\nIf you enable this policy setting, Windows Hello for Business uses the PIN recovery service.\n\nIf you disable or do not configure this policy setting, Windows does not create or store the PIN recovery secret. If the user forgets their PIN, they must delete their existing PIN and create a new one, and they will have to to re-register with any services to which the old PIN provided access.\n\nNOTE: This policy is only applicable to devices which are registered with Azure Active Directory.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\PassportForWork" ], "ValueName": "EnablePinRecovery", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Passport.admx", "CategoryName": "MSPassportForWorkPINComplexityCategory", "PolicyName": "MSPassport_MinimumPINLength", "Class": "Machine", "NameSpace": "Microsoft.Policies.MicrosoftPassportForWork", "Supported": "Windows_10_0_NOSERVER - At least Windows 10", "DisplayName": "Minimum PIN length", "ExplainText": "Minimum PIN length configures the minimum number of characters required for the PIN. The lowest number you can configure for this policy setting is 4. The largest number you can configure must be less than the number configured in the Maximum PIN length policy setting or the number 127, whichever is the lowest.\n\nIf you configure this policy setting, the PIN length must be greater than or equal to this number.\n\nIf you disable or do not configure this policy setting, the PIN length must be greater than or equal to 6.\n\nNOTE: If the above specified conditions for the minimum PIN length are not met, default values will be used for both the maximum and minimum PIN lengths.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\PassportForWork\\PINComplexity" ], "Elements": [ { "Type": "Decimal", "ValueName": "MinimumPINLength", "MinValue": "4", "MaxValue": "127" } ] }, { "File": "Passport.admx", "CategoryName": "MSPassportForWorkPINComplexityCategory", "PolicyName": "MSPassport_MaximumPINLength", "Class": "Machine", "NameSpace": "Microsoft.Policies.MicrosoftPassportForWork", "Supported": "Windows_10_0_NOSERVER - At least Windows 10", "DisplayName": "Maximum PIN length", "ExplainText": "Maximum PIN length configures the maximum number of characters allowed for the PIN. The largest number you can configure for this policy setting is 127. The lowest number you can configure must be larger than the number configured in the Minimum PIN length policy setting or the number 4, whichever is greater.\n\nIf you configure this policy setting, the PIN length must be less than or equal to this number.\n\nIf you disable or do not configure this policy setting, the PIN length must be less than or equal to 127.\n\nNOTE: If the above specified conditions for the maximum PIN length are not met, default values will be used for both the maximum and minimum PIN lengths.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\PassportForWork\\PINComplexity" ], "Elements": [ { "Type": "Decimal", "ValueName": "MaximumPINLength", "MinValue": "4", "MaxValue": "127" } ] }, { "File": "Passport.admx", "CategoryName": "MSPassportForWorkPINComplexityCategory", "PolicyName": "MSPassport_UppercaseLetters", "Class": "Machine", "NameSpace": "Microsoft.Policies.MicrosoftPassportForWork", "Supported": "Windows_10_0_NOSERVER - At least Windows 10", "DisplayName": "Require uppercase letters", "ExplainText": "Use this policy setting to configure the use of uppercase letters in the PIN.\n\nIf you enable this policy setting, Windows requires the user to include at least one uppercase letter in their PIN.\n\nIf you disable this policy setting, Windows does not allow the user to include uppercase letters in their PIN.\n\nIf you do not configure this policy setting, Windows allows, but does not require, uppercase letters in the PIN.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\PassportForWork\\PINComplexity" ], "ValueName": "UppercaseLetters", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "2" } ] }, { "File": "Passport.admx", "CategoryName": "MSPassportForWorkPINComplexityCategory", "PolicyName": "MSPassport_LowercaseLetters", "Class": "Machine", "NameSpace": "Microsoft.Policies.MicrosoftPassportForWork", "Supported": "Windows_10_0_NOSERVER - At least Windows 10", "DisplayName": "Require lowercase letters", "ExplainText": "Use this policy setting to configure the use of lowercase letters in the PIN.\n\nIf you enable this policy setting, Windows requires the user to include at least one lowercase letter in their PIN.\n\nIf you disable this policy setting, Windows does not allow the user to include lowercase letters in their PIN.\n\nIf you do not configure this policy setting, Windows allows, but does not require, lowercase letters in the PIN.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\PassportForWork\\PINComplexity" ], "ValueName": "LowercaseLetters", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "2" } ] }, { "File": "Passport.admx", "CategoryName": "MSPassportForWorkPINComplexityCategory", "PolicyName": "MSPassport_SpecialCharacters", "Class": "Machine", "NameSpace": "Microsoft.Policies.MicrosoftPassportForWork", "Supported": "Windows_10_0_NOSERVER - At least Windows 10", "DisplayName": "Require special characters", "ExplainText": "Use this policy setting to configure the use of special characters in the PIN. Allowable special characters are: ! \" # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \\ ] ^ _ ` { | } ~ .\n\nIf you enable this policy setting, Windows requires the user to include at least one special character in their PIN.\n\nIf you disable this policy setting, Windows does not allow the user to include special characters in their PIN.\n\nIf you do not configure this policy setting, Windows allows, but does not require, special characters in the PIN.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\PassportForWork\\PINComplexity" ], "ValueName": "SpecialCharacters", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "2" } ] }, { "File": "Passport.admx", "CategoryName": "MSPassportForWorkPINComplexityCategory", "PolicyName": "MSPassport_Digits", "Class": "Machine", "NameSpace": "Microsoft.Policies.MicrosoftPassportForWork", "Supported": "Windows_10_0_NOSERVER - At least Windows 10", "DisplayName": "Require digits", "ExplainText": "Use this policy setting to configure the use of digits in the PIN.\n\nIf you enable this policy setting, Windows requires the user to include at least one digit in their PIN.\n\nIf you disable this policy setting, Windows does not allow the user to include digits in their PINs.\n\nIf you do not configure this policy setting, Windows allows, but does not require, digits in the PIN.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\PassportForWork\\PINComplexity" ], "ValueName": "Digits", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "2" } ] }, { "File": "Passport.admx", "CategoryName": "MSPassportForWorkPINComplexityCategory", "PolicyName": "MSPassport_PINHistory", "Class": "Machine", "NameSpace": "Microsoft.Policies.MicrosoftPassportForWork", "Supported": "Windows_10_0_NOSERVER - At least Windows 10", "DisplayName": "History", "ExplainText": "This setting specifies the number of past PINs that can be associated to a user account that can\u2019t be reused. This policy enables administrators to enhance security by ensuring that old PINs are not reused continually. PIN history is not preserved through PIN reset.\n\nThe value must be between 0 to 50 PINs. If this policy is set to 0, then storage of previous PINs is not required.\n\nDefault: 0.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\PassportForWork\\PINComplexity" ], "Elements": [ { "Type": "Decimal", "ValueName": "History", "MinValue": "0", "MaxValue": "50" } ] }, { "File": "Passport.admx", "CategoryName": "MSPassportForWorkPINComplexityCategory", "PolicyName": "MSPassport_PINExpiration", "Class": "Machine", "NameSpace": "Microsoft.Policies.MicrosoftPassportForWork", "Supported": "Windows_10_0_NOSERVER - At least Windows 10", "DisplayName": "Expiration", "ExplainText": "This setting specifies the period of time (in days) that a PIN can be used before the system requires the user to change it. The PIN can be set to expire after any number of days between 1 and 730, or PINs can be set to never expire if the policy is set to 0.\n\nDefault: 0.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\PassportForWork\\PINComplexity" ], "Elements": [ { "Type": "Decimal", "ValueName": "Expiration", "MinValue": "0", "MaxValue": "730" } ] }, { "File": "Passport.admx", "CategoryName": "MSPassportForWorkCategory", "PolicyName": "WHFB_UseCertificateForOnPremAuth", "Class": "Both", "NameSpace": "Microsoft.Policies.MicrosoftPassportForWork", "Supported": "Windows_10_0_NOSERVER - At least Windows 10", "DisplayName": "Use certificate for on-premises authentication", "ExplainText": "Use this policy setting to configure Windows Hello for Business to enroll a sign-in certificate used for on-premises authentication.\n\nIf you enable this policy setting, Windows Hello for Business enrolls a sign-in certificate that is used for on-premises authentication.\n\nIf you disable or do not configure this policy setting, Windows Hello for Business will use a key or a Kerberos ticket (depending on other policy settings) for on-premises authentication.\n\nNOTE: Disabling or not configuring this policy setting and enabling the \"Use Windows Hello for Business\" policy setting requires the environment to have one or more Windows Server 2016 domain controllers to prevent Windows Hello for Business authentication from failing.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\PassportForWork", "HKCU\\SOFTWARE\\Policies\\Microsoft\\PassportForWork" ], "ValueName": "UseCertificateForOnPremAuth", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Passport.admx", "CategoryName": "MSPassportForWorkCategory", "PolicyName": "WHFB_UseCloudTrustForOnPremAuth", "Class": "Machine", "NameSpace": "Microsoft.Policies.MicrosoftPassportForWork", "Supported": "Windows_10_0_NOSERVER - At least Windows 10", "DisplayName": "Use cloud trust for on-premises authentication", "ExplainText": "Use this policy setting to configure Windows Hello for Business to use Azure AD Kerberos for on-premises authentication.\n\nIf you enable this policy setting, Windows Hello for Business will use a Kerberos ticket retrieved from authenticating to Azure for on-premises authentication.\n\nIf you disable or do not configure this policy setting, Windows Hello for Business will use a key or certificate (depending on other policy settings) for on-premises authentication.\n\nNOTE: An environment that enables both this policy setting, and the \"Use Windows Hello for Business\" policy setting requires one or more Windows Server 2016 domain controllers. Otherwise, Windows Hello for Business authentication will fail.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\PassportForWork" ], "ValueName": "UseCloudTrustForOnPremAuth", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Passport.admx", "CategoryName": "MSPassportForWorkCategory", "PolicyName": "MSPassport_UseDeviceUnlock", "Class": "Machine", "NameSpace": "Microsoft.Policies.MicrosoftPassportForWork", "Supported": "Windows_10_0_NOSERVER - At least Windows 10", "DisplayName": "Configure device unlock factors", "ExplainText": "Configure a comma separated list of credential provider GUIDs, such as face and fingerprint provider GUIDs, to be used as the first and second unlock factors. If the trusted signal provider is specified as one of the unlock factors, you should also configure a comma separated list of signal rules in the form of xml for each signal type to be verified.\n\nIf you enable this policy setting, the user will have to use one factor from each list to successfully unlock.\n\nIf you disable or do not configure this policy setting, users can continue to unlock with existing unlock options.\n\nFor more information see: https://go.microsoft.com/fwlink/?linkid=849684", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\PassportForWork\\DeviceUnlock" ], "Elements": [ { "Type": "Text", "ValueName": "GroupA" }, { "Type": "Text", "ValueName": "GroupB" }, { "Type": "Text", "ValueName": "Plugins" } ] }, { "File": "Passport.admx", "CategoryName": "MSPassportForWorkCategory", "PolicyName": "MSPassport_UseDynamicLock", "Class": "Machine", "NameSpace": "Microsoft.Policies.MicrosoftPassportForWork", "Supported": "Windows_10_0_NOSERVER - At least Windows 10", "DisplayName": "Configure dynamic lock factors", "ExplainText": "Configure a comma separated list of signal rules in the form of xml for each signal type.\n\nIf you enable this policy setting, these signal rules will be evaluated to detect user absence and automatically lock the device.\n\nIf you disable or do not configure this policy setting, users can continue to lock with existing locking options.\n\nFor more information see: https://go.microsoft.com/fwlink/?linkid=849684", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\PassportForWork\\DynamicLock" ], "ValueName": "DynamicLock", "Elements": [ { "Type": "Text", "ValueName": "Plugins" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Passport.admx", "CategoryName": "MSPassportForWorkCategory", "PolicyName": "MSPassport_DisableSmartCardNode", "Class": "Machine", "NameSpace": "Microsoft.Policies.MicrosoftPassportForWork", "Supported": "Windows_10_0_NOSERVER - At least Windows 10", "DisplayName": "Turn off smart card emulation", "ExplainText": "Windows Hello for Business automatically provides smart card emulation for compatibility with smart card enabled applications.\n\nIf you enable this policy setting, Windows Hello for Business provisions Windows Hello for Business credentials that are not compatible with smart card applications.\n\nIf you disable or do not configure this policy setting, Windows Hello for Business provisions Windows Hello for Business credentials compatible with smart card applications.\n\nNOTE: This policy affects Windows Hello for Business credentials at the time of creation. Credentials created before the application of this policy continue to provide smart card emulation. To change an existing credential, enable this policy setting and select \"I forgot my PIN\" from Settings.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\PassportForWork" ], "ValueName": "DisableSmartCardNode", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Passport.admx", "CategoryName": "MSPassportForWorkCategory", "PolicyName": "MSPassport_AllowAllUserAccessToSmartCardNode", "Class": "Machine", "NameSpace": "Microsoft.Policies.MicrosoftPassportForWork", "Supported": "Windows_10_0_NOSERVER - At least Windows 10", "DisplayName": "Allow enumeration of emulated smart card for all users", "ExplainText": "Windows prevents users on the same computer from enumerating provisioned Windows Hello for Business credentials for other users.\n\nIf you enable this policy setting, Windows allows all users of the computer to enumerate all Windows Hello for Business credentials, but still require each user to provide their own factors for authentication.\n\nIf you disable or do not configure this policy setting, Windows does not allow the enumeration of provisioned Windows Hello for Business credentials for other users on the same device.\n\nThis policy setting is designed for a single user who has enrolled privileged and non-privileged on a single device. The user owns both credentials, which enables them to sign-in using non-privileged credentials, but can performed elevated tasks without signing-out.\n\nThis policy setting is incompatible with Windows Hello for Business credentials provisioned when the \"Turn off smart card emulation\" is enabled.\n\nWindows requires a reboot after you apply this setting to a computer.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\PassportForWork" ], "ValueName": "AllowAllUserAccessToSmartCardNode", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Passport.admx", "CategoryName": "MSPassportForWorkCategory", "PolicyName": "MSPassport_UseHelloCertificatesAsSmartCardCertificates", "Class": "Machine", "NameSpace": "Microsoft.Policies.MicrosoftPassportForWork", "Supported": "Windows_10_0_NOSERVER - At least Windows 10", "DisplayName": "Use Windows Hello for Business certificates as smart card certificates", "ExplainText": "If you enable this policy setting, applications use Windows Hello for Business certificates as smart card certificates. Biometric factors are unavailable when a user is asked to authorize the use of the certificate's private key. This policy setting is designed to allow compatibility with applications that rely exclusively on smart card certificates.\n\nIf you disable or do not configure this policy setting, applications do not use Windows Hello for Business certificates as smart card certificates, and biometric factors are available when a user is asked to authorize the use of the certificate's private key.\n\nThis policy setting is incompatible with Windows Hello for Business credentials provisioned when the \"Turn off smart card emulation\" is enabled.\n\nWindows requires a user to lock and unlock their session after changing this setting if the user is currently signed in.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\PassportForWork" ], "ValueName": "UseHelloCertificatesAsSmartCardCertificates", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "pca.admx", "CategoryName": "PcaScenarioCategory", "PolicyName": "DisablePcaUIPolicy", "Class": "Machine", "NameSpace": "Microsoft.Policies.ApplicationDiagnostics", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Detect compatibility issues for applications and drivers", "ExplainText": "This policy setting configures the Program Compatibility Assistant (PCA) to diagnose failures with application and driver compatibility.\n\nIf you enable this policy setting, the PCA is configured to detect failures during application installation, failures during application runtime, and drivers blocked due to compatibility issues. When failures are detected, the PCA will provide options to run the application in a compatibility mode or get help online through a Microsoft website.\n\nIf you disable this policy setting, the PCA does not detect compatibility issues for applications and drivers.\n\nIf you do not configure this policy setting, the PCA is configured to detect failures during application installation, failures during application runtime, and drivers blocked due to compatibility issues.\n\nNote: This policy setting has no effect if the \"Turn off Program Compatibility Assistant\" policy setting is enabled. The Diagnostic Policy Service (DPS) and Program Compatibility Assistant Service must be running for the PCA to run. These services can be configured by using the Services snap-in to the Microsoft Management Console.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AppCompat" ], "ValueName": "DisablePcaUI", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "pca.admx", "CategoryName": "PcaScenarioCategory", "PolicyName": "DetectInstallFailuresPolicy", "Class": "Machine", "NameSpace": "Microsoft.Policies.ApplicationDiagnostics", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Detect application install failures", "ExplainText": "This setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\\Administrative Templates\\Windows Components\\Application Compatibility.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WDI\\{acfd1ca6-18b6-4ccf-9c07-580cdb6eded4}" ], "Elements": [ { "Type": "EnabledList", "ValueName": "ScenarioExecutionEnabled", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WDI\\{acfd1ca6-18b6-4ccf-9c07-580cdb6eded4}" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "EnabledScenarioExecutionLevel", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WDI\\{acfd1ca6-18b6-4ccf-9c07-580cdb6eded4}" ], "Data": "2" }, { "Type": "DisabledList", "ValueName": "ScenarioExecutionEnabled", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WDI\\{acfd1ca6-18b6-4ccf-9c07-580cdb6eded4}" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "EnabledScenarioExecutionLevel", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WDI\\{acfd1ca6-18b6-4ccf-9c07-580cdb6eded4}" ], "Data": "1" } ] }, { "File": "pca.admx", "CategoryName": "PcaScenarioCategory", "PolicyName": "DetectUpdateFailuresPolicy", "Class": "Machine", "NameSpace": "Microsoft.Policies.ApplicationDiagnostics", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Detect applications unable to launch installers under UAC", "ExplainText": "This setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\\Administrative Templates\\Windows Components\\Application Compatibility.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WDI\\{081D3213-48AA-4533-9284-D98F01BDC8E6}" ], "ValueName": "ScenarioExecutionEnabled", "Elements": [ { "Type": "Enum", "ValueName": "EnabledScenarioExecutionLevel", "Items": [ { "DisplayName": "Detection and Troubleshooting Only", "Data": "1" }, { "DisplayName": "Detection, Troubleshooting and Resolution", "Data": "2" } ], "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "pca.admx", "CategoryName": "PcaScenarioCategory", "PolicyName": "DetectDeprecatedComponentFailuresPolicy", "Class": "Machine", "NameSpace": "Microsoft.Policies.ApplicationDiagnostics", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Detect application failures caused by deprecated Windows DLLs", "ExplainText": "This setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\\Administrative Templates\\Windows Components\\Application Compatibility.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WDI\\{659F08FB-2FAB-42a7-BD4F-566CFA528769}" ], "ValueName": "ScenarioExecutionEnabled", "Elements": [ { "Type": "Enum", "ValueName": "EnabledScenarioExecutionLevel", "Items": [ { "DisplayName": "Detection and Troubleshooting Only", "Data": "1" }, { "DisplayName": "Detection, Troubleshooting and Resolution", "Data": "2" } ], "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "pca.admx", "CategoryName": "PcaScenarioCategory", "PolicyName": "DetectDeprecatedCOMComponentFailuresPolicy", "Class": "Machine", "NameSpace": "Microsoft.Policies.ApplicationDiagnostics", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Detect application failures caused by deprecated COM objects", "ExplainText": "This setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\\Administrative Templates\\Windows Components\\Application Compatibility.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WDI\\{88D69CE1-577A-4dd9-87AE-AD36D3CD9643}" ], "ValueName": "ScenarioExecutionEnabled", "Elements": [ { "Type": "Enum", "ValueName": "EnabledScenarioExecutionLevel", "Items": [ { "DisplayName": "Detection and Troubleshooting Only", "Data": "1" }, { "DisplayName": "Detection, Troubleshooting and Resolution", "Data": "2" } ], "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "pca.admx", "CategoryName": "PcaScenarioCategory", "PolicyName": "DetectUndetectedInstallersPolicy", "Class": "Machine", "NameSpace": "Microsoft.Policies.ApplicationDiagnostics", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Detect application installers that need to be run as administrator", "ExplainText": "This setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\\Administrative Templates\\Windows Components\\Application Compatibility.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WDI\\{D113E4AA-2D07-41b1-8D9B-C065194A791D}" ], "ValueName": "ScenarioExecutionEnabled", "Elements": [ { "Type": "Enum", "ValueName": "EnabledScenarioExecutionLevel", "Items": [ { "DisplayName": "Detection and Troubleshooting Only", "Data": "1" }, { "DisplayName": "Detection, Troubleshooting and Resolution", "Data": "2" } ], "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "pca.admx", "CategoryName": "PcaScenarioCategory", "PolicyName": "DetectBlockedDriversPolicy", "Class": "Machine", "NameSpace": "Microsoft.Policies.ApplicationDiagnostics", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Notify blocked drivers", "ExplainText": "This setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\\Administrative Templates\\Windows Components\\Application Compatibility.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WDI\\{affc81e2-612a-4f70-6fb2-916ff5c7e3f8}" ], "Elements": [ { "Type": "EnabledList", "ValueName": "ScenarioExecutionEnabled", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WDI\\{affc81e2-612a-4f70-6fb2-916ff5c7e3f8}" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "EnabledScenarioExecutionLevel", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WDI\\{affc81e2-612a-4f70-6fb2-916ff5c7e3f8}" ], "Data": "2" }, { "Type": "DisabledList", "ValueName": "ScenarioExecutionEnabled", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WDI\\{affc81e2-612a-4f70-6fb2-916ff5c7e3f8}" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "EnabledScenarioExecutionLevel", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WDI\\{affc81e2-612a-4f70-6fb2-916ff5c7e3f8}" ], "Data": "1" } ] }, { "File": "PeerToPeerCaching.admx", "CategoryName": "WBC_Cat", "PolicyName": "EnableWindowsBranchCache", "Class": "Machine", "NameSpace": "Microsoft.PoliciesContentWindowsBranchCache", "Supported": "Windows7OrBITS4 - At least Windows 7 or Windows Server 2008 R2*", "DisplayName": "Turn on BranchCache", "ExplainText": "This policy setting specifies whether BranchCache is enabled on client computers to which this policy is applied. In addition to this policy setting, you must specify whether the client computers are hosted cache mode or distributed cache mode clients. To do so, configure one of the following the policy settings:\n\n- Set BranchCache Distributed Cache mode\n\n- Set BranchCache Hosted Cache mode\n\n- Configure Hosted Cache Servers\n\nPolicy configuration\n\nSelect one of the following:\n\n- Not Configured. With this selection, BranchCache settings are not applied to client computers by this policy. In the circumstance where client computers are domain members but you do not want to enable BranchCache on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache on individual client computers. Because the domain Group Policy setting is not configured, it will not over-write the enabled setting that you use on individual client computers where you want to enable BranchCache.\n\n- Enabled. With this selection, BranchCache is turned on for all client computers where the policy is applied. For example, if this policy is enabled in domain Group Policy, BranchCache is turned on for all domain member client computers to which the policy is applied.\n\n- Disabled. With this selection, BranchCache is turned off for all client computers where the policy is applied.\n\n* This policy setting is supported on computers that are running Windows Vista Business, Enterprise, and Ultimate editions with Background Intelligent Transfer Service (BITS) 4.0 installed.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\PeerDist\\Service" ], "ClientExtension": "{C631DF4C-088F-4156-B058-4375F0853CD8}", "ValueName": "Enable", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "PeerToPeerCaching.admx", "CategoryName": "WBC_Cat", "PolicyName": "SetCachePercent", "Class": "Machine", "NameSpace": "Microsoft.PoliciesContentWindowsBranchCache", "Supported": "Windows7OrBITS4 - At least Windows 7 or Windows Server 2008 R2*", "DisplayName": "Set percentage of disk space used for client computer cache", "ExplainText": "This policy setting specifies the default percentage of total disk space that is allocated for the BranchCache disk cache on client computers.\n\nIf you enable this policy setting, you can configure the percentage of total disk space to allocate for the cache.\n\nIf you disable or do not configure this policy setting, the cache is set to 5 percent of the total disk space on the client computer.\n\nPolicy configuration\n\nSelect one of the following:\n\n- Not Configured. With this selection, BranchCache client computer cache settings are not applied to client computers by this policy. In the circumstance where client computers are domain members but you do not want to configure a BranchCache client computer cache setting on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache client computer cache settings on individual client computers. Because the domain Group Policy setting is not configured, it will not over-write the client computer cache setting that you use on individual client computers.\n\n- Enabled. With this selection, the BranchCache client computer cache setting is enabled for all client computers where the policy is applied. For example, if Set percentage of disk space used for client computer cache is enabled in domain Group Policy, the BranchCache client computer cache setting that you specify in the policy is turned on for all domain member client computers to which the policy is applied.\n\n- Disabled. With this selection, BranchCache client computers use the default client computer cache setting of five percent of the total disk space on the client computer.\n\nIn circumstances where this setting is enabled, you can also select and configure the following option:\n\n- Specify the percentage of total disk space allocated for the cache. Specifies an integer that is the percentage of total client computer disk space to use for the BranchCache client computer cache.\n\n* This policy setting is supported on computers that are running Windows Vista Business, Enterprise, and Ultimate editions with Background Intelligent Transfer Service (BITS) 4.0 installed.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\PeerDist\\CacheMgr\\Republication" ], "Elements": [ { "Type": "Decimal", "ValueName": "SizePercent", "MinValue": "1", "MaxValue": "100", "Required": true } ] }, { "File": "PeerToPeerCaching.admx", "CategoryName": "WBC_Cat", "PolicyName": "EnableWindowsBranchCache_Hosted", "Class": "Machine", "NameSpace": "Microsoft.PoliciesContentWindowsBranchCache", "Supported": "Windows7OrBITS4 - At least Windows 7 or Windows Server 2008 R2*", "DisplayName": "Set BranchCache Hosted Cache mode", "ExplainText": "This policy setting specifies whether BranchCache hosted cache mode is enabled on client computers to which this policy is applied. In addition to this policy, you must use the policy \"Turn on BranchCache\" to enable BranchCache on client computers.\n\nWhen a client computer is configured as a hosted cache mode client, it is able to download cached content from a hosted cache server that is located at the branch office. In addition, when the hosted cache client obtains content from a content server, the client can upload the content to the hosted cache server for access by other hosted cache clients at the branch office.\n\nPolicy configuration\n\nSelect one of the following:\n\n- Not Configured. With this selection, BranchCache settings are not applied to client computers by this policy. In the circumstance where client computers are domain members but you do not want to enable BranchCache on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache on individual client computers. Because the domain Group Policy setting is not configured, it will not over-write the enabled setting that you use on individual client computers where you want to enable BranchCache.\n\n- Enabled. With this selection, BranchCache hosted cache mode is enabled for all client computers where the policy is applied. For example, if this policy is enabled in domain Group Policy, BranchCache hosted cache mode is turned on for all domain member client computers to which the policy is applied.\n\n- Disabled. With this selection, BranchCache hosted cache mode is turned off for all client computers where the policy is applied.\n\nIn circumstances where this setting is enabled, you can also select and configure the following option:\n\n- Type the name of the hosted cache server. Specifies the computer name of the hosted cache server. Because the hosted cache server name is also specified in the certificate enrolled to the hosted cache server, the name that you enter here must match the name of the hosted cache server that is specified in the server certificate.\n\nHosted cache clients must trust the server certificate that is issued to the hosted cache server. Ensure that the issuing CA certificate is installed in the Trusted Root Certification Authorities certificate store on all hosted cache client computers.\n\n* This policy setting is supported on computers that are running Windows Vista Business, Enterprise, and Ultimate editions with Background Intelligent Transfer Service (BITS) 4.0 installed.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\PeerDist\\HostedCache\\Connection" ], "Elements": [ { "Type": "Text", "ValueName": "Location", "Required": true } ] }, { "File": "PeerToPeerCaching.admx", "CategoryName": "WBC_Cat", "PolicyName": "EnableWindowsBranchCache_Distributed", "Class": "Machine", "NameSpace": "Microsoft.PoliciesContentWindowsBranchCache", "Supported": "Windows7OrBITS4 - At least Windows 7 or Windows Server 2008 R2*", "DisplayName": "Set BranchCache Distributed Cache mode", "ExplainText": "This policy setting specifies whether BranchCache distributed cache mode is enabled on client computers to which this policy is applied. In addition to this policy, you must use the policy \"Turn on BranchCache\" to enable BranchCache on client computers.\n\nIn distributed cache mode, client computers download content from BranchCache-enabled main office content servers, cache the content locally, and serve the content to other BranchCache distributed cache mode clients in the branch office.\n\nPolicy configuration\n\nSelect one of the following:\n\n- Not Configured. With this selection, BranchCache settings are not applied to client computers by this policy. In the circumstance where client computers are domain members but you do not want to enable BranchCache on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache on individual client computers. Because the domain Group Policy setting is not configured, it will not over-write the enabled setting that you use on individual client computers where you want to enable BranchCache.\n\n- Enabled. With this selection, BranchCache distributed cache mode is enabled for all client computers where the policy is applied. For example, if this policy is enabled in domain Group Policy, BranchCache distributed cache mode is turned on for all domain member client computers to which the policy is applied.\n\n- Disabled. With this selection, BranchCache distributed cache mode is turned off for all client computers where the policy is applied.\n\n* This policy setting is supported on computers that are running Windows Vista Business, Enterprise, and Ultimate editions with Background Intelligent Transfer Service (BITS) 4.0 installed.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\PeerDist\\CooperativeCaching" ], "ValueName": "Enable", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "PeerToPeerCaching.admx", "CategoryName": "WBC_Cat", "PolicyName": "EnableWindowsBranchCache_SMB", "Class": "Machine", "NameSpace": "Microsoft.PoliciesContentWindowsBranchCache", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Configure BranchCache for network files", "ExplainText": "This policy setting is used only when you have deployed one or more BranchCache-enabled file servers at your main office. This policy setting specifies when client computers in branch offices start caching content from file servers based on the network latency - or delay - that occurs when the clients download content from the main office over a Wide Area Network (WAN) link. When you configure a value for this setting, which is the maximum round trip network latency allowed before caching begins, clients do not cache content until the network latency reaches the specified value; when network latency is greater than the value, clients begin caching content after they receive it from the file servers.\n\nPolicy configuration\n\nSelect one of the following:\n\n- Not Configured. With this selection, BranchCache latency settings are not applied to client computers by this policy. In the circumstance where client computers are domain members but you do not want to configure a BranchCache latency setting on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache latency settings on individual client computers. Because the domain Group Policy setting is not configured, it will not over-write the latency setting that you use on individual client computers.\n\n- Enabled. With this selection, the BranchCache maximum round trip latency setting is enabled for all client computers where the policy is applied. For example, if Configure BranchCache for network files is enabled in domain Group Policy, the BranchCache latency setting that you specify in the policy is turned on for all domain member client computers to which the policy is applied.\n\n- Disabled. With this selection, BranchCache client computers use the default latency setting of 80 milliseconds.\n\nIn circumstances where this policy setting is enabled, you can also select and configure the following option:\n\n- Type the maximum round trip network latency (milliseconds) after which caching begins. Specifies the amount of time, in milliseconds, after which BranchCache client computers begin to cache content locally.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\NetCache" ], "Elements": [ { "Type": "Decimal", "ValueName": "PeerCachingLatencyThreshold", "MinValue": "0", "MaxValue": "100000000" } ] }, { "File": "PeerToPeerCaching.admx", "CategoryName": "WBC_Cat", "PolicyName": "EnableWindowsBranchCache_HostedCacheDiscovery", "Class": "Machine", "NameSpace": "Microsoft.PoliciesContentWindowsBranchCache", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Enable Automatic Hosted Cache Discovery by Service Connection Point", "ExplainText": "This policy setting specifies whether client computers should attempt the automatic configuration of hosted cache mode by searching for hosted cache servers publishing service connection points that are associated with the client's current Active Directory site. If you enable this policy setting, client computers to which the policy setting is applied search for hosted cache servers using Active Directory, and will prefer both these servers and hosted cache mode rather than manual BranchCache configuration or BranchCache configuration by other group policies.\n\nIf you enable this policy setting in addition to the \"Turn on BranchCache\" policy setting, BranchCache clients attempt to discover hosted cache servers in the local branch office. If client computers detect hosted cache servers, hosted cache mode is turned on. If they do not detect hosted cache servers, hosted cache mode is not turned on, and the client uses any other configuration that is specified manually or by Group Policy.\n\nWhen this policy setting is applied, the client computer performs or does not perform automatic hosted cache server discovery under the following circumstances:\n\nIf no other BranchCache mode-based policy settings are applied, the client computer performs automatic hosted cache server discovery. If one or more hosted cache servers is found, the client computer self-configures for hosted cache mode.\n\nIf the policy setting \"Set BranchCache Distributed Cache Mode\" is applied in addition to this policy, the client computer performs automatic hosted cache server discovery. If one or more hosted cache servers are found, the client computer self-configures for hosted cache mode only.\n\nIf the policy setting \"Set BranchCache Hosted Cache Mode\" is applied, the client computer does not perform automatic hosted cache discovery. This is also true in cases where the policy setting \"Configure Hosted Cache Servers\" is applied.\n\nThis policy setting can only be applied to client computers that are running at least Windows 8. This policy has no effect on computers that are running Windows 7 or Windows Vista.\n\nIf you disable, or do not configure this setting, a client will not attempt to discover hosted cache servers by service connection point.\n\nPolicy configuration\n\nSelect one of the following:\n\n- Not Configured. With this selection, BranchCache settings are not applied to client computers by this policy setting, and client computers do not perform hosted cache server discovery.\n\n- Enabled. With this selection, the policy setting is applied to client computers, which perform automatic hosted cache server discovery and which are configured as hosted cache mode clients.\n\n- Disabled. With this selection, this policy is not applied to client computers.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\PeerDist\\HostedCache\\Discovery" ], "ValueName": "SCPDiscoveryEnabled", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "PeerToPeerCaching.admx", "CategoryName": "WBC_Cat", "PolicyName": "SetDowngrading", "Class": "Machine", "NameSpace": "Microsoft.PoliciesContentWindowsBranchCache", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Configure Client BranchCache Version Support", "ExplainText": "This policy setting specifies whether BranchCache-capable client computers operate in a downgraded mode in order to maintain compatibility with previous versions of BranchCache. If client computers do not use the same BranchCache version, cache efficiency might be reduced because client computers that are using different versions of BranchCache might store cache data in incompatible formats.\n\nIf you enable this policy setting, all clients use the version of BranchCache that you specify in \"Select from the following versions.\"\n\nIf you do not configure this setting, all clients will use the version of BranchCache that matches their operating system.\n\nPolicy configuration\n\nSelect one of the following:\n\n- Not Configured. With this selection, this policy setting is not applied to client computers, and the clients run the version of BranchCache that is included with their operating system.\n\n- Enabled. With this selection, this policy setting is applied to client computers based on the value of the option setting \"Select from the following versions\" that you specify.\n\n- Disabled. With this selection, this policy setting is not applied to client computers, and the clients run the version of BranchCache that is included with their operating system.\n\nIn circumstances where this setting is enabled, you can also select and configure the following option:\n\nSelect from the following versions\n\n- Windows Vista with BITS 4.0 installed, Windows 7, or Windows Server 2008 R2. If you select this version, later versions of Windows run the version of BranchCache that is included in these operating systems rather than later versions of BranchCache.\n\n- Windows 8. If you select this version, Windows 8 will run the version of BranchCache that is included in the operating system.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\PeerDist\\Service\\Versioning" ], "Elements": [ { "Type": "Enum", "ValueName": "PreferredContentInformationVersion", "Items": [ { "DisplayName": "Windows Vista with BITS 4.0 installed, Windows 7, or Windows Server 2008 R2", "Data": "1" }, { "DisplayName": "Windows 8", "Data": "2" } ] } ] }, { "File": "PeerToPeerCaching.admx", "CategoryName": "WBC_Cat", "PolicyName": "EnableWindowsBranchCache_HostedMultipleServers", "Class": "Machine", "NameSpace": "Microsoft.PoliciesContentWindowsBranchCache", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Configure Hosted Cache Servers", "ExplainText": "This policy setting specifies whether client computers are configured to use hosted cache mode and provides the computer name of the hosted cache servers that are available to the client computers. Hosted cache mode enables client computers in branch offices to retrieve content from one or more hosted cache servers that are installed in the same office location. You can use this setting to automatically configure client computers that are configured for hosted cache mode with the computer names of the hosted cache servers in the branch office.\n\nIf you enable this policy setting and specify valid computer names of hosted cache servers, hosted cache mode is enabled for all client computers to which the policy setting is applied. For this policy setting to take effect, you must also enable the \"Turn on BranchCache\" policy setting.\n\nThis policy setting can only be applied to client computers that are running at least Windows 8. This policy has no effect on computers that are running Windows 7 or Windows Vista. Client computers to which this policy setting is applied, in addition to the \"Set BranchCache Hosted Cache mode\" policy setting, use the hosted cache servers that are specified in this policy setting and do not use the hosted cache server that is configured in the policy setting \"Set BranchCache Hosted Cache Mode.\"\n\nIf you do not configure this policy setting, or if you disable this policy setting, client computers that are configured with hosted cache mode still function correctly.\n\nPolicy configuration\n\nSelect one of the following:\n\n- Not Configured. With this selection, BranchCache settings are not applied to client computers by this policy setting.\n\n- Enabled. With this selection, the policy setting is applied to client computers, which are configured as hosted cache mode clients that use the hosted cache servers that you specify in \"Hosted cache servers.\"\n\n- Disabled. With this selection, this policy is not applied to client computers.\n\nIn circumstances where this setting is enabled, you can also select and configure the following option:\n\n- Hosted cache servers. To add hosted cache server computer names to this policy setting, click Enabled, and then click Show. The Show Contents dialog box opens. Click Value, and then type the computer names of the hosted cache servers.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\PeerDist\\HostedCache" ], "ValueName": "MultipleServers", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\PeerDist\\HostedCache\\MultipleServers" ] } ] }, { "File": "PeerToPeerCaching.admx", "CategoryName": "WBC_Cat", "PolicyName": "SetDataCacheEntryMaxAge", "Class": "Machine", "NameSpace": "Microsoft.PoliciesContentWindowsBranchCache", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Set age for segments in the data cache", "ExplainText": "This policy setting specifies the default age in days for which segments are valid in the BranchCache data cache on client computers.\n\nIf you enable this policy setting, you can configure the age for segments in the data cache.\n\nIf you disable or do not configure this policy setting, the age is set to 28 days.\n\nPolicy configuration\n\nSelect one of the following:\n\n- Not Configured. With this selection, BranchCache client computer cache age settings are not applied to client computers by this policy. In the circumstance where client computers are domain members but you do not want to configure a BranchCache client computer cache age setting on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache client computer cache age settings on individual client computers. Because the domain Group Policy setting is not configured, it will not over-write the client computer cache age setting that you use on individual client computers.\n\n- Enabled. With this selection, the BranchCache client computer cache age setting is enabled for all client computers where the policy is applied. For example, if this policy setting is enabled in domain Group Policy, the BranchCache client computer cache age that you specify in the policy is turned on for all domain member client computers to which the policy is applied.\n\n- Disabled. With this selection, BranchCache client computers use the default client computer cache age setting of 28 days on the client computer.\n\nIn circumstances where this setting is enabled, you can also select and configure the following option:\n\n- Specify the age in days for which segments in the data cache are valid.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\PeerDist\\Retrieval" ], "Elements": [ { "Type": "Decimal", "ValueName": "SegmentTTL", "MinValue": "0", "MaxValue": null } ] }, { "File": "PenTraining.admx", "CategoryName": "PenTraining", "PolicyName": "PenTrainingOff_1", "Class": "User", "NameSpace": "Microsoft.Policies.PenTraining", "Supported": "WindowsVistaOnly - Windows Vista only", "DisplayName": "Turn off Tablet PC Pen Training", "ExplainText": "Turns off Tablet PC Pen Training.\n\nIf you enable this policy setting, users cannot open Tablet PC Pen Training.\n\nIf you disable or do not configure this policy setting, users can open Tablet PC Pen Training.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\PenTraining" ], "ValueName": "DisablePenTraining", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "PenTraining.admx", "CategoryName": "PenTraining", "PolicyName": "PenTrainingOff_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.PenTraining", "Supported": "WindowsVistaOnly - Windows Vista only", "DisplayName": "Turn off Tablet PC Pen Training", "ExplainText": "Turns off Tablet PC Pen Training.\n\nIf you enable this policy setting, users cannot open Tablet PC Pen Training.\n\nIf you disable or do not configure this policy setting, users can open Tablet PC Pen Training.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\PenTraining" ], "ValueName": "DisablePenTraining", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "PerformanceDiagnostics.admx", "CategoryName": "BootScenarioCategory", "PolicyName": "WdiScenarioExecutionPolicy_1", "Class": "Machine", "NameSpace": "Microsoft.Policies.PerformanceDiagnostics", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Configure Scenario Execution Level", "ExplainText": "Determines the execution level for Windows Boot Performance Diagnostics.\n\nIf you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Boot Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows Boot Performance problems and indicate to the user that assisted resolution is available.\n\nIf you disable this policy setting, Windows will not be able to detect, troubleshoot or resolve any Windows Boot Performance problems that are handled by the DPS.\n\nIf you do not configure this policy setting, the DPS will enable Windows Boot Performance for resolution by default.\n\nThis policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured.\n\nNo system restart or service restart is required for this policy to take effect: changes take effect immediately.\n\nThis policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios will not be executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WDI\\{67144949-5132-4859-8036-a737b43825d8}" ], "ValueName": "ScenarioExecutionEnabled", "Elements": [ { "Type": "Enum", "ValueName": "EnabledScenarioExecutionLevel", "Items": [ { "DisplayName": "Detection and Troubleshooting Only", "Data": "1" }, { "DisplayName": "Detection, Troubleshooting and Resolution", "Data": "2" } ], "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" }, { "Type": "EnabledList", "ValueName": "ScenarioExecutionEnabled", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WDI\\{86432a0b-3c7d-4ddf-a89c-172faa90485d}" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "ScenarioExecutionEnabled", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WDI\\{86432a0b-3c7d-4ddf-a89c-172faa90485d}" ], "Data": "0" } ] }, { "File": "PerformanceDiagnostics.admx", "CategoryName": "ResumeScenarioCategory", "PolicyName": "WdiScenarioExecutionPolicy_4", "Class": "Machine", "NameSpace": "Microsoft.Policies.PerformanceDiagnostics", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Configure Scenario Execution Level", "ExplainText": "Determines the execution level for Windows Standby/Resume Performance Diagnostics.\n\nIf you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Standby/Resume Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows Standby/Resume Performance problems and indicate to the user that assisted resolution is available.\n\nIf you disable this policy setting, Windows will not be able to detect, troubleshoot or resolve any Windows Standby/Resume Performance problems that are handled by the DPS.\n\nIf you do not configure this policy setting, the DPS will enable Windows Standby/Resume Performance for resolution by default.\n\nThis policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured.\n\nNo system restart or service restart is required for this policy to take effect: changes take effect immediately.\n\nThis policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios will not be executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WDI\\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}" ], "ValueName": "ScenarioExecutionEnabled", "Elements": [ { "Type": "Enum", "ValueName": "EnabledScenarioExecutionLevel", "Items": [ { "DisplayName": "Detection and Troubleshooting Only", "Data": "1" }, { "DisplayName": "Detection, Troubleshooting and Resolution", "Data": "2" } ], "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "PerformanceDiagnostics.admx", "CategoryName": "ShellScenarioCategory", "PolicyName": "WdiScenarioExecutionPolicy_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.PerformanceDiagnostics", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Configure Scenario Execution Level", "ExplainText": "Determines the execution level for Windows System Responsiveness Diagnostics.\n\nIf you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows System Responsiveness problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows System Responsiveness problems and indicate to the user that assisted resolution is available.\n\nIf you disable this policy setting, Windows will not be able to detect, troubleshoot or resolve any Windows System Responsiveness problems that are handled by the DPS.\n\nIf you do not configure this policy setting, the DPS will enable Windows System Responsiveness for resolution by default.\n\nThis policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured.\n\nNo system restart or service restart is required for this policy to take effect: changes take effect immediately.\n\nThis policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios will not be executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WDI\\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}" ], "ValueName": "ScenarioExecutionEnabled", "Elements": [ { "Type": "Enum", "ValueName": "EnabledScenarioExecutionLevel", "Items": [ { "DisplayName": "Detection and Troubleshooting Only", "Data": "1" }, { "DisplayName": "Detection, Troubleshooting and Resolution", "Data": "2" } ], "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" }, { "Type": "EnabledList", "ValueName": "ScenarioExecutionEnabled", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WDI\\{186f47ef-626c-4670-800a-4a30756babad}" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "ScenarioExecutionEnabled", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WDI\\{ecfb03d1-58ee-4cc7-a1b5-9bc6febcb915}" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "ScenarioExecutionEnabled", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WDI\\{186f47ef-626c-4670-800a-4a30756babad}" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "ScenarioExecutionEnabled", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WDI\\{ecfb03d1-58ee-4cc7-a1b5-9bc6febcb915}" ], "Data": "0" } ] }, { "File": "PerformanceDiagnostics.admx", "CategoryName": "ShutdownScenarioCategory", "PolicyName": "WdiScenarioExecutionPolicy_3", "Class": "Machine", "NameSpace": "Microsoft.Policies.PerformanceDiagnostics", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Configure Scenario Execution Level", "ExplainText": "Determines the execution level for Windows Shutdown Performance Diagnostics.\n\nIf you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Shutdown Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows Shutdown Performance problems and indicate to the user that assisted resolution is available.\n\nIf you disable this policy setting, Windows will not be able to detect, troubleshoot or resolve any Windows Shutdown Performance problems that are handled by the DPS.\n\nIf you do not configure this policy setting, the DPS will enable Windows Shutdown Performance for resolution by default.\n\nThis policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured.\n\nNo system restart or service restart is required for this policy to take effect: changes take effect immediately.\n\nThis policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios will not be executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WDI\\{2698178D-FDAD-40AE-9D3C-1371703ADC5B}" ], "ValueName": "ScenarioExecutionEnabled", "Elements": [ { "Type": "Enum", "ValueName": "EnabledScenarioExecutionLevel", "Items": [ { "DisplayName": "Detection and Troubleshooting Only", "Data": "1" }, { "DisplayName": "Detection, Troubleshooting and Resolution", "Data": "2" } ], "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Power.admx", "CategoryName": "PowerBatteryAlarmSettingsCat", "PolicyName": "DCBatteryDischargeAction0_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Critical battery notification action", "ExplainText": "This policy setting specifies the action that Windows takes when battery capacity reaches the critical battery notification level.\n\nIf you enable this policy setting, select one of the following actions:\n-Take no action\n-Sleep\n-Hibernate\n-Shut down\n\nIf you disable or do not configure this policy setting, users control this setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\PowerSettings\\637EA02F-BBCB-4015-8E2C-A1C7B9C0B546" ], "Elements": [ { "Type": "Enum", "ValueName": "DCSettingIndex", "Items": [ { "DisplayName": "Take no action", "Data": "0" }, { "DisplayName": "Sleep", "Data": "1" }, { "DisplayName": "Hibernate", "Data": "2" }, { "DisplayName": "Shut down", "Data": "3" } ], "Required": true } ] }, { "File": "Power.admx", "CategoryName": "PowerBatteryAlarmSettingsCat", "PolicyName": "DCBatteryDischargeAction1_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Low battery notification action", "ExplainText": "This policy setting specifies the action that Windows takes when battery capacity reaches the low battery notification level.\n\nIf you enable this policy setting, select one of the following actions:\n-Take no action\n-Sleep\n-Hibernate\n-Shut down\n\nIf you disable or do not configure this policy setting, users control this setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\PowerSettings\\d8742dcb-3e6a-4b3c-b3fe-374623cdcf06" ], "Elements": [ { "Type": "Enum", "ValueName": "DCSettingIndex", "Items": [ { "DisplayName": "Take no action", "Data": "0" }, { "DisplayName": "Sleep", "Data": "1" }, { "DisplayName": "Hibernate", "Data": "2" }, { "DisplayName": "Shut down", "Data": "3" } ], "Required": true } ] }, { "File": "Power.admx", "CategoryName": "PowerBatteryAlarmSettingsCat", "PolicyName": "DCBatteryDischargeLevel0_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Critical battery notification level", "ExplainText": "This policy setting specifies the percentage of battery capacity remaining that triggers the critical battery notification action.\n\nIf you enable this policy setting, you must enter a numeric value (percentage) to set the battery level that triggers the critical notification.\n\nTo set the action that is triggered, see the \"Critical Battery Notification Action\" policy setting.\n\nIf you disable this policy setting or do not configure it, users control this setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\PowerSettings\\9A66D8D7-4FF7-4EF9-B5A2-5A326CA2A469" ], "Elements": [ { "Type": "Decimal", "ValueName": "DCSettingIndex", "MinValue": "0", "MaxValue": "100", "Required": true } ] }, { "File": "Power.admx", "CategoryName": "PowerBatteryAlarmSettingsCat", "PolicyName": "DCBatteryDischargeLevel1_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Low battery notification level", "ExplainText": "This policy setting specifies the percentage of battery capacity remaining that triggers the low battery notification action.\n\nIf you enable this policy setting, you must enter a numeric value (percentage) to set the battery level that triggers the low notification.\n\nTo set the action that is triggered, see the \"Low Battery Notification Action\" policy setting.\n\nIf you disable this policy setting or do not configure it, users control this setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\PowerSettings\\8183ba9a-e910-48da-8769-14ae6dc1170a" ], "Elements": [ { "Type": "Decimal", "ValueName": "DCSettingIndex", "MinValue": "0", "MaxValue": "100", "Required": true } ] }, { "File": "Power.admx", "CategoryName": "PowerBatteryAlarmSettingsCat", "PolicyName": "DCBatteryDischargeLevel1UINotification_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn off low battery user notification", "ExplainText": "This policy setting turns off the user notification when the battery capacity remaining equals the low battery notification level.\n\nIf you enable this policy setting, Windows shows a notification when the battery capacity remaining equals the low battery notification level. To configure the low battery notification level, see the \"Low Battery Notification Level\" policy setting.\n\nThe notification will only be shown if the \"Low Battery Notification Action\" policy setting is configured to \"No Action\".\n\nIf you disable or do not configure this policy setting, users can control this setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\PowerSettings\\bcded951-187b-4d05-bccc-f7e51960c258" ], "ValueName": "DCSettingIndex", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "Power.admx", "CategoryName": "PowerButtonActionSettingsCat", "PolicyName": "ACPowerButtonAction_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Select the Power button action (plugged in)", "ExplainText": "This policy setting specifies the action that Windows takes when a user presses the power button.\n\nPossible actions include:\n-Take no action\n-Sleep\n-Hibernate\n-Shut down\n\nIf you enable this policy setting, you must select the desired action.\n\nIf you disable this policy setting or do not configure it, users can see and change this setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\PowerSettings\\7648EFA3-DD9C-4E3E-B566-50F929386280" ], "Elements": [ { "Type": "Enum", "ValueName": "ACSettingIndex", "Items": [ { "DisplayName": "Take no action", "Data": "0" }, { "DisplayName": "Sleep", "Data": "1" }, { "DisplayName": "Hibernate", "Data": "2" }, { "DisplayName": "Shut down", "Data": "3" } ], "Required": true } ] }, { "File": "Power.admx", "CategoryName": "PowerButtonActionSettingsCat", "PolicyName": "ACSleepButtonAction_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Select the Sleep button action (plugged in)", "ExplainText": "This policy setting specifies the action that Windows takes when a user presses the sleep button.\n\nPossible actions include:\n-Take no action\n-Sleep\n-Hibernate\n-Shut down\n\nIf you enable this policy setting, you must select the desired action.\n\nIf you disable this policy setting or do not configure it, users can see and change this setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\PowerSettings\\96996BC0-AD50-47EC-923B-6F41874DD9EB" ], "Elements": [ { "Type": "Enum", "ValueName": "ACSettingIndex", "Items": [ { "DisplayName": "Take no action", "Data": "0" }, { "DisplayName": "Sleep", "Data": "1" }, { "DisplayName": "Hibernate", "Data": "2" }, { "DisplayName": "Shut down", "Data": "3" } ], "Required": true } ] }, { "File": "Power.admx", "CategoryName": "PowerButtonActionSettingsCat", "PolicyName": "ACSystemLidAction_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Select the lid switch action (plugged in)", "ExplainText": "This policy setting specifies the action that Windows takes when a user closes the lid on a mobile PC.\n\nPossible actions include:\n-Take no action\n-Sleep\n-Hibernate\n-Shut down\n\nIf you enable this policy setting, you must select the desired action.\n\nIf you disable this policy setting or do not configure it, users can see and change this setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\PowerSettings\\5CA83367-6E45-459F-A27B-476B1D01C936" ], "Elements": [ { "Type": "Enum", "ValueName": "ACSettingIndex", "Items": [ { "DisplayName": "Take no action", "Data": "0" }, { "DisplayName": "Sleep", "Data": "1" }, { "DisplayName": "Hibernate", "Data": "2" }, { "DisplayName": "Shut down", "Data": "3" } ], "Required": true } ] }, { "File": "Power.admx", "CategoryName": "PowerButtonActionSettingsCat", "PolicyName": "ACStartMenuButtonAction_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "WindowsVistaOnly - Windows Vista only", "DisplayName": "Select the Start menu Power button action (plugged in)", "ExplainText": "This policy setting specifies the action that Windows takes when a user presses the Start menu Power button.\n\nIf you enable this policy setting, select one of the following actions:\n-Sleep\n-Hibernate\n-Shut down\n\nIf you disable this policy or do not configure this policy setting, users control this setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\PowerSettings\\A7066653-8D6C-40A8-910E-A1F54B84C7E5" ], "Elements": [ { "Type": "Enum", "ValueName": "ACSettingIndex", "Items": [ { "DisplayName": "Sleep", "Data": "0" }, { "DisplayName": "Hibernate", "Data": "1" }, { "DisplayName": "Shut down", "Data": "2" } ], "Required": true } ] }, { "File": "Power.admx", "CategoryName": "PowerButtonActionSettingsCat", "PolicyName": "DCPowerButtonAction_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Select the Power button action (on battery)", "ExplainText": "This policy setting specifies the action that Windows takes when a user presses the power button.\n\nPossible actions include:\n-Take no action\n-Sleep\n-Hibernate\n-Shut down\n\nIf you enable this policy setting, you must select the desired action.\n\nIf you disable this policy setting or do not configure it, users can see and change this setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\PowerSettings\\7648EFA3-DD9C-4E3E-B566-50F929386280" ], "Elements": [ { "Type": "Enum", "ValueName": "DCSettingIndex", "Items": [ { "DisplayName": "Take no action", "Data": "0" }, { "DisplayName": "Sleep", "Data": "1" }, { "DisplayName": "Hibernate", "Data": "2" }, { "DisplayName": "Shut down", "Data": "3" } ], "Required": true } ] }, { "File": "Power.admx", "CategoryName": "PowerButtonActionSettingsCat", "PolicyName": "DCSleepButtonAction_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Select the Sleep button action (on battery)", "ExplainText": "This policy setting specifies the action that Windows takes when a user presses the sleep button.\n\nPossible actions include:\n-Take no action\n-Sleep\n-Hibernate\n-Shut down\n\nIf you enable this policy setting, you must select the desired action.\n\nIf you disable this policy setting or do not configure it, users can see and change this setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\PowerSettings\\96996BC0-AD50-47EC-923B-6F41874DD9EB" ], "Elements": [ { "Type": "Enum", "ValueName": "DCSettingIndex", "Items": [ { "DisplayName": "Take no action", "Data": "0" }, { "DisplayName": "Sleep", "Data": "1" }, { "DisplayName": "Hibernate", "Data": "2" }, { "DisplayName": "Shut down", "Data": "3" } ], "Required": true } ] }, { "File": "Power.admx", "CategoryName": "PowerButtonActionSettingsCat", "PolicyName": "DCSystemLidAction_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Select the lid switch action (on battery)", "ExplainText": "This policy setting specifies the action that Windows takes when a user closes the lid on a mobile PC.\n\nPossible actions include:\n-Take no action\n-Sleep\n-Hibernate\n-Shut down\n\nIf you enable this policy setting, you must select the desired action.\n\nIf you disable this policy setting or do not configure it, users can see and change this setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\PowerSettings\\5CA83367-6E45-459F-A27B-476B1D01C936" ], "Elements": [ { "Type": "Enum", "ValueName": "DCSettingIndex", "Items": [ { "DisplayName": "Take no action", "Data": "0" }, { "DisplayName": "Sleep", "Data": "1" }, { "DisplayName": "Hibernate", "Data": "2" }, { "DisplayName": "Shut down", "Data": "3" } ], "Required": true } ] }, { "File": "Power.admx", "CategoryName": "PowerButtonActionSettingsCat", "PolicyName": "DCStartMenuButtonAction_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "WindowsVistaOnly - Windows Vista only", "DisplayName": "Select the Start menu Power button action (on battery)", "ExplainText": "This policy setting specifies the action that Windows takes when a user presses the Start menu Power button.\n\nIf you enable this policy setting, select one of the following actions:\n-Sleep\n-Hibernate\n-Shut down\n\nIf you disable this policy or do not configure this policy setting, users control this setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\PowerSettings\\A7066653-8D6C-40A8-910E-A1F54B84C7E5" ], "Elements": [ { "Type": "Enum", "ValueName": "DCSettingIndex", "Items": [ { "DisplayName": "Sleep", "Data": "0" }, { "DisplayName": "Hibernate", "Data": "1" }, { "DisplayName": "Shut down", "Data": "2" } ], "Required": true } ] }, { "File": "Power.admx", "CategoryName": "PowerHardDiskSettingsCat", "PolicyName": "DiskACPowerDownTimeOut_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn Off the hard disk (plugged in)", "ExplainText": "This policy setting specifies the period of inactivity before Windows turns off the hard disk.\n\nIf you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the hard disk.\n\nIf you disable or do not configure this policy setting, users can see and change this setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\PowerSettings\\6738E2C4-E8A5-4A42-B16A-E040E769756E" ], "Elements": [ { "Type": "Decimal", "ValueName": "ACSettingIndex", "MinValue": "0", "MaxValue": "4294967295", "Required": true } ] }, { "File": "Power.admx", "CategoryName": "PowerHardDiskSettingsCat", "PolicyName": "DiskDCPowerDownTimeOut_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn Off the hard disk (on battery)", "ExplainText": "This policy setting specifies the period of inactivity before Windows turns off the hard disk.\n\nIf you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the hard disk.\n\nIf you disable or do not configure this policy setting, users can see and change this setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\PowerSettings\\6738E2C4-E8A5-4A42-B16A-E040E769756E" ], "Elements": [ { "Type": "Decimal", "ValueName": "DCSettingIndex", "MinValue": "0", "MaxValue": "4294967295", "Required": true } ] }, { "File": "Power.admx", "CategoryName": "PowerManagementCat", "PolicyName": "CustomActiveSchemeOverride_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Specify a custom active power plan", "ExplainText": "This policy setting specifies the active power plan from a specified power plan\u2019s GUID. The GUID for a custom power plan GUID can be retrieved by using powercfg, the power configuration command line tool.\n\nIf you enable this policy setting, you must specify a power plan, specified as a GUID using the following format: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX (For example, 103eea6e-9fcd-4544-a713-c282d8e50083), indicating the power plan to be active.\n\nIf you disable or do not configure this policy setting, users can see and change this setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\PowerSettings" ], "Elements": [ { "Type": "Text", "ValueName": "ActivePowerScheme", "Required": true, "MaxLength": "36" } ] }, { "File": "Power.admx", "CategoryName": "PowerManagementCat", "PolicyName": "InboxActiveSchemeOverride_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Select an active power plan", "ExplainText": "This policy setting specifies the active power plan from a list of default Windows power plans. To specify a custom power plan, use the Custom Active Power Plan setting.\n\nIf you enable this policy setting, specify a power plan from the Active Power Plan list.\n\nIf you disable or do not configure this policy setting, users control this setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\PowerSettings" ], "Elements": [ { "Type": "Enum", "ValueName": "ActivePowerScheme", "Items": [ { "DisplayName": "Automatic (recommended)", "Data": "381b4222-f694-41f0-9685-ff5bb260df2e" }, { "DisplayName": "Power Saver", "Data": "a1841308-3541-4fab-bc81-f71556f20b4a" }, { "DisplayName": "High Performance", "Data": "8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c" } ], "Required": true } ] }, { "File": "Power.admx", "CategoryName": "PowerManagementCat", "PolicyName": "PW_PromptPasswordOnResume", "Class": "User", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Prompt for password on resume from hibernate/suspend", "ExplainText": "This policy setting allows you to configure client computers to lock and prompt for a password when resuming from a hibernate or suspend state.\n\nIf you enable this policy setting, the client computer is locked and prompted for a password when it is resumed from a suspend or hibernate state.\n\nIf you disable or do not configure this policy setting, users control if their computer is automatically locked or not after performing a resume operation.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\System\\Power" ], "ValueName": "PromptPasswordOnResume", "Elements": [] }, { "File": "Power.admx", "CategoryName": "PowerSleepSettingsCat", "PolicyName": "ACCriticalSleepTransitionsDisable_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn on the ability for applications to prevent sleep transitions (plugged in)", "ExplainText": "This policy setting allows you to turn on the ability for applications and services to prevent the system from sleeping.\n\nIf you enable this policy setting, an application or service may prevent the system from sleeping (Hybrid Sleep, Stand By, or Hibernate).\n\nIf you disable or do not configure this policy setting, users control this setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\PowerSettings\\B7A27025-E569-46c2-A504-2B96CAD225A1" ], "ValueName": "ACSettingIndex", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Power.admx", "CategoryName": "PowerSleepSettingsCat", "PolicyName": "ACHibernateTimeOut_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Specify the system hibernate timeout (plugged in)", "ExplainText": "This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate.\n\nIf you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to hibernate.\n\nIf you disable or do not configure this policy setting, users control this setting.\n\nIf the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The \"Prevent enabling lock screen slide show\" policy setting can be used to disable the slide show feature.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\PowerSettings\\9D7815A6-7EE4-497E-8888-515A05F02364" ], "Elements": [ { "Type": "Decimal", "ValueName": "ACSettingIndex", "MinValue": "0", "MaxValue": "4294967295", "Required": true } ] }, { "File": "Power.admx", "CategoryName": "PowerSleepSettingsCat", "PolicyName": "ACPromptForPasswordOnResume_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Require a password when a computer wakes (plugged in)", "ExplainText": "This policy setting specifies whether or not the user is prompted for a password when the system resumes from sleep.\n\nIf you enable or do not configure this policy setting, the user is prompted for a password when the system resumes from sleep.\n\nIf you disable this policy setting, the user is not prompted for a password when the system resumes from sleep.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\PowerSettings\\0e796bdb-100d-47d6-a2d5-f7d2daa51f51" ], "ValueName": "ACSettingIndex", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Power.admx", "CategoryName": "PowerSleepSettingsCat", "PolicyName": "ACStandbyTimeOut_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Specify the system sleep timeout (plugged in)", "ExplainText": "This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep.\n\nIf you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to sleep.\n\nIf you disable or do not configure this policy setting, users control this setting.\n\nIf the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The \"Prevent enabling lock screen slide show\" policy setting can be used to disable the slide show feature.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\PowerSettings\\29F6C1DB-86DA-48C5-9FDB-F2B67B1F44DA" ], "Elements": [ { "Type": "Decimal", "ValueName": "ACSettingIndex", "MinValue": "0", "MaxValue": "4294967295", "Required": true } ] }, { "File": "Power.admx", "CategoryName": "PowerSleepSettingsCat", "PolicyName": "ACStandbyWithHiberfileEnable_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn off hybrid sleep (plugged in)", "ExplainText": "This policy setting allows you to turn off hybrid sleep.\n\nIf you enable this policy setting, a hiberfile is not generated when the system transitions to sleep (Stand By).\n\nIf you disable or do not configure this policy setting, users control this setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\PowerSettings\\94ac6d29-73ce-41a6-809f-6363ba21b47e" ], "ValueName": "ACSettingIndex", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "Power.admx", "CategoryName": "PowerSleepSettingsCat", "PolicyName": "DCCriticalSleepTransitionsDisable_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn on the ability for applications to prevent sleep transitions (on battery)", "ExplainText": "This policy setting allows you to turn on the ability for applications and services to prevent the system from sleeping.\n\nIf you enable this policy setting, an application or service may prevent the system from sleeping (Hybrid Sleep, Stand By, or Hibernate).\n\nIf you disable or do not configure this policy setting, users control this setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\PowerSettings\\B7A27025-E569-46c2-A504-2B96CAD225A1" ], "ValueName": "DCSettingIndex", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Power.admx", "CategoryName": "PowerSleepSettingsCat", "PolicyName": "DCHibernateTimeOut_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Specify the system hibernate timeout (on battery)", "ExplainText": "This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate.\n\nIf you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to hibernate.\n\nIf you disable or do not configure this policy setting, users control this setting.\n\nIf the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The \"Prevent enabling lock screen slide show\" policy setting can be used to disable the slide show feature.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\PowerSettings\\9D7815A6-7EE4-497E-8888-515A05F02364" ], "Elements": [ { "Type": "Decimal", "ValueName": "DCSettingIndex", "MinValue": "0", "MaxValue": "4294967295", "Required": true } ] }, { "File": "Power.admx", "CategoryName": "PowerSleepSettingsCat", "PolicyName": "DCPromptForPasswordOnResume_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Require a password when a computer wakes (on battery)", "ExplainText": "This policy setting specifies whether or not the user is prompted for a password when the system resumes from sleep.\n\nIf you enable or do not configure this policy setting, the user is prompted for a password when the system resumes from sleep.\n\nIf you disable this policy setting, the user is not prompted for a password when the system resumes from sleep.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\PowerSettings\\0e796bdb-100d-47d6-a2d5-f7d2daa51f51" ], "ValueName": "DCSettingIndex", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Power.admx", "CategoryName": "PowerSleepSettingsCat", "PolicyName": "DCStandbyTimeOut_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Specify the system sleep timeout (on battery)", "ExplainText": "This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep.\n\nIf you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to sleep.\n\nIf you disable or do not configure this policy setting, users control this setting.\n\nIf the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The \"Prevent enabling lock screen slide show\" policy setting can be used to disable the slide show feature.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\PowerSettings\\29F6C1DB-86DA-48C5-9FDB-F2B67B1F44DA" ], "Elements": [ { "Type": "Decimal", "ValueName": "DCSettingIndex", "MinValue": "0", "MaxValue": "4294967295", "Required": true } ] }, { "File": "Power.admx", "CategoryName": "PowerSleepSettingsCat", "PolicyName": "DCStandbyWithHiberfileEnable_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn off hybrid sleep (on battery)", "ExplainText": "This policy setting allows you to turn off hybrid sleep.\n\nIf you enable this policy setting, a hiberfile is not generated when the system transitions to sleep (Stand By).\n\nIf you disable or do not configure this policy setting, users control this setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\PowerSettings\\94ac6d29-73ce-41a6-809f-6363ba21b47e" ], "ValueName": "DCSettingIndex", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "Power.admx", "CategoryName": "PowerVideoSettingsCat", "PolicyName": "VideoAdaptivePowerDownTimeOutAC_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn off adaptive display timeout (plugged in)", "ExplainText": "This policy setting allows you to manage how long a computer must be inactive before Windows turns off the computer\u2019s display.\n\nIf you enable this policy setting, Windows automatically adjusts the setting based on what users do with their keyboard or mouse to keep the display on.\n\nIf you disable this policy setting, Windows uses the same setting regardless of users\u2019 keyboard or mouse behavior.\n\nIf you do not configure this policy setting, users control this setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\PowerSettings\\90959D22-D6A1-49B9-AF93-BCE885AD335B" ], "ValueName": "ACSettingIndex", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Power.admx", "CategoryName": "PowerVideoSettingsCat", "PolicyName": "VideoAdaptivePowerDownTimeOutDC_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn off adaptive display timeout (on battery)", "ExplainText": "This policy setting allows you to manage how long a computer must be inactive before Windows turns off the computer\u2019s display.\n\nIf you enable this policy setting, Windows automatically adjusts the setting based on what users do with their keyboard or mouse to keep the display on.\n\nIf you disable this policy setting, Windows uses the same setting regardless of users\u2019 keyboard or mouse behavior.\n\nIf you do not configure this policy setting, users control this setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\PowerSettings\\90959D22-D6A1-49B9-AF93-BCE885AD335B" ], "ValueName": "DCSettingIndex", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Power.admx", "CategoryName": "PowerVideoSettingsCat", "PolicyName": "VideoPowerDownTimeOutAC_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn off the display (plugged in)", "ExplainText": "This policy setting allows you to specify the period of inactivity before Windows turns off the display.\n\nIf you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the display.\n\nIf you disable or do not configure this policy setting, users control this setting.\n\nIf the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the display from turning off. The \"Prevent enabling lock screen slide show\" policy setting can be used to disable the slide show feature.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\PowerSettings\\3C0BC021-C8A8-4E07-A973-6B14CBCB2B7E" ], "Elements": [ { "Type": "Decimal", "ValueName": "ACSettingIndex", "MinValue": "0", "MaxValue": "4294967295" } ] }, { "File": "Power.admx", "CategoryName": "PowerVideoSettingsCat", "PolicyName": "VideoPowerDownTimeOutDC_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn off the display (on battery)", "ExplainText": "This policy setting allows you to specify the period of inactivity before Windows turns off the display.\n\nIf you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the display.\n\nIf you disable or do not configure this policy setting, users control this setting.\n\nIf the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the display from turning off. The \"Prevent enabling lock screen slide show\" policy setting can be used to disable the slide show feature.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\PowerSettings\\3C0BC021-C8A8-4E07-A973-6B14CBCB2B7E" ], "Elements": [ { "Type": "Decimal", "ValueName": "DCSettingIndex", "MinValue": "0", "MaxValue": "4294967295" } ] }, { "File": "Power.admx", "CategoryName": "PowerSleepSettingsCat", "PolicyName": "AllowStandbyStatesAC_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Allow standby states (S1-S3) when sleeping (plugged in)", "ExplainText": "This policy setting manages whether or not Windows is allowed to use standby states when putting the computer in a sleep state.\n\nIf you enable or do not configure this policy setting, Windows uses standby states to put the computer in a sleep state.\n\nIf you disable this policy setting, standby states (S1-S3) are not allowed.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\PowerSettings\\abfc2519-3608-4c2a-94ea-171b0ed546ab" ], "ValueName": "ACSettingIndex", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Power.admx", "CategoryName": "PowerSleepSettingsCat", "PolicyName": "AllowStandbyStatesDC_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Allow standby states (S1-S3) when sleeping (on battery)", "ExplainText": "This policy setting manages whether or not Windows is allowed to use standby states when putting the computer in a sleep state.\n\nIf you enable or do not configure this policy setting, Windows uses standby states to put the computer in a sleep state.\n\nIf you disable this policy setting, standby states (S1-S3) are not allowed.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\PowerSettings\\abfc2519-3608-4c2a-94ea-171b0ed546ab" ], "ValueName": "DCSettingIndex", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Power.admx", "CategoryName": "System", "PolicyName": "Dont_PowerOff_AfterShutdown", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "WindowsXPSP1 - At least Windows Server 2003 operating systems or Windows XP Professional with SP1", "DisplayName": "Do not turn off system power after a Windows system shutdown has occurred.", "ExplainText": "This policy setting allows you to configure whether power is automatically turned off when Windows shutdown completes. This setting does not affect Windows shutdown behavior when shutdown is manually selected using the Start menu or Task Manager user interfaces. Applications such as UPS software may rely on Windows shutdown behavior.\n\nThis setting is only applicable when Windows shutdown is initiated by software programs invoking the Windows programming interfaces ExitWindowsEx() or InitiateSystemShutdown().\n\nIf you enable this policy setting, the computer system safely shuts down and remains in a powered state, ready for power to be safely removed.\n\nIf you disable or do not configure this policy setting, the computer system safely shuts down to a fully powered-off state.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT" ], "ValueName": "DontPowerOffAfterShutdown", "Elements": [] }, { "File": "Power.admx", "CategoryName": "PowerSleepSettingsCat", "PolicyName": "AllowSystemSleepWithRemoteFilesOpenAC", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Allow automatic sleep with Open Network Files (plugged in)", "ExplainText": "This policy setting allows you to manage automatic sleep with open network files.\n\nIf you enable this policy setting, the computer automatically sleeps when network files are open.\n\nIf you disable or do not configure this policy setting, the computer does not automatically sleep when network files are open.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\PowerSettings\\d4c1d4c8-d5cc-43d3-b83e-fc51215cb04d" ], "ValueName": "ACSettingIndex", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Power.admx", "CategoryName": "PowerSleepSettingsCat", "PolicyName": "AllowSystemSleepWithRemoteFilesOpenDC", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Allow automatic sleep with Open Network Files (on battery)", "ExplainText": "This policy setting allows you to manage automatic sleep with open network files.\n\nIf you enable this policy setting, the computer automatically sleeps when network files are open.\n\nIf you disable or do not configure this policy setting, the computer does not automatically sleep when network files are open.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\PowerSettings\\d4c1d4c8-d5cc-43d3-b83e-fc51215cb04d" ], "ValueName": "DCSettingIndex", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Power.admx", "CategoryName": "PowerVideoSettingsCat", "PolicyName": "DisplayDimTimeOutAC", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Reduce display brightness (plugged in)", "ExplainText": "This policy setting allows you to specify the period of inactivity before Windows automatically reduces brightness of the display.\n\nIf you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows automatically reduces the brightness of the display.\n\nWindows will only reduce the brightness of the primary display integrated into the computer.\n\nIf you disable or do not configure this policy setting, users control this setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\PowerSettings\\17aaa29b-8b43-4b94-aafe-35f64daaf1ee" ], "Elements": [ { "Type": "Decimal", "ValueName": "ACSettingIndex", "MinValue": "0", "MaxValue": "4294967295", "Required": true } ] }, { "File": "Power.admx", "CategoryName": "PowerVideoSettingsCat", "PolicyName": "DisplayDimTimeOutDC", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Reduce display brightness (on battery)", "ExplainText": "This policy setting allows you to specify the period of inactivity before Windows automatically reduces brightness of the display.\n\nIf you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows automatically reduces the brightness of the display.\n\nWindows will only reduce the brightness of the primary display integrated into the computer.\n\nIf you disable or do not configure this policy setting, users control this setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\PowerSettings\\17aaa29b-8b43-4b94-aafe-35f64daaf1ee" ], "Elements": [ { "Type": "Decimal", "ValueName": "DCSettingIndex", "MinValue": "0", "MaxValue": "4294967295", "Required": true } ] }, { "File": "Power.admx", "CategoryName": "PowerVideoSettingsCat", "PolicyName": "DisplayDimBrightnessAC", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Specify the display dim brightness (plugged in)", "ExplainText": "This policy setting allows you to specify the brightness of the display when Windows automatically reduces brightness of the display.\n\nIf you enable this policy setting, you must provide a value, in percentage, indicating the display brightness when Windows automatically reduces brightness of the display.\n\nIf you disable or do not configure this policy setting, users control this setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\PowerSettings\\f1fbfde2-a960-4165-9f88-50667911ce96" ], "Elements": [ { "Type": "Decimal", "ValueName": "ACSettingIndex", "MinValue": "0", "MaxValue": "100", "Required": true } ] }, { "File": "Power.admx", "CategoryName": "PowerVideoSettingsCat", "PolicyName": "DisplayDimBrightnessDC", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Specify the display dim brightness (on battery)", "ExplainText": "This policy setting allows you to specify the brightness of the display when Windows automatically reduces brightness of the display.\n\nIf you enable this policy setting, you must provide a value, in percentage, indicating the display brightness when Windows automatically reduces brightness of the display.\n\nIf you disable or do not configure this policy setting, users control this setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\PowerSettings\\f1fbfde2-a960-4165-9f88-50667911ce96" ], "Elements": [ { "Type": "Decimal", "ValueName": "DCSettingIndex", "MinValue": "0", "MaxValue": "100", "Required": true } ] }, { "File": "Power.admx", "CategoryName": "PowerVideoSettingsCat", "PolicyName": "EnableDesktopSlideShowAC", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Turn on desktop background slideshow (plugged in)", "ExplainText": "This policy setting allows you to specify if Windows should enable the desktop background slideshow.\n\nIf you enable this policy setting, desktop background slideshow is enabled.\n\nIf you disable this policy setting, the desktop background slideshow is disabled.\n\nIf you disable or do not configure this policy setting, users control this setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\PowerSettings\\309dce9b-bef4-4119-9921-a851fb12f0f4" ], "ValueName": "ACSettingIndex", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Power.admx", "CategoryName": "PowerVideoSettingsCat", "PolicyName": "EnableDesktopSlideShowDC", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Turn on desktop background slideshow (on battery)", "ExplainText": "This policy setting allows you to specify if Windows should enable the desktop background slideshow.\n\nIf you enable this policy setting, desktop background slideshow is enabled.\n\nIf you disable this policy setting, the desktop background slideshow is disabled.\n\nIf you disable or do not configure this policy setting, users control this setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\PowerSettings\\309dce9b-bef4-4119-9921-a851fb12f0f4" ], "ValueName": "DCSettingIndex", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Power.admx", "CategoryName": "PowerSleepSettingsCat", "PolicyName": "UnattendedSleepTimeOutAC", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Specify the unattended sleep timeout (plugged in)", "ExplainText": "This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user is not present at the computer.\n\nIf you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows automatically transitions to sleep when left unattended. If you specify 0 seconds, Windows does not automatically transition to sleep.\n\nIf you disable or do not configure this policy setting, users control this setting.\n\nIf the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The \"Prevent enabling lock screen slide show\" policy setting can be used to disable the slide show feature.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\PowerSettings\\7bc4a2f9-d8fc-4469-b07b-33eb785aaca0" ], "Elements": [ { "Type": "Decimal", "ValueName": "ACSettingIndex", "MinValue": "0", "MaxValue": "4294967295", "Required": true } ] }, { "File": "Power.admx", "CategoryName": "PowerSleepSettingsCat", "PolicyName": "UnattendedSleepTimeOutDC", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Specify the unattended sleep timeout (on battery)", "ExplainText": "This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user is not present at the computer.\n\nIf you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows automatically transitions to sleep when left unattended. If you specify 0 seconds, Windows does not automatically transition to sleep.\n\nIf you disable or do not configure this policy setting, users control this setting.\n\nIf the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The \"Prevent enabling lock screen slide show\" policy setting can be used to disable the slide show feature.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\PowerSettings\\7bc4a2f9-d8fc-4469-b07b-33eb785aaca0" ], "Elements": [ { "Type": "Decimal", "ValueName": "DCSettingIndex", "MinValue": "0", "MaxValue": "4294967295", "Required": true } ] }, { "File": "Power.admx", "CategoryName": "PowerSleepSettingsCat", "PolicyName": "AllowSystemPowerRequestAC", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Allow applications to prevent automatic sleep (plugged in)", "ExplainText": "This policy setting allows applications and services to prevent automatic sleep.\n\nIf you enable this policy setting, any application, service, or device driver prevents Windows from automatically transitioning to sleep after a period of user inactivity.\n\nIf you disable or do not configure this policy setting, applications, services, or drivers do not prevent Windows from automatically transitioning to sleep. Only user input is used to determine if Windows should automatically sleep.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\PowerSettings\\A4B195F5-8225-47D8-8012-9D41369786E2" ], "ValueName": "ACSettingIndex", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Power.admx", "CategoryName": "PowerSleepSettingsCat", "PolicyName": "AllowSystemPowerRequestDC", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Allow applications to prevent automatic sleep (on battery)", "ExplainText": "This policy setting allows applications and services to prevent automatic sleep.\n\nIf you enable this policy setting, any application, service, or device driver prevents Windows from automatically transitioning to sleep after a period of user inactivity.\n\nIf you disable or do not configure this policy setting, applications, services, or drivers do not prevent Windows from automatically transitioning to sleep. Only user input is used to determine if Windows should automatically sleep.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\PowerSettings\\A4B195F5-8225-47D8-8012-9D41369786E2" ], "ValueName": "DCSettingIndex", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Power.admx", "CategoryName": "PowerBatteryAlarmSettingsCat", "PolicyName": "ReserveBatteryNotificationLevel", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Reserve battery notification level", "ExplainText": "This policy setting specifies the percentage of battery capacity remaining that triggers the reserve power mode.\n\nIf you enable this policy setting, you must enter a numeric value (percentage) to set the battery level that triggers the reserve power notification.\n\nIf you disable or do not configure this policy setting, users can see and change this setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\PowerSettings\\F3C5027D-CD16-4930-AA6B-90DB844A8F00" ], "Elements": [ { "Type": "Decimal", "ValueName": "DCSettingIndex", "MinValue": "0", "MaxValue": "100", "Required": true } ] }, { "File": "Power.admx", "CategoryName": "EnergySaverSettingsCat", "PolicyName": "EsBattThresholdAC", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Energy Saver Battery Threshold (plugged in)", "ExplainText": "This policy setting allows you to specify battery charge level at which Energy Saver is turned on.\n\nIf you enable this policy setting, you must provide a percent value, indicating the battery charge level. Energy Saver will be automatically turned on at (and below) the specified level.\n\nIf you disable or do not configure this policy setting, users control this setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\PowerSettings\\E69653CA-CF7F-4F05-AA73-CB833FA90AD4" ], "Elements": [ { "Type": "Decimal", "ValueName": "ACSettingIndex", "MinValue": "0", "MaxValue": "100", "Required": true } ] }, { "File": "Power.admx", "CategoryName": "EnergySaverSettingsCat", "PolicyName": "EsBattThresholdDC", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Energy Saver Battery Threshold (on battery)", "ExplainText": "This policy setting allows you to specify battery charge level at which Energy Saver is turned on.\n\nIf you enable this policy setting, you must provide a percent value, indicating the battery charge level. Energy Saver will be automatically turned on at (and below) the specified level.\n\nIf you disable or do not configure this policy setting, users control this setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\PowerSettings\\E69653CA-CF7F-4F05-AA73-CB833FA90AD4" ], "Elements": [ { "Type": "Decimal", "ValueName": "DCSettingIndex", "MinValue": "0", "MaxValue": "100", "Required": true } ] }, { "File": "Power.admx", "CategoryName": "PowerSleepSettingsCat", "PolicyName": "ACConnectivityInStandby_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "Windows_10_0_NOSERVER - At least Windows 10", "DisplayName": "Allow network connectivity during connected-standby (plugged in)", "ExplainText": "This policy setting allows you to control the network connectivity state in standby on modern standby-capable systems.\n\nIf you enable this policy setting, network connectivity will be maintained in standby.\n\nIf you disable this policy setting, network connectivity in standby is not guaranteed. This connectivity restriction currently applies to WLAN networks only, and is subject to change.\n\nIf you do not configure this policy setting, users control this setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\PowerSettings\\f15576e8-98b7-4186-b944-eafa664402d9" ], "ValueName": "ACSettingIndex", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Power.admx", "CategoryName": "PowerSleepSettingsCat", "PolicyName": "DCConnectivityInStandby_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "Windows_10_0_NOSERVER - At least Windows 10", "DisplayName": "Allow network connectivity during connected-standby (on battery)", "ExplainText": "This policy setting allows you to control the network connectivity state in standby on modern standby-capable systems.\n\nIf you enable this policy setting, network connectivity will be maintained in standby.\n\nIf you disable this policy setting, network connectivity in standby is not guaranteed. This connectivity restriction currently applies to WLAN networks only, and is subject to change.\n\nIf you do not configure this policy setting, users control this setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\PowerSettings\\f15576e8-98b7-4186-b944-eafa664402d9" ], "ValueName": "DCSettingIndex", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Power.admx", "CategoryName": "PowerThrottlingSettingsCat", "PolicyName": "PowerThrottlingTurnOff", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "Windows_10_0_NOSERVER - At least Windows 10", "DisplayName": "Turn off Power Throttling", "ExplainText": "This policy setting allows you to turn off Power Throttling.\n\nIf you enable this policy setting, Power Throttling will be turned off.\n\nIf you disable or do not configure this policy setting, users control this setting.", "KeyPath": [ "HKLM\\System\\CurrentControlSet\\Control\\Power\\PowerThrottling" ], "ValueName": "PowerThrottlingOff", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Power.admx", "CategoryName": "EnergySaverSettingsCat", "PolicyName": "EnableEnergySaver", "Class": "Machine", "NameSpace": "Microsoft.Policies.PowerManagement", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Enable Energy Saver to Always Be On", "ExplainText": "This policy will extend battery life and reduce energy consumption by enabling Energy Saver to always be on.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Power\\EnergySaver" ], "ValueName": "EnableEnergySaver", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "PowerShellExecutionPolicy.admx", "CategoryName": "PowerShell", "PolicyName": "EnableScripts", "Class": "Both", "NameSpace": "Microsoft.Policies.PowerShell", "Supported": "WIN7 - At least Microsoft Windows 7 or Windows Server 2008 family", "DisplayName": "Turn on Script Execution", "ExplainText": "This policy setting lets you configure the script execution policy, controlling which scripts are allowed to run.\n\nIf you enable this policy setting, the scripts selected in the drop-down list are allowed to run.\n\nThe \"Allow only signed scripts\" policy setting allows scripts to execute only if they are signed by a trusted publisher.\n\nThe \"Allow local scripts and remote signed scripts\" policy setting allows any local scrips to run; scripts that originate from the Internet must be signed by a trusted publisher.\n\nThe \"Allow all scripts\" policy setting allows all scripts to run.\n\nIf you disable this policy setting, no scripts are allowed to run.\n\nNote: This policy setting exists under both \"Computer Configuration\" and \"User Configuration\" in the Local Group Policy Editor. The \"Computer Configuration\" has precedence over \"User Configuration.\"\n\nIf you disable or do not configure this policy setting, it reverts to a per-machine preference setting; the default if that is not configured is \"No scripts allowed.\"", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\PowerShell", "HKCU\\Software\\Policies\\Microsoft\\Windows\\PowerShell" ], "ValueName": "EnableScripts", "Elements": [ { "Type": "Enum", "ValueName": "ExecutionPolicy", "Items": [ { "DisplayName": "Allow only signed scripts", "Data": "AllSigned" }, { "DisplayName": "Allow local scripts and remote signed scripts", "Data": "RemoteSigned" }, { "DisplayName": "Allow all scripts", "Data": "Unrestricted" } ], "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "PowerShellExecutionPolicy.admx", "CategoryName": "PowerShell", "PolicyName": "EnableModuleLogging", "Class": "Both", "NameSpace": "Microsoft.Policies.PowerShell", "Supported": "WIN7 - At least Microsoft Windows 7 or Windows Server 2008 family", "DisplayName": "Turn on Module Logging", "ExplainText": "This policy setting allows you to turn on logging for Windows PowerShell modules.\n\nIf you enable this policy setting, pipeline execution events for members of the specified modules are recorded in the Windows PowerShell log in Event Viewer. Enabling this policy setting for a module is equivalent to setting the LogPipelineExecutionDetails property of the module to True.\n\nIf you disable this policy setting, logging of execution events is disabled for all Windows PowerShell modules. Disabling this policy setting for a module is equivalent to setting the LogPipelineExecutionDetails property of the module to False.\n\nIf this policy setting is not configured, the LogPipelineExecutionDetails property of a module or snap-in determines whether the execution events of a module or snap-in are logged. By default, the LogPipelineExecutionDetails property of all modules and snap-ins is set to False.\n\nTo add modules and snap-ins to the policy setting list, click Show, and then type the module names in the list. The modules and snap-ins in the list must be installed on the computer.\n\nNote: This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\PowerShell\\ModuleLogging", "HKCU\\Software\\Policies\\Microsoft\\Windows\\PowerShell\\ModuleLogging" ], "ValueName": "EnableModuleLogging", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\PowerShell\\ModuleLogging\\ModuleNames", "HKCU\\Software\\Policies\\Microsoft\\Windows\\PowerShell\\ModuleLogging\\ModuleNames" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "PowerShellExecutionPolicy.admx", "CategoryName": "PowerShell", "PolicyName": "EnableTranscripting", "Class": "Both", "NameSpace": "Microsoft.Policies.PowerShell", "Supported": "WIN7 - At least Microsoft Windows 7 or Windows Server 2008 family", "DisplayName": "Turn on PowerShell Transcription", "ExplainText": "This policy setting lets you capture the input and output of Windows PowerShell commands into text-based transcripts.\n\nIf you enable this policy setting, Windows PowerShell will enable transcripting for Windows PowerShell, the Windows PowerShell ISE, and any other\napplications that leverage the Windows PowerShell engine. By default, Windows PowerShell will record transcript output to each users' My Documents\ndirectory, with a file name that includes 'PowerShell_transcript', along with the computer name and time started. Enabling this policy is equivalent\nto calling the Start-Transcript cmdlet on each Windows PowerShell session.\n\nIf you disable this policy setting, transcripting of PowerShell-based applications is disabled by default, although transcripting can still be enabled\nthrough the Start-Transcript cmdlet.\n\nIf you use the OutputDirectory setting to enable transcript logging to a shared location, be sure to limit access to that directory to prevent users\nfrom viewing the transcripts of other users or computers.\n\nNote: This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\PowerShell\\Transcription", "HKCU\\Software\\Policies\\Microsoft\\Windows\\PowerShell\\Transcription" ], "ValueName": "EnableTranscripting", "Elements": [ { "Type": "Text", "ValueName": "OutputDirectory" }, { "Type": "Boolean", "ValueName": "EnableInvocationHeader", "TrueValue": "1", "FalseValue": "0" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "PowerShellExecutionPolicy.admx", "CategoryName": "PowerShell", "PolicyName": "EnableScriptBlockLogging", "Class": "Both", "NameSpace": "Microsoft.Policies.PowerShell", "Supported": "WIN7 - At least Microsoft Windows 7 or Windows Server 2008 family", "DisplayName": "Turn on PowerShell Script Block Logging", "ExplainText": "This policy setting enables logging of all PowerShell script input to the Microsoft-Windows-PowerShell/Operational event log. If you enable this policy setting,\nWindows PowerShell will log the processing of commands, script blocks, functions, and scripts - whether invoked interactively, or through automation.\n\nIf you disable this policy setting, logging of PowerShell script input is disabled.\n\nIf you enable the Script Block Invocation Logging, PowerShell additionally logs events when invocation of a command, script block, function, or script\nstarts or stops. Enabling Invocation Logging generates a high volume of event logs.\n\nNote: This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\PowerShell\\ScriptBlockLogging", "HKCU\\Software\\Policies\\Microsoft\\Windows\\PowerShell\\ScriptBlockLogging" ], "ValueName": "EnableScriptBlockLogging", "Elements": [ { "Type": "Boolean", "ValueName": "EnableScriptBlockInvocationLogging", "TrueValue": "1", "FalseValue": "0" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "PowerShellExecutionPolicy.admx", "CategoryName": "PowerShell", "PolicyName": "EnableUpdateHelpDefaultSourcePath", "Class": "Both", "NameSpace": "Microsoft.Policies.PowerShell", "Supported": "WIN7 - At least Microsoft Windows 7 or Windows Server 2008 family", "DisplayName": "Set the default source path for Update-Help", "ExplainText": "This policy setting allows you to set the default value of the SourcePath parameter on the Update-Help cmdlet.\n\nIf you enable this policy setting, the Update-Help cmdlet will use the specified value as the default value for the SourcePath parameter. This default value can be overridden by specifying a different value with the SourcePath parameter on the Update-Help cmdlet.\n\nIf this policy setting is disabled or not configured, this policy setting does not set a default value for the SourcePath parameter of the Update-Help cmdlet.\n\nNote: This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\PowerShell\\UpdatableHelp", "HKCU\\Software\\Policies\\Microsoft\\Windows\\PowerShell\\UpdatableHelp" ], "ValueName": "EnableUpdateHelpDefaultSourcePath", "Elements": [ { "Type": "Text", "ValueName": "DefaultSourcePath", "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "PreviousVersions.admx", "CategoryName": "PreviousVersions", "PolicyName": "DisableBackupRestore_1", "Class": "User", "NameSpace": "Microsoft.Policies.PreviousVersions", "Supported": "Vista_through_Win7 - Supported Windows Vista through Windows 7", "DisplayName": "Prevent restoring previous versions from backups", "ExplainText": "This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file, in which the previous version is stored on a backup.\n\nIf you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a backup.\n\nIf you disable this policy setting, the Restore button remains active for a previous version corresponding to a backup. If the Restore button is clicked, Windows attempts to restore the file from the backup media.\n\nIf you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a local file and stored on the backup.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\PreviousVersions" ], "ValueName": "DisableBackupRestore", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "PreviousVersions.admx", "CategoryName": "PreviousVersions", "PolicyName": "DisableBackupRestore_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.PreviousVersions", "Supported": "Vista_through_Win7 - Supported Windows Vista through Windows 7", "DisplayName": "Prevent restoring previous versions from backups", "ExplainText": "This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file, in which the previous version is stored on a backup.\n\nIf you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a backup.\n\nIf you disable this policy setting, the Restore button remains active for a previous version corresponding to a backup. If the Restore button is clicked, Windows attempts to restore the file from the backup media.\n\nIf you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a local file and stored on the backup.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\PreviousVersions" ], "ValueName": "DisableBackupRestore", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "PreviousVersions.admx", "CategoryName": "PreviousVersions", "PolicyName": "DisableLocalPage_1", "Class": "User", "NameSpace": "Microsoft.Policies.PreviousVersions", "Supported": "Vista_through_Win7 - Supported Windows Vista through Windows 7", "DisplayName": "Hide previous versions list for local files", "ExplainText": "This policy setting lets you hide the list of previous versions of files that are on local disks. The previous versions could come from the on-disk restore points or from backup media.\n\nIf you enable this policy setting, users cannot list or restore previous versions of files on local disks.\n\nIf you disable this policy setting, users cannot list and restore previous versions of files on local disks.\n\nIf you do not configure this policy setting, it defaults to disabled.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\PreviousVersions" ], "ValueName": "DisableLocalPage", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "PreviousVersions.admx", "CategoryName": "PreviousVersions", "PolicyName": "DisableLocalPage_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.PreviousVersions", "Supported": "Vista_through_Win7 - Supported Windows Vista through Windows 7", "DisplayName": "Hide previous versions list for local files", "ExplainText": "This policy setting lets you hide the list of previous versions of files that are on local disks. The previous versions could come from the on-disk restore points or from backup media.\n\nIf you enable this policy setting, users cannot list or restore previous versions of files on local disks.\n\nIf you disable this policy setting, users cannot list and restore previous versions of files on local disks.\n\nIf you do not configure this policy setting, it defaults to disabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\PreviousVersions" ], "ValueName": "DisableLocalPage", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "PreviousVersions.admx", "CategoryName": "PreviousVersions", "PolicyName": "DisableLocalRestore_1", "Class": "User", "NameSpace": "Microsoft.Policies.PreviousVersions", "Supported": "Vista_through_Win7 - Supported Windows Vista through Windows 7", "DisplayName": "Prevent restoring local previous versions", "ExplainText": "This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file.\n\nIf you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a local file.\n\nIf you disable this policy setting, the Restore button remains active for a previous version corresponding to a local file. If the user clicks the Restore button, Windows attempts to restore the file from the local disk.\n\nIf you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a local file.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\PreviousVersions" ], "ValueName": "DisableLocalRestore", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "PreviousVersions.admx", "CategoryName": "PreviousVersions", "PolicyName": "DisableLocalRestore_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.PreviousVersions", "Supported": "Vista_through_Win7 - Supported Windows Vista through Windows 7", "DisplayName": "Prevent restoring local previous versions", "ExplainText": "This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file.\n\nIf you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a local file.\n\nIf you disable this policy setting, the Restore button remains active for a previous version corresponding to a local file. If the user clicks the Restore button, Windows attempts to restore the file from the local disk.\n\nIf you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a local file.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\PreviousVersions" ], "ValueName": "DisableLocalRestore", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "PreviousVersions.admx", "CategoryName": "PreviousVersions", "PolicyName": "DisableRemotePage_1", "Class": "User", "NameSpace": "Microsoft.Policies.PreviousVersions", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Hide previous versions list for remote files", "ExplainText": "This policy setting lets you hide the list of previous versions of files that are on file shares. The previous versions come from the on-disk restore points on the file share.\n\nIf you enable this policy setting, users cannot list or restore previous versions of files on file shares.\n\nIf you disable this policy setting, users can list and restore previous versions of files on file shares.\n\nIf you do not configure this policy setting, it is disabled by default.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\PreviousVersions" ], "ValueName": "DisableRemotePage", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "PreviousVersions.admx", "CategoryName": "PreviousVersions", "PolicyName": "DisableRemotePage_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.PreviousVersions", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Hide previous versions list for remote files", "ExplainText": "This policy setting lets you hide the list of previous versions of files that are on file shares. The previous versions come from the on-disk restore points on the file share.\n\nIf you enable this policy setting, users cannot list or restore previous versions of files on file shares.\n\nIf you disable this policy setting, users can list and restore previous versions of files on file shares.\n\nIf you do not configure this policy setting, it is disabled by default.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\PreviousVersions" ], "ValueName": "DisableRemotePage", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "PreviousVersions.admx", "CategoryName": "PreviousVersions", "PolicyName": "DisableRemoteRestore_1", "Class": "User", "NameSpace": "Microsoft.Policies.PreviousVersions", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Prevent restoring remote previous versions", "ExplainText": "This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.\n\nIf you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share.\n\nIf you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share. If the user clicks the Restore button, Windows attempts to restore the file from the file share.\n\nIf you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a file on a file share.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\PreviousVersions" ], "ValueName": "DisableRemoteRestore", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "PreviousVersions.admx", "CategoryName": "PreviousVersions", "PolicyName": "DisableRemoteRestore_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.PreviousVersions", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Prevent restoring remote previous versions", "ExplainText": "This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.\n\nIf you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share.\n\nIf you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share. If the user clicks the Restore button, Windows attempts to restore the file from the file share.\n\nIf you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a file on a file share.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\PreviousVersions" ], "ValueName": "DisableRemoteRestore", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "PreviousVersions.admx", "CategoryName": "PreviousVersions", "PolicyName": "HideBackupEntries_1", "Class": "User", "NameSpace": "Microsoft.Policies.PreviousVersions", "Supported": "Vista_through_Win7 - Supported Windows Vista through Windows 7", "DisplayName": "Hide previous versions of files on backup location", "ExplainText": "This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backup media. Previous versions can come from the on-disk restore points or the backup media.\n\nIf you enable this policy setting, users cannot see any previous versions corresponding to backup copies, and can see only previous versions corresponding to on-disk restore points.\n\nIf you disable this policy setting, users can see previous versions corresponding to backup copies as well as previous versions corresponding to on-disk restore points.\n\nIf you do not configure this policy setting, it is disabled by default.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\PreviousVersions" ], "ValueName": "HideBackupEntries", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "PreviousVersions.admx", "CategoryName": "PreviousVersions", "PolicyName": "HideBackupEntries_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.PreviousVersions", "Supported": "Vista_through_Win7 - Supported Windows Vista through Windows 7", "DisplayName": "Hide previous versions of files on backup location", "ExplainText": "This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backup media. Previous versions can come from the on-disk restore points or the backup media.\n\nIf you enable this policy setting, users cannot see any previous versions corresponding to backup copies, and can see only previous versions corresponding to on-disk restore points.\n\nIf you disable this policy setting, users can see previous versions corresponding to backup copies as well as previous versions corresponding to on-disk restore points.\n\nIf you do not configure this policy setting, it is disabled by default.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\PreviousVersions" ], "ValueName": "HideBackupEntries", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Printing.admx", "CategoryName": "Printers", "PolicyName": "AllowWebPrinting", "Class": "Machine", "NameSpace": "Microsoft.Policies.Printing", "Supported": "Win2kOnly - Windows 2000 only", "DisplayName": "Activate Internet printing", "ExplainText": "Internet printing lets you display printers on Web pages so that printers can be viewed, managed, and used across the Internet or an intranet.\n\nIf you enable this policy setting, Internet printing is activated on this server.\n\nIf you disable this policy setting or do not configure it, Internet printing is not activated.\n\nInternet printing is an extension of Internet Information Services (IIS). To use Internet printing, IIS must be installed, and printing support and this setting must be enabled.\n\nNote: This setting affects the server side of Internet printing only. It does not prevent the print client on the computer from printing across the Internet.\n\nAlso, see the \"Custom support URL in the Printers folder's left pane\" setting in this folder and the \"Browse a common Web site to find printers\" setting in User Configuration\\Administrative Templates\\Control Panel\\Printers.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers" ], "ValueName": "DisableWebPrinting", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "Printing.admx", "CategoryName": "Printers", "PolicyName": "ApplicationDriverIsolation", "Class": "Machine", "NameSpace": "Microsoft.Policies.Printing", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Isolate print drivers from applications", "ExplainText": "Determines if print driver components are isolated from applications instead of normally loading them into applications. Isolating print drivers greatly reduces the risk of a print driver failure causing an application crash.\n\nNot all applications support driver isolation. By default, Microsoft Excel 2007, Excel 2010, Word 2007, Word 2010 and certain other applications are configured to support it. Other applications may also be capable of isolating print drivers, depending on whether they are configured for it.\n\nIf you enable or do not configure this policy setting, then applications that are configured to support driver isolation will be isolated.\n\nIf you disable this policy setting, then print drivers will be loaded within all associated application processes.\n\nNotes:\n-This policy setting applies only to applications opted into isolation.\n-This policy setting applies only to print drivers loaded by applications. Print drivers loaded by the print spooler are not affected.\n-This policy setting is only checked once during the lifetime of a process. After changing the policy, a running application must be relaunched before settings take effect.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers" ], "ValueName": "ApplicationDriverIsolation", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Printing.admx", "CategoryName": "Printers", "PolicyName": "CustomizedSupportUrl", "Class": "Machine", "NameSpace": "Microsoft.Policies.Printing", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Custom support URL in the Printers folder's left pane", "ExplainText": "By default, the Printers folder includes a link to the Microsoft Support Web page called \"Get help with printing\". It can also include a link to a Web page supplied by the vendor of the currently selected printer.\n\nIf you enable this policy setting, you replace the \"Get help with printing\" default link with a link to a Web page customized for your enterprise.\n\nIf you disable this setting or do not configure it, or if you do not enter an alternate Internet address, the default link will appear in the Printers folder.\n\nNote: Web pages links only appear in the Printers folder when Web view is enabled. If Web view is disabled, the setting has no effect. (To enable Web view, open the Printers folder, and, on the Tools menu, click Folder Options, click the General tab, and then click \"Enable Web content in folders.\")\n\nAlso, see the \"Activate Internet printing\" setting in this setting folder and the \"Browse a common web site to find printers\" setting in User Configuration\\Administrative Templates\\Control Panel\\Printers.\n\nWeb view is affected by the \"Turn on Classic Shell\" and \"Do not allow Folder Options to be opened from the Options button on the View tab of the ribbon\" settings in User Configuration\\Administrative Templates\\Windows Components\\Windows Explorer, and by the \"Enable Active Desktop\" setting in User Configuration\\Administrative Templates\\Desktop\\Active Desktop.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers" ], "Elements": [ { "Type": "Text", "ValueName": "SupportLink", "MaxLength": "255" } ] }, { "File": "Printing.admx", "CategoryName": "Printers", "PolicyName": "DomainPrinters", "Class": "Machine", "NameSpace": "Microsoft.Policies.Printing", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Add Printer wizard - Network scan page (Managed network)", "ExplainText": "If you enable this policy setting, it sets the maximum number of printers (of each type) that the Add Printer wizard will display on a computer on a managed network (when the computer is able to reach a domain controller, e.g. a domain-joined laptop on a corporate network.)\n\nIf this policy setting is disabled, the network scan page will not be displayed.\n\nIf this policy setting is not configured, the Add Printer wizard will display the default number of printers of each type:\nDirectory printers: 20\nTCP/IP printers: 0\nWeb Services printers: 0\nBluetooth printers: 10\nShared printers: 0\n\nIn order to view available Web Services printers on your network, ensure that network discovery is turned on. To turn on network discovery, click \"Start\", click \"Control Panel\", and then click \"Network and Internet\". On the \"Network and Internet\" page, click \"Network and Sharing Center\". On the Network and Sharing Center page, click \"Change advanced sharing settings\". On the Advanced sharing settings page, click the arrow next to \"Domain\" arrow, click \"turn on network discovery\", and then click \"Save changes\".\n\nIf you would like to not display printers of a certain type, enable this policy and set the number of printers to display to 0.\n\nIn Windows 10 and later, only TCP/IP printers can be shown in the wizard. If you enable this policy setting, only TCP/IP printer limits are applicable. On Windows 10 only, if you disable or do not configure this policy setting, the default limit is applied.\n\nIn Windows 8 and later, Bluetooth printers are not shown so its limit does not apply to those versions of Windows.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers\\Wizard" ], "ValueName": "DomainDisplayPrinters_State", "Elements": [ { "Type": "Decimal", "ValueName": "DomainADprinters", "MinValue": "0", "MaxValue": "1000" }, { "Type": "Decimal", "ValueName": "DomainIPprinters", "MinValue": "0", "MaxValue": "1000" }, { "Type": "Decimal", "ValueName": "DomainWSDprinters", "MinValue": "0", "MaxValue": "1000" }, { "Type": "Decimal", "ValueName": "DomainBluetoothprinters", "MinValue": "0", "MaxValue": "1000" }, { "Type": "Decimal", "ValueName": "DomainShareprinters", "MinValue": "0", "MaxValue": "1000" }, { "Type": "EnabledValue", "Data": "2" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "Printing.admx", "CategoryName": "CplPrinters", "PolicyName": "DownlevelBrowse", "Class": "User", "NameSpace": "Microsoft.Policies.Printing", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Browse the network to find printers", "ExplainText": "Allows users to use the Add Printer Wizard to search the network for shared printers.\n\nIf you enable this setting or do not configure it, when users choose to add a network printer by selecting the \"A network printer, or a printer attached to another computer\" radio button on Add Printer Wizard's page 2, and also check the \"Connect to this printer (or to browse for a printer, select this option and click Next)\" radio button on Add Printer Wizard's page 3, and do not specify a printer name in the adjacent \"Name\" edit box, then Add Printer Wizard displays the list of shared printers on the network and invites to choose a printer from the shown list.\n\nIf you disable this setting, the network printer browse page is removed from within the Add Printer Wizard, and users cannot search the network but must type a printer name.\n\nNote: This setting affects the Add Printer Wizard only. It does not prevent users from using other programs to search for shared printers or to connect to network printers.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows NT\\Printers\\Wizard" ], "ValueName": "Downlevel Browse", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Printing.admx", "CategoryName": "Printers", "PolicyName": "EMFDespooling", "Class": "Machine", "NameSpace": "Microsoft.Policies.Printing", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Always render print jobs on the server", "ExplainText": "When printing through a print server, determines whether the print spooler on the client will process print jobs itself, or pass them on to the server to do the work.\n\nThis policy setting only effects printing to a Windows print server.\n\nIf you enable this policy setting on a client machine, the client spooler will not process print jobs before sending them to the print server. This decreases the workload on the client at the expense of increasing the load on the server.\n\nIf you disable this policy setting on a client machine, the client itself will process print jobs into printer device commands. These commands will then be sent to the print server, and the server will simply pass the commands to the printer. This increases the workload of the client while decreasing the load on the server.\n\nIf you do not enable this policy setting, the behavior is the same as disabling it.\n\nNote: This policy does not determine whether offline printing will be available to the client. The client print spooler can always queue print jobs when not connected to the print server. Upon reconnecting to the server, the client will submit any pending print jobs.\n\nNote: Some printer drivers require a custom print processor. In some cases the custom print processor may not be installed on the client machine, such as when the print server does not support transferring print processors during point-and-print. In the case of a print processor mismatch, the client spooler will always send jobs to the print server for rendering. Disabling the above policy setting does not override this behavior.\n\nNote: In cases where the client print driver does not match the server print driver (mismatched connection), the client will always process the print job, regardless of the setting of this policy.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers" ], "ValueName": "ForceCSREMFDespooling", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Printing.admx", "CategoryName": "Printers", "PolicyName": "ForceSoftwareRasterization", "Class": "Machine", "NameSpace": "Microsoft.Policies.Printing", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Always rasterize content to be printed using a software rasterizer", "ExplainText": "Determines whether the XPS Rasterization Service or the XPS-to-GDI conversion (XGC) is forced to use a software rasterizer instead of a Graphics Processing Unit (GPU) to rasterize pages.\n\nThis setting may improve the performance of the XPS Rasterization Service or the XPS-to-GDI conversion (XGC) on machines that have a relatively powerful CPU as compared to the machine\u2019s GPU.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers" ], "ValueName": "ForceSoftwareRasterization", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Printing.admx", "CategoryName": "CplPrinters", "PolicyName": "IntranetPrintersUrl", "Class": "User", "NameSpace": "Microsoft.Policies.Printing", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Browse a common web site to find printers", "ExplainText": "Adds a link to an Internet or intranet Web page to the Add Printer Wizard.\n\nYou can use this setting to direct users to a Web page from which they can install printers.\n\nIf you enable this setting and type an Internet or intranet address in the text box, the system adds a Browse button to the \"Specify a Printer\" page in the Add Printer Wizard. The Browse button appears beside the \"Connect to a printer on the Internet or on a home or office network\" option. When users click Browse, the system opens an Internet browser and navigates to the specified URL address to display the available printers.\n\nThis setting makes it easy for users to find the printers you want them to add.\n\nAlso, see the \"Custom support URL in the Printers folder's left pane\" and \"Activate Internet printing\" settings in \"Computer Configuration\\Administrative Templates\\Printers.\"", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows NT\\Printers\\Wizard" ], "Elements": [ { "Type": "Text", "ValueName": "Printers Page URL", "Required": true, "MaxLength": "255" } ] }, { "File": "Printing.admx", "CategoryName": "Printers", "PolicyName": "KMPrintersAreBlocked", "Class": "Machine", "NameSpace": "Microsoft.Policies.Printing", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Disallow installation of printers using kernel-mode drivers", "ExplainText": "Determines whether printers using kernel-mode drivers may be installed on the local computer. Kernel-mode drivers have access to system-wide memory, and therefore poorly-written kernel-mode drivers can cause stop errors.\n\nIf you disable this setting, or do not configure it, then printers using a kernel-mode drivers may be installed on the local computer running Windows XP Home Edition and Windows XP Professional.\n\nIf you do not configure this setting on Windows Server 2003 family products, the installation of kernel-mode printer drivers will be blocked.\n\nIf you enable this setting, installation of a printer using a kernel-mode driver will not be allowed.\n\nNote: By applying this policy, existing kernel-mode drivers will be disabled upon installation of service packs or reinstallation of the Windows XP operating system. This policy does not apply to 64-bit kernel-mode printer drivers as they cannot be installed and associated with a print queue.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers" ], "ValueName": "KMPrintersAreBlocked", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Printing.admx", "CategoryName": "CplPrinters", "PolicyName": "NoAddPrinter", "Class": "User", "NameSpace": "Microsoft.Policies.Printing", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Prevent addition of printers", "ExplainText": "Prevents users from using familiar methods to add local and network printers.\n\nIf this policy setting is enabled, it removes the Add Printer option from the Start menu. (To find the Add Printer option, click Start, click Printers, and then click Add Printer.) This setting also removes Add Printer from the Printers folder in Control Panel.\n\nAlso, users cannot add printers by dragging a printer icon into the Printers folder. If they try, a message appears explaining that the setting prevents the action.\n\nHowever, this setting does not prevent users from using the Add Hardware Wizard to add a printer. Nor does it prevent users from running other programs to add printers.\n\nThis setting does not delete printers that users have already added. However, if users have not added a printer when this setting is applied, they cannot print.\n\nNote: You can use printer permissions to restrict the use of printers without specifying a setting. In the Printers folder, right-click a printer, click Properties, and then click the Security tab.\n\nIf this policy is disabled, or not configured, users can add printers using the methods described above.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoAddPrinter", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Printing.admx", "CategoryName": "CplPrinters", "PolicyName": "NoDeletePrinter", "Class": "User", "NameSpace": "Microsoft.Policies.Printing", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Prevent deletion of printers", "ExplainText": "If this policy setting is enabled, it prevents users from deleting local and network printers.\n\nIf a user tries to delete a printer, such as by using the Delete option in Printers in Control Panel, a message appears explaining that a setting prevents the action.\n\nThis setting does not prevent users from running other programs to delete a printer.\n\nIf this policy is disabled, or not configured, users can delete printers using the methods described above.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoDeletePrinter", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Printing.admx", "CategoryName": "Printers", "PolicyName": "NonDomainPrinters", "Class": "Machine", "NameSpace": "Microsoft.Policies.Printing", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Add Printer wizard - Network scan page (Unmanaged network)", "ExplainText": "This policy sets the maximum number of printers (of each type) that the Add Printer wizard will display on a computer on an unmanaged network (when the computer is not able to reach a domain controller, e.g. a domain-joined laptop on a home network.)\n\nIf this setting is disabled, the network scan page will not be displayed.\n\nIf this setting is not configured, the Add Printer wizard will display the default number of printers of each type:\nTCP/IP printers: 50\nWeb Services printers: 50\nBluetooth printers: 10\nShared printers: 50\n\nIf you would like to not display printers of a certain type, enable this policy and set the number of printers to display to 0.\n\nIn Windows 10 and later, only TCP/IP printers can be shown in the wizard. If you enable this policy setting, only TCP/IP printer limits are applicable. On Windows 10 only, if you disable or do not configure this policy setting, the default limit is applied.\n\nIn Windows 8 and later, Bluetooth printers are not shown so its limit does not apply to those versions of Windows.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers\\Wizard" ], "ValueName": "NonDomainDisplayPrinters_State", "Elements": [ { "Type": "Decimal", "ValueName": "NonDomainIPprinters", "MinValue": "0", "MaxValue": "1000" }, { "Type": "Decimal", "ValueName": "NonDomainWSDprinters", "MinValue": "0", "MaxValue": "1000" }, { "Type": "Decimal", "ValueName": "NonDomainBluetoothprinters", "MinValue": "0", "MaxValue": "1000" }, { "Type": "Decimal", "ValueName": "NonDomainShareprinters", "MinValue": "0", "MaxValue": "1000" }, { "Type": "EnabledValue", "Data": "2" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "Printing.admx", "CategoryName": "CplPrinters", "PolicyName": "PackagePointAndPrintOnly", "Class": "User", "NameSpace": "Microsoft.Policies.Printing", "Supported": "WindowsVistaOrServer2008Only - Windows Server 2008 and Windows Vista", "DisplayName": "Only use Package Point and print", "ExplainText": "This policy restricts clients computers to use package point and print only.\n\nIf this setting is enabled, users will only be able to point and print to printers that use package-aware drivers. When using package point and print, client computers will check the driver signature of all drivers that are downloaded from print servers.\n\nIf this setting is disabled, or not configured, users will not be restricted to package-aware point and print only.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows NT\\Printers\\PackagePointAndPrint" ], "ValueName": "PackagePointAndPrintOnly", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Printing.admx", "CategoryName": "CplPrinters", "PolicyName": "PackagePointAndPrintServerList", "Class": "User", "NameSpace": "Microsoft.Policies.Printing", "Supported": "WindowsVistaOrServer2008Only - Windows Server 2008 and Windows Vista", "DisplayName": "Package Point and print - Approved servers", "ExplainText": "Restricts package point and print to approved servers.\n\nThis policy setting restricts package point and print connections to approved servers. This setting only applies to Package Point and Print connections, and is completely independent from the \"Point and Print Restrictions\" policy that governs the behavior of non-package point and print connections.\n\nWindows Vista and later clients will attempt to make a non-package point and print connection anytime a package point and print connection fails, including attempts that are blocked by this policy. Administrators may need to set both policies to block all print connections to a specific print server.\n\nIf this setting is enabled, users will only be able to package point and print to print servers approved by the network administrator. When using package point and print, client computers will check the driver signature of all drivers that are downloaded from print servers.\n\nIf this setting is disabled, or not configured, package point and print will not be restricted to specific print servers.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows NT\\Printers\\PackagePointAndPrint" ], "ValueName": "PackagePointAndPrintServerList", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows NT\\Printers\\PackagePointAndPrint\\ListofServers" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Printing.admx", "CategoryName": "Printers", "PolicyName": "PackagePointAndPrintOnly_Win7", "Class": "Machine", "NameSpace": "Microsoft.Policies.Printing", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Only use Package Point and print", "ExplainText": "This policy restricts clients computers to use package point and print only.\n\nIf this setting is enabled, users will only be able to point and print to printers that use package-aware drivers. When using package point and print, client computers will check the driver signature of all drivers that are downloaded from print servers.\n\nIf this setting is disabled, or not configured, users will not be restricted to package-aware point and print only.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers\\PackagePointAndPrint" ], "ValueName": "PackagePointAndPrintOnly", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Printing.admx", "CategoryName": "Printers", "PolicyName": "PackagePointAndPrintServerList_Win7", "Class": "Machine", "NameSpace": "Microsoft.Policies.Printing", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Package Point and print - Approved servers", "ExplainText": "Restricts package point and print to approved servers.\n\nThis policy setting restricts package point and print connections to approved servers. This setting only applies to Package Point and Print connections, and is completely independent from the \"Point and Print Restrictions\" policy that governs the behavior of non-package point and print connections.\n\nWindows Vista and later clients will attempt to make a non-package point and print connection anytime a package point and print connection fails, including attempts that are blocked by this policy. Administrators may need to set both policies to block all print connections to a specific print server.\n\nIf this setting is enabled, users will only be able to package point and print to print servers approved by the network administrator. When using package point and print, client computers will check the driver signature of all drivers that are downloaded from print servers.\n\nIf this setting is disabled, or not configured, package point and print will not be restricted to specific print servers.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers\\PackagePointAndPrint" ], "ValueName": "PackagePointAndPrintServerList", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers\\PackagePointAndPrint\\ListofServers" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Printing.admx", "CategoryName": "Printers", "PolicyName": "PhysicalLocation", "Class": "Machine", "NameSpace": "Microsoft.Policies.Printing", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Computer location", "ExplainText": "If this policy setting is enabled, it specifies the default location criteria used when searching for printers.\n\nThis setting is a component of the Location Tracking feature of Windows printers. To use this setting, enable Location Tracking by enabling the \"Pre-populate printer search location text\" setting.\n\nWhen Location Tracking is enabled, the system uses the specified location as a criterion when users search for printers. The value you type here overrides the actual location of the computer conducting the search.\n\nType the location of the user's computer. When users search for printers, the system uses the specified location (and other search criteria) to find a printer nearby. You can also use this setting to direct users to a particular printer or group of printers that you want them to use.\n\nIf you disable this setting or do not configure it, and the user does not type a location as a search criterion, the system searches for a nearby printer based on the IP address and subnet mask of the user's computer.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers" ], "Elements": [ { "Type": "Text", "ValueName": "PhysicalLocation", "MaxLength": "259" } ] }, { "File": "Printing.admx", "CategoryName": "Printers", "PolicyName": "PhysicalLocationSupport", "Class": "Machine", "NameSpace": "Microsoft.Policies.Printing", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Pre-populate printer search location text", "ExplainText": "Enables the physical Location Tracking setting for Windows printers.\n\nUse Location Tracking to design a location scheme for your enterprise and assign computers and printers to locations in the scheme. Location Tracking overrides the standard method used to locate and associate computers and printers. The standard method uses a printer's IP address and subnet mask to estimate its physical location and proximity to computers.\n\nIf you enable this setting, users can browse for printers by location without knowing the printer's location or location naming scheme. Enabling Location Tracking adds a Browse button in the Add Printer wizard's Printer Name and Sharing Location screen and to the General tab in the Printer Properties dialog box. If you enable the Group Policy Computer location setting, the default location you entered appears in the Location field by default.\n\nIf you disable this setting or do not configure it, Location Tracking is disabled. Printer proximity is estimated using the standard method (that is, based on IP address and subnet mask).", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers" ], "ValueName": "PhysicalLocationSupport", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Printing.admx", "CategoryName": "CplPrinters", "PolicyName": "PointAndPrint_Restrictions", "Class": "User", "NameSpace": "Microsoft.Policies.Printing", "Supported": "XPSP1_through_Server_2008_RTM - Supported Windows XP SP1 through Windows Server 2008 RTM", "DisplayName": "Point and Print Restrictions", "ExplainText": "This policy setting controls the client Point and Print behavior, including the security prompts for Windows Vista computers. The policy setting applies only to non-Print Administrator clients, and only to computers that are members of a domain.\n\nIf you enable this policy setting:\n-Windows XP and later clients will only download print driver components from a list of explicitly named servers. If a compatible print driver is available on the client, a printer connection will be made. If a compatible print driver is not available on the client, no connection will be made.\n-You can configure Windows Vista clients so that security warnings and elevated command prompts do not appear when users Point and Print, or when printer connection drivers need to be updated.\n\nIf you do not configure this policy setting:\n-Windows Vista client computers can point and print to any server.\n-Windows Vista computers will show a warning and an elevated command prompt when users create a printer connection to any server using Point and Print.\n-Windows Vista computers will show a warning and an elevated command prompt when an existing printer connection driver needs to be updated.\n-Windows Server 2003 and Windows XP client computers can create a printer connection to any server in their forest using Point and Print.\n\nIf you disable this policy setting:\n-Windows Vista client computers can create a printer connection to any server using Point and Print.\n-Windows Vista computers will not show a warning or an elevated command prompt when users create a printer connection to any server using Point and Print.\n-Windows Vista computers will not show a warning or an elevated command prompt when an existing printer connection driver needs to be updated.\n-Windows Server 2003 and Windows XP client computers can create a printer connection to any server using Point and Print.\n-The \"Users can only point and print to computers in their forest\" setting applies only to Windows Server 2003 and Windows XP SP1 (and later service packs).", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows NT\\Printers\\PointAndPrint" ], "ValueName": "Restricted", "Elements": [ { "Type": "Boolean", "ValueName": "TrustedServers", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Text", "ValueName": "ServerList" }, { "Type": "Boolean", "ValueName": "InForest", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Enum", "ValueName": "NoWarningNoElevationOnInstall", "Items": [ { "DisplayName": "Show warning and elevation prompt", "Data": "0" }, { "DisplayName": "Show warning only", "Data": "1" } ] }, { "Type": "Enum", "ValueName": "UpdatePromptSettings", "Items": [ { "DisplayName": "Show warning and elevation prompt", "Data": "0" }, { "DisplayName": "Show warning only", "Data": "1" } ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Printing.admx", "CategoryName": "Printers", "PolicyName": "PointAndPrint_Restrictions_Win7", "Class": "Machine", "NameSpace": "Microsoft.Policies.Printing", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Point and Print Restrictions", "ExplainText": "This policy setting controls the client Point and Print behavior, including the security prompts for Windows Vista computers. The policy setting applies only to non-Print Administrator clients, and only to computers that are members of a domain.\n\nIf you enable this policy setting:\n-Windows XP and later clients will only download print driver components from a list of explicitly named servers. If a compatible print driver is available on the client, a printer connection will be made. If a compatible print driver is not available on the client, no connection will be made.\n-You can configure Windows Vista clients so that security warnings and elevated command prompts do not appear when users Point and Print, or when printer connection drivers need to be updated.\n\nIf you do not configure this policy setting:\n-Windows Vista client computers can point and print to any server.\n-Windows Vista computers will show a warning and an elevated command prompt when users create a printer connection to any server using Point and Print.\n-Windows Vista computers will show a warning and an elevated command prompt when an existing printer connection driver needs to be updated.\n-Windows Server 2003 and Windows XP client computers can create a printer connection to any server in their forest using Point and Print.\n\nIf you disable this policy setting:\n-Windows Vista client computers can create a printer connection to any server using Point and Print.\n-Windows Vista computers will not show a warning or an elevated command prompt when users create a printer connection to any server using Point and Print.\n-Windows Vista computers will not show a warning or an elevated command prompt when an existing printer connection driver needs to be updated.\n-Windows Server 2003 and Windows XP client computers can create a printer connection to any server using Point and Print.\n-The \"Users can only point and print to computers in their forest\" setting applies only to Windows Server 2003 and Windows XP SP1 (and later service packs).", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers\\PointAndPrint" ], "ValueName": "Restricted", "Elements": [ { "Type": "Boolean", "ValueName": "TrustedServers", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Text", "ValueName": "ServerList", "MaxLength": "8192" }, { "Type": "Boolean", "ValueName": "InForest", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Enum", "ValueName": "NoWarningNoElevationOnInstall", "Items": [ { "DisplayName": "Show warning and elevation prompt", "Data": "0" }, { "DisplayName": "Do not show warning or elevation prompt", "Data": "1" } ] }, { "Type": "Enum", "ValueName": "UpdatePromptSettings", "Items": [ { "DisplayName": "Show warning and elevation prompt", "Data": "0" }, { "DisplayName": "Show warning only", "Data": "1" }, { "DisplayName": "Do not show warning or elevation prompt", "Data": "2" } ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Printing.admx", "CategoryName": "CplPrinters", "PolicyName": "PrinterDirectorySearchScope", "Class": "User", "NameSpace": "Microsoft.Policies.Printing", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Default Active Directory path when searching for printers", "ExplainText": "Specifies the Active Directory location where searches for printers begin.\n\nThe Add Printer Wizard gives users the option of searching Active Directory for a shared printer.\n\nIf you enable this policy setting, these searches begin at the location you specify in the \"Default Active Directory path\" box. Otherwise, searches begin at the root of Active Directory.\n\nThis setting only provides a starting point for Active Directory searches for printers. It does not restrict user searches through Active Directory.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows NT\\Printers\\Wizard" ], "Elements": [ { "Type": "Text", "ValueName": "Default Search Scope", "MaxLength": "255" } ] }, { "File": "Printing.admx", "CategoryName": "Printers", "PolicyName": "PrinterServerThread", "Class": "Machine", "NameSpace": "Microsoft.Policies.Printing", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Printer browsing", "ExplainText": "Announces the presence of shared printers to print browse master servers for the domain.\n\nOn domains with Active Directory, shared printer resources are available in Active Directory and are not announced.\n\nIf you enable this setting, the print spooler announces shared printers to the print browse master servers.\n\nIf you disable this setting, shared printers are not announced to print browse master servers, even if Active Directory is not available.\n\nIf you do not configure this setting, shared printers are announced to browse master servers only when Active Directory is not available.\n\nNote: A client license is used each time a client computer announces a printer to a print browse master on the domain.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers" ], "ValueName": "ServerThread", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Printing.admx", "CategoryName": "Printers", "PolicyName": "PrintDriverIsolationExecutionPolicy", "Class": "Machine", "NameSpace": "Microsoft.Policies.Printing", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Execute print drivers in isolated processes", "ExplainText": "This policy setting determines whether the print spooler will execute print drivers in an isolated or separate process. When print drivers are loaded in an isolated process (or isolated processes), a print driver failure will not cause the print spooler service to fail.\n\nIf you enable or do not configure this policy setting, the print spooler will execute print drivers in an isolated process by default.\n\nIf you disable this policy setting, the print spooler will execute print drivers in the print spooler process.\n\nNotes:\n-Other system or driver policy settings may alter the process in which a print driver is executed.\n-This policy setting applies only to print drivers loaded by the print spooler. Print drivers loaded by applications are not affected.\n-This policy setting takes effect without restarting the print spooler service.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers" ], "ValueName": "PrintDriverIsolationExecutionPolicy", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Printing.admx", "CategoryName": "Printers", "PolicyName": "PrintDriverIsolationOverrideCompat", "Class": "Machine", "NameSpace": "Microsoft.Policies.Printing", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Override print driver execution compatibility setting reported by print driver", "ExplainText": "This policy setting determines whether the print spooler will override the Driver Isolation compatibility reported by the print driver. This enables executing print drivers in an isolated process, even if the driver does not report compatibility.\n\nIf you enable this policy setting, the print spooler isolates all print drivers that do not explicitly opt out of Driver Isolation.\n\nIf you disable or do not configure this policy setting, the print spooler uses the Driver Isolation compatibility flag value reported by the print driver.\n\nNotes:\n-Other system or driver policy settings may alter the process in which a print driver is executed.\n-This policy setting applies only to print drivers loaded by the print spooler. Print drivers loaded by applications are not affected.\n-This policy setting takes effect without restarting the print spooler service.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers" ], "ValueName": "PrintDriverIsolationOverrideCompat", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Printing.admx", "CategoryName": "Printers", "PolicyName": "DoNotInstallCompatibleDriverFromWindowsUpdate", "Class": "Machine", "NameSpace": "Microsoft.Policies.Printing", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Extend Point and Print connection to search Windows Update", "ExplainText": "This policy setting allows you to manage where client computers search for Point and Printer drivers.\n\nIf you enable this policy setting, the client computer will continue to search for compatible Point and Print drivers from Windows Update after it fails to find the compatible driver from the local driver store and the server driver cache.\n\nIf you disable this policy setting, the client computer will only search the local driver store and server driver cache for compatible Point and Print drivers. If it is unable to find a compatible driver, then the Point and Print connection will fail.\n\nThis policy setting is not configured by default, and the behavior depends on the version of Windows that you are using.\nBy default, Windows Ultimate, Professional and Home SKUs will continue to search for compatible Point and Print drivers from Windows Update, if needed. However, you must explicitly enable this policy setting for other versions of Windows (for example Windows Enterprise, and all versions of Windows Server 2008 R2 and later) to have the same behavior.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers" ], "ValueName": "DoNotInstallCompatibleDriverFromWindowsUpdate", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "Printing.admx", "CategoryName": "Printers", "PolicyName": "V4DriverDisallowPrinterExtension", "Class": "Machine", "NameSpace": "Microsoft.Policies.Printing", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Do not allow v4 printer drivers to show printer extensions", "ExplainText": "This policy determines if v4 printer drivers are allowed to run printer extensions.\n\nV4 printer drivers may include an optional, customized user interface known as a printer extension. These extensions may provide access to more device features, but this may not be appropriate for all enterprises.\n\nIf you enable this policy setting, then all printer extensions will not be allowed to run.\n\nIf you disable this policy setting or do not configure it, then all printer extensions that have been installed will be allowed to run.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers" ], "ValueName": "V4DriverDisallowPrinterExtension", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Printing.admx", "CategoryName": "Printers", "PolicyName": "MXDWUseLegacyOutputFormatMSXPS", "Class": "Machine", "NameSpace": "Microsoft.Policies.Printing", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Change Microsoft XPS Document Writer (MXDW) default output format to the legacy Microsoft XPS format (*.xps)", "ExplainText": "Microsoft XPS Document Writer (MXDW) generates OpenXPS (*.oxps) files by default in Windows 10, Windows 10 and Windows Server 2025.\n\nIf you enable this group policy setting, the default MXDW output format is the legacy Microsoft XPS (*.xps).\n\nIf you disable or do not configure this policy setting, the default MXDW output format is OpenXPS (*.oxps).", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers" ], "ValueName": "MXDWUseLegacyOutputFormatMSXPS", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Printing.admx", "CategoryName": "Printers", "PolicyName": "ShowJobTitleInEventLogs", "Class": "Machine", "NameSpace": "Microsoft.Policies.Printing", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Allow job name in event logs", "ExplainText": "This policy controls whether the print job name will be included in print event logs.\n\nIf you disable or do not configure this policy setting, the print job name will not be included.\n\nIf you enable this policy setting, the print job name will be included in new log entries.\n\nNote: This setting does not apply to Branch Office Direct Printing jobs.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers" ], "ValueName": "ShowJobTitleInEventLogs", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Printing.admx", "CategoryName": "CplPrinters", "PolicyName": "LegacyDefaultPrinterMode", "Class": "User", "NameSpace": "Microsoft.Policies.Printing", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Turn off Windows default printer management", "ExplainText": "This preference allows you to change default printer management.\n\nIf you enable this setting, Windows will not manage the default printer.\n\nIf you disable this setting, Windows will manage the default printer.\n\nIf you do not configure this setting, default printer management will not change.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows" ], "ValueName": "LegacyDefaultPrinterMode", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Printing.admx", "CategoryName": "Printers", "PolicyName": "EnableDeviceControl", "Class": "Machine", "NameSpace": "Microsoft.Policies.Printing", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Enable Device Control Printing Restrictions", "ExplainText": "Determines whether Device Control Printing Restrictions are enforced for printing on this computer.\n\nBy default, there are no restrictions to printing based on connection type or printer Make/Model.\n\nIf you enable this setting, the computer will restrict printing to printer connections on the corporate network or approved USB-connected printers.\n\nIf you disable this setting or do not configure it, there are no restrictions to printing based on connection type or printer Make/Model.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers" ], "ValueName": "EnableDeviceControl", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Printing.admx", "CategoryName": "Printers", "PolicyName": "ApprovedUsbPrintDevices", "Class": "Machine", "NameSpace": "Microsoft.Policies.Printing", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "List of Approved USB-connected print devices", "ExplainText": "This setting is a component of the Device Control Printing Restrictions. To use this setting, enable Device Control Printing by enabling the \"Enable Device Control Printing Restrictions\" setting.\n\nWhen Device Control Printing is enabled, the system uses the specified list of vid/pid values to determine if the current USB connected printer is approved for local printing.\n\nType all the approved vid/pid combinations (separated by commas) that correspond to approved USB printer models. When a user tries to print to a USB printer queue the device vid/pid will be compared to the approved list.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers" ], "Elements": [ { "Type": "Text", "ValueName": "ApprovedUsbPrintDevices", "MaxLength": "1024" } ] }, { "File": "Printing.admx", "CategoryName": "CplPrinters", "PolicyName": "EnableDeviceControlUser", "Class": "User", "NameSpace": "Microsoft.Policies.Printing", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Enable Device Control Printing Restrictions", "ExplainText": "Determines whether Device Control Printing Restrictions are enforced for printing on this computer.\n\nBy default, there are no restrictions to printing based on connection type or printer Make/Model.\n\nIf you enable this setting, the computer will restrict printing to printer connections on the corporate network or approved USB-connected printers.\n\nIf you disable this setting or do not configure it, there are no restrictions to printing based on connection type or printer Make/Model.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows NT\\Printers" ], "ValueName": "EnableDeviceControl", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Printing.admx", "CategoryName": "CplPrinters", "PolicyName": "ApprovedUsbPrintDevicesUser", "Class": "User", "NameSpace": "Microsoft.Policies.Printing", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "List of Approved USB-connected print devices", "ExplainText": "This setting is a component of the Device Control Printing Restrictions. To use this setting, enable Device Control Printing by enabling the \"Enable Device Control Printing Restrictions\" setting.\n\nWhen Device Control Printing is enabled, the system uses the specified list of vid/pid values to determine if the current USB connected printer is approved for local printing.\n\nType all the approved vid/pid combinations (separated by commas) that correspond to approved USB printer models. When a user tries to print to a USB printer queue the device vid/pid will be compared to the approved list.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows NT\\Printers" ], "Elements": [ { "Type": "Text", "ValueName": "ApprovedUsbPrintDevices", "MaxLength": "1024" } ] }, { "File": "Printing.admx", "CategoryName": "Printers", "PolicyName": "RestrictDriverInstallationToAdministrators", "Class": "Machine", "NameSpace": "Microsoft.Policies.Printing", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Limits print driver installation to Administrators", "ExplainText": "Determines whether users that aren't Administrators can install print drivers on this computer.\n\nBy default, users that aren't Administrators can't install print drivers on this computer.\n\nIf you enable this setting or do not configure it, the system will limit installation of print drivers to Administrators of this computer.\n\nIf you disable this setting, the system won't limit installation of print drivers to this computer.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers\\PointAndPrint" ], "ValueName": "RestrictDriverInstallationToAdministrators", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Printing.admx", "CategoryName": "Printers", "PolicyName": "ConfigureCopyFilesPolicy", "Class": "Machine", "NameSpace": "Microsoft.Policies.Printing", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Manage processing of Queue-specific files", "ExplainText": "Manages how Queue-specific files are processed during printer installation. At printer installation time, a vendor-supplied installation application can specify a set of files, of any type, to be associated with a particular print queue. The files are downloaded to each client that connects to the print server.\n\nYou can enable this setting to change the default behavior involving queue-specific files. To use this setting, select one of the options below from the \"Manage processing of Queue-specific files\" box.\n\nIf you disable or do not configure this policy setting, the default behavior is \"Limit Queue-specific files to Color profiles\".\n\n-- \"Do not allow Queue-specific files\" specifies that no queue-specific files will be allowed/processed during print queue/printer connection installation.\n\n-- \"Limit Queue-specific files to Color profiles\" specifies that only queue-specific files that adhere to the standard color profile scheme will be allowed. This means entries using the Registry Key CopyFiles\\ICM, containing a Directory value of COLOR and supporting mscms.dll as the Module value. \"Limit Queue-specific files to Color profiles\" is the default behavior.\n\n-- \"Allow all Queue-specific files\" specifies that all queue-specific files will be allowed/processed during print queue/printer connection installation.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers" ], "Elements": [ { "Type": "Enum", "ValueName": "CopyFilesPolicy", "Items": [ { "DisplayName": "Do not allow Queue-specific files", "Data": "0" }, { "DisplayName": "Limit Queue-specific files to Color profiles", "Data": "1" }, { "DisplayName": "Allow all Queue-specfic files", "Data": "2" } ] } ] }, { "File": "Printing.admx", "CategoryName": "Printers", "PolicyName": "ConfigureDriverValidationLevel", "Class": "Machine", "NameSpace": "Microsoft.Policies.Printing", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Manage Print Driver signature validation", "ExplainText": "This policy setting controls the print driver signature validation mechanism. This policy controls the type of digital signature that is required for a print driver to be considered valid and installed on the system.\n\nAs part of this validation the catalog/embedded signature is verified and all files in the driver must be a part of the catalog or have their own embedded signature that can be used for validation.\n\nYou can enable this setting to change the default signature validation method. To use this setting, select one of the options below from the \"Select the driver signature mechanism for this computer\" box.\n\nIf you disable or do not configure this policy setting, the default method is \"Allow all validly signed drivers\".\n\n-- \"Require inbox signed drivers\" specifies only drivers that are shipped as part of a Windows image are allowed on this computer.\n\n-- \"Allow inbox and PrintDrivers Trusted Store signed drivers\" specifies only drivers that are shipped as part of a Windows image or drivers that are signed by certificates installed in the 'PrintDrivers' certificate store are allowed on this computer.\n\n-- \"Allow inbox, PrintDrivers Trusted Store, and WHQL signed drivers\" specifies the only drivers allowed on this computer are those that are: shipped as part of a Windows image, signed by certificates installed in the 'PrintDrivers' certificate store, or signed by the Windows Hardware Quality Lab (WHQL).\n\n-- \"Allow inbox, PrintDrivers Trusted Store, WHQL, and Trusted Publishers Store signed drivers\" specifies the only drivers allowed on this computer are those that are: shipped as part of a Windows image, signed by certificates installed in the 'PrintDrivers' certificate store, signed by the Windows Hardware Quality Lab (WHQL), or signed by certificates installed in the 'Trusted Publishers' certificate store.\n\n-- \"Allow all validly signed drivers\" specfies that any print driver that has a valid embedded signature or can be validated against the print driver catalog can be installed on this computer.\n\nThe 'PrintDrivers' certificate store needs to be created by an administrator under the local machine store location.\n\nThe 'Trusted Publishers' certificate store can contain certificates from sources that are not related to print drivers.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers\\Driver" ], "Elements": [ { "Type": "Enum", "ValueName": "ValidationLevel", "Items": [ { "DisplayName": "Require inbox signed drivers", "Data": "0" }, { "DisplayName": "Allow inbox and Print Drivers Trusted Store signed drivers", "Data": "1" }, { "DisplayName": "Allow inbox, Print Drivers Trusted Store, and WHQL signed drivers", "Data": "2" }, { "DisplayName": "Allow inbox, Print Drivers Trusted Store, WHQL, and Trusted Publisher Store signed drivers", "Data": "3" }, { "DisplayName": "Allow all validly signed drivers", "Data": "4" } ] } ] }, { "File": "Printing.admx", "CategoryName": "Printers", "PolicyName": "ManageDriverExclusionList", "Class": "Machine", "NameSpace": "Microsoft.Policies.Printing", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Manage Print Driver exclusion list", "ExplainText": "This policy setting controls the print driver exclusion list. The exclusion list allows an administrator to curate a list of printer drivers that are not allowed to be installed on the system.\n\nThis checks outranks the signature check and allows drivers that have a valid signature level for the Print Driver signature validation policy to be excluded.\n\nEntries in the exclusion list consist of a SHA256 hash (or SHA1 hash for Win7) of the INF file and/or main driver DLL file of the driver and the name of the file.\n\nIf you disable or do not configure this policy setting, the registry key and values associated with this policy setting will be deleted, if currently set to a value.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers" ], "ValueName": "Driver", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers\\Driver\\ExclusionList" ] } ] }, { "File": "Printing.admx", "CategoryName": "Printers", "PolicyName": "ConfigureRpcListenerPolicy", "Class": "Machine", "NameSpace": "Microsoft.Policies.Printing", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Configure RPC listener settings", "ExplainText": "This policy setting controls which protocols incoming RPC connections to the print spooler are allowed to use.\n\nBy default, RPC over TCP is enabled and Negotiate is used for the authentication protocol.\n\nProtocols to allow for incoming RPC connections:\n-- \"RPC over named pipes\": Incoming RPC connections are only allowed over named pipes\n-- \"RPC over TCP\": Incoming RPC connections are only allowed over TCP (the default option)\n-- \"RPC over named pipes and TCP\": Incoming RPC connections will be allowed over TCP and named pipes\n\nAuthentication protocol to use for incoming RPC connections:\n-- \"Negotiate\": Use the Negotiate authentication protocol (the default option)\n-- \"Kerberos\": Use the Kerberos authentication protocol\n\nIf you disable or do not configure this policy setting, the above defaults will be used.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers\\RPC" ], "Elements": [ { "Type": "Enum", "ValueName": "RpcProtocols", "Items": [ { "DisplayName": "RPC over named pipes", "Data": "3" }, { "DisplayName": "RPC over TCP", "Data": "5" }, { "DisplayName": "RPC over named pipes and TCP", "Data": "7" } ] }, { "Type": "Enum", "ValueName": "ForceKerberosForRpc", "Items": [ { "DisplayName": "Negotiate", "Data": "0" }, { "DisplayName": "Kerberos", "Data": "1" } ] } ] }, { "File": "Printing.admx", "CategoryName": "Printers", "PolicyName": "ConfigureRpcConnectionPolicy", "Class": "Machine", "NameSpace": "Microsoft.Policies.Printing", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Configure RPC connection settings", "ExplainText": "This policy setting controls which protocol and protocol settings to use for outgoing RPC connections to a remote print spooler.\n\nBy default, RPC over TCP is used and authentication is always enabled. For RPC over named pipes, authentication is always enabled for domain joined machines but disabled for non domain joined machines.\n\nProtocol to use for outgoing RPC connections:\n-- \"RPC over TCP\": Use RPC over TCP for outgoing RPC connections to a remote print spooler\n-- \"RPC over named pipes\": Use RPC over named pipes for outgoing RPC connections to a remote print spooler\n\nUse authentication for outgoing RPC over named pipes connections:\n-- \"Default\": By default domain joined computers enable RPC authentication for RPC over named pipes while non domain joined computers disable RPC authentication for RPC over named pipes\n-- \"Authentication enabled\": RPC authentication will be used for outgoing RPC over named pipes connections\n-- \"Authentication disabled\": RPC authentication will not be used for outgoing RPC over named pipes connections\n\nIf you disable or do not configure this policy setting, the above defaults will be used.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers\\RPC" ], "Elements": [ { "Type": "Enum", "ValueName": "RpcUseNamedPipeProtocol", "Items": [ { "DisplayName": "RPC over TCP", "Data": "0" }, { "DisplayName": "RPC over named pipes", "Data": "1" } ] }, { "Type": "Enum", "ValueName": "RpcAuthentication", "Items": [ { "DisplayName": "Default", "Data": "0" }, { "DisplayName": "Authentication enabled", "Data": "1" }, { "DisplayName": "Authentication disabled", "Data": "2" } ] } ] }, { "File": "Printing.admx", "CategoryName": "Printers", "PolicyName": "ConfigureRpcTcpPort", "Class": "Machine", "NameSpace": "Microsoft.Policies.Printing", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Configure RPC over TCP port", "ExplainText": "This policy setting controls which port is used for RPC over TCP for incoming connections to the print spooler and outgoing connections to remote print spoolers.\n\nBy default dynamic TCP ports are used.\n\nRPC over TCP port:\n-- The port to use for RPC over TCP. A value of 0 is the default and indicates that dynamic TCP ports will be used\n\nIf you disable or do not configure this policy setting, dynamic TCP ports are used.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers\\RPC" ], "Elements": [ { "Type": "Decimal", "ValueName": "RpcTcpPort", "MinValue": "0", "MaxValue": "65535" } ] }, { "File": "Printing.admx", "CategoryName": "Printers", "PolicyName": "ConfigureRpcAuthnLevelPrivacyEnabled", "Class": "Machine", "NameSpace": "Microsoft.Policies.Printing", "Supported": "Windows_11_0_24H2 - At least Windows 11 Version 24H2", "DisplayName": "Configure RPC packet level privacy setting for incoming connections", "ExplainText": "This policy setting controls whether packet level privacy is enabled for RPC for incoming connections.\n\nBy default packet level privacy is enabled for RPC for incoming connections.\n\nIf you enable or do not configure this policy setting, packet level privacy is enabled for RPC for incoming connections.", "KeyPath": [ "HKLM\\System\\CurrentControlSet\\Control\\Print" ], "ValueName": "RpcAuthnLevelPrivacyEnabled", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Printing.admx", "CategoryName": "Printers", "PolicyName": "ConfigureIppPageCountsPolicy", "Class": "Machine", "NameSpace": "Microsoft.Policies.Printing", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Always send job page count information for IPP printers", "ExplainText": "Determines whether to always send page count information for accounting purposes for printers using the Microsoft IPP Class Driver.\n\nBy default, pages are sent to the printer as soon as they are rendered and page count information is not sent to the printer unless pages must be reordered.\n\nIf you enable this setting the system will render all print job pages up front and send the printer the total page count for the print job.\n\nIf you disable this setting or do not configure it, pages are printed as soon as they are rendered and page counts are only sent when page reordering is required to process the job.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers\\IPP" ], "ValueName": "AlwaysSendIppPageCounts", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Printing.admx", "CategoryName": "Printers", "PolicyName": "RequireIppsPolicy", "Class": "Machine", "NameSpace": "Microsoft.Policies.Printing", "Supported": "Windows_11_0_24H2 - At least Windows 11 Version 24H2", "DisplayName": "Require IPPS for IPP printers", "ExplainText": "Determines whether communication with printers using the Microsoft IPP Class Driver must use IPPS (which uses TLS for secure communication).\n\nIf you enable this policy setting, then only IPP printers which support IPPS can be installed.\n\nIf you disable this setting or do not configure it, the default is to allow installation of IPP printers which do not support IPPS.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers\\IPP" ], "ValueName": "RequireIpps", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Printing.admx", "CategoryName": "Printers", "PolicyName": "ConfigureIppTlsCertificatePolicy", "Class": "Machine", "NameSpace": "Microsoft.Policies.Printing", "Supported": "Windows_11_0_24H2 - At least Windows 11 Version 24H2", "DisplayName": "Set TLS/SSL security policy for IPP printers", "ExplainText": "Determines the TLS/SSL security policy (WINHTTP_OPTION_SECURITY_FLAGS) for printers using the Microsoft IPP Class Driver.\n\nBy default, security policy is set to ignore all certificate errors, allowing use of self-signed certificates for printers.\n\nIf you enable this setting the system defaults to enabling all certificate checking, disallowing certificate errors. Specific certificate checking can be set with the given checkboxes.\n\nIf you disable this setting or do not configure it, the default is to ignore all certificate errors (all checkboxes unchecked).", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers\\IPP" ], "Elements": [ { "Type": "Boolean", "ValueName": "SecurityFlagsBlockUnknownCA", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "SecurityFlagsBlockCertWrongUsage", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "SecurityFlagsBlockCertCNInvalid", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "SecurityFlagsBlockCertDateInvalid", "TrueValue": "1", "FalseValue": "0" } ] }, { "File": "Printing.admx", "CategoryName": "Printers", "PolicyName": "ConfigureRedirectionGuardPolicy", "Class": "Machine", "NameSpace": "Microsoft.Policies.Printing", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Configure Redirection Guard", "ExplainText": "Determines whether Redirection Guard is enabled for the print spooler.\n\nYou can enable this setting to configure the Redirection Guard policy being applied to spooler.\n\nIf you disable or do not configure this policy setting, Redirection Guard will default to being 'Enabled'.\n\nIf you enable this setting you may select the following options:\n\n-- Enabled : Redirection Guard will prevent any file redirections from being followed\n\n-- Disabed : Redirection Guard will not be enabled and file redirections may be used within the spooler process\n\n-- Audit : Redirection Guard will log events as though it were enabled but will not actually prevent file redirections from being used within the spooler.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers" ], "Elements": [ { "Type": "Enum", "ValueName": "RedirectionGuardPolicy", "Items": [ { "DisplayName": "Redirection Guard Disabled", "Data": "0" }, { "DisplayName": "Redirection Guard Enabled", "Data": "1" }, { "DisplayName": "Redirection Guard Audit Only", "Data": "2" } ] } ] }, { "File": "Printing.admx", "CategoryName": "Printers", "PolicyName": "ConfigureWindowsProtectedPrint", "Class": "Machine", "NameSpace": "Microsoft.Policies.Printing", "Supported": "Windows_11_0_24H2 - At least Windows 11 Version 24H2", "DisplayName": "Configure Windows protected print", "ExplainText": "Determines whether Windows protected print is enabled on this computer.\n\nBy default, Windows protected print is not enabled and there are not any restrictions on the print drivers that can be installed or print functionality.\n\nIf you enable this setting, the computer will operate in Windows protected print mode which only allows printing to printers that support a subset of inbox Windows print drivers.\n\nIf you disable this setting or do not configure it, there are not any restrictions on the print drivers that can be installed or print functionality.\n\nFor more information, please see https://learn.microsoft.com/en-us/windows-hardware/drivers/print/windows-protected-print-mode", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers\\WPP" ], "ClientExtension": "{9F02E2F5-5A41-4D1A-B473-4617E84BC957}", "ValueName": "WindowsProtectedPrintGroupPolicyState", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Printing2.admx", "CategoryName": "Printers", "PolicyName": "RegisterSpoolerRemoteRpcEndPoint", "Class": "Machine", "NameSpace": "Microsoft.Policies.Printing.2", "Supported": "WindowsNET - At least Windows Server 2003", "DisplayName": "Allow Print Spooler to accept client connections", "ExplainText": "This policy controls whether the print spooler will accept client connections.\n\nWhen the policy is unconfigured or enabled, the spooler will always accept client connections.\n\nWhen the policy is disabled, the spooler will not accept client connections nor allow users to share printers. All printers currently shared will continue to be shared.\n\nThe spooler must be restarted for changes to this policy to take effect.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers" ], "ValueName": "RegisterSpoolerRemoteRpcEndPoint", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "2" } ] }, { "File": "Printing2.admx", "CategoryName": "Printers", "PolicyName": "AutoPublishing", "Class": "Machine", "NameSpace": "Microsoft.Policies.Printing.2", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Automatically publish new printers in Active Directory", "ExplainText": "Determines whether the Add Printer Wizard automatically publishes the computer's shared printers in Active Directory.\n\nIf you enable this setting or do not configure it, the Add Printer Wizard automatically publishes all shared printers.\n\nIf you disable this setting, the Add Printer Wizard does not automatically publish printers. However, you can publish shared printers manually.\n\nThe default behavior is to automatically publish shared printers in Active Directory.\n\nNote: This setting is ignored if the \"Allow printers to be published\" setting is disabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers\\Wizard" ], "ValueName": "Auto Publishing", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Printing2.admx", "CategoryName": "Printers", "PolicyName": "PruneDownlevel", "Class": "Machine", "NameSpace": "Microsoft.Policies.Printing.2", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Prune printers that are not automatically republished", "ExplainText": "Determines whether the pruning service on a domain controller prunes printer objects that are not automatically republished whenever the host computer does not respond,just as it does with Windows 2000 printers. This setting applies to printers running operating systems other than Windows 2000 and to Windows 2000 printers published outside their forest.\n\nThe Windows pruning service prunes printer objects from Active Directory when the computer that published them does not respond to contact requests. Computers running Windows 2000 Professional detect and republish deleted printer objects when they rejoin the network. However, because non-Windows 2000 computers and computers in other domains cannot republish printers in Active Directory automatically, by default, the system never prunes their printer objects.\n\nYou can enable this setting to change the default behavior. To use this setting, select one of the following options from the \"Prune non-republishing printers\" box:\n\n-- \"Never\" specifies that printer objects that are not automatically republished are never pruned. \"Never\" is the default.\n\n-- \"Only if Print Server is found\" prunes printer objects that are not automatically republished only when the print server responds, but the printer is unavailable.\n\n-- \"Whenever printer is not found\" prunes printer objects that are not automatically republished whenever the host computer does not respond, just as it does with Windows 2000 printers.\n\nNote: This setting applies to printers published by using Active Directory Users and Computers or Pubprn.vbs. It does not apply to printers published by using Printers in Control Panel.\n\nTip: If you disable automatic pruning, remember to delete printer objects manually whenever you remove a printer or print server.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers" ], "Elements": [ { "Type": "Enum", "ValueName": "PruneDownlevel", "Items": [ { "DisplayName": "Never", "Data": "0" }, { "DisplayName": "Only if Print Server is found", "Data": "1" }, { "DisplayName": "Whenever printer is not found", "Data": "2" } ] } ] }, { "File": "Printing2.admx", "CategoryName": "Printers", "PolicyName": "PruningInterval", "Class": "Machine", "NameSpace": "Microsoft.Policies.Printing.2", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Directory pruning interval", "ExplainText": "Specifies how often the pruning service on a domain controller contacts computers to verify that their printers are operational.\n\nThe pruning service periodically contacts computers that have published printers. If a computer does not respond to the contact message (optionally, after repeated attempts), the pruning service \"prunes\" (deletes from Active Directory) printer objects the computer has published.\n\nBy default, the pruning service contacts computers every eight hours and allows two repeated contact attempts before deleting printers from Active Directory.\n\nIf you enable this setting, you can change the interval between contact attempts.\n\nIf you do not configure or disable this setting the default values will be used.\n\nNote: This setting is used only on domain controllers.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers" ], "Elements": [ { "Type": "Enum", "ValueName": "PruningInterval", "Items": [ { "DisplayName": "Continuous", "Data": "0" }, { "DisplayName": "10 Minutes", "Data": "10" }, { "DisplayName": "30 Minutes", "Data": "30" }, { "DisplayName": "1 Hour", "Data": "60" }, { "DisplayName": "4 Hours", "Data": "240" }, { "DisplayName": "8 Hours", "Data": "480" }, { "DisplayName": "12 Hours", "Data": "720" }, { "DisplayName": "1 Day", "Data": "1440" }, { "DisplayName": "2 Days", "Data": "2880" }, { "DisplayName": "3 Days", "Data": "4320" }, { "DisplayName": "4 Days", "Data": "5760" }, { "DisplayName": "5 Days", "Data": "7200" }, { "DisplayName": "6 Days", "Data": "8640" }, { "DisplayName": "1 Week", "Data": "10080" }, { "DisplayName": "2 Weeks", "Data": "20160" }, { "DisplayName": "3 Weeks", "Data": "30240" }, { "DisplayName": "4 Weeks", "Data": "40320" }, { "DisplayName": "5 Weeks", "Data": "50400" }, { "DisplayName": "6 Weeks", "Data": "60480" }, { "DisplayName": "7 Weeks", "Data": "70560" }, { "DisplayName": "Infinite", "Data": "4294967295" } ] } ] }, { "File": "Printing2.admx", "CategoryName": "Printers", "PolicyName": "PruningPriority", "Class": "Machine", "NameSpace": "Microsoft.Policies.Printing.2", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Directory pruning priority", "ExplainText": "Sets the priority of the pruning thread.\n\nThe pruning thread, which runs only on domain controllers, deletes printer objects from Active Directory if the printer that published the object does not respond to contact attempts. This process keeps printer information in Active Directory current.\n\nThe thread priority influences the order in which the thread receives processor time and determines how likely it is to be preempted by higher priority threads.\n\nBy default, the pruning thread runs at normal priority. However, you can adjust the priority to improve the performance of this service.\n\nNote: This setting is used only on domain controllers.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers" ], "Elements": [ { "Type": "Enum", "ValueName": "PruningPriority", "Items": [ { "DisplayName": "Lowest", "Data": "4294967294" }, { "DisplayName": "Below Normal", "Data": "4294967295" }, { "DisplayName": "Normal", "Data": "0" }, { "DisplayName": "Above Normal", "Data": "1" }, { "DisplayName": "Highest", "Data": "2" } ] } ] }, { "File": "Printing2.admx", "CategoryName": "Printers", "PolicyName": "PruningRetries", "Class": "Machine", "NameSpace": "Microsoft.Policies.Printing.2", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Directory pruning retry", "ExplainText": "Specifies how many times the pruning service on a domain controller repeats its attempt to contact a computer before pruning the computer's printers.\n\nThe pruning service periodically contacts computers that have published printers to verify that the printers are still available for use. If a computer does not respond to the contact message, the message is repeated for the specified number of times. If the computer still fails to respond, then the pruning service \"prunes\" (deletes from Active Directory) printer objects the computer has published.\n\nBy default, the pruning service contacts computers every eight hours and allows two retries before deleting printers from Active Directory. You can use this setting to change the number of retries.\n\nIf you enable this setting, you can change the interval between attempts.\n\nIf you do not configure or disable this setting, the default values are used.\n\nNote: This setting is used only on domain controllers.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers" ], "Elements": [ { "Type": "Enum", "ValueName": "PruningRetries", "Items": [ { "DisplayName": "No Retry", "Data": "0" }, { "DisplayName": "1 Retry", "Data": "1" }, { "DisplayName": "2 Retries", "Data": "2" }, { "DisplayName": "3 Retries", "Data": "3" }, { "DisplayName": "4 Retries", "Data": "4" }, { "DisplayName": "5 Retries", "Data": "5" }, { "DisplayName": "6 Retries", "Data": "6" } ] } ] }, { "File": "Printing2.admx", "CategoryName": "Printers", "PolicyName": "PruningRetryLog", "Class": "Machine", "NameSpace": "Microsoft.Policies.Printing.2", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Log directory pruning retry events", "ExplainText": "Specifies whether or not to log events when the pruning service on a domain controller attempts to contact a computer before pruning the computer's printers.\n\nThe pruning service periodically contacts computers that have published printers to verify that the printers are still available for use. If a computer does not respond to the contact attempt, the attempt is retried a specified number of times, at a specified interval. The \"Directory pruning retry\" setting determines the number of times the attempt is retried; the default value is two retries. The \"Directory Pruning Interval\" setting determines the time interval between retries; the default value is every eight hours. If the computer has not responded by the last contact attempt, its printers are pruned from the directory.\n\nIf you enable this policy setting, the contact events are recorded in the event log.\n\nIf you disable or do not configure this policy setting, the contact events are not recorded in the event log.\n\nNote: This setting does not affect the logging of pruning events; the actual pruning of a printer is always logged.\n\nNote: This setting is used only on domain controllers.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers" ], "ValueName": "PruningRetryLog", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Printing2.admx", "CategoryName": "Printers", "PolicyName": "PublishPrinters", "Class": "Machine", "NameSpace": "Microsoft.Policies.Printing.2", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Allow printers to be published", "ExplainText": "Determines whether the computer's shared printers can be published in Active Directory.\n\nIf you enable this setting or do not configure it, users can use the \"List in directory\" option in the Printer's Properties' Sharing tab to publish shared printers in Active Directory.\n\nIf you disable this setting, this computer's shared printers cannot be published in Active Directory, and the \"List in directory\" option is not available.\n\nNote: This settings takes priority over the setting \"Automatically publish new printers in the Active Directory\".", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers" ], "ValueName": "PublishPrinters", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Printing2.admx", "CategoryName": "Printers", "PolicyName": "VerifyPublishedState", "Class": "Machine", "NameSpace": "Microsoft.Policies.Printing.2", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Check published state", "ExplainText": "Directs the system to periodically verify that the printers published by this computer still appear in Active Directory. This setting also specifies how often the system repeats the verification.\n\nBy default, the system only verifies published printers at startup. This setting allows for periodic verification while the computer is operating.\n\nTo enable this additional verification, enable this setting, and then select a verification interval.\n\nTo disable verification, disable this setting, or enable this setting and select \"Never\" for the verification interval.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers" ], "Elements": [ { "Type": "Enum", "ValueName": "VerifyPublishedState", "Items": [ { "DisplayName": "30 Minutes", "Data": "30" }, { "DisplayName": "1 Hour", "Data": "60" }, { "DisplayName": "4 Hours", "Data": "240" }, { "DisplayName": "8 Hours", "Data": "480" }, { "DisplayName": "12 Hours", "Data": "720" }, { "DisplayName": "1 Day", "Data": "1440" }, { "DisplayName": "Never", "Data": "4294967295" } ] } ] }, { "File": "Printing2.admx", "CategoryName": "Printers", "PolicyName": "ImmortalPrintQueue", "Class": "Machine", "NameSpace": "Microsoft.Policies.Printing.2", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Allow pruning of published printers", "ExplainText": "Determines whether the domain controller can prune (delete from Active Directory) the printers published by this computer.\n\nBy default, the pruning service on the domain controller prunes printer objects from Active Directory if the computer that published them does not respond to contact requests. When the computer that published the printers restarts, it republishes any deleted printer objects.\n\nIf you enable this setting or do not configure it, the domain controller prunes this computer's printers when the computer does not respond.\n\nIf you disable this setting, the domain controller does not prune this computer's printers. This setting is designed to prevent printers from being pruned when the computer is temporarily disconnected from the network.\n\nNote: You can use the \"Directory Pruning Interval\" and \"Directory Pruning Retry\" settings to adjust the contact interval and number of contact attempts.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Printers" ], "ValueName": "Immortal", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "Programs.admx", "CategoryName": "Calculator", "PolicyName": "AllowGraphingCalculator", "Class": "User", "NameSpace": "Microsoft.Policies.Programs", "Supported": "Windows_10_0_19H1", "DisplayName": "Allow Graphing Calculator", "ExplainText": "This policy setting allows you to control whether graphing functionality is available in the Windows Calculator app. If you disable this policy setting, graphing functionality will not be accessible in the Windows Calculator app. If you enable or don't configure this policy setting, users will be able to access graphing functionality.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Calculator" ], "ValueName": "AllowGraphingCalculator", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Programs.admx", "CategoryName": "SnippingTool", "PolicyName": "AllowScreenRecorder", "Class": "User", "NameSpace": "Microsoft.Policies.Programs", "Supported": "Windows_11_0_22H2 - At least Windows 11 Version 22H2", "DisplayName": "Allow Screen Recorder", "ExplainText": "This policy setting allows you to control whether screen recording functionality is available in the Windows Snipping Tool app. If you disable this policy setting, screen recording functionality will not be accessible in the Windows Snipping Tool app. If you enable or don't configure this policy setting, users will be able to access screen recording functionality.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\SnippingTool" ], "ValueName": "AllowScreenRecorder", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Programs.admx", "CategoryName": "Programs", "PolicyName": "NoProgramsCPL", "Class": "User", "NameSpace": "Microsoft.Policies.Programs", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Hide the Programs Control Panel", "ExplainText": "This setting prevents users from using the Programs Control Panel in Category View and Programs and Features in Classic View.\n\nThe Programs Control Panel allows users to uninstall, change, and repair programs, enable and disable Windows Features, set program defaults, view installed updates, and purchase software from Windows Marketplace. Programs published or assigned to the user by the system administrator also appear in the Programs Control Panel.\n\nIf this setting is disabled or not configured, the Programs Control Panel in Category View and Programs and Features in Classic View will be available to all users.\n\nWhen enabled, this setting takes precedence over the other settings in this folder.\n\nThis setting does not prevent users from using other tools and methods to install or uninstall programs.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Programs" ], "ValueName": "NoProgramsCPL", "Elements": [] }, { "File": "Programs.admx", "CategoryName": "Programs", "PolicyName": "NoProgramsAndFeatures", "Class": "User", "NameSpace": "Microsoft.Policies.Programs", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Hide \"Programs and Features\" page", "ExplainText": "This setting prevents users from accessing \"Programs and Features\" to view, uninstall, change, or repair programs that are currently installed on the computer.\n\nIf this setting is disabled or not configured, \"Programs and Features\" will be available to all users.\n\nThis setting does not prevent users from using other tools and methods to view or uninstall programs. It also does not prevent users from linking to related Programs Control Panel Features including Windows Features, Get Programs, or Windows Marketplace.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Programs" ], "ValueName": "NoProgramsAndFeatures", "Elements": [] }, { "File": "Programs.admx", "CategoryName": "Programs", "PolicyName": "NoInstalledUpdates", "Class": "User", "NameSpace": "Microsoft.Policies.Programs", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Hide \"Installed Updates\" page", "ExplainText": "This setting prevents users from accessing \"Installed Updates\" page from the \"View installed updates\" task.\n\n\"Installed Updates\" allows users to view and uninstall updates currently installed on the computer. The updates are often downloaded directly from Windows Update or from various program publishers.\n\nIf this setting is disabled or not configured, the \"View installed updates\" task and the \"Installed Updates\" page will be available to all users.\n\nThis setting does not prevent users from using other tools and methods to install or uninstall programs.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Programs" ], "ValueName": "NoInstalledUpdates", "Elements": [] }, { "File": "Programs.admx", "CategoryName": "Programs", "PolicyName": "NoDefaultPrograms", "Class": "User", "NameSpace": "Microsoft.Policies.Programs", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Hide \"Set Program Access and Computer Defaults\" page", "ExplainText": "This setting removes the Set Program Access and Defaults page from the Programs Control Panel. As a result, users cannot view or change the associated page.\n\nThe Set Program Access and Computer Defaults page allows administrators to specify default programs for certain activities, such as Web browsing or sending e-mail, as well as specify the programs that are accessible from the Start menu, desktop, and other locations.\n\nIf this setting is disabled or not configured, the Set Program Access and Defaults button is available to all users.\n\nThis setting does not prevent users from using other tools and methods to change program access or defaults.\n\nThis setting does not prevent the Default Programs icon from appearing on the Start menu.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Programs" ], "ValueName": "NoDefaultPrograms", "Elements": [] }, { "File": "Programs.admx", "CategoryName": "Programs", "PolicyName": "NoWindowsMarketplace", "Class": "User", "NameSpace": "Microsoft.Policies.Programs", "Supported": "WindowsVistaOnly - Windows Vista only", "DisplayName": "Hide \"Windows Marketplace\"", "ExplainText": "This setting prevents users from access the \"Get new programs from Windows Marketplace\" task from the Programs Control Panel in Category View, Programs and Features in Classic View, and Get Programs.\n\nWindows Marketplace allows users to purchase and/or download various programs to their computer for installation.\n\nEnabling this feature does not prevent users from navigating to Windows Marketplace using other methods.\n\nIf this feature is disabled or is not configured, the \"Get new programs from Windows Marketplace\" task link will be available to all users.\n\nNote: If the \"Hide Programs control Panel\" setting is enabled, this setting is ignored.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Programs" ], "ValueName": "NoWindowsMarketplace", "Elements": [] }, { "File": "Programs.admx", "CategoryName": "Programs", "PolicyName": "NoGetPrograms", "Class": "User", "NameSpace": "Microsoft.Policies.Programs", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Hide \"Get Programs\" page", "ExplainText": "Prevents users from viewing or installing published programs from the network.\n\nThis setting prevents users from accessing the \"Get Programs\" page from the Programs Control Panel in Category View, Programs and Features in Classic View and the \"Install a program from the netowrk\" task. The \"Get Programs\" page lists published programs and provides an easy way to install them.\n\nPublished programs are those programs that the system administrator has explicitly made available to the user with a tool such as Windows Installer. Typically, system administrators publish programs to notify users of their availability, to recommend their use, or to enable users to install them without having to search for installation files.\n\nIf this setting is enabled, users cannot view the programs that have been published by the system administrator, and they cannot use the \"Get Programs\" page to install published programs. Enabling this feature does not prevent users from installing programs by using other methods. Users will still be able to view and installed assigned (partially installed) programs that are offered on the desktop or on the Start menu.\n\nIf this setting is disabled or is not configured, the \"Install a program from the network\" task to the \"Get Programs\" page will be available to all users.\n\nNote: If the \"Hide Programs Control Panel\" setting is enabled, this setting is ignored.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Programs" ], "ValueName": "NoGetPrograms", "Elements": [] }, { "File": "Programs.admx", "CategoryName": "Programs", "PolicyName": "NoWindowsFeatures", "Class": "User", "NameSpace": "Microsoft.Policies.Programs", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Hide \"Windows Features\"", "ExplainText": "This setting prevents users from accessing the \"Turn Windows features on or off\" task from the Programs Control Panel in Category View, Programs and Features in Classic View, and Get Programs. As a result, users cannot view, enable, or disable various Windows features and services.\n\nIf this setting is disabled or is not configured, the \"Turn Windows features on or off\" task will be available to all users.\n\nThis setting does not prevent users from using other tools and methods to configure services or enable or disable program components.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Programs" ], "ValueName": "NoWindowsFeatures", "Elements": [] }, { "File": "PushToInstall.admx", "CategoryName": "PushToInstall", "PolicyName": "DisablePushToInstall", "Class": "Machine", "NameSpace": "Microsoft.Policies.PushToInstall", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Turn off Push To Install service", "ExplainText": "If you enable this setting, users will not be able to push Apps to this device from the Microsoft Store running on other devices or the web.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\PushToInstall" ], "ValueName": "DisablePushToInstall", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "QOS.admx", "CategoryName": "QosDiffservByteMappingConforming", "PolicyName": "QosServiceTypeBestEffort_C", "Class": "Machine", "NameSpace": "Microsoft.Policies.QualityofService", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Best effort service type", "ExplainText": "Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Best Effort service type (ServiceTypeBestEffort). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.\n\nThis setting applies only to packets that conform to the flow specification.\n\nIf you enable this setting, you can change the default DSCP value associated with the Best Effort service type.\n\nIf you disable this setting, the system uses the default DSCP value of 0.\n\nImportant: If the DSCP value for this service type is specified in the registry for a particular network adapter, this setting is ignored when configuring that network adapter.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Psched\\DiffservByteMappingConforming" ], "Elements": [ { "Type": "Decimal", "ValueName": "ServiceTypeBestEffort", "MinValue": "0", "MaxValue": "63", "Required": true, "ClientExtension": "{426031c0-0b47-4852-b0ca-ac3d37bfcb39}" } ] }, { "File": "QOS.admx", "CategoryName": "QosDiffservByteMappingConforming", "PolicyName": "QosServiceTypeControlledLoad_C", "Class": "Machine", "NameSpace": "Microsoft.Policies.QualityofService", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Controlled load service type", "ExplainText": "Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Controlled Load service type (ServiceTypeControlledLoad). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.\n\nThis setting applies only to packets that conform to the flow specification.\n\nIf you enable this setting, you can change the default DSCP value associated with the Controlled Load service type.\n\nIf you disable this setting, the system uses the default DSCP value of 24 (0x18).\n\nImportant: If the DSCP value for this service type is specified in the registry for a particular network adapter, this setting is ignored when configuring that network adapter.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Psched\\DiffservByteMappingConforming" ], "Elements": [ { "Type": "Decimal", "ValueName": "ServiceTypeControlledLoad", "MinValue": "0", "MaxValue": "63", "Required": true, "ClientExtension": "{426031c0-0b47-4852-b0ca-ac3d37bfcb39}" } ] }, { "File": "QOS.admx", "CategoryName": "QosDiffservByteMappingConforming", "PolicyName": "QosServiceTypeGuaranteed_C", "Class": "Machine", "NameSpace": "Microsoft.Policies.QualityofService", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Guaranteed service type", "ExplainText": "Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Guaranteed service type (ServiceTypeGuaranteed). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.\n\nThis setting applies only to packets that conform to the flow specification.\n\nIf you enable this setting, you can change the default DSCP value associated with the Guaranteed service type.\n\nIf you disable this setting, the system uses the default DSCP value of 40 (0x28).\n\nImportant: If the DSCP value for this service type is specified in the registry for a particular network adapter, this setting is ignored when configuring that network adapter.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Psched\\DiffservByteMappingConforming" ], "Elements": [ { "Type": "Decimal", "ValueName": "ServiceTypeGuaranteed", "MinValue": "0", "MaxValue": "63", "Required": true, "ClientExtension": "{426031c0-0b47-4852-b0ca-ac3d37bfcb39}" } ] }, { "File": "QOS.admx", "CategoryName": "QosDiffservByteMappingConforming", "PolicyName": "QosServiceTypeNetworkControl_C", "Class": "Machine", "NameSpace": "Microsoft.Policies.QualityofService", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Network control service type", "ExplainText": "Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Network Control service type (ServiceTypeNetworkControl). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.\n\nThis setting applies only to packets that conform to the flow specification.\n\nIf you enable this setting, you can change the default DSCP value associated with the Network Control service type.\n\nIf you disable this setting, the system uses the default DSCP value of 48 (0x30).\n\nImportant: If the DSCP value for this service type is specified in the registry for a particular network adapter, this setting is ignored when configuring that network adapter.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Psched\\DiffservByteMappingConforming" ], "Elements": [ { "Type": "Decimal", "ValueName": "ServiceTypeNetworkControl", "MinValue": "0", "MaxValue": "63", "Required": true, "ClientExtension": "{426031c0-0b47-4852-b0ca-ac3d37bfcb39}" } ] }, { "File": "QOS.admx", "CategoryName": "QosDiffservByteMappingConforming", "PolicyName": "QosServiceTypeQualitative_C", "Class": "Machine", "NameSpace": "Microsoft.Policies.QualityofService", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Qualitative service type", "ExplainText": "Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Qualitative service type (ServiceTypeQualitative). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.\n\nThis setting applies only to packets that conform to the flow specification.\n\nIf you enable this setting, you can change the default DSCP value associated with the Qualitative service type.\n\nIf you disable this setting, the system uses the default DSCP value of 0.\n\nImportant: If the DSCP value for this service type is specified in the registry for a particular network adapter, this setting is ignored when configuring that network adapter.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Psched\\DiffservByteMappingConforming" ], "Elements": [ { "Type": "Decimal", "ValueName": "ServiceTypeQualitative", "MinValue": "0", "MaxValue": "63", "Required": true, "ClientExtension": "{426031c0-0b47-4852-b0ca-ac3d37bfcb39}" } ] }, { "File": "QOS.admx", "CategoryName": "QosDiffservByteMappingNonConforming", "PolicyName": "QosServiceTypeBestEffort_NC", "Class": "Machine", "NameSpace": "Microsoft.Policies.QualityofService", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Best effort service type", "ExplainText": "Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Best Effort service type (ServiceTypeBestEffort). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.\n\nThis setting applies only to packets that do not conform to the flow specification.\n\nIf you enable this setting, you can change the default DSCP value associated with the Best Effort service type.\n\nIf you disable this setting, the system uses the default DSCP value of 0.\n\nImportant: If the DSCP value for this service type is specified in the registry for a particular network adapter, this setting is ignored when configuring that network adapter.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Psched\\DiffservByteMappingNonConforming" ], "Elements": [ { "Type": "Decimal", "ValueName": "ServiceTypeBestEffort", "MinValue": "0", "MaxValue": "63", "Required": true, "ClientExtension": "{426031c0-0b47-4852-b0ca-ac3d37bfcb39}" } ] }, { "File": "QOS.admx", "CategoryName": "QosDiffservByteMappingNonConforming", "PolicyName": "QosServiceTypeControlledLoad_NC", "Class": "Machine", "NameSpace": "Microsoft.Policies.QualityofService", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Controlled load service type", "ExplainText": "Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Controlled Load service type (ServiceTypeControlledLoad). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.\n\nThis setting applies only to packets that do not conform to the flow specification.\n\nIf you enable this setting, you can change the default DSCP value associated with the Controlled Load service type.\n\nIf you disable this setting, the system uses the default DSCP value of 0.\n\nImportant: If the DSCP value for this service type is specified in the registry for a particular network adapter, this setting is ignored when configuring that network adapter.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Psched\\DiffservByteMappingNonConforming" ], "Elements": [ { "Type": "Decimal", "ValueName": "ServiceTypeControlledLoad", "MinValue": "0", "MaxValue": "63", "Required": true, "ClientExtension": "{426031c0-0b47-4852-b0ca-ac3d37bfcb39}" } ] }, { "File": "QOS.admx", "CategoryName": "QosDiffservByteMappingNonConforming", "PolicyName": "QosServiceTypeGuaranteed_NC", "Class": "Machine", "NameSpace": "Microsoft.Policies.QualityofService", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Guaranteed service type", "ExplainText": "Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Guaranteed service type (ServiceTypeGuaranteed). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.\n\nThis setting applies only to packets that do not conform to the flow specification.\n\nIf you enable this setting, you can change the default DSCP value associated with the Guaranteed service type.\n\nIf you disable this setting, the system uses the default DSCP value of 0.\n\nImportant: If the DSCP value for this service type is specified in the registry for a particular network adapter, this setting is ignored when configuring that network adapter.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Psched\\DiffservByteMappingNonConforming" ], "Elements": [ { "Type": "Decimal", "ValueName": "ServiceTypeGuaranteed", "MinValue": "0", "MaxValue": "63", "Required": true, "ClientExtension": "{426031c0-0b47-4852-b0ca-ac3d37bfcb39}" } ] }, { "File": "QOS.admx", "CategoryName": "QosDiffservByteMappingNonConforming", "PolicyName": "QosServiceTypeNetworkControl_NC", "Class": "Machine", "NameSpace": "Microsoft.Policies.QualityofService", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Network control service type", "ExplainText": "Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Network Control service type (ServiceTypeNetworkControl). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.\n\nThis setting applies only to packets that do not conform to the flow specification.\n\nIf you enable this setting, you can change the default DSCP value associated with the Network Control service type.\n\nIf you disable this setting, the system uses the default DSCP value of 0.\n\nImportant: If the DSCP value for this service type is specified in the registry for a particular network adapter, this setting is ignored when configuring that network adapter.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Psched\\DiffservByteMappingNonConforming" ], "Elements": [ { "Type": "Decimal", "ValueName": "ServiceTypeNetworkControl", "MinValue": "0", "MaxValue": "63", "Required": true, "ClientExtension": "{426031c0-0b47-4852-b0ca-ac3d37bfcb39}" } ] }, { "File": "QOS.admx", "CategoryName": "QosDiffservByteMappingNonConforming", "PolicyName": "QosServiceTypeQualitative_NC", "Class": "Machine", "NameSpace": "Microsoft.Policies.QualityofService", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Qualitative service type", "ExplainText": "Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Qualitative service type (ServiceTypeQualitative). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.\n\nThis setting applies only to packets that do not conform to the flow specification.\n\nIf you enable this setting, you can change the default DSCP value associated with the Qualitative service type.\n\nIf you disable this setting, the system uses the default DSCP value of 0.\n\nImportant: If the DSCP value for this service type is specified in the registry for a particular network adapter, this setting is ignored when configuring that network adapter.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Psched\\DiffservByteMappingNonConforming" ], "Elements": [ { "Type": "Decimal", "ValueName": "ServiceTypeQualitative", "MinValue": "0", "MaxValue": "63", "Required": true, "ClientExtension": "{426031c0-0b47-4852-b0ca-ac3d37bfcb39}" } ] }, { "File": "QOS.admx", "CategoryName": "QosPsched", "PolicyName": "QosMaxOutstandingSends", "Class": "Machine", "NameSpace": "Microsoft.Policies.QualityofService", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Limit outstanding packets", "ExplainText": "Specifies the maximum number of outstanding packets permitted on the system. When the number of outstanding packets reaches this limit, the Packet Scheduler postpones all submissions to network adapters until the number falls below this limit.\n\n\"Outstanding packets\" are packets that the Packet Scheduler has submitted to a network adapter for transmission, but which have not yet been sent.\n\nIf you enable this setting, you can limit the number of outstanding packets.\n\nIf you disable this setting or do not configure it, then the setting has no effect on the system.\n\nImportant: If the maximum number of outstanding packets is specified in the registry for a particular network adapter, this setting is ignored when configuring that network adapter.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Psched" ], "Elements": [ { "Type": "Decimal", "ValueName": "MaxOutstandingSends", "MinValue": "0", "MaxValue": "4000000000", "Required": true, "ClientExtension": "{426031c0-0b47-4852-b0ca-ac3d37bfcb39}" } ] }, { "File": "QOS.admx", "CategoryName": "QosPsched", "PolicyName": "QosNonBestEffortLimit", "Class": "Machine", "NameSpace": "Microsoft.Policies.QualityofService", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Limit reservable bandwidth", "ExplainText": "Determines the percentage of connection bandwidth that the system can reserve. This value limits the combined bandwidth reservations of all programs running on the system.\n\nBy default, the Packet Scheduler limits the system to 80 percent of the bandwidth of a connection, but you can use this setting to override the default.\n\nIf you enable this setting, you can use the \"Bandwidth limit\" box to adjust the amount of bandwidth the system can reserve.\n\nIf you disable this setting or do not configure it, the system uses the default value of 80 percent of the connection.\n\nImportant: If a bandwidth limit is set for a particular network adapter in the registry, this setting is ignored when configuring that network adapter.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Psched" ], "Elements": [ { "Type": "Decimal", "ValueName": "NonBestEffortLimit", "MinValue": "0", "MaxValue": "100", "Required": true, "ClientExtension": "{426031c0-0b47-4852-b0ca-ac3d37bfcb39}" } ] }, { "File": "QOS.admx", "CategoryName": "QosPsched", "PolicyName": "QosTimerResolution", "Class": "Machine", "NameSpace": "Microsoft.Policies.QualityofService", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Set timer resolution", "ExplainText": "Determines the smallest unit of time that the Packet Scheduler uses when scheduling packets for transmission. The Packet Scheduler cannot schedule packets for transmission more frequently than permitted by the value of this entry.\n\nIf you enable this setting, you can override the default timer resolution established for the system, usually units of 10 microseconds.\n\nIf you disable this setting or do not configure it, the setting has no effect on the system.\n\nImportant: If a timer resolution is specified in the registry for a particular network adapter, then this setting is ignored when configuring that network adapter.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Psched" ], "Elements": [ { "Type": "Decimal", "ValueName": "TimerResolution", "MinValue": "0", "MaxValue": "4000000000", "Required": true, "ClientExtension": "{426031c0-0b47-4852-b0ca-ac3d37bfcb39}" } ] }, { "File": "QOS.admx", "CategoryName": "QosUserPriorityMapping", "PolicyName": "QosServiceTypeBestEffort_PV", "Class": "Machine", "NameSpace": "Microsoft.Policies.QualityofService", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Best effort service type", "ExplainText": "Specifies an alternate link layer (Layer-2) priority value for packets with the Best Effort service type (ServiceTypeBestEffort). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.\n\nIf you enable this setting, you can change the default priority value associated with the Best Effort service type.\n\nIf you disable this setting, the system uses the default priority value of 0.\n\nImportant: If the Layer-2 priority value for this service type is specified in the registry for a particular network adapter, this setting is ignored when configuring that network adapter.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Psched\\UserPriorityMapping" ], "Elements": [ { "Type": "Decimal", "ValueName": "ServiceTypeBestEffort", "MinValue": "0", "MaxValue": "7", "Required": true, "ClientExtension": "{426031c0-0b47-4852-b0ca-ac3d37bfcb39}" } ] }, { "File": "QOS.admx", "CategoryName": "QosUserPriorityMapping", "PolicyName": "QosServiceTypeControlledLoad_PV", "Class": "Machine", "NameSpace": "Microsoft.Policies.QualityofService", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Controlled load service type", "ExplainText": "Specifies an alternate link layer (Layer-2) priority value for packets with the Controlled Load service type (ServiceTypeControlledLoad). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.\n\nIf you enable this setting, you can change the default priority value associated with the Controlled Load service type.\n\nIf you disable this setting, the system uses the default priority value of 0.\n\nImportant: If the Layer-2 priority value for this service type is specified in the registry for a particular network adapter, this setting is ignored when configuring that network adapter.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Psched\\UserPriorityMapping" ], "Elements": [ { "Type": "Decimal", "ValueName": "ServiceTypeControlledLoad", "MinValue": "0", "MaxValue": "7", "Required": true, "ClientExtension": "{426031c0-0b47-4852-b0ca-ac3d37bfcb39}" } ] }, { "File": "QOS.admx", "CategoryName": "QosUserPriorityMapping", "PolicyName": "QosServiceTypeGuaranteed_PV", "Class": "Machine", "NameSpace": "Microsoft.Policies.QualityofService", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Guaranteed service type", "ExplainText": "Specifies an alternate link layer (Layer-2) priority value for packets with the Guaranteed service type (ServiceTypeGuaranteed). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.\n\nIf you enable this setting, you can change the default priority value associated with the Guaranteed service type.\n\nIf you disable this setting, the system uses the default priority value of 0.\n\nImportant: If the Layer-2 priority value for this service type is specified in the registry for a particular network adapter, this setting is ignored when configuring that network adapter.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Psched\\UserPriorityMapping" ], "Elements": [ { "Type": "Decimal", "ValueName": "ServiceTypeGuaranteed", "MinValue": "0", "MaxValue": "7", "Required": true, "ClientExtension": "{426031c0-0b47-4852-b0ca-ac3d37bfcb39}" } ] }, { "File": "QOS.admx", "CategoryName": "QosUserPriorityMapping", "PolicyName": "QosServiceTypeNetworkControl_PV", "Class": "Machine", "NameSpace": "Microsoft.Policies.QualityofService", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Network control service type", "ExplainText": "Specifies an alternate link layer (Layer-2) priority value for packets with the Network Control service type (ServiceTypeNetworkControl). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.\n\nIf you enable this setting, you can change the default priority value associated with the Network Control service type.\n\nIf you disable this setting, the system uses the default priority value of 0.\n\nImportant: If the Layer-2 priority value for this service type is specified in the registry for a particular network adapter, this setting is ignored when configuring that network adapter.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Psched\\UserPriorityMapping" ], "Elements": [ { "Type": "Decimal", "ValueName": "ServiceTypeNetworkControl", "MinValue": "0", "MaxValue": "7", "Required": true, "ClientExtension": "{426031c0-0b47-4852-b0ca-ac3d37bfcb39}" } ] }, { "File": "QOS.admx", "CategoryName": "QosUserPriorityMapping", "PolicyName": "QosServiceTypeNonConforming", "Class": "Machine", "NameSpace": "Microsoft.Policies.QualityofService", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Non-conforming packets", "ExplainText": "Specifies an alternate link layer (Layer-2) priority value for packets that do not conform to the flow specification. The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.\n\nIf you enable this setting, you can change the default priority value associated with nonconforming packets.\n\nIf you disable this setting, the system uses the default priority value of 0.\n\nImportant: If the Layer-2 priority value for nonconforming packets is specified in the registry for a particular network adapter, this setting is ignored when configuring that network adapter.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Psched\\UserPriorityMapping" ], "Elements": [ { "Type": "Decimal", "ValueName": "ServiceTypeNonConforming", "MinValue": "0", "MaxValue": "7", "Required": true, "ClientExtension": "{426031c0-0b47-4852-b0ca-ac3d37bfcb39}" } ] }, { "File": "QOS.admx", "CategoryName": "QosUserPriorityMapping", "PolicyName": "QosServiceTypeQualitative_PV", "Class": "Machine", "NameSpace": "Microsoft.Policies.QualityofService", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Qualitative service type", "ExplainText": "Specifies an alternate link layer (Layer-2) priority value for packets with the Qualitative service type (ServiceTypeQualitative). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.\n\nIf you enable this setting, you can change the default priority value associated with the Qualitative service type.\n\nIf you disable this setting, the system uses the default priority value of 0.\n\nImportant: If the Layer-2 priority value for this service type is specified in the registry for a particular network adapter, this setting is ignored when configuring that network adapter.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Psched\\UserPriorityMapping" ], "Elements": [ { "Type": "Decimal", "ValueName": "ServiceTypeQualitative", "MinValue": "0", "MaxValue": "7", "Required": true, "ClientExtension": "{426031c0-0b47-4852-b0ca-ac3d37bfcb39}" } ] }, { "File": "RacWmiProv.admx", "CategoryName": "RAC", "PolicyName": "ConfigureRacWmi", "Class": "Machine", "NameSpace": "Microsoft.Policies.ReliabilityAnalysis", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Configure Reliability WMI Providers", "ExplainText": "This policy setting allows the Windows Management Instrumentation (WMI) providers Win32_ReliabilityStabilitymetrics and Win32_ReliabilityRecords to provide data to Reliability Monitor in the Security and Maintenance control panel, and to respond to WMI requests.\n\nIf you enable or do not configure this policy setting, the listed providers will respond to WMI queries, and Reliability Monitor will display system reliability information.\n\nIf you disable this policy setting, Reliability Monitor will not display system reliability information, and WMI-capable applications will be unable to access reliability information from the listed providers.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Reliability Analysis\\WMI" ], "ValueName": "WMIEnable", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Radar.admx", "CategoryName": "WdiScenarioCategory", "PolicyName": "WdiScenarioExecutionPolicy", "Class": "Machine", "NameSpace": "Microsoft.Policies.ResourceExhaustionDiagnostics", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Configure Scenario Execution Level", "ExplainText": "Determines the execution level for Windows Resource Exhaustion Detection and Resolution.\n\nIf you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Resource Exhaustion problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows Resource Exhaustion problems and indicate to the user that assisted resolution is available.\n\nIf you disable this policy setting, Windows will not be able to detect, troubleshoot or resolve any Windows Resource Exhaustion problems that are handled by the DPS.\n\nIf you do not configure this policy setting, the DPS will enable Windows Resource Exhaustion for resolution by default.\n\nThis policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured.\n\nNo system restart or service restart is required for this policy to take effect: changes take effect immediately.\n\nThis policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios will not be executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WDI\\{3af8b24a-c441-4fa4-8c5c-bed591bfa867}" ], "ValueName": "ScenarioExecutionEnabled", "Elements": [ { "Type": "Enum", "ValueName": "EnabledScenarioExecutionLevel", "Items": [ { "DisplayName": "Detection and Troubleshooting Only", "Data": "1" }, { "DisplayName": "Detection, Troubleshooting and Resolution", "Data": "2" } ], "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ReAgent.admx", "CategoryName": "WinRE", "PolicyName": "ConfigureWinRESetup", "Class": "Machine", "NameSpace": "Microsoft.Policies.WinRE", "Supported": "Windows7Only - Windows Server 2008 R2 and Windows 7", "DisplayName": "Allow restore of system to default state", "ExplainText": "Requirements: Windows 7\nDescription: This policy setting controls whether users can access the options in Recovery (in Control Panel) to restore the computer to the original state or from a user-created system image.\n\nIf you enable or do not configure this policy setting, the items \"Use a system image you created earlier to recover your computer\" and \"Reinstall Windows\" (or \"Return your computer to factory condition\") appears on the \"Advanced recovery methods\" page of Recovery (in Control Panel) and will allow the user to restore the computer to the original state or from a user-created system image. This is the default setting.\n\nIf you disable this policy setting, the items \"Use a system image you created earlier to recover your computer\" and \"Reinstall Windows\" (or \"Return your computer to factory condition\") in Recovery (in Control Panel) will be unavailable. However, with this policy setting disabled, users can still restore the computer to the original state or from a user-created system image by restarting the computer and accessing the System Recovery Options menu, if it is available.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WinRE" ], "ValueName": "DisableSetup", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "refs.admx", "CategoryName": "Filesystem", "PolicyName": "EnableDevDrive", "Class": "Machine", "NameSpace": "Microsoft.Policies.ReFS", "Supported": "Windows_11_0_22H2 - At least Windows 11 Version 22H2", "DisplayName": "Enable dev drive", "ExplainText": "Dev drive or developer volume is a volume optimized for performance of developer scenarios. A developer volume allows an administrator to choose file system filters that are attached on the volume.\n\nDisabling this setting will disallow creation of new developer volumes, existing developer volumes will mount as regular volumes.\n\nIf this setting is not configured the default policy is to enable developer volumes while allowing antivirus filter to attach on a deveveloper volume. Further, if not configured, a local administrator can choose to not have antivirus filter attached to a developer volume.\n\nA reboot is required for this setting to take effect.", "KeyPath": [ "HKLM\\System\\CurrentControlSet\\Policies" ], "ValueName": "FsEnableDevDrive", "Elements": [ { "Type": "Boolean", "ValueName": "FltmgrDevDriveAllowAntivirusFilter", "TrueValue": "1", "FalseValue": "0" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Reliability.admx", "CategoryName": "System", "PolicyName": "EE_EnablePersistentTimeStamp", "Class": "Machine", "NameSpace": "Microsoft.Policies.Reliability", "Supported": "WindowsNET - At least Windows Server 2003", "DisplayName": "Enable Persistent Time Stamp", "ExplainText": "This policy setting allows the system to detect the time of unexpected shutdowns by writing the current time to disk on a schedule controlled by the Timestamp Interval.\n\nIf you enable this policy setting, you are able to specify how often the Persistent System Timestamp is refreshed and subsequently written to the disk. You can specify the Timestamp Interval in seconds.\n\nIf you disable this policy setting, the Persistent System Timestamp is turned off and the timing of unexpected shutdowns is not recorded.\n\nIf you do not configure this policy setting, the Persistent System Timestamp is refreshed according the default, which is every 60 seconds beginning with Windows Server 2003.\n\nNote: This feature might interfere with power configuration settings that turn off hard disks after a period of inactivity. These power settings may be accessed in the Power Options Control Panel.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Reliability" ], "ValueName": "TimeStampEnabled", "Elements": [ { "Type": "Decimal", "ValueName": "TimeStampInterval", "MinValue": "1", "MaxValue": "86400", "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Reliability.admx", "CategoryName": "CAT_WindowsErrorReportingAdvanced", "PolicyName": "PCH_ReportShutdownEvents", "Class": "Machine", "NameSpace": "Microsoft.Policies.Reliability", "Supported": "WindowsNETOnly - Windows Server 2003 only", "DisplayName": "Report unplanned shutdown events", "ExplainText": "This policy setting controls whether or not unplanned shutdown events can be reported when error reporting is enabled.\n\nIf you enable this policy setting, error reporting includes unplanned shutdown events.\n\nIf you disable this policy setting, unplanned shutdown events are not included in error reporting.\n\nIf you do not configure this policy setting, users can adjust this setting using the control panel, which is set to \"Upload unplanned shutdown events\" by default.\n\nAlso see the \"Configure Error Reporting\" policy setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\PCHealth\\ErrorReporting" ], "ValueName": "IncludeShutdownErrs", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Reliability.admx", "CategoryName": "System", "PolicyName": "ShutdownEventTrackerStateFile", "Class": "Machine", "NameSpace": "Microsoft.Policies.Reliability", "Supported": "WindowsNETOnly - Windows Server 2003 only", "DisplayName": "Activate Shutdown Event Tracker System State Data feature", "ExplainText": "This policy setting defines when the Shutdown Event Tracker System State Data feature is activated.\n\nThe system state data file contains information about the basic system state as well as the state of all running processes.\n\nIf you enable this policy setting, the System State Data feature is activated when the user indicates that the shutdown or restart is unplanned.\n\nIf you disable this policy setting, the System State Data feature is never activated.\n\nIf you do not configure this policy setting, the default behavior for the System State Data feature occurs.\n\nNote: By default, the System State Data feature is always enabled on Windows Server 2003. See \"Supported on\" for all supported versions.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Reliability" ], "ValueName": "SnapShot", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Reliability.admx", "CategoryName": "System", "PolicyName": "ShutdownReason", "Class": "Machine", "NameSpace": "Microsoft.Policies.Reliability", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Display Shutdown Event Tracker", "ExplainText": "The Shutdown Event Tracker can be displayed when you shut down a workstation or server. This is an extra set of questions that is displayed when you invoke a shutdown to collect information related to why you are shutting down the computer.\n\nIf you enable this setting and choose \"Always\" from the drop-down menu list, the Shutdown Event Tracker is displayed when the computer shuts down.\n\nIf you enable this policy setting and choose \"Server Only\" from the drop-down menu list, the Shutdown Event Tracker is displayed when you shut down a computer running Windows Server. (See \"Supported on\" for supported versions.)\n\nIf you enable this policy setting and choose \"Workstation Only\" from the drop-down menu list, the Shutdown Event Tracker is displayed when you shut down a computer running a client version of Windows. (See \"Supported on\" for supported versions.)\n\nIf you disable this policy setting, the Shutdown Event Tracker is not displayed when you shut down the computer.\n\nIf you do not configure this policy setting, the default behavior for the Shutdown Event Tracker occurs.\n\nNote: By default, the Shutdown Event Tracker is only displayed on computers running Windows Server.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Reliability" ], "ValueName": "ShutdownReasonOn", "Elements": [ { "Type": "Enum", "ValueName": "ShutdownReasonUI", "Items": [ { "DisplayName": "Always", "Data": "1" }, { "DisplayName": "Workstation Only", "Data": "2" }, { "DisplayName": "Server Only", "Data": "3" } ], "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "RemoteAssistance.admx", "CategoryName": "RemoteAssist", "PolicyName": "RA_Logging", "Class": "Machine", "NameSpace": "Microsoft.Policies.RemoteAssistance", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn on session logging", "ExplainText": "This policy setting allows you to turn logging on or off. Log files are located in the user's Documents folder under Remote Assistance.\n\nIf you enable this policy setting, log files are generated.\n\nIf you disable this policy setting, log files are not generated.\n\nIf you do not configure this setting, application-based settings are used.", "KeyPath": [ "HKLM\\Software\\policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "LoggingEnabled", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "RemoteAssistance.admx", "CategoryName": "RemoteAssist", "PolicyName": "RA_EncryptedTicketOnly", "Class": "Machine", "NameSpace": "Microsoft.Policies.RemoteAssistance", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Allow only Windows Vista or later connections", "ExplainText": "This policy setting enables Remote Assistance invitations to be generated with improved encryption so that only computers running this version (or later versions) of the operating system can connect. This policy setting does not affect Remote Assistance connections that are initiated by instant messaging contacts or the unsolicited Offer Remote Assistance.\n\nIf you enable this policy setting, only computers running this version (or later versions) of the operating system can connect to this computer.\n\nIf you disable this policy setting, computers running this version and a previous version of the operating system can connect to this computer.\n\nIf you do not configure this policy setting, users can configure the setting in System Properties in the Control Panel.", "KeyPath": [ "HKLM\\Software\\policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "CreateEncryptedOnlyTickets", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "RemoteAssistance.admx", "CategoryName": "RemoteAssist", "PolicyName": "RA_Optimize_Bandwidth", "Class": "Machine", "NameSpace": "Microsoft.Policies.RemoteAssistance", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn on bandwidth optimization", "ExplainText": "This policy setting allows you to improve performance in low bandwidth scenarios.\n\nThis setting is incrementally scaled from \"No optimization\" to \"Full optimization\". Each incremental setting includes the previous optimization setting.\n\nFor example:\n\n\"Turn off background\" will include the following optimizations:\n-No full window drag\n-Turn off background\n\n\"Full optimization\" will include the following optimizations:\n-Use 16-bit color (8-bit color in Windows Vista)\n-Turn off font smoothing (not supported in Windows Vista)\n-No full window drag\n-Turn off background\n\nIf you enable this policy setting, bandwidth optimization occurs at the level specified.\n\nIf you disable this policy setting, application-based settings are used.\n\nIf you do not configure this policy setting, application-based settings are used.", "KeyPath": [ "HKLM\\Software\\policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "UseBandwidthOptimization", "Elements": [ { "Type": "Enum", "ValueName": "OptimizeBandwidth", "Items": [ { "DisplayName": "No optimization", "Data": "14" }, { "DisplayName": "No full window drag", "Data": "12" }, { "DisplayName": "Turn off background", "Data": "8" }, { "DisplayName": "Full optimization", "Data": "0" } ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "RemoteAssistance.admx", "CategoryName": "RemoteAssist", "PolicyName": "RA_Options", "Class": "Machine", "NameSpace": "Microsoft.Policies.RemoteAssistance", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Customize warning messages", "ExplainText": "This policy setting lets you customize warning messages.\n\nThe \"Display warning message before sharing control\" policy setting allows you to specify a custom message to display before a user shares control of his or her computer.\n\nThe \"Display warning message before connecting\" policy setting allows you to specify a custom message to display before a user allows a connection to his or her computer.\n\nIf you enable this policy setting, the warning message you specify overrides the default message that is seen by the novice.\n\nIf you disable this policy setting, the user sees the default warning message.\n\nIf you do not configure this policy setting, the user sees the default warning message.", "KeyPath": [ "HKLM\\Software\\policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "UseCustomMessages", "Elements": [ { "Type": "Text", "ValueName": "ShareControlMessage" }, { "Type": "Text", "ValueName": "ViewMessage" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "RemoteAssistance.admx", "CategoryName": "RemoteAssist", "PolicyName": "RA_Solicit", "Class": "Machine", "NameSpace": "Microsoft.Policies.RemoteAssistance", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Configure Solicited Remote Assistance", "ExplainText": "This policy setting allows you to turn on or turn off Solicited (Ask for) Remote Assistance on this computer.\n\nIf you enable this policy setting, users on this computer can use email or file transfer to ask someone for help. Also, users can use instant messaging programs to allow connections to this computer, and you can configure additional Remote Assistance settings.\n\nIf you disable this policy setting, users on this computer cannot use email or file transfer to ask someone for help. Also, users cannot use instant messaging programs to allow connections to this computer.\n\nIf you do not configure this policy setting, users can turn on or turn off Solicited (Ask for) Remote Assistance themselves in System Properties in Control Panel. Users can also configure Remote Assistance settings.\n\nIf you enable this policy setting, you have two ways to allow helpers to provide Remote Assistance: \"Allow helpers to only view the computer\" or \"Allow helpers to remotely control the computer.\"\n\nThe \"Maximum ticket time\" policy setting sets a limit on the amount of time that a Remote Assistance invitation created by using email or file transfer can remain open.\n\nThe \"Select the method for sending email invitations\" setting specifies which email standard to use to send Remote Assistance invitations. Depending on your email program, you can use either the Mailto standard (the invitation recipient connects through an Internet link) or the SMAPI (Simple MAPI) standard (the invitation is attached to your email message). This policy setting is not available in Windows Vista since SMAPI is the only method supported.\n\nIf you enable this policy setting you should also enable appropriate firewall exceptions to allow Remote Assistance communications.", "KeyPath": [ "HKLM\\Software\\policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "fAllowToGetHelp", "Elements": [ { "Type": "Enum", "ValueName": "fAllowFullControl", "Items": [ { "DisplayName": "Allow helpers to remotely control the computer", "Data": "1" }, { "DisplayName": "Allow helpers to only view the computer", "Data": "0" } ] }, { "Type": "Decimal", "ValueName": "MaxTicketExpiry", "MinValue": "1", "MaxValue": "99" }, { "Type": "Enum", "ValueName": "MaxTicketExpiryUnits", "Items": [ { "DisplayName": "Minutes", "Data": "0" }, { "DisplayName": "Hours", "Data": "1" }, { "DisplayName": "Days", "Data": "2" } ] }, { "Type": "Enum", "ValueName": "fUseMailto", "Items": [ { "DisplayName": "Simple MAPI", "Data": "0" }, { "DisplayName": "Mailto", "Data": "1" } ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "RemoteAssistance.admx", "CategoryName": "RemoteAssist", "PolicyName": "RA_Unsolicit", "Class": "Machine", "NameSpace": "Microsoft.Policies.RemoteAssistance", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Configure Offer Remote Assistance", "ExplainText": "This policy setting allows you to turn on or turn off Offer (Unsolicited) Remote Assistance on this computer.\n\nIf you enable this policy setting, users on this computer can get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance.\n\nIf you disable this policy setting, users on this computer cannot get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance.\n\nIf you do not configure this policy setting, users on this computer cannot get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance.\n\nIf you enable this policy setting, you have two ways to allow helpers to provide Remote Assistance: \"Allow helpers to only view the computer\" or \"Allow helpers to remotely control the computer.\" When you configure this policy setting, you also specify the list of users or user groups that are allowed to offer remote assistance.\n\nTo configure the list of helpers, click \"Show.\" In the window that opens, you can enter the names of the helpers. Add each user or group one by one. When you enter the name of the helper user or user groups, use the following format:\n\n\\ or\n\n\\\n\nIf you enable this policy setting, you should also enable firewall exceptions to allow Remote Assistance communications. The firewall exceptions required for Offer (Unsolicited) Remote Assistance depend on the version of Windows you are running.\n\nWindows Vista and later\n\nEnable the Remote Assistance exception for the domain profile. The exception must contain:\nPort 135:TCP\n%WINDIR%\\System32\\msra.exe\n%WINDIR%\\System32\\raserver.exe\n\nWindows XP with Service Pack 2 (SP2) and Windows XP Professional x64 Edition with Service Pack 1 (SP1)\n\nPort 135:TCP\n%WINDIR%\\PCHealth\\HelpCtr\\Binaries\\Helpsvc.exe\n%WINDIR%\\PCHealth\\HelpCtr\\Binaries\\Helpctr.exe\n%WINDIR%\\System32\\Sessmgr.exe\n\nFor computers running Windows Server 2003 with Service Pack 1 (SP1)\n\nPort 135:TCP\n%WINDIR%\\PCHealth\\HelpCtr\\Binaries\\Helpsvc.exe\n%WINDIR%\\PCHealth\\HelpCtr\\Binaries\\Helpctr.exe\nAllow Remote Desktop Exception", "KeyPath": [ "HKLM\\Software\\policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "fAllowUnsolicited", "Elements": [ { "Type": "Enum", "ValueName": "fAllowUnsolicitedFullControl", "Items": [ { "DisplayName": "Allow helpers to remotely control the computer", "Data": "1" }, { "DisplayName": "Allow helpers to only view the computer", "Data": "0" } ] }, { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\policies\\Microsoft\\Windows NT\\Terminal Services\\RAUnsolicit" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "RemovableStorage.admx", "CategoryName": "DeviceAccess", "PolicyName": "AccessRights_RebootTime_1", "Class": "User", "NameSpace": "Microsoft.Policies.RemovableStorageAccess", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Set time (in seconds) to force reboot", "ExplainText": "This policy setting configures the amount of time (in seconds) that the operating system waits to reboot in order to enforce a change in access rights to removable storage devices.\n\nIf you enable this policy setting, you can set the number of seconds you want the system to wait until a reboot.\n\nIf you disable or do not configure this setting, the operating system does not force a reboot.\n\nNote: If no reboot is forced, the access right does not take effect until the operating system is restarted.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices" ], "ValueName": "RebootTimeinSeconds_state", "Elements": [ { "Type": "Decimal", "ValueName": "RebootTimeinSeconds", "MinValue": "0", "MaxValue": null }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "RemovableStorage.admx", "CategoryName": "DeviceAccess", "PolicyName": "AccessRights_RebootTime_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.RemovableStorageAccess", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Set time (in seconds) to force reboot", "ExplainText": "This policy setting configures the amount of time (in seconds) that the operating system waits to reboot in order to enforce a change in access rights to removable storage devices.\n\nIf you enable this policy setting, you can set the number of seconds you want the system to wait until a reboot.\n\nIf you disable or do not configure this setting, the operating system does not force a reboot.\n\nNote: If no reboot is forced, the access right does not take effect until the operating system is restarted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices" ], "ValueName": "RebootTimeinSeconds_state", "Elements": [ { "Type": "Decimal", "ValueName": "RebootTimeinSeconds", "MinValue": "0", "MaxValue": null }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "RemovableStorage.admx", "CategoryName": "DeviceAccess", "PolicyName": "CDandDVD_DenyRead_Access_1", "Class": "User", "NameSpace": "Microsoft.Policies.RemovableStorageAccess", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "CD and DVD: Deny read access", "ExplainText": "This policy setting denies read access to the CD and DVD removable storage class.\n\nIf you enable this policy setting, read access is denied to this removable storage class.\n\nIf you disable or do not configure this policy setting, read access is allowed to this removable storage class.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\{53f56308-b6bf-11d0-94f2-00a0c91efb8b}" ], "ValueName": "Deny_Read", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "RemovableStorage.admx", "CategoryName": "DeviceAccess", "PolicyName": "CDandDVD_DenyRead_Access_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.RemovableStorageAccess", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "CD and DVD: Deny read access", "ExplainText": "This policy setting denies read access to the CD and DVD removable storage class.\n\nIf you enable this policy setting, read access is denied to this removable storage class.\n\nIf you disable or do not configure this policy setting, read access is allowed to this removable storage class.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\{53f56308-b6bf-11d0-94f2-00a0c91efb8b}" ], "ValueName": "Deny_Read", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "RemovableStorage.admx", "CategoryName": "DeviceAccess", "PolicyName": "CDandDVD_DenyWrite_Access_1", "Class": "User", "NameSpace": "Microsoft.Policies.RemovableStorageAccess", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "CD and DVD: Deny write access", "ExplainText": "This policy setting denies write access to the CD and DVD removable storage class.\n\nIf you enable this policy setting, write access is denied to this removable storage class.\n\nIf you disable or do not configure this policy setting, write access is allowed to this removable storage class.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\{53f56308-b6bf-11d0-94f2-00a0c91efb8b}" ], "ValueName": "Deny_Write", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "RemovableStorage.admx", "CategoryName": "DeviceAccess", "PolicyName": "CDandDVD_DenyWrite_Access_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.RemovableStorageAccess", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "CD and DVD: Deny write access", "ExplainText": "This policy setting denies write access to the CD and DVD removable storage class.\n\nIf you enable this policy setting, write access is denied to this removable storage class.\n\nIf you disable or do not configure this policy setting, write access is allowed to this removable storage class.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\{53f56308-b6bf-11d0-94f2-00a0c91efb8b}" ], "ValueName": "Deny_Write", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "RemovableStorage.admx", "CategoryName": "DeviceAccess", "PolicyName": "CDandDVD_DenyExecute_Access_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.RemovableStorageAccess", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "CD and DVD: Deny execute access", "ExplainText": "This policy setting denies execute access to the CD and DVD removable storage class.\n\nIf you enable this policy setting, execute access is denied to this removable storage class.\n\nIf you disable or do not configure this policy setting, execute access is allowed to this removable storage class.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\{53f56308-b6bf-11d0-94f2-00a0c91efb8b}" ], "ValueName": "Deny_Execute", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "RemovableStorage.admx", "CategoryName": "DeviceAccess", "PolicyName": "CustomClasses_DenyRead_Access_1", "Class": "User", "NameSpace": "Microsoft.Policies.RemovableStorageAccess", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Custom Classes: Deny read access", "ExplainText": "This policy setting denies read access to custom removable storage classes.\n\nIf you enable this policy setting, read access is denied to these removable storage classes.\n\nIf you disable or do not configure this policy setting, read access is allowed to these removable storage classes.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\Custom\\Deny_Read" ], "ValueName": "Deny_Read", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\Custom\\Deny_Read\\List" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "RemovableStorage.admx", "CategoryName": "DeviceAccess", "PolicyName": "CustomClasses_DenyRead_Access_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.RemovableStorageAccess", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Custom Classes: Deny read access", "ExplainText": "This policy setting denies read access to custom removable storage classes.\n\nIf you enable this policy setting, read access is denied to these removable storage classes.\n\nIf you disable or do not configure this policy setting, read access is allowed to these removable storage classes.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\Custom\\Deny_Read" ], "ValueName": "Deny_Read", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\Custom\\Deny_Read\\List" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "RemovableStorage.admx", "CategoryName": "DeviceAccess", "PolicyName": "CustomClasses_DenyWrite_Access_1", "Class": "User", "NameSpace": "Microsoft.Policies.RemovableStorageAccess", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Custom Classes: Deny write access", "ExplainText": "This policy setting denies write access to custom removable storage classes.\n\nIf you enable this policy setting, write access is denied to these removable storage classes.\n\nIf you disable or do not configure this policy setting, write access is allowed to these removable storage classes.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\Custom\\Deny_Write" ], "ValueName": "Deny_Write", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\Custom\\Deny_Write\\List" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "RemovableStorage.admx", "CategoryName": "DeviceAccess", "PolicyName": "CustomClasses_DenyWrite_Access_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.RemovableStorageAccess", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Custom Classes: Deny write access", "ExplainText": "This policy setting denies write access to custom removable storage classes.\n\nIf you enable this policy setting, write access is denied to these removable storage classes.\n\nIf you disable or do not configure this policy setting, write access is allowed to these removable storage classes.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\Custom\\Deny_Write" ], "ValueName": "Deny_Write", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\Custom\\Deny_Write\\List" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "RemovableStorage.admx", "CategoryName": "DeviceAccess", "PolicyName": "FloppyDrives_DenyRead_Access_1", "Class": "User", "NameSpace": "Microsoft.Policies.RemovableStorageAccess", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Floppy Drives: Deny read access", "ExplainText": "This policy setting denies read access to the Floppy Drives removable storage class, including USB Floppy Drives.\n\nIf you enable this policy setting, read access is denied to this removable storage class.\n\nIf you disable or do not configure this policy setting, read access is allowed to this removable storage class.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\{53f56311-b6bf-11d0-94f2-00a0c91efb8b}" ], "ValueName": "Deny_Read", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "RemovableStorage.admx", "CategoryName": "DeviceAccess", "PolicyName": "FloppyDrives_DenyRead_Access_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.RemovableStorageAccess", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Floppy Drives: Deny read access", "ExplainText": "This policy setting denies read access to the Floppy Drives removable storage class, including USB Floppy Drives.\n\nIf you enable this policy setting, read access is denied to this removable storage class.\n\nIf you disable or do not configure this policy setting, read access is allowed to this removable storage class.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\{53f56311-b6bf-11d0-94f2-00a0c91efb8b}" ], "ValueName": "Deny_Read", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "RemovableStorage.admx", "CategoryName": "DeviceAccess", "PolicyName": "FloppyDrives_DenyWrite_Access_1", "Class": "User", "NameSpace": "Microsoft.Policies.RemovableStorageAccess", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Floppy Drives: Deny write access", "ExplainText": "This policy setting denies write access to the Floppy Drives removable storage class, including USB Floppy Drives.\n\nIf you enable this policy setting, write access is denied to this removable storage class.\n\nIf you disable or do not configure this policy setting, write access is allowed to this removable storage class.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\{53f56311-b6bf-11d0-94f2-00a0c91efb8b}" ], "ValueName": "Deny_Write", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "RemovableStorage.admx", "CategoryName": "DeviceAccess", "PolicyName": "FloppyDrives_DenyWrite_Access_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.RemovableStorageAccess", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Floppy Drives: Deny write access", "ExplainText": "This policy setting denies write access to the Floppy Drives removable storage class, including USB Floppy Drives.\n\nIf you enable this policy setting, write access is denied to this removable storage class.\n\nIf you disable or do not configure this policy setting, write access is allowed to this removable storage class.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\{53f56311-b6bf-11d0-94f2-00a0c91efb8b}" ], "ValueName": "Deny_Write", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "RemovableStorage.admx", "CategoryName": "DeviceAccess", "PolicyName": "FloppyDrives_DenyExecute_Access_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.RemovableStorageAccess", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Floppy Drives: Deny execute access", "ExplainText": "This policy setting denies execute access to the Floppy Drives removable storage class, including USB Floppy Drives.\n\nIf you enable this policy setting, execute access is denied to this removable storage class.\n\nIf you disable or do not configure this policy setting, execute access is allowed to this removable storage class.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\{53f56311-b6bf-11d0-94f2-00a0c91efb8b}" ], "ValueName": "Deny_Execute", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "RemovableStorage.admx", "CategoryName": "DeviceAccess", "PolicyName": "RemovableDisks_DenyRead_Access_1", "Class": "User", "NameSpace": "Microsoft.Policies.RemovableStorageAccess", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Removable Disks: Deny read access", "ExplainText": "This policy setting denies read access to removable disks.\n\nIf you enable this policy setting, read access is denied to this removable storage class.\n\nIf you disable or do not configure this policy setting, read access is allowed to this removable storage class.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" ], "ValueName": "Deny_Read", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "RemovableStorage.admx", "CategoryName": "DeviceAccess", "PolicyName": "RemovableDisks_DenyRead_Access_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.RemovableStorageAccess", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Removable Disks: Deny read access", "ExplainText": "This policy setting denies read access to removable disks.\n\nIf you enable this policy setting, read access is denied to this removable storage class.\n\nIf you disable or do not configure this policy setting, read access is allowed to this removable storage class.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" ], "ValueName": "Deny_Read", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "RemovableStorage.admx", "CategoryName": "DeviceAccess", "PolicyName": "RemovableDisks_DenyWrite_Access_1", "Class": "User", "NameSpace": "Microsoft.Policies.RemovableStorageAccess", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Removable Disks: Deny write access", "ExplainText": "This policy setting denies write access to removable disks.\n\nIf you enable this policy setting, write access is denied to this removable storage class.\n\nIf you disable or do not configure this policy setting, write access is allowed to this removable storage class.\n\nNote: To require that users write data to BitLocker-protected storage, enable the policy setting \"Deny write access to drives not protected by BitLocker,\" which is located in \"Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Removable Data Drives.\"", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" ], "ValueName": "Deny_Write", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "RemovableStorage.admx", "CategoryName": "DeviceAccess", "PolicyName": "RemovableDisks_DenyWrite_Access_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.RemovableStorageAccess", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Removable Disks: Deny write access", "ExplainText": "This policy setting denies write access to removable disks.\n\nIf you enable this policy setting, write access is denied to this removable storage class.\n\nIf you disable or do not configure this policy setting, write access is allowed to this removable storage class.\n\nNote: To require that users write data to BitLocker-protected storage, enable the policy setting \"Deny write access to drives not protected by BitLocker,\" which is located in \"Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Removable Data Drives.\"", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" ], "ValueName": "Deny_Write", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "RemovableStorage.admx", "CategoryName": "DeviceAccess", "PolicyName": "RemovableDisks_DenyExecute_Access_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.RemovableStorageAccess", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Removable Disks: Deny execute access", "ExplainText": "This policy setting denies execute access to removable disks.\n\nIf you enable this policy setting, execute access is denied to this removable storage class.\n\nIf you disable or do not configure this policy setting, execute access is allowed to this removable storage class.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" ], "ValueName": "Deny_Execute", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "RemovableStorage.admx", "CategoryName": "DeviceAccess", "PolicyName": "RemovableStorageClasses_DenyAll_Access_1", "Class": "User", "NameSpace": "Microsoft.Policies.RemovableStorageAccess", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "All Removable Storage classes: Deny all access", "ExplainText": "Configure access to all removable storage classes.\n\nThis policy setting takes precedence over any individual removable storage policy settings. To manage individual classes, use the policy settings available for each class.\n\nIf you enable this policy setting, no access is allowed to any removable storage class.\n\nIf you disable or do not configure this policy setting, write and read accesses are allowed to all removable storage classes.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices" ], "ValueName": "Deny_All", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "RemovableStorage.admx", "CategoryName": "DeviceAccess", "PolicyName": "RemovableStorageClasses_DenyAll_Access_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.RemovableStorageAccess", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "All Removable Storage classes: Deny all access", "ExplainText": "Configure access to all removable storage classes.\n\nThis policy setting takes precedence over any individual removable storage policy settings. To manage individual classes, use the policy settings available for each class.\n\nIf you enable this policy setting, no access is allowed to any removable storage class.\n\nIf you disable or do not configure this policy setting, write and read accesses are allowed to all removable storage classes.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices" ], "ValueName": "Deny_All", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "RemovableStorage.admx", "CategoryName": "DeviceAccess", "PolicyName": "TapeDrives_DenyRead_Access_1", "Class": "User", "NameSpace": "Microsoft.Policies.RemovableStorageAccess", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Tape Drives: Deny read access", "ExplainText": "This policy setting denies read access to the Tape Drive removable storage class.\n\nIf you enable this policy setting, read access is denied to this removable storage class.\n\nIf you disable or do not configure this policy setting, read access is allowed to this removable storage class.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\{53f5630b-b6bf-11d0-94f2-00a0c91efb8b}" ], "ValueName": "Deny_Read", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "RemovableStorage.admx", "CategoryName": "DeviceAccess", "PolicyName": "TapeDrives_DenyRead_Access_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.RemovableStorageAccess", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Tape Drives: Deny read access", "ExplainText": "This policy setting denies read access to the Tape Drive removable storage class.\n\nIf you enable this policy setting, read access is denied to this removable storage class.\n\nIf you disable or do not configure this policy setting, read access is allowed to this removable storage class.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\{53f5630b-b6bf-11d0-94f2-00a0c91efb8b}" ], "ValueName": "Deny_Read", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "RemovableStorage.admx", "CategoryName": "DeviceAccess", "PolicyName": "TapeDrives_DenyWrite_Access_1", "Class": "User", "NameSpace": "Microsoft.Policies.RemovableStorageAccess", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Tape Drives: Deny write access", "ExplainText": "This policy setting denies write access to the Tape Drive removable storage class.\n\nIf you enable this policy setting, write access is denied to this removable storage class.\n\nIf you disable or do not configure this policy setting, write access is allowed to this removable storage class.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\{53f5630b-b6bf-11d0-94f2-00a0c91efb8b}" ], "ValueName": "Deny_Write", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "RemovableStorage.admx", "CategoryName": "DeviceAccess", "PolicyName": "TapeDrives_DenyWrite_Access_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.RemovableStorageAccess", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Tape Drives: Deny write access", "ExplainText": "This policy setting denies write access to the Tape Drive removable storage class.\n\nIf you enable this policy setting, write access is denied to this removable storage class.\n\nIf you disable or do not configure this policy setting, write access is allowed to this removable storage class.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\{53f5630b-b6bf-11d0-94f2-00a0c91efb8b}" ], "ValueName": "Deny_Write", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "RemovableStorage.admx", "CategoryName": "DeviceAccess", "PolicyName": "TapeDrives_DenyExecute_Access_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.RemovableStorageAccess", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Tape Drives: Deny execute access", "ExplainText": "This policy setting denies execute access to the Tape Drive removable storage class.\n\nIf you enable this policy setting, execute access is denied to this removable storage class.\n\nIf you disable or do not configure this policy setting, execute access is allowed to this removable storage class.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\{53f5630b-b6bf-11d0-94f2-00a0c91efb8b}" ], "ValueName": "Deny_Execute", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "RemovableStorage.admx", "CategoryName": "DeviceAccess", "PolicyName": "WPDDevices_DenyRead_Access_1", "Class": "User", "NameSpace": "Microsoft.Policies.RemovableStorageAccess", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "WPD Devices: Deny read access", "ExplainText": "This policy setting denies read access to removable disks, which may include media players, cellular phones, auxiliary displays, and CE devices.\n\nIf you enable this policy setting, read access is denied to this removable storage class.\n\nIf you disable or do not configure this policy setting, read access is allowed to this removable storage class.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\{6AC27878-A6FA-4155-BA85-F98F491D4F33}" ], "ValueName": "Deny_Read", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" }, { "Type": "EnabledList", "ValueName": "Deny_Read", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\{F33FDC04-D1AC-4E8E-9A30-19BBD4B108AE}" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "Deny_Read", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\{F33FDC04-D1AC-4E8E-9A30-19BBD4B108AE}" ], "Data": "0" } ] }, { "File": "RemovableStorage.admx", "CategoryName": "DeviceAccess", "PolicyName": "WPDDevices_DenyRead_Access_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.RemovableStorageAccess", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "WPD Devices: Deny read access", "ExplainText": "This policy setting denies read access to removable disks, which may include media players, cellular phones, auxiliary displays, and CE devices.\n\nIf you enable this policy setting, read access is denied to this removable storage class.\n\nIf you disable or do not configure this policy setting, read access is allowed to this removable storage class.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\{6AC27878-A6FA-4155-BA85-F98F491D4F33}" ], "ValueName": "Deny_Read", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" }, { "Type": "EnabledList", "ValueName": "Deny_Read", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\{F33FDC04-D1AC-4E8E-9A30-19BBD4B108AE}" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "Deny_Read", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\{F33FDC04-D1AC-4E8E-9A30-19BBD4B108AE}" ], "Data": "0" } ] }, { "File": "RemovableStorage.admx", "CategoryName": "DeviceAccess", "PolicyName": "WPDDevices_DenyWrite_Access_1", "Class": "User", "NameSpace": "Microsoft.Policies.RemovableStorageAccess", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "WPD Devices: Deny write access", "ExplainText": "This policy setting denies write access to removable disks, which may include media players, cellular phones, auxiliary displays, and CE devices.\n\nIf you enable this policy setting, write access is denied to this removable storage class.\n\nIf you disable or do not configure this policy setting, write access is allowed to this removable storage class.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\{6AC27878-A6FA-4155-BA85-F98F491D4F33}" ], "ValueName": "Deny_Write", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" }, { "Type": "EnabledList", "ValueName": "Deny_Write", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\{F33FDC04-D1AC-4E8E-9A30-19BBD4B108AE}" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "Deny_Write", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\{F33FDC04-D1AC-4E8E-9A30-19BBD4B108AE}" ], "Data": "0" } ] }, { "File": "RemovableStorage.admx", "CategoryName": "DeviceAccess", "PolicyName": "WPDDevices_DenyWrite_Access_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.RemovableStorageAccess", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "WPD Devices: Deny write access", "ExplainText": "This policy setting denies write access to removable disks, which may include media players, cellular phones, auxiliary displays, and CE devices.\n\nIf you enable this policy setting, write access is denied to this removable storage class.\n\nIf you disable or do not configure this policy setting, write access is allowed to this removable storage class.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\{6AC27878-A6FA-4155-BA85-F98F491D4F33}" ], "ValueName": "Deny_Write", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" }, { "Type": "EnabledList", "ValueName": "Deny_Write", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\{F33FDC04-D1AC-4E8E-9A30-19BBD4B108AE}" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "Deny_Write", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\{F33FDC04-D1AC-4E8E-9A30-19BBD4B108AE}" ], "Data": "0" } ] }, { "File": "RemovableStorage.admx", "CategoryName": "DeviceAccess", "PolicyName": "Removable_Remote_Allow_Access", "Class": "Machine", "NameSpace": "Microsoft.Policies.RemovableStorageAccess", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "All Removable Storage: Allow direct access in remote sessions", "ExplainText": "This policy setting grants normal users direct access to removable storage devices in remote sessions.\n\nIf you enable this policy setting, remote users can open direct handles to removable storage devices in remote sessions.\n\nIf you disable or do not configure this policy setting, remote users cannot open direct handles to removable storage devices in remote sessions.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices" ], "ValueName": "AllowRemoteDASD", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "RPC.admx", "CategoryName": "Rpc", "PolicyName": "RpcEnableAuthEpResolution", "Class": "Machine", "NameSpace": "Microsoft.Policies.RemoteProcedureCalls", "Supported": "WindowsXPSP2 - At least Windows XP Professional with SP2", "DisplayName": "Enable RPC Endpoint Mapper Client Authentication", "ExplainText": "This policy setting controls whether RPC clients authenticate with the Endpoint Mapper Service when the call they are making contains authentication information. The Endpoint Mapper Service on computers running Windows NT4 (all service packs) cannot process authentication information supplied in this manner.\n\nIf you disable this policy setting, RPC clients will not authenticate to the Endpoint Mapper Service, but they will be able to communicate with the Endpoint Mapper Service on Windows NT4 Server.\n\nIf you enable this policy setting, RPC clients will authenticate to the Endpoint Mapper Service for calls that contain authentication information. Clients making such calls will not be able to communicate with the Windows NT4 Server Endpoint Mapper Service.\n\nIf you do not configure this policy setting, it remains disabled. RPC clients will not authenticate to the Endpoint Mapper Service, but they will be able to communicate with the Windows NT4 Server Endpoint Mapper Service.\n\nNote: This policy will not be applied until the system is rebooted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Rpc" ], "ValueName": "EnableAuthEpResolution", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "RPC.admx", "CategoryName": "Rpc", "PolicyName": "RpcExtendedErrorInformation", "Class": "Machine", "NameSpace": "Microsoft.Policies.RemoteProcedureCalls", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Propagate extended error information", "ExplainText": "This policy setting controls whether the RPC runtime generates extended error information when an error occurs.\n\nExtended error information includes the local time that the error occurred, the RPC version, and the name of the computer on which the error occurred, or from which it was propagated. Programs can retrieve the extended error information by using standard Windows application programming interfaces (APIs).\n\nIf you disable this policy setting, the RPC Runtime only generates a status code to indicate an error condition.\n\nIf you do not configure this policy setting, it remains disabled. It will only generate a status code to indicate an error condition.\n\nIf you enable this policy setting, the RPC runtime will generate extended error information. You must select an error response type in the drop-down box.\n\n-- \"Off\" disables all extended error information for all processes. RPC only generates an error code.\n\n-- \"On with Exceptions\" enables extended error information, but lets you disable it for selected processes. To disable extended error information for a process while this policy setting is in effect, the command that starts the process must begin with one of the strings in the Extended Error Information Exception field.\n\n-- \"Off with Exceptions\" disables extended error information, but lets you enable it for selected processes. To enable extended error information for a process while this policy setting is in effect, the command that starts the process must begin with one of the strings in the Extended Error Information Exception field.\n\n-- \"On\" enables extended error information for all processes.\n\nNote: For information about the Extended Error Information Exception field, see the Windows Software Development Kit (SDK).\n\nNote: Extended error information is formatted to be compatible with other operating systems and older Microsoft operating systems, but only newer Microsoft operating systems can read and respond to the information.\n\nNote: The default policy setting, \"Off,\" is designed for systems where extended error information is considered to be sensitive, and it should not be made available remotely.\n\nNote: This policy setting will not be applied until the system is rebooted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Rpc" ], "Elements": [ { "Type": "Enum", "ValueName": "ExtErrorInformation", "Items": [ { "DisplayName": "Off", "Data": "0" }, { "DisplayName": "On with Exceptions", "Data": "1" }, { "DisplayName": "Off with Exceptions", "Data": "2" }, { "DisplayName": "On", "Data": "3" } ], "Required": true }, { "Type": "Text", "ValueName": "ExtErrorInfoExceptions" } ] }, { "File": "RPC.admx", "CategoryName": "Rpc", "PolicyName": "RpcIgnoreDelegationFailure", "Class": "Machine", "NameSpace": "Microsoft.Policies.RemoteProcedureCalls", "Supported": "WindowsNET - At least Windows Server 2003", "DisplayName": "Ignore Delegation Failure", "ExplainText": "This policy setting controls whether the RPC Runtime ignores delegation failures when delegation is requested.\n\nThe constrained delegation model, introduced in Windows Server 2003, does not report that delegation was enabled on a security context when a client connects to a server. Callers of RPC and COM are encouraged to use the RPC_C_QOS_CAPABILITIES_IGNORE_DELEGATE_FAILURE flag, but some applications written for the traditional delegation model prior to Windows Server 2003 may not use this flag and will encounter RPC_S_SEC_PKG_ERROR when connecting to a server that uses constrained delegation.\n\nIf you disable this policy setting, the RPC Runtime will generate RPC_S_SEC_PKG_ERROR errors to applications that ask for delegation and connect to servers using constrained delegation.\n\nIf you do not configure this policy setting, it remains disabled and will generate RPC_S_SEC_PKG_ERROR errors to applications that ask for delegation and connect to servers using constrained delegation.\n\nIf you enable this policy setting, then:\n\n-- \"Off\" directs the RPC Runtime to generate RPC_S_SEC_PKG_ERROR if the client asks for delegation, but the created security context does not support delegation.\n\n-- \"On\" directs the RPC Runtime to accept security contexts that do not support delegation even if delegation was asked for.\n\nNote: This policy setting will not be applied until the system is rebooted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Rpc" ], "Elements": [ { "Type": "Enum", "ValueName": "IgnoreDelegationFailure", "Items": [ { "DisplayName": "Off", "Data": "0" }, { "DisplayName": "On", "Data": "1" } ], "Required": true } ] }, { "File": "RPC.admx", "CategoryName": "Rpc", "PolicyName": "RpcMinimumHttpConnectionTimeout", "Class": "Machine", "NameSpace": "Microsoft.Policies.RemoteProcedureCalls", "Supported": "WindowsXPSP1 - At least Windows Server 2003 operating systems or Windows XP Professional with SP1", "DisplayName": "Set Minimum Idle Connection Timeout for RPC/HTTP connections", "ExplainText": "This policy setting controls the idle connection timeout for RPC/HTTP connections.\n\nThis policy setting is useful in cases where a network agent like an HTTP proxy or a router uses a lower idle connection timeout than the IIS server running the RPC/HTTP proxy. In such cases, RPC/HTTP clients may encounter errors because connections will be timed out faster than expected. Using this policy setting you can force the RPC Runtime and the RPC/HTTP Proxy to use a lower connection timeout.\n\nThis policy setting is only applicable when the RPC Client, the RPC Server and the RPC HTTP Proxy are all running Windows Server 2003 family/Windows XP SP1 or higher versions. If either the RPC Client or the RPC Server or the RPC HTTP Proxy run on an older version of Windows, this policy setting will be ignored.\n\nThe minimum allowed value for this policy setting is 90 seconds. The maximum is 7200 seconds (2 hours).\n\nIf you disable this policy setting, the idle connection timeout on the IIS server running the RPC HTTP proxy will be used.\n\nIf you do not configure this policy setting, it will remain disabled. The idle connection timeout on the IIS server running the RPC HTTP proxy will be used.\n\nIf you enable this policy setting, and the IIS server running the RPC HTTP proxy is configured with a lower idle connection timeout, the timeout on the IIS server is used. Otherwise, the provided timeout value is used. The timeout is given in seconds.\n\nNote: This policy setting will not be applied until the system is rebooted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Rpc" ], "Elements": [ { "Type": "Decimal", "ValueName": "MinimumConnectionTimeout", "MinValue": "90", "MaxValue": null, "Required": true } ] }, { "File": "RPC.admx", "CategoryName": "Rpc", "PolicyName": "RpcRestrictRemoteClients", "Class": "Machine", "NameSpace": "Microsoft.Policies.RemoteProcedureCalls", "Supported": "WindowsXPSP2 - At least Windows XP Professional with SP2", "DisplayName": "Restrict Unauthenticated RPC clients", "ExplainText": "This policy setting controls how the RPC server runtime handles unauthenticated RPC clients connecting to RPC servers.\n\nThis policy setting impacts all RPC applications. In a domain environment this policy setting should be used with caution as it can impact a wide range of functionality including group policy processing itself. Reverting a change to this policy setting can require manual intervention on each affected machine. This policy setting should never be applied to a domain controller.\n\nIf you disable this policy setting, the RPC server runtime uses the value of \"Authenticated\" on Windows Client, and the value of \"None\" on Windows Server versions that support this policy setting.\n\nIf you do not configure this policy setting, it remains disabled. The RPC server runtime will behave as though it was enabled with the value of \"Authenticated\" used for Windows Client and the value of \"None\" used for Server SKUs that support this policy setting.\n\nIf you enable this policy setting, it directs the RPC server runtime to restrict unauthenticated RPC clients connecting to RPC servers running on a machine. A client will be considered an authenticated client if it uses a named pipe to communicate with the server or if it uses RPC Security. RPC Interfaces that have specifically requested to be accessible by unauthenticated clients may be exempt from this restriction, depending on the selected value for this policy setting.\n\n-- \"None\" allows all RPC clients to connect to RPC Servers running on the machine on which the policy setting is applied.\n\n-- \"Authenticated\" allows only authenticated RPC Clients (per the definition above) to connect to RPC Servers running on the machine on which the policy setting is applied. Exemptions are granted to interfaces that have requested them.\n\n-- \"Authenticated without exceptions\" allows only authenticated RPC Clients (per the definition above) to connect to RPC Servers running on the machine on which the policy setting is applied. No exceptions are allowed.\n\nNote: This policy setting will not be applied until the system is rebooted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Rpc" ], "Elements": [ { "Type": "Enum", "ValueName": "RestrictRemoteClients", "Items": [ { "DisplayName": "None", "Data": "0" }, { "DisplayName": "Authenticated", "Data": "1" }, { "DisplayName": "Authenticated without exceptions", "Data": "2" } ], "Required": true } ] }, { "File": "RPC.admx", "CategoryName": "Rpc", "PolicyName": "RpcStateInformation", "Class": "Machine", "NameSpace": "Microsoft.Policies.RemoteProcedureCalls", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Maintain RPC Troubleshooting State Information", "ExplainText": "This policy setting determines whether the RPC Runtime maintains RPC state information for the system, and how much information it maintains. Basic state information, which consists only of the most commonly needed state data, is required for troubleshooting RPC problems.\n\nIf you disable this policy setting, the RPC runtime defaults to \"Auto2\" level.\n\nIf you do not configure this policy setting, the RPC defaults to \"Auto2\" level.\n\nIf you enable this policy setting, you can use the drop-down box to determine which systems maintain RPC state information.\n\n-- \"None\" indicates that the system does not maintain any RPC state information. Note: Because the basic state information required for troubleshooting has a negligible effect on performance and uses only about 4K of memory, this setting is not recommended for most installations.\n\n-- \"Auto1\" directs RPC to maintain basic state information only if the computer has at least 64 MB of memory.\n\n-- \"Auto2\" directs RPC to maintain basic state information only if the computer has at least 128 MB of memory and is running Windows 2000 Server, Windows 2000 Advanced Server, or Windows 2000 Datacenter Server.\n\n-- \"Server\" directs RPC to maintain basic state information on the computer, regardless of its capacity.\n\n-- \"Full\" directs RPC to maintain complete RPC state information on the system, regardless of its capacity. Because this level can degrade performance, it is recommended for use only while you are investigating an RPC problem.\n\nNote: To retrieve the RPC state information from a system that maintains it, you must use a debugging tool.\n\nNote: This policy setting will not be applied until the system is rebooted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Rpc" ], "Elements": [ { "Type": "Enum", "ValueName": "StateInformation", "Items": [ { "DisplayName": "None", "Data": "0" }, { "DisplayName": "Auto1", "Data": "1" }, { "DisplayName": "Auto2", "Data": "2" }, { "DisplayName": "Server", "Data": "3" }, { "DisplayName": "Full", "Data": "4" } ], "Required": true } ] }, { "File": "sam.admx", "CategoryName": "SAM", "PolicyName": "SamNGCKeyROCAValidation", "Class": "Machine", "NameSpace": "Microsoft.Policies.SAM", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Configure validation of ROCA-vulnerable WHfB keys during authentication", "ExplainText": "This policy setting allows you to configure how domain controllers handle Windows Hello for Business (WHfB) keys that are vulnerable to the \"Return of Coppersmith's attack\" (ROCA) vulnerability.\n\nFor more information on the ROCA vulnerability, please see:\n\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15361\n\nhttps://en.wikipedia.org/wiki/ROCA_vulnerability\n\nIf you enable this policy setting the following options are supported:\n\nIgnore: during authentication the domain controller will not probe any WHfB keys for the ROCA vulnerability.\n\nAudit: during authentication the domain controller will emit audit events for WHfB keys that are subject to the ROCA vulnerability (authentications will still succeed).\n\nBlock: during authentication the domain controller will block the use of WHfB keys that are subject to the ROCA vulnerability (authentications will fail).\n\nThis setting only takes effect on domain controllers.\n\nIf not configured, domain controllers will default to using their local configuration. The default local configuration is Audit.\n\nA reboot is not required for changes to this setting to take effect.\n\nNote: to avoid unexpected disruptions this setting should not be set to Block until appropriate mitigations have been performed, for example patching of vulnerable TPMs.\n\nMore information is available at https://go.microsoft.com/fwlink/?linkid=2116430.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\SAM" ], "Elements": [ { "Type": "Enum", "ValueName": "SamNGCKeyROCAValidation", "Items": [ { "DisplayName": "Ignore ROCA-vulnerable WHfB keys", "Data": "0" }, { "DisplayName": "Audit ROCA-vulnerable WHfB keys on use", "Data": "1" }, { "DisplayName": "Block ROCA-vulnerable WHfB keys on use", "Data": "2" } ] } ] }, { "File": "sam.admx", "CategoryName": "SAM", "PolicyName": "SamrChangeUserPasswordApiPolicy", "Class": "Machine", "NameSpace": "Microsoft.Policies.SAM", "Supported": "Windows10 - At least Microsoft Windows 10 or later", "DisplayName": "Configure SAM change password RPC methods policy", "ExplainText": "This policy enables an administrator to configure the remote usage of change user password RPC methods in security account manager(SAM).\n\nWhen the policy is enabled, following options are supported:\n\nBlock all change password RPC methods: block remote usage of all the security account manager(SAM) change password RPC methods.\n\nAllow strong encryption change password RPC method: allow remote use of the change password RPC method which uses strong encryption and blocks remote use of weak encryption methods.\n\nAllow all change password RPC methods: allows remote usage of all the change password RPC methods irrespetive of the encryption.\n\nDefault policy: 1. Domain member computers - block all change password RPC methods.\n2. Domain controllers - allow strong encryption change password RPC method.\n\nNote: If the policy is disabled or not configured, the machine will use the default policy.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\SAM" ], "Elements": [ { "Type": "Enum", "ValueName": "SamrChangeUserPasswordApiPolicy", "Items": [ { "DisplayName": "Block all change password RPC methods", "Data": "1" }, { "DisplayName": "Allow strong encryption change password RPC method only", "Data": "2" }, { "DisplayName": "Allow all change password RPC methods", "Data": "3" } ] } ] }, { "File": "Scripts.admx", "CategoryName": "Scripts", "PolicyName": "MaxGPOScriptWaitPolicy", "Class": "Machine", "NameSpace": "Microsoft.Policies.Scripts", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Specify maximum wait time for Group Policy scripts", "ExplainText": "This policy setting determines how long the system waits for scripts applied by Group Policy to run.\n\nThis setting limits the total time allowed for all logon, logoff, startup, and shutdown scripts applied by Group Policy to finish running. If the scripts have not finished running when the specified time expires, the system stops script processing and records an error event.\n\nIf you enable this setting, then, in the Seconds box, you can type a number from 1 to 32,000 for the number of seconds you want the system to wait for the set of scripts to finish. To direct the system to wait until the scripts have finished, no matter how long they take, type 0.\n\nThis interval is particularly important when other system tasks must wait while the scripts complete. By default, each startup script must complete before the next one runs. Also, you can use the \"\"Run logon scripts synchronously\"\" setting to direct the system to wait for the logon scripts to complete before loading the desktop.\n\nAn excessively long interval can delay the system and inconvenience users. However, if the interval is too short, prerequisite tasks might not be done, and the system can appear to be ready prematurely.\n\nIf you disable or do not configure this setting the system lets the combined set of scripts run for up to 600 seconds (10 minutes). This is the default.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "Elements": [ { "Type": "Decimal", "ValueName": "MaxGPOScriptWait", "MinValue": "0", "MaxValue": "32000", "Required": true } ] }, { "File": "Scripts.admx", "CategoryName": "Scripts", "PolicyName": "Run_Legacy_Logon_Script_Hidden", "Class": "User", "NameSpace": "Microsoft.Policies.Scripts", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Run legacy logon scripts hidden", "ExplainText": "This policy setting hides the instructions in logon scripts written for Windows NT 4.0 and earlier.\n\nLogon scripts are batch files of instructions that run when the user logs on. By default, Windows 2000 displays the instructions in logon scripts written for Windows NT 4.0 and earlier in a command window as they run, although it does not display logon scripts written for Windows 2000.\n\nIf you enable this setting, Windows 2000 does not display logon scripts written for Windows NT 4.0 and earlier.\n\nIf you disable or do not configure this policy setting, Windows 2000 displays login scripts written for Windows NT 4.0 and earlier.\n\nAlso, see the \"Run Logon Scripts Visible\" setting.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "ValueName": "HideLegacyLogonScripts", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Scripts.admx", "CategoryName": "Scripts", "PolicyName": "Run_Logoff_Script_Visible", "Class": "User", "NameSpace": "Microsoft.Policies.Scripts", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Display instructions in logoff scripts as they run", "ExplainText": "This policy setting displays the instructions in logoff scripts as they run.\n\nLogoff scripts are batch files of instructions that run when the user logs off. By default, the system does not display the instructions in the logoff script.\n\nIf you enable this policy setting, the system displays each instruction in the logoff script as it runs. The instructions appear in a command window. This policy setting is designed for advanced users.\n\nIf you disable or do not configure this policy setting, the instructions are suppressed.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "ValueName": "HideLogoffScripts", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "Scripts.admx", "CategoryName": "Scripts", "PolicyName": "Run_Logon_Script_Sync_1", "Class": "User", "NameSpace": "Microsoft.Policies.Scripts", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Run logon scripts synchronously", "ExplainText": "This policy setting directs the system to wait for logon scripts to finish running before it starts the File Explorer interface program and creates the desktop.\n\nIf you enable this policy setting, File Explorer does not start until the logon scripts have finished running. This policy setting ensures that logon script processing is complete before the user starts working, but it can delay the appearance of the desktop.\n\nIf you disable or do not configure this policy setting, the logon scripts and File Explorer are not synchronized and can run simultaneously.\n\nThis policy setting appears in the Computer Configuration and User Configuration folders. The policy setting set in Computer Configuration takes precedence over the policy setting set in User Configuration.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "ValueName": "RunLogonScriptSync", "Elements": [] }, { "File": "Scripts.admx", "CategoryName": "Scripts", "PolicyName": "Run_Logon_Script_Sync_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.Scripts", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Run logon scripts synchronously", "ExplainText": "This policy setting directs the system to wait for logon scripts to finish running before it starts the File Explorer interface program and creates the desktop.\n\nIf you enable this policy setting, File Explorer does not start until the logon scripts have finished running. This policy setting ensures that logon script processing is complete before the user starts working, but it can delay the appearance of the desktop.\n\nIf you disable or do not configure this policy setting, the logon scripts and File Explorer are not synchronized and can run simultaneously.\n\nThis policy setting appears in the Computer Configuration and User Configuration folders. The policy setting set in Computer Configuration takes precedence over the policy setting set in User Configuration.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "ValueName": "RunLogonScriptSync", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Scripts.admx", "CategoryName": "Scripts", "PolicyName": "Run_Logon_Script_Visible", "Class": "User", "NameSpace": "Microsoft.Policies.Scripts", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Display instructions in logon scripts as they run", "ExplainText": "This policy setting displays the instructions in logon scripts as they run.\n\nLogon scripts are batch files of instructions that run when the user logs on. By default, the system does not display the instructions in logon scripts.\n\nIf you enable this policy setting, the system displays each instruction in the logon script as it runs. The instructions appear in a command window. This policy setting is designed for advanced users.\n\nIf you disable or do not configure this policy setting, the instructions are suppressed.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "ValueName": "HideLogonScripts", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "Scripts.admx", "CategoryName": "Scripts", "PolicyName": "Run_Computer_PS_Scripts_First", "Class": "Machine", "NameSpace": "Microsoft.Policies.Scripts", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Run Windows PowerShell scripts first at computer startup, shutdown", "ExplainText": "This policy setting determines whether Windows PowerShell scripts are run before non-Windows PowerShell scripts during computer startup and shutdown. By default, Windows PowerShell scripts run after non-Windows PowerShell scripts.\n\nIf you enable this policy setting, within each applicable Group Policy Object (GPO), Windows PowerShell scripts are run before non-Windows PowerShell scripts during computer startup and shutdown.\n\nFor example, assume the following scenario:\n\nThere are three GPOs (GPO A, GPO B, and GPO C). This policy setting is enabled in GPO A.\n\nGPO B and GPO C include the following computer startup scripts:\n\nGPO B: B.cmd, B.ps1\nGPO C: C.cmd, C.ps1\n\nAssume also that there are two computers, DesktopIT and DesktopSales.\nFor DesktopIT, GPOs A, B, and C are applied. Therefore, the scripts for GPOs B and C run in the following order for DesktopIT:\n\nWithin GPO B: B.ps1, B.cmd\nWithin GPO C: C.ps1, C.cmd\n\nFor DesktopSales, GPOs B and C are applied, but not GPO A. Therefore, the scripts for GPOs B and C run in the following order for DesktopSales:\n\nWithin GPO B: B.cmd, B.ps1\nWithin GPO C: C.cmd, C.ps1\n\nNote: This policy setting determines the order in which computer startup and shutdown scripts are run within all applicable GPOs. You can override this policy setting for specific script types within a specific GPO by configuring the following policy settings for the GPO:\n\nComputer Configuration\\Policies\\Windows Settings\\Scripts (Startup/Shutdown)\\Startup\nComputer Configuration\\Policies\\Windows Settings\\Scripts (Startup/Shutdown)\\Shutdown", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "ValueName": "RunComputerPSScriptsFirst", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Scripts.admx", "CategoryName": "Scripts", "PolicyName": "Run_User_PS_Scripts_First", "Class": "Both", "NameSpace": "Microsoft.Policies.Scripts", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Run Windows PowerShell scripts first at user logon, logoff", "ExplainText": "This policy setting determines whether Windows PowerShell scripts are run before non-Windows PowerShell scripts during user logon and logoff. By default, Windows PowerShell scripts run after non-Windows PowerShell scripts.\n\nIf you enable this policy setting, within each applicable Group Policy Object (GPO), PowerShell scripts are run before non-PowerShell scripts during user logon and logoff.\n\nFor example, assume the following scenario:\n\nThere are three GPOs (GPO A, GPO B, and GPO C). This policy setting is enabled in GPO A.\n\nGPO B and GPO C include the following user logon scripts:\n\nGPO B: B.cmd, B.ps1\nGPO C: C.cmd, C.ps1\n\nAssume also that there are two users, Qin Hong and Tamara Johnston.\nFor Qin, GPOs A, B, and C are applied. Therefore, the scripts for GPOs B and C run in the following order for Qin:\n\nWithin GPO B: B.ps1, B.cmd\nWithin GPO C: C.ps1, C.cmd\n\nFor Tamara, GPOs B and C are applied, but not GPO A. Therefore, the scripts for GPOs B and C run in the following order for Tamara:\n\nWithin GPO B: B.cmd, B.ps1\nWithin GPO C: C.cmd, C.ps1\n\nNote: This policy setting determines the order in which user logon and logoff scripts are run within all applicable GPOs. You can override this policy setting for specific script types within a specific GPO by configuring the following policy settings for the GPO:\n\nUser Configuration\\Policies\\Windows Settings\\Scripts (Logon/Logoff)\\Logon\nUser Configuration\\Policies\\Windows Settings\\Scripts (Logon/Logoff)\\Logoff\n\nThis policy setting appears in the Computer Configuration and User Configuration folders. The policy setting set in Computer Configuration takes precedence over the setting set in User Configuration.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "ValueName": "RunUserPSScriptsFirst", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Scripts.admx", "CategoryName": "Scripts", "PolicyName": "Run_Shutdown_Script_Visible", "Class": "Machine", "NameSpace": "Microsoft.Policies.Scripts", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Display instructions in shutdown scripts as they run", "ExplainText": "This policy setting displays the instructions in shutdown scripts as they run.\n\nShutdown scripts are batch files of instructions that run when the user restarts the system or shuts it down. By default, the system does not display the instructions in the shutdown script.\n\nIf you enable this policy setting, the system displays each instruction in the shutdown script as it runs. The instructions appear in a command window.\n\nIf you disable or do not configure this policy setting, the instructions are suppressed.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "ValueName": "HideShutdownScripts", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "Scripts.admx", "CategoryName": "Scripts", "PolicyName": "Run_Startup_Script_Sync", "Class": "Machine", "NameSpace": "Microsoft.Policies.Scripts", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Run startup scripts asynchronously", "ExplainText": "This policy setting lets the system run startup scripts simultaneously.\n\nStartup scripts are batch files that run before the user is invited to log on. By default, the system waits for each startup script to complete before it runs the next startup script.\n\nIf you enable this policy setting, the system does not coordinate the running of startup scripts. As a result, startup scripts can run simultaneously.\n\nIf you disable or do not configure this policy setting, a startup cannot run until the previous script is complete.\n\nNote: Starting with Windows Vista operating system, scripts that are configured to run asynchronously are no longer visible on startup, whether the \"\"Run startup scripts visible\"\" policy setting is enabled or not.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "ValueName": "RunStartupScriptSync", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "Scripts.admx", "CategoryName": "Scripts", "PolicyName": "Run_Startup_Script_Visible", "Class": "Machine", "NameSpace": "Microsoft.Policies.Scripts", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Display instructions in startup scripts as they run", "ExplainText": "This policy setting displays the instructions in startup scripts as they run.\n\nStartup scripts are batch files of instructions that run before the user is invited to log on. By default, the system does not display the instructions in the startup script.\n\nIf you enable this policy setting, the system displays each instruction in the startup script as it runs. Instructions appear in a command window. This policy setting is designed for advanced users.\n\nIf you disable or do not configure this policy setting, the instructions are suppressed.\n\nNote: Starting with Windows Vista operating system, scripts that are configured to run asynchronously are no longer visible on startup, whether this policy setting is enabled or not.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "ValueName": "HideStartupScripts", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "Scripts.admx", "CategoryName": "Scripts", "PolicyName": "Allow_Logon_Script_NetbiosDisabled", "Class": "Machine", "NameSpace": "Microsoft.Policies.Scripts", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Allow logon scripts when NetBIOS or WINS is disabled", "ExplainText": "This policy setting allows user logon scripts to run when the logon cross-forest, DNS suffixes are not configured, and NetBIOS or WINS is disabled. This policy setting affects all user accounts interactively logging on to the computer.\n\nIf you enable this policy setting, user logon scripts run if NetBIOS or WINS is disabled during cross-forest logons without the DNS suffixes being configured.\n\nIf you disable or do not configure this policy setting, user account cross-forest, interactive logging cannot run logon scripts if NetBIOS or WINS is disabled, and the DNS suffixes are not configured.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "ValueName": "Allow-LogonScript-NetbiosDisabled", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "sdiageng.admx", "CategoryName": "ScriptedDiagnosticsCategory", "PolicyName": "ScriptedDiagnosticsSecurityPolicy", "Class": "Machine", "NameSpace": "Microsoft.Policies.ScriptedDiagnostics", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Configure Security Policy for Scripted Diagnostics", "ExplainText": "This policy setting determines whether scripted diagnostics will execute diagnostic packages that are signed by untrusted publishers.\n\nIf you enable this policy setting, the scripted diagnostics execution engine validates the signer of any diagnostic package and runs only those signed by trusted publishers.\n\nIf you disable or do not configure this policy setting, the scripted diagnostics execution engine runs all digitally signed packages.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\ScriptedDiagnostics" ], "ValueName": "ValidateTrust", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "sdiageng.admx", "CategoryName": "ScriptedDiagnosticsCategory", "PolicyName": "ScriptedDiagnosticsExecutionPolicy", "Class": "Machine", "NameSpace": "Microsoft.Policies.ScriptedDiagnostics", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Troubleshooting: Allow users to access and run Troubleshooting Wizards", "ExplainText": "This policy setting allows users to access and run the troubleshooting tools that are available in the Troubleshooting Control Panel and to run the troubleshooting wizard to troubleshoot problems on their computers.\n\nIf you enable or do not configure this policy setting, users can access and run the troubleshooting tools from the Troubleshooting Control Panel.\n\nIf you disable this policy setting, users cannot access or run the troubleshooting tools from the Control Panel.\n\nNote that this setting also controls a user's ability to launch standalone troubleshooting packs such as those found in .diagcab files.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\ScriptedDiagnostics" ], "ValueName": "EnableDiagnostics", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "sdiageng.admx", "CategoryName": "ScriptedDiagnosticsCategory", "PolicyName": "BetterWhenConnected", "Class": "Machine", "NameSpace": "Microsoft.Policies.ScriptedDiagnostics", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Troubleshooting: Allow users to access online troubleshooting content on Microsoft servers from the Troubleshooting Control Panel (via the Windows Online Troubleshooting Service - WOTS)", "ExplainText": "This policy setting allows users who are connected to the Internet to access and search troubleshooting content that is hosted on Microsoft content servers. Users can access online troubleshooting content from within the Troubleshooting Control Panel UI by clicking \"Yes\" when they are prompted by a message that states, \"Do you want the most up-to-date troubleshooting content?\"\n\nIf you enable or do not configure this policy setting, users who are connected to the Internet can access and search troubleshooting content that is hosted on Microsoft content servers from within the Troubleshooting Control Panel user interface.\n\nIf you disable this policy setting, users can only access and search troubleshooting content that is available locally on their computers, even if they are connected to the Internet. They are prevented from connecting to the Microsoft servers that host the Windows Online Troubleshooting Service.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\ScriptedDiagnosticsProvider\\Policy" ], "ValueName": "EnableQueryRemoteServer", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "sdiagschd.admx", "CategoryName": "ScheduledDiagnosticsCategory", "PolicyName": "ScheduledDiagnosticsExecutionPolicy", "Class": "Machine", "NameSpace": "Microsoft.Policies.ScheduledDiagnostics", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Configure Scheduled Maintenance Behavior", "ExplainText": "Determines whether scheduled diagnostics will run to proactively detect and resolve system problems.\n\nIf you enable this policy setting, you must choose an execution level. If you choose detection and troubleshooting only, Windows will periodically detect and troubleshoot problems. The user will be notified of the problem for interactive resolution.\n\nIf you choose detection, troubleshooting and resolution, Windows will resolve some of these problems silently without requiring user input.\n\nIf you disable this policy setting, Windows will not be able to detect, troubleshoot or resolve problems on a scheduled basis.\n\nIf you do not configure this policy setting, local troubleshooting preferences will take precedence, as configured in the control panel. If no local troubleshooting preference is configured, scheduled diagnostics are enabled for detection, troubleshooting and resolution by default.\n\nNo reboots or service restarts are required for this policy to take effect: changes take effect immediately.\n\nThis policy setting will only take effect when the Task Scheduler service is in the running state. When the service is stopped or disabled, scheduled diagnostics will not be executed. The Task Scheduler service can be configured with the Services snap-in to the Microsoft Management Console.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\ScheduledDiagnostics" ], "ValueName": "EnabledExecution", "Elements": [ { "Type": "Enum", "ValueName": "EnabledExecutionLevel", "Items": [ { "DisplayName": "Troubleshooting Only", "Data": "1" }, { "DisplayName": "Regular", "Data": "2" } ], "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Search.admx", "CategoryName": "Search", "PolicyName": "HideUNCTab_1", "Class": "Machine", "NameSpace": "FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21", "Supported": "4OrLater - Any version of Microsoft Windows with Windows Search 4.0 or later", "DisplayName": "Prevent adding UNC locations to index from Control Panel", "ExplainText": "Enabling this policy prevents users from adding UNC locations to the index from the Search and Indexing Options in Control Panel. Any UNC locations that have already been added to the index by the user will not be removed.\n\nWhen this policy is disabled or not configured, users will be able to add UNC locations to the index.\n\nThis policy has no effect if the Files on Microsoft Networks add-in is not installed.\n\nDisabled by default.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search" ], "ValueName": "HideUNCTab", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Search.admx", "CategoryName": "Search", "PolicyName": "HideUNCTab_2", "Class": "User", "NameSpace": "FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21", "Supported": "4OrLater - Any version of Microsoft Windows with Windows Search 4.0 or later", "DisplayName": "Prevent adding UNC locations to index from Control Panel", "ExplainText": "Enabling this policy prevents users from adding UNC locations to the index from the Search and Indexing Options in Control Panel. Any UNC locations that have already been added to the index by the user will not be removed.\n\nWhen this policy is disabled or not configured, users will be able to add UNC locations to the index.\n\nThis policy has no effect if the Files on Microsoft Networks add-in is not installed.\n\nDisabled by default.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search" ], "ValueName": "HideUNCTab", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Search.admx", "CategoryName": "Search", "PolicyName": "AllowIndexingEncryptedStoresOrItems", "Class": "Machine", "NameSpace": "FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21", "Supported": "VistaOr4 - Microsoft Windows Vista, or any version of Windows with Windows Search 4.0 or later", "DisplayName": "Allow indexing of encrypted files", "ExplainText": "This policy setting allows encrypted items to be indexed. If you enable this policy setting, indexing will attempt to decrypt and index the content (access restrictions will still apply). If you disable this policy setting, the search service components (including non-Microsoft components) are expected not to index encrypted items or encrypted stores. This policy setting is not configured by default. If you do not configure this policy setting, the local setting, configured through Control Panel, will be used. By default, the Control Panel setting is set to not index encrypted content.\n\nWhen this setting is enabled or disabled, the index is rebuilt completely.\n\nFull volume encryption (such as BitLocker Drive Encryption or a non-Microsoft solution) must be used for the location of the index to maintain security for encrypted files.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search" ], "ClientExtension": "{7933F41E-56F8-41d6-A31C-4148A711EE93}", "ValueName": "AllowIndexingEncryptedStoresOrItems", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Search.admx", "CategoryName": "Search", "PolicyName": "DisableBackoff", "Class": "Machine", "NameSpace": "FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21", "Supported": "4OrLater - Any version of Microsoft Windows with Windows Search 4.0 or later", "DisplayName": "Disable indexer backoff", "ExplainText": "If enabled, the search indexer backoff feature will be disabled. Indexing will continue at full speed even when system activity is high. If disabled, backoff logic will be used to throttle back indexing activity when system activity is high. Default is disabled.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search" ], "ValueName": "DisableBackoff", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Search.admx", "CategoryName": "Search", "PolicyName": "PreventRemoteQueries", "Class": "Machine", "NameSpace": "FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21", "Supported": "4OrLater - Any version of Microsoft Windows with Windows Search 4.0 or later", "DisplayName": "Prevent clients from querying the index remotely", "ExplainText": "If enabled, clients will be unable to query this computer's index remotely. Thus, when they are browsing network shares that are stored on this computer, they will not search them using the index. If disabled, client search requests will use this computer's index. Default is disabled.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search" ], "ValueName": "PreventRemoteQueries", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Search.admx", "CategoryName": "Search", "PolicyName": "PreventIndexOnBattery", "Class": "Machine", "NameSpace": "FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21", "Supported": "301OrLater - Microsoft Windows XP, Windows Server 2003 with Windows Search version 3.01, or any version of Microsoft Windows with Windows Search 4.0 or later", "DisplayName": "Prevent indexing when running on battery power to conserve energy", "ExplainText": "If enabled, the indexer pauses whenever the computer is running on battery. If disabled, the indexing follows the default behavior. Default is disabled.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search" ], "ValueName": "PreventIndexOnBattery", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Search.admx", "CategoryName": "Search", "PolicyName": "PreventModifyingIndexedLocations_1", "Class": "Machine", "NameSpace": "FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21", "Supported": "301OrLater - Microsoft Windows XP, Windows Server 2003 with Windows Search version 3.01, or any version of Microsoft Windows with Windows Search 4.0 or later", "DisplayName": "Prevent customization of indexed locations in Control Panel", "ExplainText": "If enabled, Search and Indexing Options in Control Panel does not allow opening the Modify Locations dialog. Otherwise it can be opened. Disabled by default.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search" ], "ValueName": "PreventModifyingIndexedLocations", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Search.admx", "CategoryName": "Search", "PolicyName": "PreventModifyingIndexedLocations_2", "Class": "User", "NameSpace": "FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21", "Supported": "4OrLater - Any version of Microsoft Windows with Windows Search 4.0 or later", "DisplayName": "Prevent customization of indexed locations in Control Panel", "ExplainText": "If enabled, Search and Indexing Options in Control Panel does not allow opening the Modify Locations dialog. Otherwise it can be opened. Disabled by default.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search" ], "ValueName": "PreventModifyingIndexedLocations", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Search.admx", "CategoryName": "Search", "PolicyName": "AllowUsingDiacritics", "Class": "Machine", "NameSpace": "FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21", "Supported": "VistaOrRedist - Microsoft Windows Vista, or any version of Windows with Windows Search 3.01 or later", "DisplayName": "Allow use of diacritics", "ExplainText": "This policy setting allows words that contain diacritic characters to be treated as separate words. If you enable this policy setting, words that only differ in diacritics are treated as different words. If you disable this policy setting, words with diacritics and words without diacritics are treated as identical words. This policy setting is not configured by default. If you do not configure this policy setting, the local setting, configured through Control Panel, will be used. Note: By default, the Control Panel setting is set to treat words that differ only because of diacritics as the same word.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search" ], "ClientExtension": "{7933F41E-56F8-41d6-A31C-4148A711EE93}", "ValueName": "AllowUsingDiacritics", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Search.admx", "CategoryName": "Search", "PolicyName": "AlwaysUseAutoLangDetection", "Class": "Machine", "NameSpace": "FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21", "Supported": "Win8Only - Microsoft Windows 8 or later", "DisplayName": "Always use automatic language detection when indexing content and properties", "ExplainText": "This policy setting determines when Windows uses automatic language detection results, and when it relies on indexing history. If you enable this policy setting, Windows will always use automatic language detection to index (as it did in Windows 7). Using automatic language detection can increase memory usage. We recommend enabling this policy setting only on PCs where documents are stored in many languages. If you disable or do not configure this policy setting, Windows will use automatic language detection only when it can determine the language of a document with high confidence.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search" ], "ClientExtension": "{7933F41E-56F8-41d6-A31C-4148A711EE93}", "ValueName": "AlwaysUseAutoLangDetection", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Search.admx", "CategoryName": "Search", "PolicyName": "DisableRemovableDriveIndexing", "Class": "Machine", "NameSpace": "FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21", "Supported": "WinBlueOnly - Microsoft Windows 8.1 or later", "DisplayName": "Do not allow locations on removable drives to be added to libraries", "ExplainText": "This policy setting configures whether or not locations on removable drives can be added to libraries.\n\nIf you enable this policy setting, locations on removable drives cannot be added to libraries. In addition, locations on removable drives cannot be indexed.\n\nIf you disable or do not configure this policy setting, locations on removable drives can be added to libraries. In addition, locations on removable drives can be indexed.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search" ], "ClientExtension": "{7933F41E-56F8-41d6-A31C-4148A711EE93}", "ValueName": "DisableRemovableDriveIndexing", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Search.admx", "CategoryName": "Search", "PolicyName": "DoNotUseWebResults", "Class": "Machine", "NameSpace": "FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21", "Supported": "WinBlueOnly - Microsoft Windows 8.1 or later", "DisplayName": "Don't search the web or display web results in Search", "ExplainText": "This policy setting allows you to control whether or not Search can perform queries on the web, and if the web results are displayed in Search.\n\nIf you enable this policy setting, queries won't be performed on the web and web results won't be displayed when a user performs a query in Search.\n\nIf you disable this policy setting, queries will be performed on the web and web results will be displayed when a user performs a query in Search.\n\nIf you don't configure this policy setting, a user can choose whether or not Search can perform queries on the web, and if the web results are displayed in Search.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search" ], "ValueName": "ConnectedSearchUseWeb", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "Search.admx", "CategoryName": "Search", "PolicyName": "DoNotUseWebResultsOnMeteredConnections", "Class": "Machine", "NameSpace": "FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21", "Supported": "WinBlueExclusive - Microsoft Windows 8.1. Not supported on Windows 10 or later", "DisplayName": "Don't search the web or display web results in Search over metered connections", "ExplainText": "This policy setting allows you to control whether or not Search can perform queries on the web over metered connections, and if the web results are displayed in Search.\n\nIf you enable this policy setting, queries won't be performed on the web over metered connections and web results won't be displayed when a user performs a query in Search.\n\nIf you disable this policy setting, queries will be performed on the web over metered connections and web results will be displayed when a user performs a query in Search.\n\nIf you don't configure this policy setting, a user can choose whether or not Search can perform queries on the web over metered connections, and if the web results are displayed in Search.\n\nNote: If you enable the \"Don't search the web or display web results in Search\" policy setting, queries won't be performed on the web over metered connections and web results won't be displayed when a user performs a query in Search.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search" ], "ClientExtension": "{7933F41E-56F8-41d6-A31C-4148A711EE93}", "ValueName": "ConnectedSearchUseWebOverMeteredConnections", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "Search.admx", "CategoryName": "Search", "PolicyName": "SearchPrivacy", "Class": "Machine", "NameSpace": "FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21", "Supported": "WinBlueExclusive - Microsoft Windows 8.1. Not supported on Windows 10 or later", "DisplayName": "Set what information is shared in Search", "ExplainText": "This policy setting allows you to control what information is shared with Bing in Search.\n\nIf you enable this policy setting, you can specify one of four settings, which users won't be able to change:\n\n-User info and location: Share a user's search history, some Microsoft account info, and specific location to personalize their search and other Microsoft experiences.\n\n-User info only: Share a user's search history and some Microsoft account info to personalize their search and other Microsoft experiences.\n\n-Anonymous info: Share usage information but don't share search history, Microsoft account info or specific location.\n\nIf you disable or don't configure this policy setting, users can choose what information is shared in Search.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search" ], "ClientExtension": "{7933F41E-56F8-41d6-A31C-4148A711EE93}", "Elements": [ { "Type": "Enum", "ValueName": "ConnectedSearchPrivacy", "Items": [ { "DisplayName": "User info and location", "Data": "1" }, { "DisplayName": "User info only", "Data": "2" }, { "DisplayName": "Anonymous info", "Data": "3" } ] } ] }, { "File": "Search.admx", "CategoryName": "Search", "PolicyName": "SafeSearch", "Class": "Machine", "NameSpace": "FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21", "Supported": "WinBlueExclusive - Microsoft Windows 8.1. Not supported on Windows 10 or later", "DisplayName": "Set the SafeSearch setting for Search", "ExplainText": "This policy setting allows you to control the SafeSearch setting used when performing a query in Search.\n\nIf you enable this policy setting, you can specify one of three SafeSearch settings, which users won't be able to change:\n\n-Strict: Filter out adult text, images, and videos from search results;\n\n-Moderate: Filter adult images and videos but not text from search results;\n\n-Off: Don't filter adult content from search results.\n\nIf you disable or don't configure this policy setting, users can specify the SafeSearch setting.\n\nWindows 10 users should use Search/DoNotUseWebResults", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search" ], "ClientExtension": "{7933F41E-56F8-41d6-A31C-4148A711EE93}", "Elements": [ { "Type": "Enum", "ValueName": "ConnectedSearchSafeSearch", "Items": [ { "DisplayName": "Strict", "Data": "1" }, { "DisplayName": "Moderate", "Data": "2" }, { "DisplayName": "Off", "Data": "3" } ] } ] }, { "File": "Search.admx", "CategoryName": "Search", "PolicyName": "AutoIndexSharedFolders", "Class": "Machine", "NameSpace": "FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21", "Supported": "WS4Only - Any version of Microsoft Windows with Windows Search 4.0", "DisplayName": "Prevent automatically adding shared folders to the Windows Search index", "ExplainText": "This policy setting configures how Windows Search adds shared folders to the search index.\n\nIf you enable this policy setting, Windows Search is prevented from automatically adding shared folders to the index. Windows Search does not automatically add shares created on the computer to the scope of the index.\n\nIf you disable or do not configure this policy setting, Windows Search monitors which folders are shared or not shared on this computer, and automatically adds them to or removes them from the index.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search" ], "ValueName": "AutoIndexSharedFolders", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Search.admx", "CategoryName": "Search", "PolicyName": "FavoriteLocations", "Class": "Machine", "NameSpace": "FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21", "Supported": "RedistOnly4OrLater - Microsoft Windows XP, or Windows Server 2003 with Windows Search version 4.0 or later", "DisplayName": "Prevent adding user-specified locations to the All Locations menu", "ExplainText": "This policy setting allows you to enable or disable the Add/Remove location options on the All Locations menu as well as any defined locations that were made by a user. When this policy is not configured, the default behavior is to allow users to add and remove new locations to the locations menu. When the policy is enabled, the Add and Remove locations options and any previously defined user locations will not be visible. When the policy is disabled, both the Add and Remove locations options as well as any previously specified user locations will be visible.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search" ], "ValueName": "FavoriteLocations", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Search.admx", "CategoryName": "Search", "PolicyName": "PreventUsingAdvancedIndexingOptions", "Class": "Machine", "NameSpace": "FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21", "Supported": "VistaOrRedist - Microsoft Windows Vista, or any version of Windows with Windows Search 3.01 or later", "DisplayName": "Prevent the display of advanced indexing options for Windows Search in the Control Panel", "ExplainText": "This policy setting hides or displays the Advanced Options dialog for Search and Indexing Options in the Control Panel.\n\nIf you enable this policy setting, the Advanced Options dialog for Search and Indexing Options in the Control Panel cannot be opened.\n\nIf you disable or do not configure this policy setting, users can acess the Advanced Options dialog for Search and Indexing Options in the Control Panel. This is the default for this policy setting.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search" ], "ValueName": "PreventUsingAdvancedIndexingOptions", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Search.admx", "CategoryName": "Search", "PolicyName": "PreventIndexingOfflineFiles", "Class": "Machine", "NameSpace": "FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21", "Supported": "VistaOnly - Microsoft Windows Vista or later", "DisplayName": "Prevent indexing files in offline files cache", "ExplainText": "If enabled, files on network shares made available offline are not indexed. Otherwise they are indexed. Disabled by default.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search" ], "ClientExtension": "{7933F41E-56F8-41d6-A31C-4148A711EE93}", "ValueName": "PreventIndexingOfflineFiles", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Search.admx", "CategoryName": "Search", "PolicyName": "PreventIndexingUncachedExchangeFolders", "Class": "Machine", "NameSpace": "FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21", "Supported": "VistaOrRedist - Microsoft Windows Vista, or any version of Windows with Windows Search 3.01 or later", "DisplayName": "Enable indexing uncached Exchange folders", "ExplainText": "Enabling this policy allows indexing of mail items on a Microsoft Exchange server when Microsoft Outlook is not running in cached mode. The default behavior for search is to not index uncached Exchange folders. Disabling this policy will block any indexing of uncached Exchange folders. Delegate mailboxes are managed separately from online mailboxes. The \"Enable Indexing of Uncached Exchange Folders\" has no effect on delegate mailboxes. To stop indexing of online and delegate mailboxes you must disable both policies.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search" ], "ClientExtension": "{7933F41E-56F8-41d6-A31C-4148A711EE93}", "ValueName": "PreventIndexingUncachedExchangeFolders", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "Search.admx", "CategoryName": "Search", "PolicyName": "EnableIndexingDelegateMailboxes", "Class": "Machine", "NameSpace": "FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21", "Supported": "4OrLater - Any version of Microsoft Windows with Windows Search 4.0 or later", "DisplayName": "Enable indexing of online delegate mailboxes", "ExplainText": "Enabling this policy allows indexing of items for online delegate mailboxes on a Microsoft Exchange server. This policy affects only delegate mailboxes that are online. Microsoft Outlook 2007 allows users to cache portions of delegate mailboxes locally (for example, contacts or a calendar). This policy will not affect portions of a delegate mailbox that are cached locally. To have this policy affect all parts of a delegate mailbox, ensure that for Microsoft Outlook 2007 no portions of the delegate mailbox are cached locally. The default behavior for Search is to not index online delegate mailboxes. Disabling this policy will block any indexing of online delegate mailboxes. Online delegate mailboxes are managed separately from online mailboxes. The \"Enable Indexing of Uncached Exchange Folders\" policy has no effect on online delegate mailboxes. To stop indexing of online mailboxes and online delegate mailboxes you must disable both policies.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search" ], "ValueName": "EnableIndexingDelegateMailboxes", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Search.admx", "CategoryName": "Search", "PolicyName": "EnableThrottlingOnlineMailboxes", "Class": "Machine", "NameSpace": "FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21", "Supported": "4OrLater - Any version of Microsoft Windows with Windows Search 4.0 or later", "DisplayName": "Enable throttling for online mail indexing", "ExplainText": "When using Microsoft Office Outlook in online mode, you can enable this policy to control how fast online mail is indexed on a Microsoft Exchange server. The lower you set this policy, the lower the burden will be on the corresponding Microsoft Exchange server. The default value for this policy is 120 items per minute. To lower the burden on Microsoft Exchange servers, lower the rate of items indexed per minute. If you disable this policy, then online mail items will be indexed at the speed that the Microsoft Exchange server can support. If you set this policy to not configured, then online mail items will be indexed at the speed of 120 items per minute. This policy has no effect on mail items when using Microsoft Office Outlook in cached mode.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search" ], "ValueName": "EnableThrottlingOnlineMailboxes", "Elements": [ { "Type": "Decimal", "ValueName": "EnableThrottlingOnlineMailboxesValue", "MinValue": "6", "MaxValue": "600" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Search.admx", "CategoryName": "Search", "PolicyName": "PreventIndexingOutlook", "Class": "Machine", "NameSpace": "FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21", "Supported": "VistaOrRedist - Microsoft Windows Vista, or any version of Windows with Windows Search 3.01 or later", "DisplayName": "Prevent indexing Microsoft Office Outlook", "ExplainText": "Enable this policy to prevent indexing of any Microsoft Outlook items. The default is to automatically index Outlook items. If this policy is enabled then the user's Outlook items will not be added to the index and the user will not see them in search results.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search" ], "ClientExtension": "{7933F41E-56F8-41d6-A31C-4148A711EE93}", "ValueName": "PreventIndexingOutlook", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Search.admx", "CategoryName": "Search", "PolicyName": "PreventIndexingEmailAttachments", "Class": "Machine", "NameSpace": "FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21", "Supported": "VistaOrRedist - Microsoft Windows Vista, or any version of Windows with Windows Search 3.01 or later", "DisplayName": "Prevent indexing e-mail attachments", "ExplainText": "Enable this policy setting to prevent the indexing of the content of e-mail attachments. If enabled, indexing service components (including non-Microsoft components) are expected not to index e-mail attachments. Consider enabling this policy if you are concerned about the security or indexing performance of non-Microsoft document filters (iFilters). This policy is disabled by default.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search" ], "ClientExtension": "{7933F41E-56F8-41d6-A31C-4148A711EE93}", "ValueName": "PreventIndexingEmailAttachments", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Search.admx", "CategoryName": "Search", "PolicyName": "RichAttachmentPreviews", "Class": "Machine", "NameSpace": "FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21", "Supported": "RedistOnly - Microsoft Windows XP, or Windows Server 2003 with Windows Search version 3.01 or later", "DisplayName": "Control rich previews for attachments", "ExplainText": "Enabling this policy defines a semicolon-delimited list of file extensions which will be allowed to have rich attachment previews.\n\nWhen this policy is disabled or not configured the default settings will be set to .bmp;.emf;.gif;.jpg;.jpeg;.png;.wmf;.wrn;.txt;.err;.xml;.cpp;.c;.h;.cxx;.hxx;.idl;.cs;.vb;.idl;.xsd;.doc;.docx;.xls;.xlsx;.ppt;.pptx;.vsd;.xlsb;.xltx;.dot;.rtf", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search" ], "Elements": [ { "Type": "Text", "ValueName": "RichAttachmentPreviews" } ] }, { "File": "Search.admx", "CategoryName": "Search", "PolicyName": "PreventIndexingPublicFolders", "Class": "Machine", "NameSpace": "FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21", "Supported": "VistaOrRedist - Microsoft Windows Vista, or any version of Windows with Windows Search 3.01 or later", "DisplayName": "Prevent indexing public folders", "ExplainText": "Enable this policy to prevent indexing public folders in Microsoft Office Outlook. When this policy is disabled or not configured, the user has the option to index cached public folders in Outlook. Public folders are only indexed when using Outlook 2003 or later. The user must be running in cached mode and the Download Public Folder Favorites option must be turned on.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search" ], "ClientExtension": "{7933F41E-56F8-41d6-A31C-4148A711EE93}", "ValueName": "PreventIndexingPublicFolders", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Search.admx", "CategoryName": "Search", "PolicyName": "DataDirectory", "Class": "Machine", "NameSpace": "FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21", "Supported": "VistaOrRedist - Microsoft Windows Vista, or any version of Windows with Windows Search 3.01 or later", "DisplayName": "Indexer data location", "ExplainText": "Store indexer database in this directory. This directory must be located on a local fixed drive.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search" ], "ClientExtension": "{7933F41E-56F8-41d6-A31C-4148A711EE93}", "Elements": [ { "Type": "Text", "ValueName": "DataDirectory", "Required": true } ] }, { "File": "Search.admx", "CategoryName": "Search", "PolicyName": "AddPrimaryIntranetSearchScope", "Class": "Machine", "NameSpace": "FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21", "Supported": "RedistOnly - Microsoft Windows XP, or Windows Server 2003 with Windows Search version 3.01 or later", "DisplayName": "Add primary intranet search location", "ExplainText": "Enabling this policy allows you to add a primary intranet search location within Windows Desktop Search. The value of this text should be:\n\nname,url\n\nFor example:\n\nIntranet,http://intranetsearch.aspx?k=$w\n\nYou must provide the following:\n1) A name for the scope, such as 'Intranet'.\n2) The URL to the search service. Use $w in place of the query term for the search service URL.\n\nIf your intranet search service is SharePoint Portal Server, your query should resemble the following:\nhttp://sitename/Search.aspx?k=$w\n\nIf your intranet search service is Windows SharePoint Services (WSS), the query should resemble the following, where XXXX is the locale ID of your WSS Service. For example, the English locale ID is 1033.\nhttp://sitename/_layouts/XXXX/searchresults.aspx?SearchString=$w\n\nThis adds intranet search location to:\n1) The Windows Deskbar\n2) The Desktop Search results search box\n3) The WDS search box in Search Companion", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search" ], "Elements": [ { "Type": "Text", "ValueName": "PrimaryIntranetSearchScopeUrl" } ] }, { "File": "Search.admx", "CategoryName": "Search", "PolicyName": "AddSecondaryIntranetSearchScope", "Class": "Machine", "NameSpace": "FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21", "Supported": "RedistOnly - Microsoft Windows XP, or Windows Server 2003 with Windows Search version 3.01 or later", "DisplayName": "Add secondary intranet search locations", "ExplainText": "Enabling this policy allows you to add intranet search locations in addition to the primary intranet search location defined in the Add Primary Intranet Search Location policy. The value of this text should be:\n\nname1,url1;name2,url2;...nameN,urlN\n\nFor example:\n\nMySearch,http://mysearch.aspx?q=$w;MySearch2,http://mysearch2?q=$w.\n\nFor each search scope, provide:\n1) A name for the scope, such as 'IT Web'.\n2) The URL to the search service. Use $w in place of the query term for the search service URL.\n\nIf your intranet search service is SharePoint Portal Server, your query should resemble the following:\nhttp://sitename/Search.aspx?k=$w\n\nIf your intranet search service is Windows SharePoint Services (WSS), the query should resemble the following, where XXXX is the locale ID of your WSS Service. For example, the English locale ID is 1033.\nhttp://sitename/_layouts/XXXX/searchresults.aspx?SearchString=$w\n\nThese additional intranet search locations are added to the All Locations list in the Desktop Search results.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search" ], "Elements": [ { "Type": "Text", "ValueName": "SecondaryIntranetSearchScopeUrl" } ] }, { "File": "Search.admx", "CategoryName": "Search", "PolicyName": "PreviewPaneLocation", "Class": "Machine", "NameSpace": "FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21", "Supported": "RedistOnly - Microsoft Windows XP, or Windows Server 2003 with Windows Search version 3.01 or later", "DisplayName": "Preview pane location", "ExplainText": "Enabling this policy allows you to set the location of the preview pane in the Desktop Search results. You can also turn off the preview pane. The four options are:\n\n- Auto\n- Right\n- Bottom\n- Off\n\nYou should consider enabling this policy to turn off the preview pane if your environment does not support Office XP or later. The full preview pane functionality is only available for Office documents in Office XP or later.\n\nWhen this policy is disabled or not configured, the preview pane shows automatically to the right of the Desktop Search results, and your users can choose the location of the preview pane", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search" ], "Elements": [ { "Type": "Enum", "ValueName": "PreviewPaneLocation", "Items": [ { "DisplayName": "Auto", "Data": "0" }, { "DisplayName": "Right", "Data": "1" }, { "DisplayName": "Bottom", "Data": "2" }, { "DisplayName": "Off", "Data": "3" } ] } ] }, { "File": "Search.admx", "CategoryName": "Search", "PolicyName": "SearchResultIconSize", "Class": "Machine", "NameSpace": "FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21", "Supported": "RedistOnly - Microsoft Windows XP, or Windows Server 2003 with Windows Search version 3.01 or later", "DisplayName": "Set large or small icon view in desktop search results", "ExplainText": "Enabling this policy allows you to specify whether you want large icon or small icon view for your Desktop Search results. The two options are:\n\n- Large Icon\n- Small Icon.\n\nIf you have disabled the preview pane because your organization does not support Office XP or above, you should enforce the large icon view so that users can see snippets related to their desktop search query.\n\nWhen this policy is disabled or not configured, the default is small icon view.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search" ], "Elements": [ { "Type": "Enum", "ValueName": "SearchResultIconSize", "Items": [ { "DisplayName": "Large Icon", "Data": "0" }, { "DisplayName": "Small Icon", "Data": "1" } ] } ] }, { "File": "Search.admx", "CategoryName": "Search", "PolicyName": "StopIndexingOnLimitedHardDriveSpace", "Class": "Machine", "NameSpace": "FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21", "Supported": "301OrLater - Microsoft Windows XP, Windows Server 2003 with Windows Search version 3.01, or any version of Microsoft Windows with Windows Search 4.0 or later", "DisplayName": "Stop indexing in the event of limited hard drive space", "ExplainText": "Enabling this policy prevents indexing from continuing after less than the specified amount of hard drive space is left on the same drive as the index location. Select between 0 and 2147483647 MB.\n\nEnable this policy if computers in your environment have extremely limited hard drive space.\n\nWhen this policy is disabled or not configured, Windows Desktop Search automatically manages your index size.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search" ], "ClientExtension": "{7933F41E-56F8-41d6-A31C-4148A711EE93}", "Elements": [ { "Type": "Decimal", "ValueName": "PreventIndexingLowDiskSpaceMB", "MinValue": "0", "MaxValue": "2147483647" } ] }, { "File": "Search.admx", "CategoryName": "Search", "PolicyName": "PreventUnwantedAddins", "Class": "Machine", "NameSpace": "FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21", "Supported": "301To4 - Microsoft Windows XP, Windows Server 2003 with Windows Search version 3.01, or any version of Microsoft Windows with Windows Search 4.0", "DisplayName": "Prevent unwanted iFilters and protocol handlers", "ExplainText": "Enabling this policy prevents Windows Desktop Search from using iFilters and protocol handlers unless they are specified in the allow list. However, This policy will not prevent iFilters or protocol handlers from being installed, nor will it prevent them from being used by other applications or services.\nYou can also specify an allow list of add-ins by providing the classID or ProgId string. For example, if you plan to deploy a particular iFilter, make sure that this iFilter is on the allow list, either as a GUID such as {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} (include the braces) or a ProgID such as VisFilter.CFilter.1.\n\nIf you maintain a locked desktop environment, this setting is redundant because non-administrative users do not have permission to install new components. If your users have Administrator permissions or can install software, this policy prevents them from specifically using Windows Desktop Search-related add-ins.\n\nNote: Because of a limitation in the Group Policy editor, you must add at least one entry in the allow list, even if you want to enable this policy without an allow list. Create a list entry by putting a space in the name field and a space in the value field and then save it. This will create a placeholder entry that is ignored by the program.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows" ], "ClientExtension": "{7933F41E-56F8-41d6-A31C-4148A711EE93}", "ValueName": "Windows Search", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search\\PreventUnwantedAddins" ] } ] }, { "File": "Search.admx", "CategoryName": "Search", "PolicyName": "DisableWebSearch", "Class": "Machine", "NameSpace": "FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21", "Supported": "RedistOnly - Microsoft Windows XP, or Windows Server 2003 with Windows Search version 3.01 or later", "DisplayName": "Do not allow web search", "ExplainText": "Enabling this policy removes the option of searching the Web from Windows Desktop Search.\n\nWhen this policy is disabled or not configured, the Web option is available and users can search the Web via their default browser search engine.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search" ], "ValueName": "DisableWebSearch", "Elements": [] }, { "File": "Search.admx", "CategoryName": "Search", "PolicyName": "PreventIndexingCertainPaths_1", "Class": "Machine", "NameSpace": "FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21", "Supported": "301OrLater - Microsoft Windows XP, Windows Server 2003 with Windows Search version 3.01, or any version of Microsoft Windows with Windows Search 4.0 or later", "DisplayName": "Prevent indexing certain paths", "ExplainText": "If you enable this policy setting, you specify a list of paths to exclude from indexing. The user cannot enter any path that starts with one of the paths you specified.\n\nIf you enable and then disable this policy setting, users can index any path not restricted by other policies, but their original list of paths to index is not restored.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows" ], "ClientExtension": "{7933F41E-56F8-41d6-A31C-4148A711EE93}", "ValueName": "Windows Search", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search\\PreventIndexingCertainPaths" ] } ] }, { "File": "Search.admx", "CategoryName": "Search", "PolicyName": "PreventIndexingCertainPaths_2", "Class": "User", "NameSpace": "FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21", "Supported": "4OrLater - Any version of Microsoft Windows with Windows Search 4.0 or later", "DisplayName": "Prevent indexing certain paths", "ExplainText": "If you enable this policy setting, you specify a list of paths to exclude from indexing. The user cannot enter any path that starts with one of the paths you specified. On a per-user basis, this policy setting will work only if a protocol handler referencing a SID-based user scope, such as MAPI, is specified. File system paths that do not reference a specific SID will not be excluded from indexing if these are only specified in the Group Policy under \"User Configuration.\" To restrict a file system path from indexing, please specify the file system path to be indexed under the \"Computer Configuration\" Group Policy.\n\nIf you enable and then disable this policy setting, users can index any path not restricted by other policies, but their original list of paths to index is not restored.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows" ], "ClientExtension": "{7933F41E-56F8-41d6-A31C-4148A711EE93}", "ValueName": "Windows Search", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search\\PreventIndexingCertainPaths" ] } ] }, { "File": "Search.admx", "CategoryName": "Search", "PolicyName": "DefaultIndexedPaths_1", "Class": "Machine", "NameSpace": "FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21", "Supported": "301OrLater - Microsoft Windows XP, Windows Server 2003 with Windows Search version 3.01, or any version of Microsoft Windows with Windows Search 4.0 or later", "DisplayName": "Default indexed paths", "ExplainText": "Enabling this policy allows you to specify a list of paths to index by default. The user may override these paths and exclude them from indexing.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows" ], "ClientExtension": "{7933F41E-56F8-41d6-A31C-4148A711EE93}", "ValueName": "Windows Search", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search\\DefaultIndexedPaths" ] } ] }, { "File": "Search.admx", "CategoryName": "Search", "PolicyName": "DefaultIndexedPaths_2", "Class": "User", "NameSpace": "FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21", "Supported": "4OrLater - Any version of Microsoft Windows with Windows Search 4.0 or later", "DisplayName": "Default indexed paths", "ExplainText": "Enabling this policy allows you to specify a list of paths to index by default. The user may override these paths and exclude them from indexing. On a per-user basis, this policy setting will work only if a protocol handler referencing a SID-based user scope, such as MAPI, is specified. File system paths that do not reference a specific SID will not be included for indexing if these are only specified in the Group Policy under \"User Configuration.\" To include a file system path for indexing, please specify the file system path to be indexed under the \"Computer Configuration\" Group Policy.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows" ], "ClientExtension": "{7933F41E-56F8-41d6-A31C-4148A711EE93}", "ValueName": "Windows Search", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search\\DefaultIndexedPaths" ] } ] }, { "File": "Search.admx", "CategoryName": "Search", "PolicyName": "DefaultExcludedPaths_1", "Class": "Machine", "NameSpace": "FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21", "Supported": "301OrLater - Microsoft Windows XP, Windows Server 2003 with Windows Search version 3.01, or any version of Microsoft Windows with Windows Search 4.0 or later", "DisplayName": "Default excluded paths", "ExplainText": "Enabling this policy allows you to specify a list of paths to exclude from indexing by default. The user may override these paths and include them in indexing.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows" ], "ClientExtension": "{7933F41E-56F8-41d6-A31C-4148A711EE93}", "ValueName": "Windows Search", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search\\DefaultExcludedPaths" ] } ] }, { "File": "Search.admx", "CategoryName": "Search", "PolicyName": "DefaultExcludedPaths_2", "Class": "User", "NameSpace": "FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21", "Supported": "4OrLater - Any version of Microsoft Windows with Windows Search 4.0 or later", "DisplayName": "Default excluded paths", "ExplainText": "Enabling this policy allows you to specify a list of paths to exclude from indexing by default. The user may override these paths and include them in indexing. On a per-user basis, this policy setting will work only if a protocol handler referencing a SID-based user scope, such as MAPI, is specified. File system paths that do not reference a specific SID will not be excluded from indexing if these are only specified in the Group Policy under \"User Configuration.\" To restrict a file system path from indexing, please specify the file system path to be indexed under the \"Computer Configuration\" Group Policy.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows" ], "ClientExtension": "{7933F41E-56F8-41d6-A31C-4148A711EE93}", "ValueName": "Windows Search", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search\\DefaultExcludedPaths" ] } ] }, { "File": "Search.admx", "CategoryName": "Search", "PolicyName": "ExcludedExtensionsMultiline", "Class": "Machine", "NameSpace": "FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21", "Supported": "301OrLater - Microsoft Windows XP, Windows Server 2003 with Windows Search version 3.01, or any version of Microsoft Windows with Windows Search 4.0 or later", "DisplayName": "Prevent indexing of certain file types", "ExplainText": "Enabling this policy allows you to edit the list of file types to exclude from indexing. The end user cannot modify this list. You should separate each extension type with a semicolon.\n\nNote that limitations of Group Policy Object Editor require this list to be split across multiple values. Desktop Search combines all these into a single exclusion list.\n\nWhen this policy is disabled or not configured, the user can edit the default list of excluded file types. If you enable and then disable this policy, the user's original list is restored.\n\nIf you want to specify an initial default list of excluded file types that users can change later, see the administration guide for information about how to set up the initial machine preference.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search" ], "ClientExtension": "{7933F41E-56F8-41d6-A31C-4148A711EE93}", "Elements": [ { "Type": "Text", "ValueName": "ExcludedExtensionsMultiline0" }, { "Type": "Text", "ValueName": "ExcludedExtensionsMultiline1" }, { "Type": "Text", "ValueName": "ExcludedExtensionsMultiline2" }, { "Type": "Text", "ValueName": "ExcludedExtensionsMultiline3" } ] }, { "File": "Search.admx", "CategoryName": "Search", "PolicyName": "DisableSearchHistory", "Class": "User", "NameSpace": "FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21", "Supported": "Win8Only - Microsoft Windows 8 or later", "DisplayName": "Turn off storage and display of search history", "ExplainText": "This policy setting prevents search queries from being stored in the registry. If you enable this policy setting, search suggestions based on previous searches won't appear in the search pane. Search suggestions provided by apps or by Windows based on local content will still appear.\n\nIf you disable or do not configure this policy setting, users will get search suggestions based on previous searches in the search pane.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "DisableSearchHistory", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Search.admx", "CategoryName": "Search", "PolicyName": "AllowCortana", "Class": "Machine", "NameSpace": "FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Allow Cortana", "ExplainText": "This policy setting specifies whether Cortana is allowed on the device.\n\nIf you enable or don't configure this setting, Cortana will be allowed on the device. If you disable this setting, Cortana will be turned off.\n\nWhen Cortana is off, users will still be able to use search to find things on the device.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search" ], "ValueName": "AllowCortana", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Search.admx", "CategoryName": "Search", "PolicyName": "AllowCortanaAboveLock", "Class": "Machine", "NameSpace": "FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Allow Cortana above lock screen", "ExplainText": "This policy setting determines whether or not the user can interact with Cortana using speech while the system is locked.\n\nIf you enable or don\u2019t configure this setting, the user can interact with Cortana using speech while the system is locked.\n\nIf you disable this setting, the system will need to be unlocked for the user to interact with Cortana using speech.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search" ], "ValueName": "AllowCortanaAboveLock", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Search.admx", "CategoryName": "Search", "PolicyName": "AllowSearchToUseLocation", "Class": "Machine", "NameSpace": "FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Allow search and Cortana to use location", "ExplainText": "This policy setting specifies whether search and Cortana can provide location aware search and Cortana results.\n\nIf this is enabled, search and Cortana can access location information.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search" ], "ValueName": "AllowSearchToUseLocation", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Search.admx", "CategoryName": "Search", "PolicyName": "AllowCloudSearch", "Class": "Machine", "NameSpace": "FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Allow Cloud Search", "ExplainText": "Allow search and Cortana to search cloud sources like OneDrive and SharePoint", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search" ], "Elements": [ { "Type": "Enum", "ValueName": "AllowCloudSearch", "Items": [ { "DisplayName": "Disable Cloud Search", "Data": "0" }, { "DisplayName": "Enable Cloud Search", "Data": "1" }, { "DisplayName": "User Selected", "Data": "2" } ], "Required": true } ] }, { "File": "Search.admx", "CategoryName": "Search", "PolicyName": "AllowCortanaInAAD", "Class": "Machine", "NameSpace": "FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Allow Cortana Page in OOBE on an AAD account", "ExplainText": "Allow the cortana opt-in page during windows setup out of the box experience", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search\\AllowCortanaInAAD" ], "Elements": [ { "Type": "Enum", "ValueName": "AllowCortanaInAADPathOOBE", "Items": [ { "DisplayName": "Disable Cortana Page in AAD", "Data": "0" }, { "DisplayName": "Enable Cortana Page in AAD", "Data": "1" } ], "Required": true } ] }, { "File": "Search.admx", "CategoryName": "Search", "PolicyName": "DisableSearch", "Class": "Machine", "NameSpace": "FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21", "Supported": "Windows_11_0_SE - Windows 11 SE", "DisplayName": "Fully disable Search UI", "ExplainText": "If you enable this policy, the Search UI will be disabled along with all its entry points, such as keyboard shortcuts, touchpad gestures, and type-to-search in the Start menu. The Start menu's search box and Search Taskbar button will also be hidden.\n\nIf you disable or don't configure this policy setting, the user will be able to open the Search UI and its different entry points will be shown.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search" ], "ValueName": "DisableSearch", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Search.admx", "CategoryName": "Search", "PolicyName": "AllowSearchHighlights", "Class": "Machine", "NameSpace": "FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Allow search highlights", "ExplainText": "Disabling this setting turns off search highlights in the start menu search box and in search home. Enabling or not configuring this setting turns on search highlights in the start menu search box and in search home.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search" ], "ValueName": "EnableDynamicContentInWSB", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Search.admx", "CategoryName": "Search", "PolicyName": "ConfigureSearchOnTaskbarMode", "Class": "Machine", "NameSpace": "FullArmor.Policies.3B9EA2B5_A1D1_4CD5_9EDE_75B22990BC21", "Supported": "Windows_11_0_NOSERVER - At least Windows 11", "DisplayName": "Configures search on the taskbar", "ExplainText": "This policy setting allows you to configure search on the taskbar.\n\nIf you enable this policy setting and set it to hide, search on taskbar will be hidden by default. Users cannot change it in Settings.\n\nIf you enable this policy setting and set it to search icon only, the search icon will be displayed on the taskbar by default. Users cannot change it in Settings.\n\nIf you enable this policy setting and set it to search icon and label, the search icon and label will be displayed on the taskbar by default. Users cannot change it in Settings.\n\nIf you enable this policy setting and set it to search box, the search box will be displayed on the taskbar by default. Users cannot change it in Settings.\n\nIf you disable or do not configure this policy setting, search on taskbar will be configured according to the defaults for your Windows edition. Users will be able to change search on taskbar in Settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Windows Search" ], "Elements": [ { "Type": "Enum", "ValueName": "SearchOnTaskbarMode", "Items": [ { "DisplayName": "Hide", "Data": "0" }, { "DisplayName": "Search icon only", "Data": "1" }, { "DisplayName": "Search icon and label", "Data": "2" }, { "DisplayName": "Search box", "Data": "3" } ], "Required": true } ] }, { "File": "SecureBoot.admx", "CategoryName": "SecureBootCategory", "PolicyName": "SecureBoot_AvailableUpdatesPolicy", "Class": "Machine", "NameSpace": "Microsoft.Policies.SecureBoot", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Enable Secure Boot Certificate Deployment", "ExplainText": "This policy setting allows you to enable or disable the Secure Boot Certificate Deployment process on devices. When enabled, Windows will automatically begin the certificate deployment process to devices where this policy has been applied.\n\nNote: This registry setting is not stored in a policy key, and this is considered a preference. Therefore, if the Group Policy Object that implements this setting is ever removed, this registry setting will remain.\n\nNote: The Windows task that runs and processes this setting, runs every 12 hours. In some cases, the updates will be held until the system reboots to safely sequence the updates.\n\nNote: Once the certificates are applied to the firmware, you cannot undo them from Windows. If clearing the certificates is necessary, it must be done from the firmware menu interface.\n\nFor more information, see: https://aka.ms/GetSecureBoot", "KeyPath": [ "HKLM\\SYSTEM\\CurrentControlSet\\Control\\SecureBoot" ], "ValueName": "AvailableUpdatesPolicy", "Elements": [ { "Type": "EnabledValue", "Data": "22852" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "SecureBoot.admx", "CategoryName": "SecureBootCategory", "PolicyName": "SecureBoot_HighConfidenceOptOut", "Class": "Machine", "NameSpace": "Microsoft.Policies.SecureBoot", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Automatic Certificate Deployment via Updates", "ExplainText": "For devices where test results are available that indicate that the device can process the certificate updates successfully, the updates will be initiated automatically as part of the servicing updates. This policy is enabled by default. For enterprises that desire managing automatic update, use this policy to explicitly enable or disable the feature.\n\nFor more information, see: https://aka.ms/GetSecureBoot", "KeyPath": [ "HKLM\\SYSTEM\\CurrentControlSet\\Control\\SecureBoot" ], "ValueName": "HighConfidenceOptOut", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "SecureBoot.admx", "CategoryName": "SecureBootCategory", "PolicyName": "SecureBoot_MicrosoftUpdateManagedOptIn", "Class": "Machine", "NameSpace": "Microsoft.Policies.SecureBoot", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Certificate Deployment via Controlled Feature Rollout", "ExplainText": "For enterprises that desire assistance in deploying the new Secure Boot certificates to their devices, this setting can be enabled.\n\nNote: The device must be sending required diagnostic data to Microsoft to use this feature.\n\nFor more information, see: https://aka.ms/GetSecureBoot", "KeyPath": [ "HKLM\\SYSTEM\\CurrentControlSet\\Control\\SecureBoot" ], "ValueName": "MicrosoftUpdateManagedOptIn", "Elements": [ { "Type": "EnabledValue", "Data": "22852" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Securitycenter.admx", "CategoryName": "SecurityCenter", "PolicyName": "SecurityCenter_SecurityCenterInDomain", "Class": "Machine", "NameSpace": "Microsoft.Policies.SecurityCenter", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Turn on Security Center (Domain PCs only)", "ExplainText": "This policy setting specifies whether Security Center is turned on or off for computers that are joined to an Active Directory domain. When Security Center is turned on, it monitors essential security settings and notifies the user when the computer might be at risk. The Security Center Control Panel category view also contains a status section, where the user can get recommendations to help increase the computer's security. When Security Center is not enabled on the domain, neither the notifications nor the Security Center status section are displayed.\n\nNote that Security Center can only be turned off for computers that are joined to a Windows domain. When a computer is not joined to a Windows domain, the policy setting will have no effect.\n\nIf you do not congifure this policy setting, the Security Center is turned off for domain members.\n\nIf you enable this policy setting, Security Center is turned on for all users.\n\nIf you disable this policy setting, Security Center is turned off for domain members.\n\nWindows XP SP2\n----------------------\nIn Windows XP SP2, the essential security settings that are monitored by Security Center include firewall, antivirus, and Automatic Updates. Note that Security Center might not be available following a change to this policy setting until after the computer is restarted for Windows XP SP2 computers.\n\nWindows Vista\n---------------------\nIn Windows Vista, this policy setting monitors essential security settings to include firewall, antivirus, antispyware, Internet security settings, User Account Control, and Automatic Updates. Windows Vista computers do not require a reboot for this policy setting to take effect.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Security Center" ], "ValueName": "SecurityCenterInDomain", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Sensors.admx", "CategoryName": "LocationAndSensors", "PolicyName": "DisableSensors_1", "Class": "User", "NameSpace": "Microsoft.Policies.Sensors", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Turn off sensors", "ExplainText": "This policy setting turns off the sensor feature for this computer.\n\nIf you enable this policy setting, the sensor feature is turned off, and all programs on this computer cannot use the sensor feature.\n\nIf you disable or do not configure this policy setting, all programs on this computer can use the sensor feature.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\LocationAndSensors" ], "ValueName": "DisableSensors", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Sensors.admx", "CategoryName": "LocationAndSensors", "PolicyName": "DisableSensors_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.Sensors", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Turn off sensors", "ExplainText": "This policy setting turns off the sensor feature for this computer.\n\nIf you enable this policy setting, the sensor feature is turned off, and all programs on this computer cannot use the sensor feature.\n\nIf you disable or do not configure this policy setting, all programs on this computer can use the sensor feature.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\LocationAndSensors" ], "ValueName": "DisableSensors", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Sensors.admx", "CategoryName": "LocationAndSensors", "PolicyName": "DisableLocation_1", "Class": "User", "NameSpace": "Microsoft.Policies.Sensors", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Turn off location", "ExplainText": "This policy setting turns off the location feature for this computer.\n\nIf you enable this policy setting, the location feature is turned off, and all programs on this computer are prevented from using location information from the location feature.\n\nIf you disable or do not configure this policy setting, all programs on this computer will not be prevented from using location information from the location feature.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\LocationAndSensors" ], "ValueName": "DisableLocation", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Sensors.admx", "CategoryName": "LocationAndSensors", "PolicyName": "DisableLocation_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.Sensors", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Turn off location", "ExplainText": "This policy setting turns off the location feature for this computer.\n\nIf you enable this policy setting, the location feature is turned off, and all programs on this computer are prevented from using location information from the location feature.\n\nIf you disable or do not configure this policy setting, all programs on this computer will not be prevented from using location information from the location feature.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\LocationAndSensors" ], "ValueName": "DisableLocation", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Sensors.admx", "CategoryName": "LocationAndSensors", "PolicyName": "DisableLocationScripting_1", "Class": "User", "NameSpace": "Microsoft.Policies.Sensors", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Turn off location scripting", "ExplainText": "This policy setting turns off scripting for the location feature.\n\nIf you enable this policy setting, scripts for the location feature will not run.\n\nIf you disable or do not configure this policy setting, all location scripts will run.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\LocationAndSensors" ], "ValueName": "DisableLocationScripting", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Sensors.admx", "CategoryName": "LocationAndSensors", "PolicyName": "DisableLocationScripting_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.Sensors", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Turn off location scripting", "ExplainText": "This policy setting turns off scripting for the location feature.\n\nIf you enable this policy setting, scripts for the location feature will not run.\n\nIf you disable or do not configure this policy setting, all location scripts will run.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\LocationAndSensors" ], "ValueName": "DisableLocationScripting", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Sensors.admx", "CategoryName": "HumanPresence", "PolicyName": "ForceInstantWake", "Class": "Machine", "NameSpace": "Microsoft.Policies.Sensors", "Supported": "Windows_10_0_NOSERVER - At least Windows 10", "DisplayName": "Force Instant Wake", "ExplainText": "Determines whether Wake On Arrival is forced on/off by the MDM policy. The user will not be able to change this setting and the toggle in the UI will be greyed out.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\HumanPresence" ], "Elements": [ { "Type": "Enum", "ValueName": "ForceInstantWake", "Items": [ { "DisplayName": "Defaults to user choice", "Data": "0" }, { "DisplayName": "Forced On", "Data": "1" }, { "DisplayName": "Forced Off", "Data": "2" } ], "Required": true } ] }, { "File": "Sensors.admx", "CategoryName": "HumanPresence", "PolicyName": "ForceInstantLock", "Class": "Machine", "NameSpace": "Microsoft.Policies.Sensors", "Supported": "Windows_10_0_NOSERVER - At least Windows 10", "DisplayName": "Force Instant Lock", "ExplainText": "Determines whether Lock on Leave is forced on/off by the MDM policy. The user will not be able to change this setting and the toggle in the UI will be greyed out.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\HumanPresence" ], "Elements": [ { "Type": "Enum", "ValueName": "ForceInstantLock", "Items": [ { "DisplayName": "Defaults to user choice", "Data": "0" }, { "DisplayName": "Forced On", "Data": "1" }, { "DisplayName": "Forced Off", "Data": "2" } ], "Required": true } ] }, { "File": "Sensors.admx", "CategoryName": "HumanPresence", "PolicyName": "ForceLockTimeout", "Class": "Machine", "NameSpace": "Microsoft.Policies.Sensors", "Supported": "Windows_10_0_NOSERVER - At least Windows 10", "DisplayName": "Lock Timeout", "ExplainText": "Determines the timeout for Lock on Leave forced by the MDM policy. The user will be unable to change this setting and the toggle in the UI will be greyed out.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\HumanPresence" ], "Elements": [ { "Type": "Enum", "ValueName": "ForceLockTimeout", "Items": [ { "DisplayName": "Defaults to user choice", "Data": "0" }, { "DisplayName": "Immediate", "Data": "1" }, { "DisplayName": "10 seconds", "Data": "10" }, { "DisplayName": "30 seconds", "Data": "30" }, { "DisplayName": "2 minutes", "Data": "120" } ], "Required": true } ] }, { "File": "Sensors.admx", "CategoryName": "HumanPresence", "PolicyName": "ForceInstantDim", "Class": "Machine", "NameSpace": "Microsoft.Policies.Sensors", "Supported": "Windows_10_0_NOSERVER - At least Windows 10", "DisplayName": "Force Instant Dim", "ExplainText": "Determines whether Attention Based Display Dimming is forced on/off by the MDM policy. The user will not be able to change this setting and the toggle in the UI will be greyed out.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\HumanPresence" ], "Elements": [ { "Type": "Enum", "ValueName": "ForceInstantDim", "Items": [ { "DisplayName": "Defaults to user choice", "Data": "0" }, { "DisplayName": "Forced On", "Data": "1" }, { "DisplayName": "Forced Off", "Data": "2" } ], "Required": true } ] }, { "File": "Sensors.admx", "CategoryName": "HumanPresence", "PolicyName": "ForceDisableWakeWhenBatterySaverOn", "Class": "Machine", "NameSpace": "Microsoft.Policies.Sensors", "Supported": "Windows_10_0_NOSERVER - At least Windows 10", "DisplayName": "Force Disable Wake When Battery Saver On", "ExplainText": "Determines whether Disable Wake on Approach When Battery Saver On checkbox is forced checked/unchecked by the MDM policy. The user will not be able to change this setting and the checkbox in the UI will be greyed out.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\HumanPresence" ], "Elements": [ { "Type": "Enum", "ValueName": "ForceDisableWakeWhenBatterySaverOn", "Items": [ { "DisplayName": "Defaults to user choice", "Data": "0" }, { "DisplayName": "Forced Checked", "Data": "1" }, { "DisplayName": "Forced Unchecked", "Data": "2" } ], "Required": true } ] }, { "File": "Sensors.admx", "CategoryName": "HumanPresence", "PolicyName": "ForceAllowWakeWhenExternalDisplayConnected", "Class": "Machine", "NameSpace": "Microsoft.Policies.Sensors", "Supported": "Windows_10_0_NOSERVER - At least Windows 10", "DisplayName": "Force Allow Wake When External Display Connected", "ExplainText": "Determines whether Allow Wake on Approach When External Display Connected checkbox is forced checked/unchecked by the MDM policy. The user will not be able to change this setting and the checkbox in the UI will be greyed out.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\HumanPresence" ], "Elements": [ { "Type": "Enum", "ValueName": "ForceAllowWakeWhenExternalDisplayConnected", "Items": [ { "DisplayName": "Defaults to user choice", "Data": "0" }, { "DisplayName": "Forced Checked", "Data": "1" }, { "DisplayName": "Forced Unchecked", "Data": "2" } ], "Required": true } ] }, { "File": "Sensors.admx", "CategoryName": "HumanPresence", "PolicyName": "ForceAllowLockWhenExternalDisplayConnected", "Class": "Machine", "NameSpace": "Microsoft.Policies.Sensors", "Supported": "Windows_10_0_NOSERVER - At least Windows 10", "DisplayName": "Force Allow Lock When External Display Connected", "ExplainText": "Determines whether Allow Lock on Leave When External Display Connected checkbox is forced checked/unchecked by the MDM policy. The user will not be able to change this setting and the checkbox in the UI will be greyed out.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\HumanPresence" ], "Elements": [ { "Type": "Enum", "ValueName": "ForceAllowLockWhenExternalDisplayConnected", "Items": [ { "DisplayName": "Defaults to user choice", "Data": "0" }, { "DisplayName": "Forced Checked", "Data": "1" }, { "DisplayName": "Forced Unchecked", "Data": "2" } ], "Required": true } ] }, { "File": "Sensors.admx", "CategoryName": "HumanPresence", "PolicyName": "ForceAllowDimWhenExternalDisplayConnected", "Class": "Machine", "NameSpace": "Microsoft.Policies.Sensors", "Supported": "Windows_10_0_NOSERVER - At least Windows 10", "DisplayName": "Force Allow Dim When External Display Connected", "ExplainText": "Determines whether Allow Adaptive Dimming When External Display Connected checkbox is forced checked/unchecked by the MDM policy. The user will not be able to change this setting and the checkbox in the UI will be greyed out.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\HumanPresence" ], "Elements": [ { "Type": "Enum", "ValueName": "ForceAllowDimWhenExternalDisplayConnected", "Items": [ { "DisplayName": "Defaults to user choice", "Data": "0" }, { "DisplayName": "Forced Checked", "Data": "1" }, { "DisplayName": "Forced Unchecked", "Data": "2" } ], "Required": true } ] }, { "File": "Sensors.admx", "CategoryName": "HumanPresence", "PolicyName": "ForceOnlookerDetection", "Class": "Machine", "NameSpace": "Microsoft.Policies.Sensors", "Supported": "Windows_11_0_24H2 - At least Windows 11 Version 24H2", "DisplayName": "Force Onlooker Detection", "ExplainText": "Determines whether the Onlooker Detection feature is forced on/off by the MDM policy. The user will not be able to change this setting and the toggle in the UI will be greyed out.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\HumanPresence" ], "Elements": [ { "Type": "Enum", "ValueName": "ForceOnlookerDetection", "Items": [ { "DisplayName": "Defaults to user choice", "Data": "0" }, { "DisplayName": "Forced On", "Data": "1" }, { "DisplayName": "Forced Off", "Data": "2" } ], "Required": true } ] }, { "File": "Sensors.admx", "CategoryName": "HumanPresence", "PolicyName": "ForceOnlookerDetectionAction", "Class": "Machine", "NameSpace": "Microsoft.Policies.Sensors", "Supported": "Windows_11_0_24H2 - At least Windows 11 Version 24H2", "DisplayName": "Force Onlooker Detection Action", "ExplainText": "Determines whether the Onlooker Detection action is forced by the MDM policy. The user will not be able to change this setting and the toggle in the UI will be greyed out.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\HumanPresence" ], "Elements": [ { "Type": "Enum", "ValueName": "ForceOnlookerDetectionAction", "Items": [ { "DisplayName": "Defaults to user choice", "Data": "0" }, { "DisplayName": "Notify", "Data": "2" }, { "DisplayName": "Dim and Notify", "Data": "3" } ], "Required": true } ] }, { "File": "ServerManager.admx", "CategoryName": "ServerManager", "PolicyName": "DoNotLaunchServerManager", "Class": "Machine", "NameSpace": "Microsoft.Policies.ServerManager", "Supported": "WindowsServer2008", "DisplayName": "Do not display Server Manager automatically at logon", "ExplainText": "This policy setting allows you to turn off the automatic display of Server Manager at logon.\n\nIf you enable this policy setting, Server Manager is not displayed automatically when a user logs on to the server.\n\nIf you disable this policy setting, Server Manager is displayed automatically when a user logs on to the server.\n\nIf you do not configure this policy setting, Server Manager is displayed when a user logs on to the server. However, if the \"Do not show me this console at logon\" (Windows Server 2008 and Windows Server 2008 R2) or \"Do not start Server Manager automatically at logon\" (Windows Server 2012) option is selected, the console is not displayed automatically at logon.\n\nNote: Regardless of the status of this policy setting, Server Manager is available from the Start menu or the Windows taskbar.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Server\\ServerManager" ], "ValueName": "DoNotOpenAtLogon", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ServerManager.admx", "CategoryName": "ServerManager", "PolicyName": "ServerManagerAutoRefreshRate", "Class": "Machine", "NameSpace": "Microsoft.Policies.ServerManager", "Supported": "WindowsServer2008", "DisplayName": "Configure the refresh interval for Server Manager", "ExplainText": "This policy setting allows you to set the refresh interval for Server Manager. Each refresh provides Server Manager with updated information about which roles and features are installed on servers that you are managing by using Server Manager. Server Manager also monitors the status of roles and features installed on managed servers.\n\nIf you enable this policy setting, Server Manager uses the refresh interval specified in the policy setting instead of the \"Configure Refresh Interval\" setting (in Windows Server 2008 and Windows Server 2008 R2), or the \"Refresh the data shown in Server Manager every [x] [minutes/hours/days]\" setting (in Windows Server 2012) that is configured in the Server Manager console.\n\nIf you disable this policy setting, Server Manager does not refresh automatically. If you do not configure this policy setting, Server Manager uses the refresh interval settings that are specified in the Server Manager console.\n\nNote: The default refresh interval for Server Manager is two minutes in Windows Server 2008 and Windows Server 2008 R2, or 10 minutes in Windows Server 2012.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Server\\ServerManager" ], "ValueName": "RefreshIntervalEnabled", "Elements": [ { "Type": "Decimal", "ValueName": "RefreshInterval", "MinValue": "1", "MaxValue": "34560", "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ServerManager.admx", "CategoryName": "ServerManager", "PolicyName": "DoNotLaunchInitialConfigurationTasks", "Class": "Machine", "NameSpace": "Microsoft.Policies.ServerManager", "Supported": "WindowsServer2008OrWindowsServer2008R2Only - Windows Server 2008 and Windows Server 2008 R2 operating systems only", "DisplayName": "Do not display Initial Configuration Tasks window automatically at logon", "ExplainText": "This policy setting allows you to turn off the automatic display of the Initial Configuration Tasks window at logon on Windows Server 2008 and Windows Server 2008 R2.\n\nIf you enable this policy setting, the Initial Configuration Tasks window is not displayed when an administrator logs on to the server.\n\nIf you disable this policy setting, the Initial Configuration Tasks window is displayed when an administrator logs on to the server.\n\nIf you do not configure this policy setting, the Initial Configuration Tasks window is displayed when an administrator logs on to the server. However, if an administrator selects the \"Do not show this window at logon\" option, the window is not displayed on subsequent logons.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Server\\InitialConfigurationTasks" ], "ValueName": "DoNotOpenAtLogon", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ServerManager.admx", "CategoryName": "System", "PolicyName": "Do_not_display_Manage_Your_Server_page", "Class": "Machine", "NameSpace": "Microsoft.Policies.ServerManager", "Supported": "WindowsNET - At least Windows Server 2003", "DisplayName": "Do not display Manage Your Server page at logon", "ExplainText": "This policy setting allows you to turn off the automatic display of the Manage Your Server page.\n\nIf you enable this policy setting, the Manage Your Server page is not displayed each time an administrator logs on to the server.\n\nIf you disable or do not configure this policy setting, the Manage Your Server page is displayed each time an administrator logs on to the server. However, if the administrator has selected the \"Don\u2019t display this page at logon\" option at the bottom of the Manage Your Server page, the page is not displayed.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\MYS" ], "ValueName": "DisableShowAtLogon", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "ServiceControlManager.admx", "CategoryName": "ServiceControlManagerSecurityCat", "PolicyName": "SvchostProcessMitigationEnable", "Class": "Machine", "NameSpace": "Microsoft.Policies.ServiceControlManager", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Enable svchost.exe mitigation options", "ExplainText": "This policy setting enables process mitigation options on svchost.exe processes.\n\nIf you enable this policy setting, built-in system services hosted in svchost.exe processes will have stricter security policies enabled on them.\n\nThis includes a policy requiring all binaries loaded in these processes to be signed by microsoft, as well as a policy disallowing dynamically-generated code.\n\nIf you disable or do not configure this policy setting, these stricter security settings will not be applied.", "KeyPath": [ "HKLM\\System\\CurrentControlSet\\Control\\SCMConfig" ], "ValueName": "EnableSvchostMitigationPolicy", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Servicing.admx", "CategoryName": "System", "PolicyName": "Servicing", "Class": "Machine", "NameSpace": "Microsoft.Policies.Servicing", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Specify settings for optional component installation and component repair", "ExplainText": "This policy setting specifies the network locations that will be used for the repair of operating system corruption and for enabling optional features that have had their payload files removed.\n\nIf you enable this policy setting and specify the new location, the files in that location will be used to repair operating system corruption and for enabling optional features that have had their payload files removed. You must enter the fully qualified path to the new location in the \"\"Alternate source file path\"\" text box. Multiple locations can be specified when each path is separated by a semicolon.\n\nThe network location can be either a folder, or a WIM file. If it is a WIM file, the location should be specified by prefixing the path with \"wim:\" and include the index of the image to use in the WIM file. For example \"wim:\\\\server\\share\\install.wim:3\".\n\nIf you disable or do not configure this policy setting, or if the required files cannot be found at the locations specified in this policy setting, the files will be downloaded from Windows Update, if that is allowed by the policy settings for the computer.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Servicing" ], "Elements": [ { "Type": "Text", "ValueName": "LocalSourcePath", "Expandable": true } ] }, { "File": "SettingSync.admx", "CategoryName": "SettingSync", "PolicyName": "DisableSettingSync", "Class": "Machine", "NameSpace": "Microsoft.Policies.SettingSync", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Do not sync", "ExplainText": "Prevent syncing to and from this PC. This turns off and disables the \"sync your settings\" switch on the \"sync your settings\" page in PC Settings.\n\nIf you enable this policy setting, \"sync your settings\" will be turned off, and none of the \"sync your setting\" groups will be synced on this PC.\n\nUse the option \"Allow users to turn syncing on\" so that syncing it turned off by default but not disabled.\n\nIf you do not set or disable this setting, \"sync your settings\" is on by default and configurable by the user.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\SettingSync" ], "ValueName": "DisableSettingSync", "Elements": [ { "Type": "Boolean", "ValueName": "DisableSettingSyncUserOverride", "TrueValue": "0", "FalseValue": "1" }, { "Type": "EnabledValue", "Data": "2" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "SettingSync.admx", "CategoryName": "SettingSync", "PolicyName": "DisableApplicationSettingSync", "Class": "Machine", "NameSpace": "Microsoft.Policies.SettingSync", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Do not sync app settings", "ExplainText": "Prevent the \"app settings\" group from syncing to and from this PC. This turns off and disables the \"app settings\" group on the \"sync your settings\" page in PC settings.\n\nIf you enable this policy setting, the \"app settings\" group will not be synced.\n\nUse the option \"Allow users to turn app settings syncing on\" so that syncing it turned off by default but not disabled.\n\nIf you do not set or disable this setting, syncing of the \"app settings\" group is on by default and configurable by the user.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\SettingSync" ], "ValueName": "DisableApplicationSettingSync", "Elements": [ { "Type": "Boolean", "ValueName": "DisableApplicationSettingSyncUserOverride", "TrueValue": "0", "FalseValue": "1" }, { "Type": "EnabledValue", "Data": "2" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "SettingSync.admx", "CategoryName": "SettingSync", "PolicyName": "DisableCredentialsSettingSync", "Class": "Machine", "NameSpace": "Microsoft.Policies.SettingSync", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Do not sync passwords", "ExplainText": "Prevent the \"passwords\" group from syncing to and from this PC. This turns off and disables the \"passwords\" group on the \"sync your settings\" page in PC settings.\n\nIf you enable this policy setting, the \"passwords\" group will not be synced.\n\nUse the option \"Allow users to turn passwords syncing on\" so that syncing it turned off by default but not disabled.\n\nIf you do not set or disable this setting, syncing of the \"passwords\" group is on by default and configurable by the user.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\SettingSync" ], "ValueName": "DisableCredentialsSettingSync", "Elements": [ { "Type": "Boolean", "ValueName": "DisableCredentialsSettingSyncUserOverride", "TrueValue": "0", "FalseValue": "1" }, { "Type": "EnabledValue", "Data": "2" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "SettingSync.admx", "CategoryName": "SettingSync", "PolicyName": "DisablePersonalizationSettingSync", "Class": "Machine", "NameSpace": "Microsoft.Policies.SettingSync", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Do not sync personalize", "ExplainText": "Prevent the \"personalize\" group from syncing to and from this PC. This turns off and disables the \"personalize\" group on the \"sync your settings\" page in PC settings.\n\nIf you enable this policy setting, the \"personalize\" group will not be synced.\n\nUse the option \"Allow users to turn personalize syncing on\" so that syncing it turned off by default but not disabled.\n\nIf you do not set or disable this setting, syncing of the \"personalize\" group is on by default and configurable by the user.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\SettingSync" ], "ValueName": "DisablePersonalizationSettingSync", "Elements": [ { "Type": "Boolean", "ValueName": "DisablePersonalizationSettingSyncUserOverride", "TrueValue": "0", "FalseValue": "1" }, { "Type": "EnabledValue", "Data": "2" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "SettingSync.admx", "CategoryName": "SettingSync", "PolicyName": "DisableAppSyncSettingSync", "Class": "Machine", "NameSpace": "Microsoft.Policies.SettingSync", "Supported": "Windows_6_3 - At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1", "DisplayName": "Do not sync Apps", "ExplainText": "Prevent the \"AppSync\" group from syncing to and from this PC. This turns off and disables the \"AppSync\" group on the \"sync your settings\" page in PC settings.\n\nIf you enable this policy setting, the \"AppSync\" group will not be synced.\n\nUse the option \"Allow users to turn app syncing on\" so that syncing it turned off by default but not disabled.\n\nIf you do not set or disable this setting, syncing of the \"AppSync\" group is on by default and configurable by the user.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\SettingSync" ], "ValueName": "DisableAppSyncSettingSync", "Elements": [ { "Type": "Boolean", "ValueName": "DisableAppSyncSettingSyncUserOverride", "TrueValue": "0", "FalseValue": "1" }, { "Type": "EnabledValue", "Data": "2" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "SettingSync.admx", "CategoryName": "SettingSync", "PolicyName": "DisableWindowsSettingSync", "Class": "Machine", "NameSpace": "Microsoft.Policies.SettingSync", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Do not sync other Windows settings", "ExplainText": "Prevent the \"Other Windows settings\" group from syncing to and from this PC. This turns off and disables the \"Other Windows settings\" group on the \"sync your settings\" page in PC settings.\n\nIf you enable this policy setting, the \"Other Windows settings\" group will not be synced.\n\nUse the option \"Allow users to turn other Windows settings syncing on\" so that syncing it turned off by default but not disabled.\n\nIf you do not set or disable this setting, syncing of the \"Other Windows settings\" group is on by default and configurable by the user.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\SettingSync" ], "ValueName": "DisableWindowsSettingSync", "Elements": [ { "Type": "Boolean", "ValueName": "DisableWindowsSettingSyncUserOverride", "TrueValue": "0", "FalseValue": "1" }, { "Type": "EnabledValue", "Data": "2" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "SettingSync.admx", "CategoryName": "SettingSync", "PolicyName": "DisableDesktopThemeSettingSync", "Class": "Machine", "NameSpace": "Microsoft.Policies.SettingSync", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Do not sync desktop personalization", "ExplainText": "Prevent the \"desktop personalization\" group from syncing to and from this PC. This turns off and disables the \"desktop personalization\" group on the \"sync your settings\" page in PC settings.\n\nIf you enable this policy setting, the \"desktop personalization\" group will not be synced.\n\nUse the option \"Allow users to turn desktop personalization syncing on\" so that syncing it turned off by default but not disabled.\n\nIf you do not set or disable this setting, syncing of the \"desktop personalization\" group is on by default and configurable by the user.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\SettingSync" ], "ValueName": "DisableDesktopThemeSettingSync", "Elements": [ { "Type": "Boolean", "ValueName": "DisableDesktopThemeSettingSyncUserOverride", "TrueValue": "0", "FalseValue": "1" }, { "Type": "EnabledValue", "Data": "2" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "SettingSync.admx", "CategoryName": "SettingSync", "PolicyName": "DisableWebBrowserSettingSync", "Class": "Machine", "NameSpace": "Microsoft.Policies.SettingSync", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Do not sync browser settings", "ExplainText": "Prevent the \"browser\" group from syncing to and from this PC. This turns off and disables the \"browser\" group on the \"sync your settings\" page in PC settings. The \"browser\" group contains settings and info like history and favorites.\n\nIf you enable this policy setting, the \"browser\" group, including info like history and favorites, will not be synced.\n\nUse the option \"Allow users to turn browser syncing on\" so that syncing is turned off by default but not disabled.\n\nIf you do not set or disable this setting, syncing of the \"browser\" group is on by default and configurable by the user.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\SettingSync" ], "ValueName": "DisableWebBrowserSettingSync", "Elements": [ { "Type": "Boolean", "ValueName": "DisableWebBrowserSettingSyncUserOverride", "TrueValue": "0", "FalseValue": "1" }, { "Type": "EnabledValue", "Data": "2" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "SettingSync.admx", "CategoryName": "SettingSync", "PolicyName": "DisableSyncOnPaidNetwork", "Class": "Machine", "NameSpace": "Microsoft.Policies.SettingSync", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Do not sync on metered connections", "ExplainText": "Prevent syncing to and from this PC when on metered Internet connections. This turns off and disables \"sync your settings on metered connections\" switch on the \"sync your settings\" page in PC Settings.\n\nIf you enable this policy setting, syncing on metered connections will be turned off, and no syncing will take place when this PC is on a metered connection.\n\nIf you do not set or disable this setting, syncing on metered connections is configurable by the user.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\SettingSync" ], "ValueName": "DisableSyncOnPaidNetwork", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "SettingSync.admx", "CategoryName": "SettingSync", "PolicyName": "DisableStartLayoutSettingSync", "Class": "Machine", "NameSpace": "Microsoft.Policies.SettingSync", "Supported": "Windows_6_3 - At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1", "DisplayName": "Do not sync start settings", "ExplainText": "Prevent the \"Start layout\" group from syncing to and from this PC. This turns off and disables the \"Start layout\" group on the \"sync your settings\" page in PC settings.\n\nIf you enable this policy setting, the \"Start layout\" group will not be synced.\n\nUse the option \"Allow users to turn start syncing on\" so that syncing is turned off by default but not disabled.\n\nIf you do not set or disable this setting, syncing of the \"Start layout\" group is on by default and configurable by the user.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\SettingSync" ], "ValueName": "DisableStartLayoutSettingSync", "Elements": [ { "Type": "Boolean", "ValueName": "DisableStartLayoutSettingSyncUserOverride", "TrueValue": "0", "FalseValue": "1" }, { "Type": "EnabledValue", "Data": "2" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "SettingSync.admx", "CategoryName": "SettingSync", "PolicyName": "DisableAccessibilitySettingSync", "Class": "Machine", "NameSpace": "Microsoft.Policies.SettingSync", "Supported": "Windows_11_0_22H2 - At least Windows 11 Version 22H2", "DisplayName": "Do not sync accessibility settings", "ExplainText": "Prevent the \"accessibility\" group from syncing to and from this PC. This turns off and disables the \"accessibility\" group on the \"Windows backup\" settings page in PC settings.\n\nIf you enable this policy setting, the \"accessibility\" group will not be synced.\n\nUse the option \"Allow users to turn accessibility syncing on\" so that syncing is turned off by default but not disabled.\n\nIf you do not set or disable this setting, syncing of the \"accessibility\" group is on by default and configurable by the user.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\SettingSync" ], "ValueName": "DisableAccessibilitySettingSync", "Elements": [ { "Type": "Boolean", "ValueName": "DisableAccessibilitySettingSyncUserOverride", "TrueValue": "0", "FalseValue": "1" }, { "Type": "EnabledValue", "Data": "2" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "SettingSync.admx", "CategoryName": "SettingSync", "PolicyName": "DisableLanguageSettingSync", "Class": "Machine", "NameSpace": "Microsoft.Policies.SettingSync", "Supported": "Windows_11_0_22H2 - At least Windows 11 Version 22H2", "DisplayName": "Do not sync language preferences settings", "ExplainText": "Prevent the \"language preferences\" group from syncing to and from this PC. This turns off and disables the \"languages preferences\" group on the \"Windows backup\" settings page in PC settings.\n\nIf you enable this policy setting, the \"language preferences\" group will not be synced.\n\nUse the option \"Allow users to turn language preferences syncing on\" so that syncing is turned off by default but not disabled.\n\nIf you do not set or disable this setting, syncing of the \"language preferences\" group is on by default and configurable by the user.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\SettingSync" ], "ValueName": "DisableLanguageSettingSync", "Elements": [ { "Type": "Boolean", "ValueName": "DisableLanguageSettingSyncUserOverride", "TrueValue": "0", "FalseValue": "1" }, { "Type": "EnabledValue", "Data": "2" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "SettingSync.admx", "CategoryName": "SettingSync", "PolicyName": "EnableWindowsBackup", "Class": "Machine", "NameSpace": "Microsoft.Policies.SettingSync", "Supported": "Windows_10_0_NOSERVER - At least Windows 10", "DisplayName": "Enable Windows Backup", "ExplainText": "This policy setting allows administrators to configure and manage windows backup for their organization.\n\nIf you enable this policy setting, windows backup will occur periodically.\n\nIf you disable or do not configure this policy setting, windows backup will not take place.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\SettingSync" ], "ValueName": "EnableWindowsBackup", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "SettingSync.admx", "CategoryName": "SettingSync", "PolicyName": "EnableWindowsRestore", "Class": "Machine", "NameSpace": "Microsoft.Policies.SettingSync", "Supported": "Windows_11_0_24H2 - At least Windows 11 Version 24H2", "DisplayName": "Enable Windows Restore", "ExplainText": "This policy setting allows administrators to configure and manage Windows restore for their organization.\n\nIf you enable this policy setting, Windows restore will be enabled.\n\nIf you disable or do not configure this policy setting, Windows restore will be disabled.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\WindowsBackupAndRestore\\NodeValues" ], "ValueName": "EnableWindowsRestore", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Setup.admx", "CategoryName": "System", "PolicyName": "ServicePackSourcePath", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsSetup", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Specify Windows Service Pack installation file location", "ExplainText": "Specifies an alternate location for Windows Service Pack installation files.\n\nIf you enable this policy setting, enter the fully qualified path to the new location in the \"Windows Service Pack Setup file path\" box.\n\nIf you disable or do not configure this policy setting, the Windows Service Pack Setup source path will be the location used during the last time Windows Service Pack Setup was run on the system.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Setup" ], "Elements": [ { "Type": "Text", "ValueName": "ServicePackSourcePath", "Required": true } ] }, { "File": "Setup.admx", "CategoryName": "System", "PolicyName": "SetupSourcePath", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsSetup", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Specify Windows installation file location", "ExplainText": "Specifies an alternate location for Windows installation files.\n\nIf you enable this policy setting, enter the fully qualified path to the new location in the \"Windows Setup file path\" box.\n\nIf you disable or do not configure this policy setting, the Windows Setup source path will be the location used during the last time Windows Setup was run on the system.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Setup" ], "Elements": [ { "Type": "Text", "ValueName": "SourcePath", "Required": true } ] }, { "File": "SharedFolders.admx", "CategoryName": "SharedFolders", "PolicyName": "PublishDfsRoots", "Class": "User", "NameSpace": "Microsoft.Policies.SharedFolders", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Allow DFS roots to be published", "ExplainText": "This policy setting determines whether the user can publish DFS roots in Active Directory Domain Services (AD DS).\n\nIf you enable or do not configure this policy setting, users can use the \"Publish in Active Directory\" option to publish DFS roots as shared folders in AD DS .\n\nIf you disable this policy setting, users cannot publish DFS roots in AD DS and the \"Publish in Active Directory\" option is disabled. Note: The default is to allow shared folders to be published when this setting is not configured.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows NT\\SharedFolders" ], "ValueName": "PublishDfsRoots", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "SharedFolders.admx", "CategoryName": "SharedFolders", "PolicyName": "PublishSharedFolders", "Class": "User", "NameSpace": "Microsoft.Policies.SharedFolders", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Allow shared folders to be published", "ExplainText": "This policy setting determines whether the user can publish shared folders in Active Directory Domain Services (AD DS).\n\nIf you enable or do not configure this policy setting, users can use the \"Publish in Active Directory\" option in the Shared Folders snap-in to publish shared folders in AD DS.\n\nIf you disable this policy setting, users cannot publish shared folders in AD DS, and the \"Publish in Active Directory\" option is disabled. Note: The default is to allow shared folders to be published when this setting is not configured.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows NT\\SharedFolders" ], "ValueName": "PublishSharedFolders", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Sharing.admx", "CategoryName": "Sharing", "PolicyName": "NoInplaceSharing", "Class": "User", "NameSpace": "Microsoft.Policies.NetworkSharing", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Prevent users from sharing files within their profile.", "ExplainText": "This policy setting specifies whether users can share files within their profile. By default users are allowed to share files within their profile to other users on their network after an administrator opts in the computer. An administrator can opt in the computer by using the sharing wizard to share a file within their profile.\n\nIf you enable this policy setting, users cannot share files within their profile using the sharing wizard. Also, the sharing wizard cannot create a share at %root%\\users and can only be used to create SMB shares on folders.\n\nIf you disable or don't configure this policy setting, users can share files out of their user profile after an administrator has opted in the computer.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoInplaceSharing", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Sharing.admx", "CategoryName": "HomeGroup", "PolicyName": "DisableHomeGroup", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetworkSharing", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Prevent the computer from joining a homegroup", "ExplainText": "This policy setting specifies whether users can add computers to a homegroup. By default, users can add their computer to a homegroup on a private network.\n\nIf you enable this policy setting, users cannot add computers to a homegroup. This policy setting does not affect other network sharing features.\n\nIf you disable or do not configure this policy setting, users can add computers to a homegroup. However, data on a domain-joined computer is not shared with the homegroup.\n\nThis policy setting is not configured by default.\n\nYou must restart the computer for this policy setting to take effect.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\HomeGroup" ], "ValueName": "DisableHomeGroup", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Sharing.admx", "CategoryName": "Sharing", "PolicyName": "DisableShareAppPromotions", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetworkSharing", "Supported": "Windows_11_0_24H2 - At least Windows 11 Version 24H2", "DisplayName": "DisableShareAppPromotions", "ExplainText": "This policy setting allow IT admins to control whether promotional apps are displayed in the ShareSheet. If you enable this policy, Windows will not show promotional apps in the ShareSheet. If you disable or do not configure this policy, ShareSheet may show app suggestions and promotions when the ShareSheet is opened.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\ShareSheet" ], "ValueName": "DisableShareAppPromotions", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Sharing.admx", "CategoryName": "Sharing", "PolicyName": "DisableInlineCompose", "Class": "Machine", "NameSpace": "Microsoft.Policies.NetworkSharing", "Supported": "Windows_11_0_24H2 - At least Windows 11 Version 24H2", "DisplayName": "DisableInlineCompose", "ExplainText": "DisableInlineCompose", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\ShareSheet" ], "ValueName": "DisableInlineCompose", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Shell-CommandPrompt-RegEditTools.admx", "CategoryName": "System", "PolicyName": "DisableCMD", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsTools", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Prevent access to the command prompt", "ExplainText": "This policy setting prevents users from running the interactive command prompt, Cmd.exe. This policy setting also determines whether batch files (.cmd and .bat) can run on the computer.\n\nIf you enable this policy setting and the user tries to open a command window, the system displays a message explaining that a setting prevents the action.\n\nIf you disable this policy setting or do not configure it, users can run Cmd.exe and batch files normally.\n\nNote: Do not prevent the computer from running batch files if the computer uses logon, logoff, startup, or shutdown batch file scripts, or for users that use Remote Desktop Services.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\System" ], "Elements": [ { "Type": "Enum", "ValueName": "DisableCMD", "Items": [ { "DisplayName": "Yes", "Data": "1" }, { "DisplayName": "No", "Data": "2" } ] } ] }, { "File": "Shell-CommandPrompt-RegEditTools.admx", "CategoryName": "System", "PolicyName": "DisableRegedit", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsTools", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Prevent access to registry editing tools", "ExplainText": "Disables the Windows registry editor Regedit.exe.\n\nIf you enable this policy setting and the user tries to start Regedit.exe, a message appears explaining that a policy setting prevents the action.\n\nIf you disable this policy setting or do not configure it, users can run Regedit.exe normally.\n\nTo prevent users from using other administrative tools, use the \"Run only specified Windows applications\" policy setting.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "Elements": [ { "Type": "Enum", "ValueName": "DisableRegistryTools", "Items": [ { "DisplayName": "Yes", "Data": "2" }, { "DisplayName": "No", "Data": "1" } ] } ] }, { "File": "Shell-CommandPrompt-RegEditTools.admx", "CategoryName": "System", "PolicyName": "RestrictApps", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsTools", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Run only specified Windows applications", "ExplainText": "Limits the Windows programs that users have permission to run on the computer.\n\nIf you enable this policy setting, users can only run programs that you add to the list of allowed applications.\n\nIf you disable this policy setting or do not configure it, users can run all applications.\n\nThis policy setting only prevents users from running programs that are started by the File Explorer process. It does not prevent users from running programs such as Task Manager, which are started by the system process or by other processes. Also, if users have access to the command prompt (Cmd.exe), this policy setting does not prevent them from starting programs in the command window even though they would be prevented from doing so using File Explorer.\n\nNote: Non-Microsoft applications with Windows 2000 or later certification are required to comply with this policy setting.\nNote: To create a list of allowed applications, click Show. In the Show Contents dialog box, in the Value column, type the application executable name (e.g., Winword.exe, Poledit.exe, Powerpnt.exe).", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "RestrictRun", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\RestrictRun" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Shell-CommandPrompt-RegEditTools.admx", "CategoryName": "System", "PolicyName": "DisallowApps", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsTools", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Don't run specified Windows applications", "ExplainText": "Prevents Windows from running the programs you specify in this policy setting.\n\nIf you enable this policy setting, users cannot run programs that you add to the list of disallowed applications.\n\nIf you disable this policy setting or do not configure it, users can run any programs.\n\nThis policy setting only prevents users from running programs that are started by the File Explorer process. It does not prevent users from running programs, such as Task Manager, which are started by the system process or by other processes. Also, if users have access to the command prompt (Cmd.exe), this policy setting does not prevent them from starting programs in the command window even though they would be prevented from doing so using File Explorer.\n\nNote: Non-Microsoft applications with Windows 2000 or later certification are required to comply with this policy setting.\nNote: To create a list of allowed applications, click Show. In the Show Contents dialog box, in the Value column, type the application executable name (e.g., Winword.exe, Poledit.exe, Powerpnt.exe).", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "DisallowRun", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisallowRun" ] } ] }, { "File": "ShellWelcomeCenter.admx", "CategoryName": "WindowsExplorer", "PolicyName": "RestrictWelcomeCenter", "Class": "User", "NameSpace": "Microsoft.Policies.WelcomeCenter", "Supported": "WindowsVistaOnly - Windows Vista only", "DisplayName": "Do not display the Welcome Center at user logon", "ExplainText": "This policy setting prevents the display of the Welcome Center at user logon.\n\nIf you enable this policy setting, the Welcome Center is not displayed at user logon. The user can access the Welcome Center using the Control Panel or Start menu.\n\nIf you disable or do not configure this policy setting, the Welcome Center is displayed at user logon.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "RestrictWelcomeCenter", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Sidebar.admx", "CategoryName": "Sidebar", "PolicyName": "TurnOffSidebar_1", "Class": "User", "NameSpace": "Microsoft.Policies.SideBar", "Supported": "Windows7ToVista - Windows Server 2008, Windows 7, and Windows Vista", "DisplayName": "Turn off desktop gadgets", "ExplainText": "This policy setting allows you to turn off desktop gadgets. Gadgets are small applets that display information or utilities on the desktop.\n\nIf you enable this setting, desktop gadgets will be turned off.\n\nIf you disable or do not configure this setting, desktop gadgets will be turned on.\n\nThe default is for desktop gadgets to be turned on.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Windows\\Sidebar" ], "ValueName": "TurnOffSidebar", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Sidebar.admx", "CategoryName": "Sidebar", "PolicyName": "TurnOffSidebar_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.SideBar", "Supported": "Windows7ToVista - Windows Server 2008, Windows 7, and Windows Vista", "DisplayName": "Turn off desktop gadgets", "ExplainText": "This policy setting allows you to turn off desktop gadgets. Gadgets are small applets that display information or utilities on the desktop.\n\nIf you enable this setting, desktop gadgets will be turned off.\n\nIf you disable or do not configure this setting, desktop gadgets will be turned on.\n\nThe default is for desktop gadgets to be turned on.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Windows\\Sidebar" ], "ValueName": "TurnOffSidebar", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Sidebar.admx", "CategoryName": "Sidebar", "PolicyName": "TurnOffUnsignedGagdets_1", "Class": "User", "NameSpace": "Microsoft.Policies.SideBar", "Supported": "Windows7ToVista - Windows Server 2008, Windows 7, and Windows Vista", "DisplayName": "Restrict unpacking and installation of gadgets that are not digitally signed.", "ExplainText": "This policy setting allows you to restrict the installation of unsigned gadgets. Desktop gadgets can be deployed as compressed files, either digitally signed or unsigned.\nIf you enable this setting, gadgets that have not been digitally signed will not be extracted.\n\nIf you disable or do not configure this setting, both signed and unsigned gadgets will be extracted.\nThe default is for Windows to extract both signed and unsigned gadgets.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Windows\\Sidebar" ], "ValueName": "TurnOffUnsignedGadgets", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Sidebar.admx", "CategoryName": "Sidebar", "PolicyName": "TurnOffUnsignedGagdets_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.SideBar", "Supported": "Windows7ToVista - Windows Server 2008, Windows 7, and Windows Vista", "DisplayName": "Restrict unpacking and installation of gadgets that are not digitally signed.", "ExplainText": "This policy setting allows you to restrict the installation of unsigned gadgets. Desktop gadgets can be deployed as compressed files, either digitally signed or unsigned.\nIf you enable this setting, gadgets that have not been digitally signed will not be extracted.\n\nIf you disable or do not configure this setting, both signed and unsigned gadgets will be extracted.\nThe default is for Windows to extract both signed and unsigned gadgets.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Windows\\Sidebar" ], "ValueName": "TurnOffUnsignedGadgets", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Sidebar.admx", "CategoryName": "Sidebar", "PolicyName": "TurnOffUserInstalledGagdets_1", "Class": "User", "NameSpace": "Microsoft.Policies.SideBar", "Supported": "Windows7ToVista - Windows Server 2008, Windows 7, and Windows Vista", "DisplayName": "Turn Off user-installed desktop gadgets", "ExplainText": "This policy setting allows you to turn off desktop gadgets that have been installed by the user.\n\nIf you enable this setting, Windows will not run any user-installed gadgets.\n\nIf you disable or do not configure this setting, Windows will run user-installed gadgets.\n\nThe default is for Windows to run user installed gadgets.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Windows\\Sidebar" ], "ValueName": "TurnOffUserInstalledGadgets", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Sidebar.admx", "CategoryName": "Sidebar", "PolicyName": "TurnOffUserInstalledGagdets_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.SideBar", "Supported": "Windows7ToVista - Windows Server 2008, Windows 7, and Windows Vista", "DisplayName": "Turn Off user-installed desktop gadgets", "ExplainText": "This policy setting allows you to turn off desktop gadgets that have been installed by the user.\n\nIf you enable this setting, Windows will not run any user-installed gadgets.\n\nIf you disable or do not configure this setting, Windows will run user-installed gadgets.\n\nThe default is for Windows to run user installed gadgets.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Windows\\Sidebar" ], "ValueName": "TurnOffUserInstalledGadgets", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "SkyDrive.admx", "CategoryName": "OneDrive", "PolicyName": "PreventOnedriveFileSync", "Class": "Machine", "NameSpace": "Microsoft.Policies.OneDrive", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Prevent the usage of OneDrive for file storage", "ExplainText": "This policy setting lets you prevent apps and features from working with files on OneDrive.\nIf you enable this policy setting:\n\n* Users can\u2019t access OneDrive from the OneDrive app and file picker.\n* Packaged Microsoft Store apps can\u2019t access OneDrive using the WinRT API.\n* OneDrive doesn\u2019t appear in the navigation pane in File Explorer.\n* OneDrive files aren\u2019t kept in sync with the cloud.\n* Users can\u2019t automatically upload photos and videos from the camera roll folder.\n\nIf you disable or do not configure this policy setting, apps and features can work with OneDrive file storage.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\OneDrive" ], "ValueName": "DisableFileSyncNGSC", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "SkyDrive.admx", "CategoryName": "OneDrive", "PolicyName": "PreventNetworkTrafficPreUserSignIn", "Class": "Machine", "NameSpace": "Microsoft.Policies.OneDrive", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Prevent OneDrive from generating network traffic until the user signs in to OneDrive", "ExplainText": "Enable this setting to prevent the OneDrive sync client (OneDrive.exe) from generating network traffic (checking for updates, etc.) until the user signs in to OneDrive or starts syncing files to the local computer.\n\nIf you enable this setting, users must sign in to the OneDrive sync client on the local computer, or select to sync OneDrive or SharePoint files on the computer, for the sync client to start automatically.\n\nIf this setting is not enabled, the OneDrive sync client will start automatically when users sign in to Windows.\n\nIf you enable or disable this setting, do not return the setting to Not Configured. Doing so will not change the configuration and the last configured setting will remain in effect.", "KeyPath": [ "HKLM\\SOFTWARE\\Microsoft\\OneDrive" ], "ValueName": "PreventNetworkTrafficPreUserSignIn", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "SkyDrive.admx", "CategoryName": "OneDrive", "PolicyName": "PreventOnedriveFileSyncForBlue", "Class": "Machine", "NameSpace": "Microsoft.Policies.OneDrive", "Supported": "Windows_6_3only - Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1 only", "DisplayName": "Prevent the usage of OneDrive for file storage on Windows 8.1", "ExplainText": "This policy setting lets you prevent apps and features from working with files on OneDrive for Windows 8.1.\nIf you enable this policy setting:\n\n* Users can\u2019t access OneDrive from the OneDrive app and file picker.\n* Packaged Microsoft Store apps can\u2019t access OneDrive using the WinRT API.\n* OneDrive doesn\u2019t appear in the navigation pane in File Explorer.\n* OneDrive files aren\u2019t kept in sync with the cloud.\n* Users can\u2019t automatically upload photos and videos from the camera roll folder.\n\nIf you disable or do not configure this policy setting, apps and features can work with OneDrive file storage.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\OneDrive" ], "ValueName": "DisableFileSync", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "SkyDrive.admx", "CategoryName": "OneDrive", "PolicyName": "PreventOneDriveFileSyncOnMeteredNetwork", "Class": "Machine", "NameSpace": "Microsoft.Policies.OneDrive", "Supported": "Windows_6_3only - Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1 only", "DisplayName": "Prevent OneDrive files from syncing over metered connections", "ExplainText": "This policy setting allows configuration of OneDrive file sync behavior on metered connections.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\OneDrive" ], "Elements": [ { "Type": "Enum", "ValueName": "DisableMeteredNetworkFileSync", "Items": [ { "DisplayName": "Block syncing on all metered connections", "Data": "0" }, { "DisplayName": "Block syncing on metered connections only when roaming", "Data": "1" } ] } ] }, { "File": "SkyDrive.admx", "CategoryName": "OneDrive", "PolicyName": "DisableLibrariesDefaultSaveToOneDrive", "Class": "Machine", "NameSpace": "Microsoft.Policies.OneDrive", "Supported": "Windows_6_3only - Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1 only", "DisplayName": "Save documents to OneDrive by default", "ExplainText": "This policy setting lets you disable OneDrive as the default save location. It does not prevent apps and users from saving files on OneDrive. If you disable this policy setting, files will be saved locally by default. Users will still be able to change the value of this setting to save to OneDrive by default. They will also be able to open and save files on OneDrive using the OneDrive app and file picker, and packaged Microsoft Store apps will still be able to access OneDrive using the WinRT API. If you enable or do not configure this policy setting, users with a connected account will save documents to OneDrive by default.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\OneDrive" ], "ValueName": "DisableLibrariesDefaultSaveToOneDrive", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Smartcard.admx", "CategoryName": "SmartCard", "PolicyName": "AllowCertificatesWithNoEKU", "Class": "Machine", "NameSpace": "Microsoft.Policies.SmartCard", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Allow certificates with no extended key usage certificate attribute", "ExplainText": "This policy setting lets you allow certificates without an Extended Key Usage (EKU) set to be used for logon.\n\nIn versions of Windows prior to Windows Vista, smart card certificates that are used for logon require an enhanced key usage (EKU) extension with a smart card logon object identifier. This policy setting can be used to modify that restriction.\n\nIf you enable this policy setting, certificates with the following attributes can also be used to log on with a smart card:\n- Certificates with no EKU\n- Certificates with an All Purpose EKU\n- Certificates with a Client Authentication EKU\n\nIf you disable or do not configure this policy setting, only certificates that contain the smart card logon object identifier can be used to log on with a smart card.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\SmartCardCredentialProvider" ], "ValueName": "AllowCertificatesWithNoEKU", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Smartcard.admx", "CategoryName": "SmartCard", "PolicyName": "AllowIntegratedUnblock", "Class": "Machine", "NameSpace": "Microsoft.Policies.SmartCard", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Allow Integrated Unblock screen to be displayed at the time of logon", "ExplainText": "This policy setting lets you determine whether the integrated unblock feature will be available in the logon User Interface (UI).\n\nIn order to use the integrated unblock feature your smart card must support this feature. Please check with your hardware manufacturer to see if your smart card supports this feature.\n\nIf you enable this policy setting, the integrated unblock feature will be available.\n\nIf you disable or do not configure this policy setting then the integrated unblock feature will not be available.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\SmartCardCredentialProvider" ], "ValueName": "AllowIntegratedUnblock", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Smartcard.admx", "CategoryName": "SmartCard", "PolicyName": "FilterDuplicateCerts", "Class": "Machine", "NameSpace": "Microsoft.Policies.SmartCard", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Filter duplicate logon certificates", "ExplainText": "This policy settings lets you configure if all your valid logon certificates are displayed.\n\nDuring the certificate renewal period, a user can have multiple valid logon certificates issued from the same certificate template. This can cause confusion as to which certificate to select for logon. The common case for this behavior is when a certificate is renewed and the old one has not yet expired. Two certificates are determined to be the same if they are issued from the same template with the same major version and they are for the same user (determined by their UPN).\n\nIf there are two or more of the \"same\" certificate on a smart card and this policy is enabled then the certificate that is used for logon on Windows 2000, Windows XP, and Windows 2003 Server will be shown, otherwise the the certificate with the expiration time furthest in the future will be shown. Note: This setting will be applied after the following policy: \"Allow time invalid certificates\"\n\nIf you enable or do not configure this policy setting, filtering will take place.\n\nIf you disable this policy setting, no filtering will take place.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\SmartCardCredentialProvider" ], "ValueName": "FilterDuplicateCerts", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Smartcard.admx", "CategoryName": "SmartCard", "PolicyName": "ForceReadingAllCertificates", "Class": "Machine", "NameSpace": "Microsoft.Policies.SmartCard", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Force the reading of all certificates from the smart card", "ExplainText": "This policy setting allows you to manage the reading of all certificates from the smart card for logon.\n\nDuring logon Windows will by default only read the default certificate from the smart card unless it supports retrieval of all certificates in a single call. This setting forces Windows to read all the certificates from the card. This can introduce a significant performance decrease in certain situations. Please contact your smart card vendor to determine if your smart card and associated CSP supports the required behavior.\n\nIf you enable this setting, then Windows will attempt to read all certificates from the smart card regardless of the feature set of the CSP.\n\nIf you disable or do not configure this setting, Windows will only attempt to read the default certificate from those cards that do not support retrieval of all certificates in a single call. Certificates other than the default will not be available for logon.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\SmartCardCredentialProvider" ], "ValueName": "ForceReadingAllCertificates", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Smartcard.admx", "CategoryName": "SmartCard", "PolicyName": "AllowSignatureOnlyKeys", "Class": "Machine", "NameSpace": "Microsoft.Policies.SmartCard", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Allow signature keys valid for Logon", "ExplainText": "This policy setting lets you allow signature key-based certificates to be enumerated and available for logon.\n\nIf you enable this policy setting then any certificates available on the smart card with a signature only key will be listed on the logon screen.\n\nIf you disable or do not configure this policy setting, any available smart card signature key-based certificates will not be listed on the logon screen.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\SmartCardCredentialProvider" ], "ValueName": "AllowSignatureOnlyKeys", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Smartcard.admx", "CategoryName": "SmartCard", "PolicyName": "AllowTimeInvalidCertificates", "Class": "Machine", "NameSpace": "Microsoft.Policies.SmartCard", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Allow time invalid certificates", "ExplainText": "This policy setting permits those certificates to be displayed for logon that are either expired or not yet valid.\n\nUnder previous versions of Microsoft Windows, certificates were required to contain a valid time and not be expired. The certificate must still be accepted by the domain controller in order to be used. This setting only controls the displaying of the certificate on the client machine.\n\nIf you enable this policy setting certificates will be listed on the logon screen regardless of whether they have an invalid time or their time validity has expired.\n\nIf you disable or do not configure this policy setting, certificates which are expired or not yet valid will not be listed on the logon screen.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\SmartCardCredentialProvider" ], "ValueName": "AllowTimeInvalidCertificates", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Smartcard.admx", "CategoryName": "SmartCard", "PolicyName": "CertPropEnabledString", "Class": "Machine", "NameSpace": "Microsoft.Policies.SmartCard", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn on certificate propagation from smart card", "ExplainText": "This policy setting allows you to manage the certificate propagation that occurs when a smart card is inserted.\n\nIf you enable or do not configure this policy setting then certificate propagation will occur when you insert your smart card.\n\nIf you disable this policy setting, certificate propagation will not occur and the certificates will not be made available to applications such as Outlook.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\CertProp" ], "ValueName": "CertPropEnabled", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Smartcard.admx", "CategoryName": "SmartCard", "PolicyName": "CertPropRootCleanupString", "Class": "Machine", "NameSpace": "Microsoft.Policies.SmartCard", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Configure root certificate clean up", "ExplainText": "This policy setting allows you to manage the clean up behavior of root certificates. If you enable this policy setting then root certificate cleanup will occur according to the option selected. If you disable or do not configure this setting then root certificate clean up will occur on log off.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\CertProp" ], "Elements": [ { "Type": "Enum", "ValueName": "RootCertificateCleanupOption", "Items": [ { "DisplayName": "No cleanup", "Data": "0" }, { "DisplayName": "Clean up certificates on smart card removal", "Data": "1" }, { "DisplayName": "Clean up certificates on log off", "Data": "2" } ] } ] }, { "File": "Smartcard.admx", "CategoryName": "SmartCard", "PolicyName": "CertPropRootEnabledString", "Class": "Machine", "NameSpace": "Microsoft.Policies.SmartCard", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn on root certificate propagation from smart card", "ExplainText": "This policy setting allows you to manage the root certificate propagation that occurs when a smart card is inserted.\n\nIf you enable or do not configure this policy setting then root certificate propagation will occur when you insert your smart card. Note: For this policy setting to work the following policy setting must also be enabled: Turn on certificate propagation from smart card.\n\nIf you disable this policy setting then root certificates will not be propagated from the smart card.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\CertProp" ], "ValueName": "EnableRootCertificatePropagation", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Smartcard.admx", "CategoryName": "SmartCard", "PolicyName": "IntegratedUnblockPromptString", "Class": "Machine", "NameSpace": "Microsoft.Policies.SmartCard", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Display string when smart card is blocked", "ExplainText": "This policy setting allows you to manage the displayed message when a smart card is blocked.\n\nIf you enable this policy setting, the specified message will be displayed to the user when the smart card is blocked. Note: The following policy setting must be enabled - Allow Integrated Unblock screen to be displayed at the time of logon.\n\nIf you disable or do not configure this policy setting, the default message will be displayed to the user when the smart card is blocked, if the integrated unblock feature is enabled.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\SmartCardCredentialProvider" ], "Elements": [ { "Type": "Text", "ValueName": "IntegratedUnblockPromptString" } ] }, { "File": "Smartcard.admx", "CategoryName": "SmartCard", "PolicyName": "ReverseSubject", "Class": "Machine", "NameSpace": "Microsoft.Policies.SmartCard", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Reverse the subject name stored in a certificate when displaying", "ExplainText": "This policy setting lets you reverse the subject name from how it is stored in the certificate when displaying it during logon.\n\nBy default the user principal name (UPN) is displayed in addition to the common name to help users distinguish one certificate from another. For example, if the certificate subject was CN=User1, OU=Users, DN=example, DN=com and had an UPN of user1@example.com then \"User1\" will be displayed along with \"user1@example.com.\" If the UPN is not present then the entire subject name will be displayed. This setting controls the appearance of that subject name and might need to be adjusted per organization.\n\nIf you enable this policy setting or do not configure this setting, then the subject name will be reversed.\n\nIf you disable , the subject name will be displayed as it appears in the certificate.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\SmartCardCredentialProvider" ], "ValueName": "ReverseSubject", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Smartcard.admx", "CategoryName": "SmartCard", "PolicyName": "DisallowPlaintextPin", "Class": "Machine", "NameSpace": "Microsoft.Policies.SmartCard", "Supported": "WindowsVistaSP1 - At least Windows Vista Service Pack 1", "DisplayName": "Prevent plaintext PINs from being returned by Credential Manager", "ExplainText": "This policy setting prevents plaintext PINs from being returned by Credential Manager.\n\nIf you enable this policy setting, Credential Manager does not return a plaintext PIN.\n\nIf you disable or do not configure this policy setting, plaintext PINs can be returned by Credential Manager.\n\nNote: Enabling this policy setting could prevent certain smart cards from working on Windows. Please consult your smart card manufacturer to find out whether you will be affected by this policy setting.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\SmartCardCredentialProvider" ], "ValueName": "DisallowPlaintextPin", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Smartcard.admx", "CategoryName": "SmartCard", "PolicyName": "X509HintsNeeded", "Class": "Machine", "NameSpace": "Microsoft.Policies.SmartCard", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Allow user name hint", "ExplainText": "This policy setting lets you determine whether an optional field will be displayed during logon and elevation that allows a user to enter his or her user name or user name and domain, thereby associating a certificate with that user.\n\nIf you enable this policy setting then an optional field that allows a user to enter their user name or user name and domain will be displayed.\n\nIf you disable or do not configure this policy setting, an optional field that allows users to enter their user name or user name and domain will not be displayed.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\SmartCardCredentialProvider" ], "ValueName": "X509HintsNeeded", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Smartcard.admx", "CategoryName": "SmartCard", "PolicyName": "SCPnPEnabled", "Class": "Machine", "NameSpace": "Microsoft.Policies.SmartCard", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Turn on Smart Card Plug and Play service", "ExplainText": "This policy setting allows you to control whether Smart Card Plug and Play is enabled.\n\nIf you enable or do not configure this policy setting, Smart Card Plug and Play will be enabled and the system will attempt to install a Smart Card device driver when a card is inserted in a Smart Card Reader for the first time.\n\nIf you disable this policy setting, Smart Card Plug and Play will be disabled and a device driver will not be installed when a card is inserted in a Smart Card Reader.\n\nNote: This policy setting is applied only for smart cards that have passed the Windows Hardware Quality Labs (WHQL) testing process.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\ScPnP" ], "ValueName": "EnableScPnP", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Smartcard.admx", "CategoryName": "SmartCard", "PolicyName": "SCPnPNotification", "Class": "Machine", "NameSpace": "Microsoft.Policies.SmartCard", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Notify user of successful smart card driver installation", "ExplainText": "This policy setting allows you to control whether a confirmation message is displayed when a smart card device driver is installed.\n\nIf you enable or do not configure this policy setting, a confirmation message will be displayed when a smart card device driver is installed.\n\nIf you disable this policy setting, a confirmation message will not be displayed when a smart card device driver is installed.\n\nNote: This policy setting is applied only for smart cards that have passed the Windows Hardware Quality Labs (WHQL) testing process.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\ScPnP" ], "ValueName": "ScPnPNotification", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Smartcard.admx", "CategoryName": "SmartCard", "PolicyName": "EnumerateECCCerts", "Class": "Machine", "NameSpace": "Microsoft.Policies.SmartCard", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Allow ECC certificates to be used for logon and authentication", "ExplainText": "This policy setting allows you to control whether elliptic curve cryptography (ECC) certificates on a smart card can be used to log on to a domain.\n\nIf you enable this policy setting, ECC certificates on a smart card can be used to log on to a domain.\n\nIf you disable or do not configure this policy setting, ECC certificates on a smart card cannot be used to log on to a domain.\n\nNote: This policy setting only affects a user's ability to log on to a domain. ECC certificates on a smart card that are used for other applications, such as document signing, are not affected by this policy setting.\nNote: If you use an ECDSA key to log on, you must also have an associated ECDH key to permit logons when you are not connected to the network.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\SmartCardCredentialProvider" ], "ValueName": "EnumerateECCCerts", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "SmartScreen.admx", "CategoryName": "Shell", "PolicyName": "ShellConfigureSmartScreen", "Class": "Machine", "NameSpace": "Microsoft.Policies.SmartScreen", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Configure Windows Defender SmartScreen", "ExplainText": "This policy allows you to turn Windows Defender SmartScreen on or off. SmartScreen helps protect PCs by warning users before running potentially malicious programs downloaded from the Internet. This warning is presented as an interstitial dialog shown before running an app that has been downloaded from the Internet and is unrecognized or known to be malicious. No dialog is shown for apps that do not appear to be suspicious.\n\nSome information is sent to Microsoft about files and programs run on PCs with this feature enabled.\n\nIf you enable this policy, SmartScreen will be turned on for all users. Its behavior can be controlled by the following options:\n\n\u2022 Warn and prevent bypass\n\u2022 Warn\n\nIf you enable this policy with the \"Warn and prevent bypass\" option, SmartScreen's dialogs will not present the user with the option to disregard the warning and run the app. SmartScreen will continue to show the warning on subsequent attempts to run the app.\n\nIf you enable this policy with the \"Warn\" option, SmartScreen's dialogs will warn the user that the app appears suspicious, but will permit the user to disregard the warning and run the app anyway. SmartScreen will not warn the user again for that app if the user tells SmartScreen to run the app.\n\nIf you disable this policy, SmartScreen will be turned off for all users. Users will not be warned if they try to run suspicious apps from the Internet.\n\nIf you do not configure this policy, SmartScreen will be enabled by default, but users may change their settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "EnableSmartScreen", "Elements": [ { "Type": "Enum", "ValueName": "ShellSmartScreenLevel", "Items": [ { "DisplayName": "Warn and prevent bypass", "Data": "Block" }, { "DisplayName": "Warn", "Data": "Warn" } ], "Required": true, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "SmartScreen.admx", "CategoryName": "Shell", "PolicyName": "ConfigureAppInstallControl", "Class": "Machine", "NameSpace": "Microsoft.Policies.SmartScreen", "Supported": "Windows_10_0_RS5 - At least Windows Server 2016, Windows 10 Version 1809", "DisplayName": "Configure App Install Control", "ExplainText": "App Install Control is a feature of Windows Defender SmartScreen that helps protect PCs by allowing users to install apps only from the Store. SmartScreen must be enabled for this feature to work properly.\n\nIf you enable this setting, you must choose from the following behaviors:\n\n- Turn off app recommendations\n\n- Show me app recommendations\n\n- Warn me before installing apps from outside the Store\n\n- Allow apps from Store only\n\nIf you disable or don't configure this setting, users will be able to install apps from anywhere, including files downloaded from the Internet.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\SmartScreen" ], "ValueName": "ConfigureAppInstallControlEnabled", "Elements": [ { "Type": "Enum", "ValueName": "ConfigureAppInstallControl", "Items": [ { "DisplayName": "Turn off app recommendations", "Data": "Anywhere" }, { "DisplayName": "Show me app recommendations", "Data": "Recommendations" }, { "DisplayName": "Warn me before installing apps from outside the Store", "Data": "PreferStore" }, { "DisplayName": "Allow apps from Store only", "Data": "StoreOnly" } ], "Required": true, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\SmartScreen" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "SmartScreen.admx", "CategoryName": "Edge", "PolicyName": "EdgeConfigureSmartScreen", "Class": "Both", "NameSpace": "Microsoft.Policies.SmartScreen", "Supported": "INTERNET_BROWSER_WIN10 - Microsoft Edge on Windows 10 or later", "DisplayName": "Configure Windows Defender SmartScreen", "ExplainText": "This policy setting lets you configure whether to turn on Windows Defender SmartScreen. Windows Defender SmartScreen provides warning messages to help protect your employees from potential phishing scams and malicious software. By default, Windows Defender SmartScreen is turned on.\n\nIf you enable this setting, Windows Defender SmartScreen is turned on and employees can't turn it off.\n\nIf you disable this setting, Windows Defender SmartScreen is turned off and employees can't turn it on.\n\nIf you don't configure this setting, employees can choose whether to use Windows Defender SmartScreen.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Edge", "HKCU\\Software\\Policies\\Microsoft\\Edge" ], "ValueName": "SmartScreenEnabled", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "SmartScreen.admx", "CategoryName": "Edge", "PolicyName": "EdgePreventOverrideForNav", "Class": "Both", "NameSpace": "Microsoft.Policies.SmartScreen", "Supported": "INTERNET_BROWSER_WIN10V1511 - Microsoft Edge on Windows 10, Version 1511 or later", "DisplayName": "Prevent bypassing Windows Defender SmartScreen prompts for sites", "ExplainText": "This policy setting lets you decide whether employees can override the Windows Defender SmartScreen warnings about potentially malicious websites.\n\nIf you enable this setting, employees can't ignore Windows Defender SmartScreen warnings and they are blocked from continuing to the site.\n\nIf you disable or don't configure this setting, employees can ignore Windows Defender SmartScreen warnings and continue to the site.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Edge", "HKCU\\Software\\Policies\\Microsoft\\Edge" ], "ValueName": "PreventOverride", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Snmp.admx", "CategoryName": "SNMP_SNMP", "PolicyName": "SNMP_Communities", "Class": "Machine", "NameSpace": "Microsoft.Policies.SNMP", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Specify communities", "ExplainText": "This policy setting configures a list of the communities defined to the Simple Network Management Protocol (SNMP) service.\n\nSNMP is a protocol designed to give a user the capability to remotely manage a computer network, by polling and setting terminal values and monitoring network events.\n\nA valid community is a community recognized by the SNMP service, while a community is a group of hosts (servers, workstations, hubs, and routers) that are administered together by SNMP. The SNMP service is a managed network node that receives SNMP packets from the network.\n\nIf you enable this policy setting, the SNMP agent only accepts requests from management systems within the communities it recognizes, and only SNMP Read operation is allowed for the community.\n\nIf you disable or do not configure this policy setting, the SNMP service takes the Valid Communities configured on the local computer instead.\n\nBest practice: For security purposes, it is recommended to restrict the HKLM\\SOFTWARE\\Policies\\SNMP\\Parameters\\ValidCommunities key to allow only the local admin group full control.\n\nNote: It is good practice to use a cryptic community name.\n\nNote: This policy setting has no effect if the SNMP agent is not installed on the client computer.\n\nAlso, see the other two SNMP settings: \"Specify permitted managers\" and \"Specify trap configuration\".", "KeyPath": [ "HKLM\\Software\\Policies\\SNMP" ], "ValueName": "Parameters", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\SNMP\\Parameters\\ValidCommunities" ] } ] }, { "File": "Snmp.admx", "CategoryName": "SNMP_SNMP", "PolicyName": "SNMP_PermittedManagers", "Class": "Machine", "NameSpace": "Microsoft.Policies.SNMP", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Specify permitted managers", "ExplainText": "This policy setting determines the permitted list of hosts that can submit a query to the Simple Network Management (SNMP) agent running on the client computer.\n\nSimple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events.\n\nThe manager is located on the host computer on the network. The manager's role is to poll the agents for certain requested information.\n\nIf you enable this policy setting, the SNMP agent only accepts requests from the list of permitted managers that you configure using this setting.\n\nIf you disable or do not configure this policy setting, SNMP service takes the permitted managers configured on the local computer instead.\n\nBest practice: For security purposes, it is recommended to restrict the HKLM\\SOFTWARE\\Policies\\SNMP\\Parameters\\PermittedManagers key to allow only the local admin group full control.\n\nNote: This policy setting has no effect if the SNMP agent is not installed on the client computer.\n\nAlso, see the other two SNMP policy settings: \"Specify trap configuration\" and \"Specify Community Name\".", "KeyPath": [ "HKLM\\Software\\Policies\\SNMP" ], "ValueName": "Parameters", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\SNMP\\Parameters\\PermittedManagers" ] } ] }, { "File": "Snmp.admx", "CategoryName": "SNMP_SNMP", "PolicyName": "SNMP_Traps_Public", "Class": "Machine", "NameSpace": "Microsoft.Policies.SNMP", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Specify traps for public community", "ExplainText": "This policy setting allows trap configuration for the Simple Network Management Protocol (SNMP) agent.\n\nSimple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events.\n\nThis policy setting allows you to configure the name of the hosts that receive trap messages for the community sent by the SNMP service. A trap message is an alert or significant event that allows the SNMP agent to notify management systems asynchronously.\n\nIf you enable this policy setting, the SNMP service sends trap messages to the hosts within the \"public\" community.\n\nIf you disable or do not configure this policy setting, the SNMP service takes the trap configuration configured on the local computer instead.\n\nNote: This setting has no effect if the SNMP agent is not installed on the client computer.\n\nAlso, see the other two SNMP settings: \"Specify permitted managers\" and \"Specify Community Name\".", "KeyPath": [ "HKLM\\Software\\Policies\\SNMP" ], "ValueName": "Parameters", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\SNMP\\Parameters\\TrapConfiguration\\public" ] } ] }, { "File": "SoundRec.admx", "CategoryName": "Soundrec_GroupPolicyCategory", "PolicyName": "Soundrec_DiableApplication_TitleText_1", "Class": "User", "NameSpace": "Microsoft.Policies.SoundRecorder", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Do not allow Sound Recorder to run", "ExplainText": "Specifies whether Sound Recorder can run.\n\nSound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file.\n\nIf you enable this policy setting, Sound Recorder will not run.\n\nIf you disable or do not configure this policy setting, Sound Recorder can be run.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\SoundRecorder" ], "ValueName": "Soundrec", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "SoundRec.admx", "CategoryName": "Soundrec_GroupPolicyCategory", "PolicyName": "Soundrec_DiableApplication_TitleText_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.SoundRecorder", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Do not allow Sound Recorder to run", "ExplainText": "Specifies whether Sound Recorder can run.\n\nSound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file.\n\nIf you enable this policy setting, Sound Recorder will not run.\n\nIf you disable or do not configure this policy setting, Sound Recorder can be run.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\SoundRecorder" ], "ValueName": "Soundrec", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Speech.admx", "CategoryName": "Speech", "PolicyName": "AllowSpeechModelUpdate", "Class": "Machine", "NameSpace": "Microsoft.Policies.Speech", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Allow Automatic Update of Speech Data", "ExplainText": "Specifies whether the device will receive updates to the speech recognition and speech synthesis models.\n\nA speech model contains data used by the speech engine to convert audio to text (or vice-versa). The models are periodically updated to improve accuracy and performance. Models are non-executable data files.\n\nIf enabled (default), the device will periodically check for updated speech models and then download them from a Microsoft service using the Background Internet Transfer Service (BITS).", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Speech" ], "ValueName": "AllowSpeechModelUpdate", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "srm-fci.admx", "CategoryName": "FCI", "PolicyName": "EnableManualUX", "Class": "Machine", "NameSpace": "Microsoft.Policies.FileServerClassificationInfrastructure", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "File Classification Infrastructure: Display Classification tab in File Explorer", "ExplainText": "This policy setting controls whether the Classification tab is displayed in the Properties dialog box in File Explorer.\n\nThe Classification tab enables users to manually classify files by selecting properties from a list. Administrators can define the properties for the organization by using Group Policy, and supplement these with properties defined on individual file servers by using File Classification Infrastructure, which is part of the File Server Resource Manager role service.\n\nIf you enable this policy setting, the Classification tab is displayed.\n\nIf you disable or do not configure this policy setting, the Classification tab is hidden.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\FCI" ], "ValueName": "EnableManualUX", "Elements": [ { "Type": "EnabledValue", "Data": "1" } ] }, { "File": "srm-fci.admx", "CategoryName": "FCI", "PolicyName": "CentralClassificationList", "Class": "Machine", "NameSpace": "Microsoft.Policies.FileServerClassificationInfrastructure", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "File Classification Infrastructure: Specify classification properties list", "ExplainText": "This policy setting controls which set of properties is available for classifying files on affected computers.\n\nAdministrators can define the properties for the organization by using Active Directory Domain Services (AD DS), and then group these properties into lists. Administrators can supplement these properties on individual file servers by using File Classification Infrastructure, which is part of the File Server Resource Manager role service.\n\nIf you enable this policy setting, you can select which list of properties is available for classification on the affected computers.\n\nIf you disable or do not configure this policy setting, the Global Resource Property List in AD DS provides the default set of properties.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\FCI" ], "Elements": [ { "Type": "Text", "ValueName": "CentralClassificationList" } ] }, { "File": "srm-fci.admx", "CategoryName": "ADR", "PolicyName": "AccessDeniedConfiguration", "Class": "Machine", "NameSpace": "Microsoft.Policies.FileServerClassificationInfrastructure", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Customize message for Access Denied errors", "ExplainText": "This policy setting specifies the message that users see when they are denied access to a file or folder. You can customize the Access Denied message to include additional text and links. You can also provide users with the ability to send an email to request access to the file or folder to which they were denied access.\n\nIf you enable this policy setting, users receive a customized Access Denied message from the file servers on which this policy setting is applied.\n\nIf you disable this policy setting, users see a standard Access Denied message that doesn't provide any of the functionality controlled by this policy setting, regardless of the file server configuration.\n\nIf you do not configure this policy setting, users see a standard Access Denied message unless the file server is configured to display the customized Access Denied message. By default, users see the standard Access Denied message.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\ADR\\AccessDenied" ], "ValueName": "Enabled", "Elements": [ { "Type": "MultiText", "ValueName": "ErrorMessage", "MaxLength": "10240", "MaxStrings": "15" }, { "Type": "MultiText", "ValueName": "EmailMessage", "MaxLength": "10240", "MaxStrings": "15" }, { "Type": "Boolean", "ValueName": "AllowEmailRequests", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "PutDataOwnerOnTo", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "PutAdminOnTo", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "IncludeDeviceClaims", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "IncludeUserClaims", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "GenerateLog", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Text", "ValueName": "AdditonalEmailTo", "MaxLength": "2048" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "srm-fci.admx", "CategoryName": "ADR", "PolicyName": "EnableShellAccessCheck", "Class": "Machine", "NameSpace": "Microsoft.Policies.FileServerClassificationInfrastructure", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Enable access-denied assistance on client for all file types", "ExplainText": "This Group Policy Setting should be set on Windows clients to enable access-denied assistance for all file types", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "EnableShellExecuteFileStreamCheck", "Elements": [ { "Type": "EnabledValue", "Data": "1" } ] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "ClearRecentProgForNewUserInStartMenu", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows7ToVistaAndWindows10 - Windows Server 2008, Windows 7, Windows Vista, and Windows 10", "DisplayName": "Clear the recent programs list for new users", "ExplainText": "If you enable this policy setting, the recent programs list in the start menu will be blank for each new user.\n\nIf you disable or do not configure this policy, the start menu recent programs list will be pre-populated with programs for each new user.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "ClearRecentProgForNewUserInStartMenu", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "NoGamesFolderOnStartMenu", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows7ToVista - Windows Server 2008, Windows 7, and Windows Vista", "DisplayName": "Remove Games link from Start Menu", "ExplainText": "If you enable this policy the start menu will not show a link to the Games folder.\n\nIf you disable or do not configure this policy, the start menu will show a link to the Games folder, unless the user chooses to remove it in the start menu control panel.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoStartMenuMyGames", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "NoSearchComputerLinkInStartMenu", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "WindowsVistaOnly - Windows Vista only", "DisplayName": "Remove Search Computer link", "ExplainText": "If you enable this policy, the \"See all results\" link will not be shown when the user performs a search in the start menu search box.\n\nIf you disable or do not configure this policy, the \"See all results\" link will be shown when the user performs a search in the start menu search box.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoSearchComputerLinkInStartMenu", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "NoSearchEverywhereLinkInStartMenu", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Win7UntilThreshold - At least Windows Server 2008 R2 or Windows 7. Not supported on Windows 10 or later", "DisplayName": "Remove See More Results / Search Everywhere link", "ExplainText": "If you enable this policy, a \"See more results\" / \"Search Everywhere\" link will not be shown when the user performs a search in the start menu search box.\n\nIf you disable or do not configure this policy, a \"See more results\" link will be shown when the user performs a search in the start menu search box. If a 3rd party protocol handler is installed, a \"Search Everywhere\" link will be shown instead of the \"See more results\" link.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "NoSearchEverywhereLinkInStartMenu", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "AddSearchInternetLinkInStartMenu", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows7Only - Windows Server 2008 R2 and Windows 7", "DisplayName": "Add Search Internet link to Start Menu", "ExplainText": "If you enable this policy, a \"Search the Internet\" link is shown when the user performs a search in the start menu search box. This button launches the default browser with the search terms.\n\nIf you disable this policy, there will not be a \"Search the Internet\" link when the user performs a search in the start menu search box.\n\nIf you do not configure this policy (default), there will not be a \"Search the Internet\" link on the start menu.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "AddSearchInternetLinkInStartMenu", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "NoSearchFilesInStartMenu", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows7ToVista - Windows Server 2008, Windows 7, and Windows Vista", "DisplayName": "Do not search for files", "ExplainText": "If you enable this policy setting the Start menu search box will not search for files.\n\nIf you disable or do not configure this policy setting, the Start menu will search for files, unless the user chooses not to do so directly in Control Panel. If you enable this policy, a \"See more results\" / \"Search Everywhere\" link will not be shown when the user performs a search in the start menu search box.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoSearchFilesInStartMenu", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "NoSearchInternetInStartMenu", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "WindowsVistaOrServer2008Only - Windows Server 2008 and Windows Vista", "DisplayName": "Do not search Internet", "ExplainText": "If you enable this policy the start menu search box will not search for internet history or favorites.\n\nIf you disable or do not configure this policy, the start menu will search for for internet history or favorites, unless the user chooses not to in the start menu control panel.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoSearchInternetInStartMenu", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "NoSearchProgramsInStartMenu", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows7ToVista - Windows Server 2008, Windows 7, and Windows Vista", "DisplayName": "Do not search programs and Control Panel items", "ExplainText": "If you enable this policy setting the Start menu search box will not search for programs or Control Panel items.\n\nIf you disable or do not configure this policy setting, the Start menu search box will search for programs and Control Panel items, unless the user chooses not to do so directly in Control Panel.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoSearchProgramsInStartMenu", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "NoSearchCommInStartMenu", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows7ToVista - Windows Server 2008, Windows 7, and Windows Vista", "DisplayName": "Do not search communications", "ExplainText": "If you enable this policy the start menu search box will not search for communications.\n\nIf you disable or do not configure this policy, the start menu will search for communications, unless the user chooses not to in the start menu control panel.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoSearchCommInStartMenu", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "NoUserFolderOnStartMenu", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows7ToVista - Windows Server 2008, Windows 7, and Windows Vista", "DisplayName": "Remove user folder link from Start Menu", "ExplainText": "If you enable this policy the start menu will not show a link to the user's storage folder.\n\nIf you disable or do not configure this policy, the start menu will display a link, unless the user chooses to remove it in the start menu control panel.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoUserFolderInStartMenu", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "ShowRunInStartMenu", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows7ToVista - Windows Server 2008, Windows 7, and Windows Vista", "DisplayName": "Add the Run command to the Start Menu", "ExplainText": "If you enable this setting, the Run command is added to the Start menu. If you disable or do not configure this setting, the Run command is not visible on the Start menu by default, but it can be added from the Taskbar and Start menu properties. If the Remove Run link from Start Menu policy is set, the Add the Run command to the Start menu policy has no effect.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "ForceRunOnStartMenu", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "QuickLaunchEnabled", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "WindowsVistaOnly - Windows Vista only", "DisplayName": "Show QuickLaunch on Taskbar", "ExplainText": "This policy setting controls whether the QuickLaunch bar is displayed in the Taskbar.\n\nIf you enable this policy setting, the QuickLaunch bar will be visible and cannot be turned off.\n\nIf you disable this policy setting, the QuickLaunch bar will be hidden and cannot be turned on.\n\nIf you do not configure this policy setting, then users will be able to turn the QuickLaunch bar on and off.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "QuickLaunchEnabled", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "ClearRecentDocsOnExit", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Clear history of recently opened documents on exit", "ExplainText": "Clear history of recently opened documents on exit.\n\nIf you enable this setting, the system deletes shortcuts to recently used document files when the user logs off. As a result, the Recent Items menu on the Start menu is always empty when the user logs on. In addition, recently and frequently used items in the Jump Lists off of programs in the Start Menu and Taskbar will be cleared when the user logs off.\n\nIf you disable or do not configure this setting, the system retains document shortcuts, and when a user logs on, the Recent Items menu and the Jump Lists appear just as it did when the user logged off.\n\nNote: The system saves document shortcuts in the user profile in the System-drive\\Users\\User-name\\Recent folder.\n\nAlso, see the \"Remove Recent Items menu from Start Menu\" and \"Do not keep history of recently opened documents\" policies in this folder. The system only uses this setting when neither of these related settings are selected.\n\nThis setting does not clear the list of recent files that Windows programs display at the bottom of the File menu. See the \"Do not keep history of recently opened documents\" setting.\n\nThis policy setting also does not hide document shortcuts displayed in the Open dialog box. See the \"Hide the dropdown list of recent files\" setting.\n\nThis policy also does not clear items that the user may have pinned to the Jump Lists, or Tasks that the application has provided for their menu. See the \"Do not allow pinning items in Jump Lists\" setting.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "ClearRecentDocsOnExit", "Elements": [] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "ForceStartMenuLogOff", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "WindowsVistaTo2k - Windows Server 2008, Windows Server 2003, Windows Vista, Windows XP, and Windows 2000", "DisplayName": "Add Logoff to the Start Menu", "ExplainText": "This policy only applies to the classic version of the start menu and does not affect the new style start menu.\n\nAdds the \"Log Off \" item to the Start menu and prevents users from removing it.\n\nIf you enable this setting, the Log Off item appears in the Start menu. This setting also removes the Display Logoff item from Start Menu Options. As a result, users cannot remove the Log Off item from the Start Menu.\n\nIf you disable this setting or do not configure it, users can use the Display Logoff item to add and remove the Log Off item.\n\nThis setting affects the Start menu only. It does not affect the Log Off item on the Windows Security dialog box that appears when you press Ctrl+Alt+Del.\n\nNote: To add or remove the Log Off item on a computer, click Start, click Settings, click Taskbar and Start Menu, click the Start Menu Options tab, and then, in the Start Menu Settings box, click Display Logoff.\n\nAlso, see \"Remove Logoff\" in User Configuration\\Administrative Templates\\System\\Logon/Logoff.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "ForceStartMenuLogOff", "Elements": [] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "GreyMSIAds", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows7To2k - Windows Server 2008, Windows Server 2003, Windows 7, Windows Vista, Windows XP, and Windows 2000", "DisplayName": "Gray unavailable Windows Installer programs Start Menu shortcuts", "ExplainText": "Displays Start menu shortcuts to partially installed programs in gray text.\n\nThis setting makes it easier for users to distinguish between programs that are fully installed and those that are only partially installed.\n\nPartially installed programs include those that a system administrator assigns using Windows Installer and those that users have configured for full installation upon first use.\n\nIf you disable this setting or do not configure it, all Start menu shortcuts appear as black text.\n\nNote: Enabling this setting can make the Start menu slow to open.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "GreyMSIAds", "Elements": [] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "Intellimenus", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "WindowsVistaTo2k - Windows Server 2008, Windows Server 2003, Windows Vista, Windows XP, and Windows 2000", "DisplayName": "Turn off personalized menus", "ExplainText": "Disables personalized menus.\n\nWindows personalizes long menus by moving recently used items to the top of the menu and hiding items that have not been used recently. Users can display the hidden items by clicking an arrow to extend the menu.\n\nIf you enable this setting, the system does not personalize menus. All menu items appear and remain in standard order. Also, this setting removes the \"Use Personalized Menus\" option so users do not try to change the setting while a setting is in effect.\n\nNote: Personalized menus require user tracking. If you enable the \"Turn off user tracking\" setting, the system disables user tracking and personalized menus and ignores this setting.\n\nTip: To Turn off personalized menus without specifying a setting, click Start, click Settings, click Taskbar and Start Menu, and then, on the General tab, clear the \"Use Personalized Menus\" option.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "Intellimenus", "Elements": [] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "LockTaskbar", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Lock the Taskbar", "ExplainText": "This setting affects the taskbar, which is used to switch between running applications.\n\nThe taskbar includes the Start button, list of currently running tasks, and the notification area. By default, the taskbar is located at the bottom of the screen, but it can be dragged to any side of the screen. When it is locked, it cannot be moved or resized.\n\nIf you enable this setting, it prevents the user from moving or resizing the taskbar. While the taskbar is locked, auto-hide and other taskbar options are still available in Taskbar properties.\n\nIf you disable this setting or do not configure it, the user can configure the taskbar position.\n\nNote: Enabling this setting also locks the QuickLaunch bar and any other toolbars that the user has on their taskbar. The toolbar's position is locked, and the user cannot show and hide various toolbars using the taskbar context menu.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "LockTaskbar", "Elements": [] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "MemCheckBoxInRunDlg", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Add \"Run in Separate Memory Space\" check box to Run dialog box", "ExplainText": "Lets users run a 16-bit program in a dedicated (not shared) Virtual DOS Machine (VDM) process.\n\nAll DOS and 16-bit programs run on Windows 2000 Professional and Windows XP Professional in the Windows Virtual DOS Machine program. VDM simulates a 16-bit environment, complete with the DLLs required by 16-bit programs. By default, all 16-bit programs run as threads in a single, shared VDM process. As such, they share the memory space allocated to the VDM process and cannot run simultaneously.\n\nEnabling this setting adds a check box to the Run dialog box, giving users the option of running a 16-bit program in its own dedicated NTVDM process. The additional check box is enabled only when a user enters a 16-bit program in the Run dialog box.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "MemCheckBoxInRunDlg", "Elements": [] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "NoAutoTrayNotify", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Turn off notification area cleanup", "ExplainText": "This setting affects the notification area, also called the \"system tray.\"\n\nThe notification area is located in the task bar, generally at the bottom of the screen, and it includes the clock and current notifications. This setting determines whether the items are always expanded or always collapsed. By default, notifications are collapsed. The notification cleanup << icon can be referred to as the \"notification chevron.\"\n\nIf you enable this setting, the system notification area expands to show all of the notifications that use this area.\n\nIf you disable this setting, the system notification area will always collapse notifications.\n\nIf you do not configure it, the user can choose if they want notifications collapsed.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoAutoTrayNotify", "Elements": [] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "NoBalloonTip", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "WindowsXPOrServerOnly - Windows Server 2003 and Windows XP only", "DisplayName": "Remove Balloon Tips on Start Menu items", "ExplainText": "Hides pop-up text on the Start menu and in the notification area.\n\nWhen you hold the cursor over an item on the Start menu or in the notification area, the system displays pop-up text providing additional information about the object.\n\nIf you enable this setting, some of this pop-up text is not displayed. The pop-up text affected by this setting includes \"Click here to begin\" on the Start button, \"Where have all my programs gone\" on the Start menu, and \"Where have my icons gone\" in the notification area.\n\nIf you disable this setting or do not configure it, all pop-up text is displayed on the Start menu and in the notification area.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoSMBalloonTip", "Elements": [] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "NoChangeStartMenu", "Class": "Both", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Prevent users from customizing their Start Screen", "ExplainText": "This policy setting allows you to prevent users from changing their Start screen layout.\n\nIf you enable this setting, you will prevent a user from selecting an app, resizing a tile, pinning/unpinning a tile or a secondary tile, entering the customize mode and rearranging tiles within Start and Apps.\n\nIf you disable or do not configure this setting, you will allow a user to select an app, resize a tile, pin/unpin a tile or a secondary tile, enter the customize mode and rearrange tiles within Start and Apps.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoChangeStartMenu", "Elements": [] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "ClearTilesOnExit", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Clear tile notifications during log on", "ExplainText": "If you enable this setting, the system deletes tile notifications when the user logs on. As a result, the Tiles in the start view will always show their default content when the user logs on. In addition, any cached versions of these notifications will be cleared when the user logs on.\n\nIf you disable or do not configure this setting, the system retains notifications, and when a user logs on, the tiles appear just as they did when the user logged off, including the history of previous notifications for each tile.\n\nThis setting does not prevent new notifications from appearing. See the \"Turn off Application Notifications\" setting to prevent new notifications.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "ClearTilesOnExit", "Elements": [] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "StartPinAppsWhenInstalled", "Class": "Both", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows_6_3only - Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1 only", "DisplayName": "Pin Apps to Start when installed", "ExplainText": "This policy setting allows pinning apps to Start by default, when they are included by AppID on the list.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Explorer", "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "StartPinAppsWhenInstalled", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Explorer\\StartPinAppsWhenInstalled", "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer\\StartPinAppsWhenInstalled" ] } ] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "LockedStartLayout", "Class": "Both", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Start Layout", "ExplainText": "Specifies the Start layout for users.\n\nThis setting lets you specify the Start layout for users and prevents them from changing its configuration. The Start layout you specify must be stored in an XML file that was generated by the Export-StartLayout PowerShell cmdlet.\nTo use this setting, you must first manually configure a device's Start layout to the desired look and feel. Once you are done, run the Export-StartLayout PowerShell cmdlet on that same device. The cmdlet will generate an XML file representing the layout you configured.\n\nOnce the XML file is generated and moved to the desired file path, type the fully qualified path and name of the XML file. You can type a local path, such as C:\\StartLayouts\\myLayout.xml or a UNC path, such as \\\\Server\\Share\\Layout.xml. If the specified file is not available when the user logs on, the layout won't be changed. Users cannot customize their Start screen while this setting is enabled.\n\nIf you disable this setting or do not configure it, the Start screen layout won't be changed and users will be able to customize it.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Explorer\\LockedStartLayout", "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer\\LockedStartLayout" ], "ClientExtension": "{8472C2C4-6B70-4301-A20D-A6CEA5F82B7E}", "Elements": [ { "Type": "Text", "ValueName": "StartLayoutFile", "Expandable": true }, { "Type": "Boolean", "ValueName": "ReapplyStartLayoutEveryLogon", "TrueValue": "1", "FalseValue": "0" } ] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "NoClose", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands", "ExplainText": "This policy setting prevents users from performing the following commands from the Start menu or Windows Security screen: Shut Down, Restart, Sleep, and Hibernate. This policy setting does not prevent users from running Windows-based programs that perform these functions.\n\nIf you enable this policy setting, the Power button and the Shut Down, Restart, Sleep, and Hibernate commands are removed from the Start menu. The Power button is also removed from the Windows Security screen, which appears when you press CTRL+ALT+DELETE.\n\nIf you disable or do not configure this policy setting, the Power button and the Shut Down, Restart, Sleep, and Hibernate commands are available on the Start menu. The Power button on the Windows Security screen is also available.\n\nNote: Third-party programs certified as compatible with Microsoft Windows Vista, Windows XP SP2, Windows XP SP1, Windows XP, or Windows 2000 Professional are required to support this policy setting.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoClose", "Elements": [] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "HidePowerOptions", "Class": "Machine", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands", "ExplainText": "This policy setting prevents users from performing the following commands from the Windows security screen, the logon screen, and the Start menu: Shut Down, Restart, Sleep, and Hibernate. This policy setting does not prevent users from running Windows-based programs that perform these functions.\n\nIf you enable this policy setting, the shutdown, restart, sleep, and hibernate commands are removed from the Start menu. The Power button is also removed from the Windows Security screen, which appears when you press CTRL+ALT+DELETE, and from the logon screen.\n\nIf you disable or do not configure this policy setting, the Power button and the Shut Down, Restart, Sleep, and Hibernate commands are available on the Start menu. The Power button on the Windows Security and logon screens is also available.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "HidePowerOptions", "Elements": [] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "NoCommonGroups", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Remove common program groups from Start Menu", "ExplainText": "Removes items in the All Users profile from the Programs menu on the Start menu.\n\nBy default, the Programs menu contains items from the All Users profile and items from the user's profile. If you enable this setting, only items in the user's profile appear in the Programs menu.\n\nTip: To see the Program menu items in the All Users profile, on the system drive, go to ProgramData\\Microsoft\\Windows\\Start Menu\\Programs.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoCommonGroups", "Elements": [] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "NoFavoritesMenu", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows7To2k - Windows Server 2008, Windows Server 2003, Windows 7, Windows Vista, Windows XP, and Windows 2000", "DisplayName": "Remove Favorites menu from Start Menu", "ExplainText": "Prevents users from adding the Favorites menu to the Start menu or classic Start menu.\n\nIf you enable this setting, the Display Favorites item does not appear in the Advanced Start menu options box.\n\nIf you disable or do not configure this setting, the Display Favorite item is available.\n\nNote:The Favorities menu does not appear on the Start menu by default. To display the Favorites menu, right-click Start, click Properties, and then click Customize. If you are using Start menu, click the Advanced tab, and then, under Start menu items, click the Favorites menu. If you are using the classic Start menu, click Display Favorites under Advanced Start menu options.\n\nNote:The items that appear in the Favorites menu when you install Windows are preconfigured by the system to appeal to most users. However, users can add and remove items from this menu, and system administrators can create a customized Favorites menu for a user group.\n\nNote:This setting only affects the Start menu. The Favorites item still appears in File Explorer and in Internet Explorer.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoFavoritesMenu", "Elements": [] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "NoFind", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "WindowsXPOrServerOnly - Windows Server 2003 and Windows XP only", "DisplayName": "Remove Search link from Start Menu", "ExplainText": "This policy setting allows you to remove the Search link from the Start menu, and disables some File Explorer search elements. Note that this does not remove the search box from the new style Start menu.\n\nIf you enable this policy setting, the Search item is removed from the Start menu and from the context menu that appears when you right-click the Start menu. Also, the system does not respond when users press the Application key (the key with the Windows logo)+ F.\n\nNote: Enabling this policy setting also prevents the user from using the F3 key.\n\nIn File Explorer, the Search item still appears on the Standard buttons toolbar, but the system does not respond when the user presses Ctrl+F. Also, Search does not appear in the context menu when you right-click an icon representing a drive or a folder.\n\nThis policy setting affects the specified user interface elements only. It does not affect Internet Explorer and does not prevent the user from using other methods to search.\n\nIf you disable or do not configure this policy setting, the Search link is available from the Start menu.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoFind", "Elements": [] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "ShowOrHideMostUsedApps", "Class": "Both", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows_10_0_21H2 - At least Windows Server 2016, Windows 10 Version 2106", "DisplayName": "Show or hide \"Most used\" list from Start menu", "ExplainText": "If you enable this policy setting, you can configure Start menu to show or hide the list of user's most used apps, regardless of user settings.\n\nSelecting \"Show\" will force the \"Most used\" list to be shown, and user cannot change to hide it using the Settings app.\n\nSelecting \"Hide\" will force the \"Most used\" list to be hidden, and user cannot change to show it using the Settings app.\n\nSelecting \"Not Configured\", or if you disable or do not configure this policy setting, all will allow users to turn on or off the display of \"Most used\" list using the Settings app. This is default behavior.\n\nNote: configuring this policy to \"Show\" or \"Hide\" on supported versions of Windows 10 will supercede any policy setting of \"Remove frequent programs list from the Start Menu\" (which manages same part of Start menu but with fewer options).", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Explorer", "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "Elements": [ { "Type": "Enum", "ValueName": "ShowOrHideMostUsedApps", "Items": [ { "DisplayName": "Not Configured", "Data": "0" }, { "DisplayName": "Show", "Data": "1" }, { "DisplayName": "Hide", "Data": "2" } ], "Required": true } ] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "NoFrequentUsedPrograms", "Class": "Both", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows7ToXPAndWindows10 - Windows Server 2008, Windows Server 2003, Windows 7, Windows Vista, Windows XP, and Windows 10", "DisplayName": "Remove frequent programs list from the Start Menu", "ExplainText": "If you enable this setting, the frequently used programs list is removed from the Start menu.\n\nIf you disable this setting or do not configure it, the frequently used programs list remains on the simple Start menu.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoStartMenuMFUprogramsList", "Elements": [] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "NoHelp", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows7To2k - Windows Server 2008, Windows Server 2003, Windows 7, Windows Vista, Windows XP, and Windows 2000", "DisplayName": "Remove Help menu from Start Menu", "ExplainText": "This policy setting allows you to remove the Help command from the Start menu.\n\nIf you enable this policy setting, the Help command is removed from the Start menu.\n\nIf you disable or do not configure this policy setting, the Help command is available from the Start menu.\n\nThis policy setting only affects the Start menu. It does not remove the Help menu from File Explorer and does not prevent users from running Help.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoSMHelp", "Elements": [] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "NoInstrumentation", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "WindowsVistaTo2k - Windows Server 2008, Windows Server 2003, Windows Vista, Windows XP, and Windows 2000", "DisplayName": "Turn off user tracking", "ExplainText": "This policy setting allows you to turn off user tracking.\n\nIf you enable this policy setting, the system does not track the programs that the user runs, and does not display frequently used programs in the Start Menu.\n\nIf you disable or do not configure this policy setting, the system tracks the programs that the user runs. The system uses this information to customize Windows features, such as showing frequently used programs in the Start Menu.\n\nAlso, see these related policy settings: \"Remove frequent programs liist from the Start Menu\" and \"Turn off personalized menus\".\n\nThis policy setting does not prevent users from pinning programs to the Start Menu or Taskbar. See the \"Remove pinned programs list from the Start Menu\" and \"Do not allow pinning programs to the Taskbar\" policy settings.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoInstrumentation", "Elements": [] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "NoMoreProgramsList", "Class": "Both", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Remove All Programs list from the Start menu", "ExplainText": "If you enable this setting, the Start Menu will either collapse or remove the all apps list from the Start menu.\n\nSelecting \"Collapse\" will not display the app list next to the pinned tiles in Start. An \"All apps\" button will be displayed on Start to open the all apps list. This is equivalent to setting the \"Show app list in Start\" in Settings to Off.\n\nSelecting \"Collapse and disable setting\" will do the same as the collapse option and disable the \"Show app list in Start menu\" in Settings, so users cannot turn it to On.\n\nSelecting \"Remove and disable setting\" will remove the all apps list from Start and disable the \"Show app list in Start menu\" in Settings, so users cannot turn it to On. Select this option for compatibility with earlier versions of Windows.\n\nIf you disable or do not configure this setting, the all apps list will be visible by default, and the user can change \"Show app list in Start\" in Settings.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "Elements": [ { "Type": "Enum", "ValueName": "NoStartMenuMorePrograms", "Items": [ { "DisplayName": "None", "Data": "0" }, { "DisplayName": "Collapse", "Data": "3" }, { "DisplayName": "Collapse and disable setting", "Data": "2" }, { "DisplayName": "Remove and disable setting", "Data": "1" } ], "Required": true } ] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "NoNetAndDialupConnect", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "WindowsVistaTo2k - Windows Server 2008, Windows Server 2003, Windows Vista, Windows XP, and Windows 2000", "DisplayName": "Remove Network Connections from Start Menu", "ExplainText": "This policy setting allows you to remove Network Connections from the Start Menu.\n\nIf you enable this policy setting, users are prevented from running Network Connections.\n\nEnabling this policy setting prevents the Network Connections folder from opening. This policy setting also removes Network Connections from Settings on the Start menu.\n\nNetwork Connections still appears in Control Panel and in File Explorer, but if users try to start it, a message appears explaining that a setting prevents the action.\n\nIf you disable or do not configure this policy setting, Network Connections is available from the Start Menu.\n\nAlso, see the \"Disable programs on Settings menu\" and \"Disable Control Panel\" policy settings and the policy settings in the Network Connections folder (Computer Configuration and User Configuration\\Administrative Templates\\Network\\Network Connections).", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoNetworkConnections", "Elements": [] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "NoPinnedPrograms", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows7ToXP - Windows Server 2008, Windows Server 2003, Windows 7, Windows Vista, and Windows XP", "DisplayName": "Remove pinned programs list from the Start Menu", "ExplainText": "If you enable this setting, the \"Pinned Programs\" list is removed from the Start menu. Users cannot pin programs to the Start menu.\n\nIn Windows XP and Windows Vista, the Internet and email checkboxes are removed from the 'Customize Start Menu' dialog.\n\nIf you disable this setting or do not configure it, the \"Pinned Programs\" list remains on the Start menu. Users can pin and unpin programs in the Start Menu.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoStartMenuPinnedList", "Elements": [] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "NoRecentDocsHistory", "Class": "Both", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Do not keep history of recently opened documents", "ExplainText": "Prevents the operating system and installed programs from creating and displaying shortcuts to recently opened documents.\n\nIf you enable this setting, the system and Windows programs do not create shortcuts to documents opened while the setting is in effect. Also, they retain but do not display existing document shortcuts. The system empties the Recent Items menu on the Start menu, and Windows programs do not display shortcuts at the bottom of the File menu. In addition, the Jump Lists off of programs in the Start Menu and Taskbar do not show lists of recently or frequently used files, folders, or websites.\n\nIf you disable or do not configure this setting, the system will store and display shortcuts to recently and frequently used files, folders, and websites.\n\nNote: The system saves document shortcuts in the user profile in the System-drive\\Users\\User-name\\Recent folder.\n\nAlso, see the \"Remove Recent Items menu from Start Menu\" and \"Clear history of recently opened documents on exit\" policies in this folder.\n\nIf you enable this setting but do not enable the \"Remove Recent Items menu from Start Menu\" setting, the Recent Items menu appears on the Start menu, but it is empty.\n\nIf you enable this setting, but then later disable it or set it to Not Configured, the document shortcuts saved before the setting was enabled reappear in the Recent Items menu and program File menus, and Jump Lists.\n\nThis setting does not hide or prevent the user from pinning files, folders, or websites to the Jump Lists. See the \"Do not allow pinning items in Jump Lists\" setting. This policy also does not hide Tasks that the application has provided for their Jump List. This setting does not hide document shortcuts displayed in the Open dialog box. See the \"Hide the dropdown list of recent files\" setting.\n\nNote: It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoRecentDocsHistory", "Elements": [] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "NoRecentDocsMenu", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows7To2k - Windows Server 2008, Windows Server 2003, Windows 7, Windows Vista, Windows XP, and Windows 2000", "DisplayName": "Remove Recent Items menu from Start Menu", "ExplainText": "Removes the Recent Items menu from the Start menu. Removes the Documents menu from the classic Start menu.\n\nThe Recent Items menu contains links to the non-program files that users have most recently opened. It appears so that users can easily reopen their documents.\n\nIf you enable this setting, the system saves document shortcuts but does not display the Recent Items menu in the Start Menu, and users cannot turn the menu on.\n\nIf you later disable the setting, so that the Recent Items menu appears in the Start Menu, the document shortcuts saved before the setting was enabled and while it was in effect appear in the Recent Items menu.\n\nWhen the setting is disabled, the Recent Items menu appears in the Start Menu, and users cannot remove it.\n\nIf the setting is not configured, users can turn the Recent Items menu on and off.\n\nNote: This setting does not prevent Windows programs from displaying shortcuts to recently opened documents. See the \"Do not keep history of recently opened documents\" setting.\n\nThis setting also does not hide document shortcuts displayed in the Open dialog box. See the \"Hide the dropdown list of recent files\" setting.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoRecentDocsMenu", "Elements": [] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "NoResolveSearch", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Do not use the search-based method when resolving shell shortcuts", "ExplainText": "This policy setting prevents the system from conducting a comprehensive search of the target drive to resolve a shortcut.\n\nIf you enable this policy setting, the system does not conduct the final drive search. It just displays a message explaining that the file is not found.\n\nIf you disable or do not configure this policy setting, by default, when the system cannot find the target file for a shortcut (.lnk), it searches all paths associated with the shortcut. If the target file is located on an NTFS partition, the system then uses the target's file ID to find a path. If the resulting path is not correct, it conducts a comprehensive search of the target drive in an attempt to find the file.\n\nNote: This policy setting only applies to target files on NTFS partitions. FAT partitions do not have this ID tracking and search capability.\n\nAlso, see the \"Do not track Shell shortcuts during roaming\" and the \"Do not use the tracking-based method when resolving shell shortcuts\" policy settings.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoResolveSearch", "Elements": [] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "NoResolveTrack", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Do not use the tracking-based method when resolving shell shortcuts", "ExplainText": "This policy setting prevents the system from using NTFS tracking features to resolve a shortcut.\n\nIf you enable this policy setting, the system does not try to locate the file by using its file ID. It skips this step and begins a comprehensive search of the drive specified in the target path.\n\nIf you disable or do not configure this policy setting, by default, when the system cannot find the target file for a shortcut (.lnk), it searches all paths associated with the shortcut. If the target file is located on an NTFS partition, the system then uses the target's file ID to find a path. If the resulting path is not correct, it conducts a comprehensive search of the target drive in an attempt to find the file.\n\nNote: This policy setting only applies to target files on NTFS partitions. FAT partitions do not have this ID tracking and search capability.\n\nAlso, see the \"Do not track Shell shortcuts during roaming\" and the \"Do not use the search-based method when resolving shell shortcuts\" policy settings.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoResolveTrack", "Elements": [] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "NoRun", "Class": "Both", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows_6_3To2k - Windows Server 2012 R2, Windows 8.1, Windows RT 8.1, Windows Server 2008, Windows Server 2003, Windows 7, Windows Vista, Windows XP, and Windows 2000", "DisplayName": "Remove Run menu from Start Menu", "ExplainText": "Allows you to remove the Run command from the Start menu, Internet Explorer, and Task Manager.\n\nIf you enable this setting, the following changes occur:\n\n(1) The Run command is removed from the Start menu.\n\n(2) The New Task (Run) command is removed from Task Manager.\n\n(3) The user will be blocked from entering the following into the Internet Explorer Address Bar:\n\n--- A UNC path: \\\\\\\n\n---Accessing local drives: e.g., C:\n\n--- Accessing local folders: e.g., \\temp>\n\nAlso, users with extended keyboards will no longer be able to display the Run dialog box by pressing the Application key (the key with the Windows logo) + R.\n\nIf you disable or do not configure this setting, users will be able to access the Run command in the Start menu and in Task Manager and use the Internet Explorer Address Bar.\n\nNote:This setting affects the specified interface only. It does not prevent users from using other methods to run programs.\n\nNote: It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoRun", "Elements": [] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "NoSetFolders", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows_6_3To2k - Windows Server 2012 R2, Windows 8.1, Windows RT 8.1, Windows Server 2008, Windows Server 2003, Windows 7, Windows Vista, Windows XP, and Windows 2000", "DisplayName": "Remove programs on Settings menu", "ExplainText": "This policy setting allows you to remove programs on Settings menu.\n\nIf you enable this policy setting, the Control Panel, Printers, and Network and Connection folders are removed from Settings on the Start menu, and from Computer and File Explorer. It also prevents the programs represented by these folders (such as Control.exe) from running.\n\nHowever, users can still start Control Panel items by using other methods, such as right-clicking the desktop to start Display or right-clicking Computer to start System.\n\nIf you disable or do not configure this policy setting, the Control Panel, Printers, and Network and Connection folders from Settings are available on the Start menu, and from Computer and File Explorer.\n\nAlso, see the \"Disable Control Panel,\" \"Disable Display in Control Panel,\" and \"Remove Network Connections from Start Menu\" policy settings.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoSetFolders", "Elements": [] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "NoSetTaskbar", "Class": "Both", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Prevent changes to Taskbar and Start Menu Settings", "ExplainText": "This policy setting allows you to prevent changes to Taskbar and Start Menu Settings.\n\nIf you enable this policy setting, The user will be prevented from opening the Taskbar Properties dialog box.\n\nIf the user right-clicks the taskbar and then clicks Properties, a message appears explaining that a setting prevents the action.\n\nIf you disable or do not configure this policy setting, the Taskbar and Start Menu items are available from Settings on the Start menu.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoSetTaskbar", "Elements": [] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "NoSMConfigurePrograms", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows_6_3ToXPSP1_Or_Win2kSP3 - Windows Server 2012 R2, Windows 8.1, Windows RT 8.1, Windows Server 2008, Windows Server 2003, Windows 7, Windows Vista, Windows XP Professional Service Pack 1 and Windows 2000 Service Pack 3", "DisplayName": "Remove Default Programs link from the Start menu.", "ExplainText": "This policy setting allows you to remove the Default Programs link from the Start menu.\n\nIf you enable this policy setting, the Default Programs link is removed from the Start menu.\n\nClicking the Default Programs link from the Start menu opens the Default Programs control panel and provides administrators the ability to specify default programs for certain activities, such as Web browsing or sending e-mail, as well as which programs are accessible from the Start menu, desktop, and other locations.\n\nIf you disable or do not configure this policy setting, the Default Programs link is available from the Start menu.\n\nNote: This policy setting does not prevent the Set Default Programs for This Computer option from appearing in the Default Programs control panel.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoSMConfigurePrograms", "Elements": [] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "NoSMMyDocuments", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows7To2k - Windows Server 2008, Windows Server 2003, Windows 7, Windows Vista, Windows XP, and Windows 2000", "DisplayName": "Remove Documents icon from Start Menu", "ExplainText": "This policy setting allows you to remove the Documents icon from the Start menu and its submenus.\n\nIf you enable this policy setting, the Documents icon is removed from the Start menu and its submenus. Enabling this policy setting only removes the icon. It does not prevent the user from using other methods to gain access to the contents of the Documents folder.\n\nNote: To make changes to this policy setting effective, you must log off and then log on.\n\nIf you disable or do not configure this policy setting, he Documents icon is available from the Start menu.\n\nAlso, see the \"Remove Documents icon on the desktop\" policy setting.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoSMMyDocs", "Elements": [] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "NoSMMyMusic", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows7ToXP - Windows Server 2008, Windows Server 2003, Windows 7, Windows Vista, and Windows XP", "DisplayName": "Remove Music icon from Start Menu", "ExplainText": "This policy setting allows you to remove the Music icon from Start Menu.\n\nIf you enable this policy setting, the Music icon is no longer available from Start Menu.\n\nIf you disable or do not configure this policy setting, the Music icon is available from Start Menu.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoStartMenuMyMusic", "Elements": [] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "NoSMMyNetworkPlaces", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows7ToXP - Windows Server 2008, Windows Server 2003, Windows 7, Windows Vista, and Windows XP", "DisplayName": "Remove Network icon from Start Menu", "ExplainText": "This policy setting allows you to remove the Network icon from Start Menu.\n\nIf you enable this policy setting, the Network icon is no longer available from Start Menu.\n\nIf you disable or do not configure this policy setting, the Network icon is available from Start Menu.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoStartMenuNetworkPlaces", "Elements": [] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "NoSMMyPictures", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows7ToXP - Windows Server 2008, Windows Server 2003, Windows 7, Windows Vista, and Windows XP", "DisplayName": "Remove Pictures icon from Start Menu", "ExplainText": "This policy setting allows you to remove the Pictures icon from Start Menu.\n\nIf you enable this policy setting, the Pictures icon is no longer available from Start Menu.\n\nIf you disable or do not configure this policy setting, the Pictures icon is available from Start Menu.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoSMMyPictures", "Elements": [] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "NoStartMenuSubFolders", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows7To2kAndWindows10 - Windows Server 2008, Windows Server 2003, Windows 7, Windows Vista, Windows XP, Windows 2000, and Windows 10", "DisplayName": "Remove user's folders from the Start Menu", "ExplainText": "Hides all folders on the user-specific (top) section of the Start menu. Other items appear, but folders are hidden.\n\nThis setting is designed for use with redirected folders. Redirected folders appear on the main (bottom) section of the Start menu. However, the original, user-specific version of the folder still appears on the top section of the Start menu. Because the appearance of two folders with the same name might confuse users, you can use this setting to hide user-specific folders.\n\nNote that this setting hides all user-specific folders, not just those associated with redirected folders.\n\nIf you enable this setting, no folders appear on the top section of the Start menu. If users add folders to the Start Menu directory in their user profiles, the folders appear in the directory but not on the Start menu.\n\nIf you disable this setting or do not configured it, Windows 2000 Professional and Windows XP Professional display folders on both sections of the Start menu.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoStartMenuSubFolders", "Elements": [] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "NoStartPage", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "WindowsVistaToXP - Windows Server 2008, Windows Server 2003, Windows Vista, and Windows XP", "DisplayName": "Force classic Start Menu", "ExplainText": "This setting affects the presentation of the Start menu.\n\nThe classic Start menu in Windows 2000 Professional allows users to begin common tasks, while the new Start menu consolidates common items onto one menu. When the classic Start menu is used, the following icons are placed on the desktop: Documents, Pictures, Music, Computer, and Network. The new Start menu starts them directly.\n\nIf you enable this setting, the Start menu displays the classic Start menu in the Windows 2000 style and displays the standard desktop icons.\n\nIf you disable this setting, the Start menu only displays in the new style, meaning the desktop icons are now on the Start page.\n\nIf you do not configure this setting, the default is the new style, and the user can change the view.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoSimpleStartMenu", "Elements": [] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "NoTaskBarClock", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Remove Clock from the system notification area", "ExplainText": "Prevents the clock in the system notification area from being displayed.\n\nIf you enable this setting, the clock will not be displayed in the system notification area.\n\nIf you disable or do not configure this setting, the default behavior of the clock appearing in the notification area will occur.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "HideClock", "Elements": [] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "NoTaskGrouping", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Prevent grouping of taskbar items", "ExplainText": "This setting affects the taskbar buttons used to switch between running programs.\n\nTaskbar grouping consolidates similar applications when there is no room on the taskbar. It kicks in when the user's taskbar is full.\n\nIf you enable this setting, it prevents the taskbar from grouping items that share the same program name. By default, this setting is always enabled.\n\nIf you disable or do not configure it, items on the taskbar that share the same program are grouped together. The users have the option to disable grouping if they choose.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoTaskGrouping", "Elements": [] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "NoToolbarsOnTaskbar", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Do not display any custom toolbars in the taskbar", "ExplainText": "This setting affects the taskbar.\n\nThe taskbar includes the Start button, buttons for currently running tasks, custom toolbars, the notification area, and the system clock. Toolbars include Quick Launch, Address, Links, Desktop, and other custom toolbars created by the user or by an application.\n\nIf this setting is enabled, the taskbar does not display any custom toolbars, and the user cannot add any custom toolbars to the taskbar. Moreover, the \"Toolbars\" menu command and submenu are removed from the context menu. The taskbar displays only the Start button, taskbar buttons, the notification area, and the system clock.\n\nIf this setting is disabled or is not configured, the taskbar displays all toolbars. Users can add or remove custom toolbars, and the \"Toolbars\" command appears in the context menu.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoToolbarsOnTaskbar", "Elements": [] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "NoTrayContextMenu", "Class": "Both", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Remove access to the context menus for the taskbar", "ExplainText": "This policy setting allows you to remove access to the context menus for the taskbar.\n\nIf you enable this policy setting, the menus that appear when you right-click the taskbar and items on the taskbar are hidden, such as the Start button, the clock, and the taskbar buttons.\n\nIf you disable or do not configure this policy setting, the context menus for the taskbar are available.\n\nThis policy setting does not prevent users from using other methods to issue the commands that appear on these menus.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoTrayContextMenu", "Elements": [] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "NoTrayItemsDisplay", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Hide the notification area", "ExplainText": "This setting affects the notification area (previously called the \"system tray\") on the taskbar.\n\nDescription: The notification area is located at the far right end of the task bar and includes the icons for current notifications and the system clock.\n\nIf this setting is enabled, the user\u2019s entire notification area, including the notification icons, is hidden. The taskbar displays only the Start button, taskbar buttons, custom toolbars (if any), and the system clock.\n\nIf this setting is disabled or is not configured, the notification area is shown in the user's taskbar.\n\nNote: Enabling this setting overrides the \"Turn off notification area cleanup\" setting, because if the notification area is hidden, there is no need to clean up the icons.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoTrayItemsDisplay", "Elements": [] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "NoUserNameOnStartMenu", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "WindowsXPOrServerOnly - Windows Server 2003 and Windows XP only", "DisplayName": "Remove user name from Start Menu", "ExplainText": "This policy setting allows you to remove the user name label from the Start Menu in Windows XP and Windows Server 2003.\n\nIf you enable this policy setting, the user name label is removed from the Start Menu in Windows XP and Windows Server 2003.\n\nTo remove the user name folder on Windows Vista, set the \"Remove user folder link from Start Menu\" policy setting.\n\nIf you disable or do not configure this policy setting, the user name label appears on the Start Menu in Windows XP and Windows Server 2003.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoUserNameInStartMenu", "Elements": [] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "NoWindowsUpdate", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows81To2k - At least Windows 2000 through Windows 8.1 or Windows Server 2012 R2", "DisplayName": "Remove links and access to Windows Update", "ExplainText": "This policy setting allows you to remove links and access to Windows Update.\n\nIf you enable this policy setting, users are prevented from connecting to the Windows Update Web site.\n\nEnabling this policy setting blocks user access to the Windows Update Web site at http://windowsupdate.microsoft.com. Also, the policy setting removes the Windows Update hyperlink from the Start menu and from the Tools menu in Internet Explorer.\n\nWindows Update, the online extension of Windows, offers software updates to keep a user\u2019s system up-to-date. The Windows Update Product Catalog determines any system files, security fixes, and Microsoft updates that users need and shows the newest versions available for download.\n\nIf you disable or do not configure this policy setting, the Windows Update hyperlink is available from the Start menu and from the Tools menu in Internet Explorer.\n\nAlso, see the \"Hide the \"Add programs from Microsoft\" option\" policy setting.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoWindowsUpdate", "Elements": [] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "RemoveUnDockPCButton", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows7ToXP - Windows Server 2008, Windows Server 2003, Windows 7, Windows Vista, and Windows XP", "DisplayName": "Remove the \"Undock PC\" button from the Start Menu", "ExplainText": "If you enable this setting, the \"Undock PC\" button is removed from the simple Start Menu, and your PC cannot be undocked.\n\nIf you disable this setting or do not configure it, the \"Undock PC\" button remains on the simple Start menu, and your PC can be undocked.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoStartMenuEjectPC", "Elements": [] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "StartMenuLogOff", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Remove Logoff on the Start Menu", "ExplainText": "This policy setting allows you to removes the \"Log Off \" item from the Start menu and prevents users from restoring it.\n\nIf you enable this policy setting, the Log Off item does not appear in the Start menu. This policy setting also removes the Display Logoff item from Start Menu Options. As a result, users cannot restore the Log Off item to the Start Menu.\n\nIf you disable or do not configure this policy setting, users can use the Display Logoff item to add and remove the Log Off item.\n\nThis policy setting affects the Start menu only. It does not affect the Log Off item on the Windows Security dialog box that appears when you press Ctrl+Alt+Del, and it does not prevent users from using other methods to log off.\n\nTip: To add or remove the Log Off item on a computer, click Start, click Settings, click Taskbar and Start Menu, click the Start Menu Options tab and, in the Start Menu Settings box, click Display Logoff.\n\nSee also: \"Remove Logoff\" policy setting in User Configuration\\Administrative Templates\\System\\Logon/Logoff.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "StartMenuLogOff", "Elements": [] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "NoStartMenuHomegroup", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows7Only - Windows Server 2008 R2 and Windows 7", "DisplayName": "Remove Homegroup link from Start Menu", "ExplainText": "If you enable this policy the Start menu will not show a link to Homegroup. It also removes the homegroup item from the Start Menu options. As a result, users cannot add the homegroup link to the Start Menu.\n\nIf you disable or do not configure this policy, users can use the Start Menu options to add or remove the homegroup link from the Start Menu.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "NoStartMenuHomegroup", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "NoStartMenuDownload", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows7Only - Windows Server 2008 R2 and Windows 7", "DisplayName": "Remove Downloads link from Start Menu", "ExplainText": "This policy setting allows you to remove the Downloads link from the Start Menu.\n\nIf you enable this policy setting, the Start Menu does not show a link to the Downloads folder.\n\nIf you disable or do not configure this policy setting, the Downloads link is available from the Start Menu.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "NoStartMenuDownloads", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "NoStartMenuRecordedTV", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows7Only - Windows Server 2008 R2 and Windows 7", "DisplayName": "Remove Recorded TV link from Start Menu", "ExplainText": "This policy setting allows you to remove the Recorded TV link from the Start Menu.\n\nIf you enable this policy setting, the Start Menu does not show a link to the Recorded TV library.\n\nIf you disable or do not configure this policy setting, the Recorded TV link is available from the Start Menu.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "NoStartMenuRecordedTV", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "NoStartMenuVideos", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows7Only - Windows Server 2008 R2 and Windows 7", "DisplayName": "Remove Videos link from Start Menu", "ExplainText": "This policy setting allows you to remove the Videos link from the Start Menu.\n\nIf you enable this policy setting, the Start Menu does not show a link to the Videos library.\n\nIf you disable or do not configure this policy setting, the Videos link is available from the Start Menu.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "NoStartMenuVideos", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "NoUninstallFromStart", "Class": "Both", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Prevent users from uninstalling applications from Start", "ExplainText": "If you enable this setting, users cannot uninstall apps from Start.\n\nIf you disable this setting or do not configure it, users can access the uninstall command from Start", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Explorer", "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "NoUninstallFromStart", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "PowerButtonAction", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows7Only - Windows Server 2008 R2 and Windows 7", "DisplayName": "Change Start Menu power button", "ExplainText": "Set the default action of the power button on the Start menu.\n\nIf you enable this setting, the Start Menu will set the power button to the chosen action, and not let the user change this action.\n\nIf you set the button to either Sleep or Hibernate, and that state is not supported on a computer, then the button will fall back to Shut Down.\n\nIf you disable or do not configure this setting, the Start Menu power button will be set to Shut Down by default, and the user can change this setting to another action.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "Elements": [ { "Type": "Enum", "ValueName": "PowerButtonAction", "Items": [ { "DisplayName": "Shut Down", "Data": "2" }, { "DisplayName": "Sleep", "Data": "16" }, { "DisplayName": "Log off", "Data": "1" }, { "DisplayName": "Lock", "Data": "512" }, { "DisplayName": "Restart", "Data": "4" }, { "DisplayName": "Switch User", "Data": "256" }, { "DisplayName": "Hibernate", "Data": "64" } ], "Required": true } ] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "ShowRunAsDifferentUserInStart", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Show \"Run as different user\" command on Start", "ExplainText": "This policy setting shows or hides the \"Run as different user\" command on the Start application bar.\n\nIf you enable this setting, users can access the \"Run as different user\" command from Start for applications which support this functionality.\n\nIf you disable this setting or do not configure it, users cannot access the \"Run as different user\" command from Start for any applications.\n\nNote: This setting does not prevent users from using other methods, such as the shift right-click menu on application's jumplists in the taskbar to issue the \"Run as different user\" command.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "ShowRunAsDifferentUserInStart", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "GoToDesktopOnSignIn", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows_6_3only - Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1 only", "DisplayName": "Go to the desktop instead of Start when signing in", "ExplainText": "This policy setting allows users to go to the desktop instead of the Start screen when they sign in.\n\nIf you enable this policy setting, users will always go to the desktop when they sign in.\n\nIf you disable this policy setting, users will always go to the Start screen when they sign in.\n\nIf you don\u2019t configure this policy setting, the default setting for the user\u2019s device will be used, and the user can choose to change it.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "GoToDesktopOnSignIn", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "2" } ] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "ShowAppsViewOnStart", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows_6_3only - Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1 only", "DisplayName": "Show the Apps view automatically when the user goes to Start", "ExplainText": "This policy setting allows the Apps view to be opened by default when the user goes to Start.\n\nIf you enable this policy setting, the Apps view will appear whenever the user goes to Start. Users will still be able to switch between the Apps view and the Start screen.\n\nIf you disable or don\u2019t configure this policy setting, the Start screen will appear by default whenever the user goes to Start, and the user will be able to switch between the Apps view and the Start screen. Also, the user will be able to configure this setting.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "ShowAppsViewOnStart", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "DisableGlobalSearchOnAppsView", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows_6_3only - Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1 only", "DisplayName": "Search just apps from the Apps view", "ExplainText": "This policy setting prevents the user from searching apps, files, settings (and the web if enabled) when the user searches from the Apps view.\n\nThis policy setting is only applied when the Apps view is set as the default view for Start.\n\nIf you enable this policy setting, searching from the Apps view will only search the list of installed apps.\n\nIf you disable or don\u2019t configure this policy setting, the user can configure this setting.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "DisableGlobalSearchOnAppsView", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "DesktopAppsFirstInAppsView", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows_6_3only - Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1 only", "DisplayName": "List desktop apps first in the Apps view", "ExplainText": "This policy setting allows desktop apps to be listed first in the Apps view in Start.\n\nIf you enable this policy setting, desktop apps would be listed first when the apps are sorted by category in the Apps view. The other sorting options would continue to be available and the user could choose to change their default sorting options.\n\nIf you disable or don't configure this policy setting, the desktop apps won't be listed first when the apps are sorted by category, and the user can configure this setting.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "DesktopAppsFirstInAppsView", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "ShowStartOnDisplayWithForegroundOnWinKey", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows_6_3only - Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1 only", "DisplayName": "Show Start on the display the user is using when they press the Windows logo key", "ExplainText": "This policy setting allows the Start screen to appear on the display the user is using when they press the Windows logo key. This setting only applies to users who are using multiple displays.\n\nIf you enable this policy setting, the Start screen will appear on the display the user is using when they press the Windows logo key.\n\nIf you disable or don't configure this policy setting, the Start screen will always appear on the main display when the user presses the Windows logo key. Users will still be able to open Start on other displays by pressing the Start button on that display. Also, the user will be able to configure this setting.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "ShowStartOnDisplayWithForegroundOnWinKey", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "ForceStartSize", "Class": "Both", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows_10_0_NOARM - At least Windows Server 2016 or Windows 10", "DisplayName": "Force Start to be either full screen size or menu size", "ExplainText": "If you enable this policy and set it to Start menu or full screen Start, Start will be that size and users will be unable to change the size of Start in Settings.\n\nIf you disable or don\u2019t configure this policy setting, Windows will automatically select the size based on hardware form factor and users will be able to change the size of Start in Settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Explorer", "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "Elements": [ { "Type": "Enum", "ValueName": "ForceStartSize", "Items": [ { "DisplayName": "Start menu", "Data": "1" }, { "DisplayName": "Full screen Start", "Data": "2" } ], "Required": true } ] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "HidePeopleBar", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows_10_0_RS2 - At least Windows Server 2016, Windows 10 Version 1703", "DisplayName": "Remove the People Bar from the taskbar", "ExplainText": "This policy allows you to remove the People Bar from the taskbar and disables the My People experience.\n\nIf you enable this policy the people icon will be removed from the taskbar, the corresponding settings toggle is removed from the taskbar settings page, and users will not be able to pin people to the taskbar.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "HidePeopleBar", "Elements": [] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "HideRecentlyAddedApps", "Class": "Both", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows_10_0_RS4 - At least Windows Server 2016, Windows 10 Version 1803", "DisplayName": "Remove \"Recently added\" list from Start Menu", "ExplainText": "This policy allows you to prevent the Start Menu from displaying a list of recently installed applications.\n\nIf you enable this policy, the Start Menu will no longer display the \"Recently added\" list. The corresponding setting will also be disabled in Settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Explorer", "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "HideRecentlyAddedApps", "Elements": [] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "HideRecommendedSection", "Class": "Both", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows_11_0_22H2 - At least Windows 11 Version 22H2", "DisplayName": "Remove Recommended section from Start Menu", "ExplainText": "This policy allows you to prevent the Start Menu from displaying a list of recommended applications and files.\n\nIf you enable this policy setting, the Start Menu will no longer show the section containing a list of recommended files and apps.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Explorer", "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "HideRecommendedSection", "Elements": [] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "HideRecommendedPersonalizedSites", "Class": "Both", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows_11_0_22H2 - At least Windows 11 Version 22H2", "DisplayName": "Remove Personalized Website Recommendations from the Recommended section in the Start Menu", "ExplainText": "Remove Personalized Website Recommendations from the Recommended section in the Start Menu", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Explorer", "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "HideRecommendedPersonalizedSites", "Elements": [] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "DisableContextMenusInStart", "Class": "Both", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows_10_0_RS4 - At least Windows Server 2016, Windows 10 Version 1803", "DisplayName": "Disable context menus in the Start Menu", "ExplainText": "This policy allows you to prevent users from being able to open context menus in the Start Menu.\n\nIf you enable this policy, then invocations of context menus within the Start Menu will be ignored.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Explorer", "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "DisableContextMenusInStart", "Elements": [] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "SimplifyQuickSettings", "Class": "Machine", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows_11_0_SE - Windows 11 SE", "DisplayName": "Simplify Quick Settings Layout", "ExplainText": "If you enable this policy, Quick Settings will be reduced to only having the WiFi, Bluetooth, Accessibility, and VPN buttons; the brightness and volume sliders; and battery indicator and link to the Settings app.\n\nIf you disable or don't configure this policy setting, the regular Quick Settings layout will appear whenever Quick Settings is invoked.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "SimplifyQuickSettings", "Elements": [] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "DisableEditingQuickSettings", "Class": "Machine", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows_11_0_SE - Windows 11 SE", "DisplayName": "Disable Editing Quick Settings", "ExplainText": "If you enable this policy, the user will be unable to modify Quick Settings.\n\nIf you disable or don't configure this policy setting, the user will be able to edit Quick Settings, such as pinning or unpinning buttons.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "DisableEditingQuickSettings", "Elements": [] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "DisableControlCenter", "Class": "User", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Remove Quick Settings", "ExplainText": "This policy setting removes Quick Settings from the bottom right area on the taskbar.\n\nThe quick settings area is located at the left of the clock in the taskbar and includes icons for current network and volume.\n\nIf this setting is enabled, Quick Settings is not displayed in the quick settings area.\n\nA reboot is required for this policy setting to take effect.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "DisableControlCenter", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "ConfigureStartPins", "Class": "Both", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows_11_0_24H2 - At least Windows 11 Version 24H2", "DisplayName": "Configure Start Pins", "ExplainText": "Allows admin to override the default items pinned to Start.\n\nThis setting lets you specify the default items pinned to Start.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Explorer", "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "ConfigureStartPins", "Elements": [ { "Type": "Text", "ValueName": "ConfigureStartPinsJSON", "Expandable": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "StartMenu.admx", "CategoryName": "StartMenu", "PolicyName": "HideCategoryView", "Class": "Both", "NameSpace": "Microsoft.Policies.StartMenu", "Supported": "Windows_11_0_24H2 - At least Windows 11 Version 24H2", "DisplayName": "Hide Category view in the Start Menu", "ExplainText": "This policy setting allows you to hide the category view in the Start Menu.\n\nIf you enable this policy setting, the Start Menu will no longer show the category view as an option and will default to grid view.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Explorer", "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "HideCategoryView", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "StorageHealth.admx", "CategoryName": "StorageHealth", "PolicyName": "SH_AllowDiskHealthModelUpdates", "Class": "Machine", "NameSpace": "Microsoft.Policies.StorageHealth", "Supported": "Windows_10_0_RS3 - At least Windows Server 2016, Windows 10 Version 1709", "DisplayName": "Allow downloading updates to the Disk Failure Prediction Model", "ExplainText": "Allows downloading new updates to ML Model parameters for predicting storage disk failure.\n\nEnabled:\nUpdates would be downloaded for the Disk Failure Prediction Failure Model.\n\nDisabled:\nUpdates would not be downloaded for the Disk Failure Prediction Failure Model.\n\nNot configured:\nSame as Enabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\StorageHealth" ], "ValueName": "AllowDiskHealthModelUpdates", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "StorageSense.admx", "CategoryName": "StorageSense", "PolicyName": "SS_AllowStorageSenseGlobal", "Class": "Machine", "NameSpace": "Microsoft.Policies.StorageSense", "Supported": "Windows_10_0_RS6 - At least Windows Server 2016, Windows 10 Version 1903", "DisplayName": "Allow Storage Sense", "ExplainText": "Storage Sense can automatically clean some of the user\u2019s files to free up disk space. By default, Storage Sense is automatically turned on when the machine runs into low disk space and is set to run whenever the machine runs into storage pressure. This cadence can be changed in Storage settings or set with the \"Configure Storage Sense cadence\" group policy.\n\nEnabled:\nStorage Sense is turned on for the machine, with the default cadence as \u2018during low free disk space\u2019. Users cannot disable Storage Sense, but they can adjust the cadence (unless you also configure the \"Configure Storage Sense cadence\" group policy).\n\nDisabled:\nStorage Sense is turned off the machine. Users cannot enable Storage Sense.\n\nNot Configured:\nBy default, Storage Sense is turned off until the user runs into low disk space or the user enables it manually. Users can configure this setting in Storage settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\StorageSense" ], "ValueName": "AllowStorageSenseGlobal", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "StorageSense.admx", "CategoryName": "StorageSense", "PolicyName": "SS_ConfigStorageSenseGlobalCadence", "Class": "Machine", "NameSpace": "Microsoft.Policies.StorageSense", "Supported": "Windows_10_0_RS6 - At least Windows Server 2016, Windows 10 Version 1903", "DisplayName": "Configure Storage Sense cadence", "ExplainText": "Storage Sense can automatically clean some of the user\u2019s files to free up disk space.\n\nIf the group policy \"Allow Storage Sense\" is disabled, then this policy does not have any effect.\n\nEnabled:\nYou must provide the desired Storage Sense cadence. Supported options are: daily, weekly, monthly, and during low free disk space. The default is 0 (during low free disk space).\n\nDisabled or Not Configured:\nBy default, the Storage Sense cadence is set to \"during low free disk space\". Users can configure this setting in Storage settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\StorageSense" ], "Elements": [ { "Type": "Enum", "ValueName": "ConfigStorageSenseGlobalCadence", "Items": [ { "DisplayName": "Every day", "Data": "1" }, { "DisplayName": "Every week", "Data": "7" }, { "DisplayName": "Every month", "Data": "30" }, { "DisplayName": "During low free disk space", "Data": "0" } ], "Required": true } ] }, { "File": "StorageSense.admx", "CategoryName": "StorageSense", "PolicyName": "SS_AllowStorageSenseTemporaryFilesCleanup", "Class": "Machine", "NameSpace": "Microsoft.Policies.StorageSense", "Supported": "Windows_10_0_RS6 - At least Windows Server 2016, Windows 10 Version 1903", "DisplayName": "Allow Storage Sense Temporary Files cleanup", "ExplainText": "When Storage Sense runs, it can delete the user\u2019s temporary files that are not in use.\n\nIf the group policy \"Allow Storage Sense\" is disabled, then this policy does not have any effect.\n\nEnabled:\nStorage Sense will delete the user\u2019s temporary files that are not in use. Users cannot disable this setting in Storage settings.\n\nDisabled:\nStorage Sense will not delete the user\u2019s temporary files. Users cannot enable this setting in Storage settings.\n\nNot Configured:\nBy default, Storage Sense will delete the user\u2019s temporary files. Users can configure this setting in Storage settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\StorageSense" ], "ValueName": "AllowStorageSenseTemporaryFilesCleanup", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "StorageSense.admx", "CategoryName": "StorageSense", "PolicyName": "SS_ConfigStorageSenseRecycleBinCleanupThreshold", "Class": "Machine", "NameSpace": "Microsoft.Policies.StorageSense", "Supported": "Windows_10_0_RS6 - At least Windows Server 2016, Windows 10 Version 1903", "DisplayName": "Configure Storage Sense Recycle Bin cleanup threshold", "ExplainText": "When Storage Sense runs, it can delete files in the user\u2019s Recycle Bin if they have been there for over a certain amount of days.\n\nIf the group policy \"Allow Storage Sense\" is disabled, then this policy does not have any effect.\n\nEnabled:\nYou must provide the minimum age threshold (in days) of a file in the Recycle Bin before Storage Sense will delete it. Supported values are: 0 - 365.\nIf you set this value to zero, Storage Sense will not delete files in the user\u2019s Recycle Bin. The default is 30 days.\n\nDisabled or Not Configured:\nBy default, Storage Sense will delete files in the user\u2019s Recycle Bin that have been there for over 30 days. Users can configure this setting in Storage settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\StorageSense" ], "Elements": [ { "Type": "Decimal", "ValueName": "ConfigStorageSenseRecycleBinCleanupThreshold", "MinValue": "0", "MaxValue": "365" } ] }, { "File": "StorageSense.admx", "CategoryName": "StorageSense", "PolicyName": "SS_ConfigStorageSenseDownloadsCleanupThreshold", "Class": "Machine", "NameSpace": "Microsoft.Policies.StorageSense", "Supported": "Windows_10_0_RS6 - At least Windows Server 2016, Windows 10 Version 1903", "DisplayName": "Configure Storage Storage Downloads cleanup threshold", "ExplainText": "When Storage Sense runs, it can delete files in the user\u2019s Downloads folder if they haven\u2019t been opened for more than a certain number of days.\n\nIf the group policy \"Allow Storage Sense\" is disabled, then this policy does not have any effect.\n\nEnabled:\nYou must provide the minimum number of days a file can remain unopened before Storage Sense deletes it from Downloads folder. Supported values are: 0 - 365.\nIf you set this value to zero, Storage Sense will not delete files in the user\u2019s Downloads folder. The default is 0, or never deleting files in the Downloads folder.\n\nDisabled or Not Configured:\nBy default, Storage Sense will not delete files in the user\u2019s Downloads folder. Users can configure this setting in Storage settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\StorageSense" ], "Elements": [ { "Type": "Decimal", "ValueName": "ConfigStorageSenseDownloadsCleanupThreshold", "MinValue": "0", "MaxValue": "365" } ] }, { "File": "StorageSense.admx", "CategoryName": "StorageSense", "PolicyName": "SS_ConfigStorageSenseCloudContentDehydrationThreshold", "Class": "Machine", "NameSpace": "Microsoft.Policies.StorageSense", "Supported": "Windows_10_0_RS6 - At least Windows Server 2016, Windows 10 Version 1903", "DisplayName": "Configure Storage Sense Cloud Content dehydration threshold", "ExplainText": "When Storage Sense runs, it can dehydrate cloud-backed content that hasn\u2019t been opened in a certain amount of days.\n\nIf the group policy \"Allow Storage Sense\" is disabled, then this policy does not have any effect.\n\nEnabled:\nYou must provide the minimum number of days a cloud-backed file can remain unopened before Storage Sense dehydrates it from the sync root. Supported values are: 0 - 365.\nIf you set this value to zero, Storage Sense will not dehydrate any cloud-backed content. The default value is 0, or never dehydrating cloud-backed content.\n\nDisabled or Not Configured:\nBy default, Storage Sense will not dehydrate any cloud-backed content. Users can configure this setting in Storage settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\StorageSense" ], "Elements": [ { "Type": "Decimal", "ValueName": "ConfigStorageSenseCloudContentDehydrationThreshold", "MinValue": "0", "MaxValue": "365" } ] }, { "File": "Sudo.admx", "CategoryName": "System", "PolicyName": "EnableSudo", "Class": "Machine", "NameSpace": "Microsoft.Policies.DeveloperTools", "Supported": "Windows_11_0_NOSERVER - At least Windows 11", "DisplayName": "Configure the behavior of the sudo command", "ExplainText": "This policy setting controls use of the sudo.exe command line tool.\n\nIf you enable this policy setting, then you may set a maximum allowed mode to run sudo in. This restricts the ways in which users may interact with command-line applications run with sudo. You may pick one of the following modes to allow sudo to run in:\n\n\"Disabled\": sudo is entirely disabled on this machine. When the user tries to run sudo, sudo will print an error message and exit.\n\n\"Force new window\": When sudo launches a command line application, it will launch that app in a new console window.\n\n\"Disable input\": When sudo launches a command line application, it will launch the app in the current console window, but the user will not be able to type input to the command line app. The user may also choose to run sudo in \"Force new window\" mode.\n\n\"Normal\": When sudo launches a command line application, it will launch the app in the current console window. The user may also choose to run sudo in \"Force new window\" or \"Disable input\" mode.\n\nIf you disable this policy or do not configure it, the user will be able to run sudo.exe normally (after enabling the setting in the Settings app).", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Sudo" ], "Elements": [ { "Type": "Enum", "ValueName": "Enabled", "Items": [ { "DisplayName": "Disabled", "Data": "0" }, { "DisplayName": "Force new window", "Data": "1" }, { "DisplayName": "Disable input", "Data": "2" }, { "DisplayName": "Normal", "Data": "3" } ] } ] }, { "File": "SystemRestore.admx", "CategoryName": "SR", "PolicyName": "SR_DisableConfig", "Class": "Machine", "NameSpace": "Microsoft.Policies.SystemRestore", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Turn off Configuration", "ExplainText": "Allows you to disable System Restore configuration through System Protection.\n\nThis policy setting allows you to turn off System Restore configuration through System Protection.\n\nSystem Restore enables users, in the event of a problem, to restore their computers to a previous state without losing personal data files. The behavior of this policy setting depends on the \"Turn off System Restore\" policy setting.\n\nIf you enable this policy setting, the option to configure System Restore through System Protection is disabled.\n\nIf you disable or do not configure this policy setting, users can change the System Restore settings through System Protection.\n\nAlso, see the \"Turn off System Restore\" policy setting. If the \"Turn off System Restore\" policy setting is enabled, the \"Turn off System Restore configuration\" policy setting is overwritten.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\SystemRestore" ], "ValueName": "DisableConfig", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "SystemRestore.admx", "CategoryName": "SR", "PolicyName": "SR_DisableSR", "Class": "Machine", "NameSpace": "Microsoft.Policies.SystemRestore", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Turn off System Restore", "ExplainText": "Allows you to disable System Restore.\n\nThis policy setting allows you to turn off System Restore.\n\nSystem Restore enables users, in the event of a problem, to restore their computers to a previous state without losing personal data files. By default, System Restore is turned on for the boot volume.\n\nIf you enable this policy setting, System Restore is turned off, and the System Restore Wizard cannot be accessed. The option to configure System Restore or create a restore point through System Protection is also disabled.\n\nIf you disable or do not configure this policy setting, users can perform System Restore and configure System Restore settings through System Protection.\n\nAlso, see the \"Turn off System Restore configuration\" policy setting. If the \"Turn off System Restore\" policy setting is disabled or not configured, the \"Turn off System Restore configuration\" policy setting is used to determine whether the option to configure System Restore is available.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\SystemRestore" ], "ValueName": "DisableSR", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TabletPCInputPanel.admx", "CategoryName": "TabletTIP", "PolicyName": "AutoComplete_1", "Class": "User", "NameSpace": "Microsoft.Policies.TabletPCInputPanel", "Supported": "Windows7ToVista - Windows Server 2008, Windows 7, and Windows Vista", "DisplayName": "Turn off AutoComplete integration with Input Panel", "ExplainText": "Turns off the integration of application auto complete lists with Tablet PC Input Panel in applications where this behavior is available.\n\nTablet PC Input Panel is a Tablet PC accessory that enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts.\n\nIf you enable this policy, application auto complete lists will never appear next to Input Panel. Users will not be able to configure this setting in the Input Panel Options dialog box.\n\nIf you disable this policy, application auto complete lists will appear next to Input Panel in applications where the functionality is available. Users will not be able to configure this setting in the Input Panel Options dialog box.\n\nIf you do not configure this policy, application auto complete lists will appear next to Input Panel in applications where the functionality is available. Users will be able to configure this setting on the Text completion tab in Input Panel Options.", "KeyPath": [ "HKCU\\software\\policies\\microsoft\\TabletTip\\1.7" ], "ValueName": "DisableACIntegration", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TabletPCInputPanel.admx", "CategoryName": "TabletTIP", "PolicyName": "AutoComplete_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.TabletPCInputPanel", "Supported": "Windows7ToVista - Windows Server 2008, Windows 7, and Windows Vista", "DisplayName": "Turn off AutoComplete integration with Input Panel", "ExplainText": "Turns off the integration of application auto complete lists with Tablet PC Input Panel in applications where this behavior is available.\n\nTablet PC Input Panel is a Tablet PC accessory that enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts.\n\nIf you enable this policy, application auto complete lists will never appear next to Input Panel. Users will not be able to configure this setting in the Input Panel Options dialog box.\n\nIf you disable this policy, application auto complete lists will appear next to Input Panel in applications where the functionality is available. Users will not be able to configure this setting in the Input Panel Options dialog box.\n\nIf you do not configure this policy, application auto complete lists will appear next to Input Panel in applications where the functionality is available. Users will be able to configure this setting on the Text completion tab in Input Panel Options.", "KeyPath": [ "HKLM\\software\\policies\\microsoft\\TabletTip\\1.7" ], "ValueName": "DisableACIntegration", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TabletPCInputPanel.admx", "CategoryName": "TabletTIP", "PolicyName": "EdgeTarget_1", "Class": "User", "NameSpace": "Microsoft.Policies.TabletPCInputPanel", "Supported": "Windows7ToVista - Windows Server 2008, Windows 7, and Windows Vista", "DisplayName": "Prevent Input Panel tab from appearing", "ExplainText": "Prevents Input Panel tab from appearing on the edge of the Tablet PC screen.\n\nTablet PC Input Panel is a Tablet PC accessory that enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts.\n\nIf you enable this policy, Input Panel tab will not appear on the edge of the Tablet PC screen. Users will not be able to configure this setting in the Input Panel Options dialog box.\n\nIf you disable this policy, Input Panel tab will appear on the edge of the Tablet PC screen. Users will not be able to configure this setting in the Input Panel Options dialog box.\n\nIf you do not configure this policy, Input Panel tab will appear on the edge of the Tablet PC screen. Users will be able to configure this setting on the Opening tab in Input Panel Options.\n\nCaution: If you enable both the \"Prevent Input Panel from appearing next to text entry areas\" policy and the \"Prevent Input Panel tab from appearing\" policy, and disable the \"Show Input Panel taskbar icon\" policy, the user will then have no way to access Input Panel.", "KeyPath": [ "HKCU\\software\\policies\\microsoft\\TabletTip\\1.7" ], "ValueName": "DisableEdgeTarget", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TabletPCInputPanel.admx", "CategoryName": "TabletTIP", "PolicyName": "EdgeTarget_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.TabletPCInputPanel", "Supported": "Windows7ToVista - Windows Server 2008, Windows 7, and Windows Vista", "DisplayName": "Prevent Input Panel tab from appearing", "ExplainText": "Prevents Input Panel tab from appearing on the edge of the Tablet PC screen.\n\nTablet PC Input Panel is a Tablet PC accessory that enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts.\n\nIf you enable this policy, Input Panel tab will not appear on the edge of the Tablet PC screen. Users will not be able to configure this setting in the Input Panel Options dialog box.\n\nIf you disable this policy, Input Panel tab will appear on the edge of the Tablet PC screen. Users will not be able to configure this setting in the Input Panel Options dialog box.\n\nIf you do not configure this policy, Input Panel tab will appear on the edge of the Tablet PC screen. Users will be able to configure this setting on the Opening tab in Input Panel Options.\n\nCaution: If you enable both the \"Prevent Input Panel from appearing next to text entry areas\" policy and the \"Prevent Input Panel tab from appearing\" policy, and disable the \"Show Input Panel taskbar icon\" policy, the user will then have no way to access Input Panel.", "KeyPath": [ "HKLM\\software\\policies\\microsoft\\TabletTip\\1.7" ], "ValueName": "DisableEdgeTarget", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TabletPCInputPanel.admx", "CategoryName": "TabletTIP", "PolicyName": "IPTIPTarget_1", "Class": "User", "NameSpace": "Microsoft.Policies.TabletPCInputPanel", "Supported": "Windows7ToVista - Windows Server 2008, Windows 7, and Windows Vista", "DisplayName": "For tablet pen input, don\u2019t show the Input Panel icon", "ExplainText": "Prevents the Tablet PC Input Panel icon from appearing next to any text entry area in applications where this behavior is available. This policy applies only when using a tablet pen as an input device.\n\nTablet PC Input Panel is a Tablet PC accessory that enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts.\n\nIf you enable this policy, Input Panel will never appear next to text entry areas when using a tablet pen as an input device. Users will not be able to configure this setting in the Input Panel Options dialog box.\n\nIf you disable this policy, Input Panel will appear next to any text entry area in applications where this behavior is available. Users will not be able to configure this setting in the Input Panel Options dialog box.\n\nIf you do not configure this policy, Input Panel will appear next to text entry areas in applications where this behavior is available. Users will be able to configure this setting on the Opening tab in Input Panel Options.\n\nCaution: If you enable both the \"Prevent Input Panel from appearing next to text entry areas\" policy and the \"Prevent Input Panel tab from appearing\" policy, and disable the \"Show Input Panel taskbar icon\" policy, the user will then have no way to access Input Panel.", "KeyPath": [ "HKCU\\software\\policies\\microsoft\\TabletTip\\1.7" ], "ValueName": "HideIPTIPTarget", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TabletPCInputPanel.admx", "CategoryName": "TabletTIP", "PolicyName": "IPTIPTarget_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.TabletPCInputPanel", "Supported": "Windows7ToVista - Windows Server 2008, Windows 7, and Windows Vista", "DisplayName": "For tablet pen input, don\u2019t show the Input Panel icon", "ExplainText": "Prevents the Tablet PC Input Panel icon from appearing next to any text entry area in applications where this behavior is available. This policy applies only when using a tablet pen as an input device.\n\nTablet PC Input Panel is a Tablet PC accessory that enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts.\n\nIf you enable this policy, Input Panel will never appear next to text entry areas when using a tablet pen as an input device. Users will not be able to configure this setting in the Input Panel Options dialog box.\n\nIf you disable this policy, Input Panel will appear next to any text entry area in applications where this behavior is available. Users will not be able to configure this setting in the Input Panel Options dialog box.\n\nIf you do not configure this policy, Input Panel will appear next to text entry areas in applications where this behavior is available. Users will be able to configure this setting on the Opening tab in Input Panel Options.\n\nCaution: If you enable both the \"Prevent Input Panel from appearing next to text entry areas\" policy and the \"Prevent Input Panel tab from appearing\" policy, and disable the \"Show Input Panel taskbar icon\" policy, the user will then have no way to access Input Panel.", "KeyPath": [ "HKLM\\software\\policies\\microsoft\\TabletTip\\1.7" ], "ValueName": "HideIPTIPTarget", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TabletPCInputPanel.admx", "CategoryName": "TabletTIP", "PolicyName": "IPTIPTouchTarget_1", "Class": "User", "NameSpace": "Microsoft.Policies.TabletPCInputPanel", "Supported": "Windows7ToVista - Windows Server 2008, Windows 7, and Windows Vista", "DisplayName": "For touch input, don\u2019t show the Input Panel icon", "ExplainText": "Prevents the Tablet PC Input Panel icon from appearing next to any text entry area in applications where this behavior is available. This policy applies only when a user is using touch input.\n\nTablet PC Input Panel is a Tablet PC accessory that enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts.\n\nIf you enable this policy, Input Panel will never appear next to any text entry area when a user is using touch input. Users will not be able to configure this setting in the Input Panel Options dialog box.\n\nIf you disable this policy, Input Panel will appear next to text entry areas in applications where this behavior is available. Users will not be able to configure this setting in the Input Panel Options dialog box.\n\nIf you do not configure this policy, Input Panel will appear next to text entry areas in applications where this behavior is available. Users will be able to configure this setting on the Opening tab in Input Panel Options.", "KeyPath": [ "HKCU\\software\\policies\\microsoft\\TabletTip\\1.7" ], "ValueName": "HideIPTIPTouchTarget", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TabletPCInputPanel.admx", "CategoryName": "TabletTIP", "PolicyName": "IPTIPTouchTarget_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.TabletPCInputPanel", "Supported": "Windows7ToVista - Windows Server 2008, Windows 7, and Windows Vista", "DisplayName": "For touch input, don\u2019t show the Input Panel icon", "ExplainText": "Prevents the Tablet PC Input Panel icon from appearing next to any text entry area in applications where this behavior is available. This policy applies only when a user is using touch input.\n\nTablet PC Input Panel is a Tablet PC accessory that enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts.\n\nIf you enable this policy, Input Panel will never appear next to any text entry area when a user is using touch input. Users will not be able to configure this setting in the Input Panel Options dialog box.\n\nIf you disable this policy, Input Panel will appear next to text entry areas in applications where this behavior is available. Users will not be able to configure this setting in the Input Panel Options dialog box.\n\nIf you do not configure this policy, Input Panel will appear next to text entry areas in applications where this behavior is available. Users will be able to configure this setting on the Opening tab in Input Panel Options.", "KeyPath": [ "HKLM\\software\\policies\\microsoft\\TabletTip\\1.7" ], "ValueName": "HideIPTIPTouchTarget", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TabletPCInputPanel.admx", "CategoryName": "TabletTIP", "PolicyName": "PasswordSecurity_1", "Class": "User", "NameSpace": "Microsoft.Policies.TabletPCInputPanel", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn off password security in Input Panel", "ExplainText": "Adjusts password security settings in Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7 and Windows Vista). These settings include using the on-screen keyboard by default, preventing users from switching to another Input Panel skin (the writing pad or character pad), and not showing what keys are tapped when entering a password.\n\nTouch Keyboard and Handwriting panel enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts.\n\nIf you enable this policy and choose \"Low\" from the drop-down box, password security is set to \"Low.\" At this setting, all password security settings are turned off. Users will not be able to configure this setting in the Input Panel Options dialog box.\n\nIf you enable this policy and choose \"Medium-Low\" from the drop-down box, password security is set to \"Medium-Low.\" At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is allowed, and Input Panel displays the cursor and which keys are tapped. Users will not be able to configure this setting in the Input Panel Options dialog box.\n\nIf you enable this policy and choose \"Medium\" from the drop-down box, password security is set to \"Medium.\" At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is not allowed, and Input Panel displays the cursor and which keys are tapped. Users will not be able to configure this setting in the Input Panel Options dialog box.\n\nIf you enable this policy and choose to \"Medium-High\" from the drop-down box, password security is set to \"Medium-High.\" At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is allowed, and Input Panel does not display the cursor or which keys are tapped. Users will not be able to configure this setting in the Input Panel Options dialog box.\n\nIf you enable this policy and choose \"High\" from the drop-down box, password security is set to \"High.\" At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is not allowed, and Input Panel does not display the cursor or which keys are tapped. Users will not be able to configure this setting in the Input Panel Options dialog box.\n\nIf you disable this policy, password security is set to \"Medium-High.\" At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is allowed, and Input Panel does not display the cursor or which keys are tapped. Users will not be able to configure this setting in the Input Panel Options dialog box.\n\nIf you do not configure this policy, password security is set to \"Medium-High\" by default. At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is allowed, and Input Panel does not display the cursor or which keys are tapped. Users will be able to configure this setting on the Advanced tab in Input Panel Options in Windows 7 and Windows Vista.\n\nCaution: If you lower password security settings, people who can see the user\u2019s screen might be able to see their passwords.", "KeyPath": [ "HKCU\\software\\policies\\microsoft\\TabletTip\\1.7" ], "ValueName": "PasswordSecurityState", "Elements": [ { "Type": "Enum", "ValueName": "PasswordSecurity", "Items": [ { "DisplayName": "Low", "Data": "1" }, { "DisplayName": "Medium Low", "Data": "2" }, { "DisplayName": "Medium", "Data": "3" }, { "DisplayName": "Medium High", "Data": "4" }, { "DisplayName": "High", "Data": "5" } ], "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TabletPCInputPanel.admx", "CategoryName": "TabletTIP", "PolicyName": "PasswordSecurity_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.TabletPCInputPanel", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn off password security in Input Panel", "ExplainText": "Adjusts password security settings in Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7 and Windows Vista). These settings include using the on-screen keyboard by default, preventing users from switching to another Input Panel skin (the writing pad or character pad), and not showing what keys are tapped when entering a password.\n\nTouch Keyboard and Handwriting panel enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts.\n\nIf you enable this policy and choose \"Low\" from the drop-down box, password security is set to \"Low.\" At this setting, all password security settings are turned off. Users will not be able to configure this setting in the Input Panel Options dialog box.\n\nIf you enable this policy and choose \"Medium-Low\" from the drop-down box, password security is set to \"Medium-Low.\" At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is allowed, and Input Panel displays the cursor and which keys are tapped. Users will not be able to configure this setting in the Input Panel Options dialog box.\n\nIf you enable this policy and choose \"Medium\" from the drop-down box, password security is set to \"Medium.\" At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is not allowed, and Input Panel displays the cursor and which keys are tapped. Users will not be able to configure this setting in the Input Panel Options dialog box.\n\nIf you enable this policy and choose to \"Medium-High\" from the drop-down box, password security is set to \"Medium-High.\" At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is allowed, and Input Panel does not display the cursor or which keys are tapped. Users will not be able to configure this setting in the Input Panel Options dialog box.\n\nIf you enable this policy and choose \"High\" from the drop-down box, password security is set to \"High.\" At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is not allowed, and Input Panel does not display the cursor or which keys are tapped. Users will not be able to configure this setting in the Input Panel Options dialog box.\n\nIf you disable this policy, password security is set to \"Medium-High.\" At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is allowed, and Input Panel does not display the cursor or which keys are tapped. Users will not be able to configure this setting in the Input Panel Options dialog box.\n\nIf you do not configure this policy, password security is set to \"Medium-High\" by default. At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is allowed, and Input Panel does not display the cursor or which keys are tapped. Users will be able to configure this setting on the Advanced tab in Input Panel Options in Windows 7 and Windows Vista.\n\nCaution: If you lower password security settings, people who can see the user\u2019s screen might be able to see their passwords.", "KeyPath": [ "HKLM\\software\\policies\\microsoft\\TabletTip\\1.7" ], "ValueName": "PasswordSecurityState", "Elements": [ { "Type": "Enum", "ValueName": "PasswordSecurity", "Items": [ { "DisplayName": "Low", "Data": "1" }, { "DisplayName": "Medium Low", "Data": "2" }, { "DisplayName": "Medium", "Data": "3" }, { "DisplayName": "Medium High", "Data": "4" }, { "DisplayName": "High", "Data": "5" } ], "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TabletPCInputPanel.admx", "CategoryName": "TabletTIP", "PolicyName": "RareChar_1", "Class": "User", "NameSpace": "Microsoft.Policies.TabletPCInputPanel", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Include rarely used Chinese, Kanji, or Hanja characters", "ExplainText": "Includes rarely used Chinese, Kanji, and Hanja characters when handwriting is converted to typed text. This policy applies only to the use of the Microsoft recognizers for Chinese (Simplified), Chinese (Traditional), Japanese, and Korean. This setting appears in Input Panel Options (in Windows 7 and Windows Vista only) only when these input languages or keyboards are installed.\n\nTouch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7 and Windows Vista) enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts.\n\nIf you enable this policy, rarely used Chinese, Kanji, and Hanja characters will be included in recognition results when handwriting is converted to typed text. Users will not be able to configure this setting in the Input Panel Options dialog box.\n\nIf you disable this policy, rarely used Chinese, Kanji, and Hanja characters will not be included in recognition results when handwriting is converted to typed text. Users will not be able to configure this setting in the Input Panel Options dialog box.\n\nIf you do not configure this policy, rarely used Chinese, Kanji, and Hanja characters will not be included in recognition results when handwriting is converted to typed text. Users will be able to configure this setting on the Ink to text conversion tab in Input Panel Options (in Windows 7 and Windows Vista).", "KeyPath": [ "HKCU\\software\\policies\\microsoft\\TabletTip\\1.7" ], "ValueName": "IncludeRareChar", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TabletPCInputPanel.admx", "CategoryName": "TabletTIP", "PolicyName": "RareChar_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.TabletPCInputPanel", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Include rarely used Chinese, Kanji, or Hanja characters", "ExplainText": "Includes rarely used Chinese, Kanji, and Hanja characters when handwriting is converted to typed text. This policy applies only to the use of the Microsoft recognizers for Chinese (Simplified), Chinese (Traditional), Japanese, and Korean. This setting appears in Input Panel Options (in Windows 7 and Windows Vista only) only when these input languages or keyboards are installed.\n\nTouch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7 and Windows Vista) enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts.\n\nIf you enable this policy, rarely used Chinese, Kanji, and Hanja characters will be included in recognition results when handwriting is converted to typed text. Users will not be able to configure this setting in the Input Panel Options dialog box.\n\nIf you disable this policy, rarely used Chinese, Kanji, and Hanja characters will not be included in recognition results when handwriting is converted to typed text. Users will not be able to configure this setting in the Input Panel Options dialog box.\n\nIf you do not configure this policy, rarely used Chinese, Kanji, and Hanja characters will not be included in recognition results when handwriting is converted to typed text. Users will be able to configure this setting on the Ink to text conversion tab in Input Panel Options (in Windows 7 and Windows Vista).", "KeyPath": [ "HKLM\\software\\policies\\microsoft\\TabletTip\\1.7" ], "ValueName": "IncludeRareChar", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TabletPCInputPanel.admx", "CategoryName": "TabletTIP", "PolicyName": "ScratchOut_1", "Class": "User", "NameSpace": "Microsoft.Policies.TabletPCInputPanel", "Supported": "WindowsVistaOnly - Windows Vista only", "DisplayName": "Turn off tolerant and Z-shaped scratch-out gestures", "ExplainText": "Turns off both the more tolerant scratch-out gestures that were added in Windows Vista and the Z-shaped scratch-out gesture that was available in Microsoft Windows XP Tablet PC Edition.\n\nThe tolerant gestures let users scratch out ink in Input Panel by using strikethrough and other scratch-out gesture shapes.\n\nTablet PC Input Panel is a Tablet PC accessory that enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts.\n\nIf you enable this policy and choose \"All\" from the drop-down menu, no scratch-out gestures will be available in Input Panel. Users will not be able to configure this setting in the Input Panel Options dialog box.\n\nIf you enable this policy and choose \"Tolerant,\" users will be able to use the Z-shaped scratch-out gesture that was available in Microsoft Windows XP Tablet PC Edition. Users will not be able to configure this setting in the Input Panel Options dialog box.\n\nIf you enable this policy and choose \"None,\" users will be able to use both the tolerant scratch-out gestures and the Z-shaped scratch-out gesture. Users will not be able to configure this setting in the Input Panel Options dialog box.\n\nIf you disable this policy, users will be able to use both the tolerant scratch-out gestures and the Z-shaped scratch-out gesture. Users will not be able to configure this setting in the Input Panel Options dialog box.\n\nIf you do not configure this policy, users will be able to use both the tolerant scratch-out gestures and the Z-shaped scratch-out gesture. Users will be able to configure this setting on the Gestures tab in Input Panel Options.", "KeyPath": [ "HKCU\\software\\policies\\microsoft\\TabletTip\\1.7" ], "ValueName": "ScratchOutState", "Elements": [ { "Type": "Enum", "ValueName": "ScratchOut", "Items": [ { "DisplayName": "All", "Data": "1" }, { "DisplayName": "Tolerant", "Data": "2" }, { "DisplayName": "None", "Data": "3" } ], "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TabletPCInputPanel.admx", "CategoryName": "TabletTIP", "PolicyName": "ScratchOut_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.TabletPCInputPanel", "Supported": "WindowsVistaOnly - Windows Vista only", "DisplayName": "Turn off tolerant and Z-shaped scratch-out gestures", "ExplainText": "Turns off both the more tolerant scratch-out gestures that were added in Windows Vista and the Z-shaped scratch-out gesture that was available in Microsoft Windows XP Tablet PC Edition.\n\nThe tolerant gestures let users scratch out ink in Input Panel by using strikethrough and other scratch-out gesture shapes.\n\nTablet PC Input Panel is a Tablet PC accessory that enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts.\n\nIf you enable this policy and choose \"All\" from the drop-down menu, no scratch-out gestures will be available in Input Panel. Users will not be able to configure this setting in the Input Panel Options dialog box.\n\nIf you enable this policy and choose \"Tolerant,\" users will be able to use the Z-shaped scratch-out gesture that was available in Microsoft Windows XP Tablet PC Edition. Users will not be able to configure this setting in the Input Panel Options dialog box.\n\nIf you enable this policy and choose \"None,\" users will be able to use both the tolerant scratch-out gestures and the Z-shaped scratch-out gesture. Users will not be able to configure this setting in the Input Panel Options dialog box.\n\nIf you disable this policy, users will be able to use both the tolerant scratch-out gestures and the Z-shaped scratch-out gesture. Users will not be able to configure this setting in the Input Panel Options dialog box.\n\nIf you do not configure this policy, users will be able to use both the tolerant scratch-out gestures and the Z-shaped scratch-out gesture. Users will be able to configure this setting on the Gestures tab in Input Panel Options.", "KeyPath": [ "HKLM\\software\\policies\\microsoft\\TabletTip\\1.7" ], "ValueName": "ScratchOutState", "Elements": [ { "Type": "Enum", "ValueName": "ScratchOut", "Items": [ { "DisplayName": "All", "Data": "1" }, { "DisplayName": "Tolerant", "Data": "2" }, { "DisplayName": "None", "Data": "3" } ], "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TabletPCInputPanel.admx", "CategoryName": "TabletTIP", "PolicyName": "Prediction_1", "Class": "User", "NameSpace": "Microsoft.Policies.TabletPCInputPanel", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Disable text prediction", "ExplainText": "Prevents the Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7 and Windows Vista) from providing text prediction suggestions. This policy applies for both the on-screen keyboard and the handwriting tab when the feature is available for the current input area and input language.\n\nTouch Keyboard and Handwriting panel enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts.\n\nIf you enable this policy, Input Panel will not provide text prediction suggestions. Users will not be able to configure this setting in the Input Panel Options dialog box.\n\nIf you disable this policy, Input Panel will provide text prediction suggestions. Users will not be able to configure this setting in the Input Panel Options dialog box.\n\nIf you do not configure this policy, Input Panel will provide text prediction suggestions. Users will be able to configure this setting on the Text Completion tab in Input Panel Options in Windows 7 and Windows Vista.", "KeyPath": [ "HKCU\\software\\policies\\microsoft\\TabletTip\\1.7" ], "ValueName": "DisablePrediction", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TabletPCInputPanel.admx", "CategoryName": "TabletTIP", "PolicyName": "Prediction_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.TabletPCInputPanel", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Disable text prediction", "ExplainText": "Prevents the Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7 and Windows Vista) from providing text prediction suggestions. This policy applies for both the on-screen keyboard and the handwriting tab when the feature is available for the current input area and input language.\n\nTouch Keyboard and Handwriting panel enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts.\n\nIf you enable this policy, Input Panel will not provide text prediction suggestions. Users will not be able to configure this setting in the Input Panel Options dialog box.\n\nIf you disable this policy, Input Panel will provide text prediction suggestions. Users will not be able to configure this setting in the Input Panel Options dialog box.\n\nIf you do not configure this policy, Input Panel will provide text prediction suggestions. Users will be able to configure this setting on the Text Completion tab in Input Panel Options in Windows 7 and Windows Vista.", "KeyPath": [ "HKLM\\software\\policies\\microsoft\\TabletTip\\1.7" ], "ValueName": "DisablePrediction", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TabletShell.admx", "CategoryName": "Accessories", "PolicyName": "DisableInkball_1", "Class": "User", "NameSpace": "Microsoft.Policies.TabletPCShell", "Supported": "WindowsVistaOnly - Windows Vista only", "DisplayName": "Do not allow Inkball to run", "ExplainText": "Prevents start of InkBall game.\n\nIf you enable this policy, the InkBall game will not run.\n\nIf you disable this policy, the InkBall game will run.\n\nIf you do not configure this policy, the InkBall game will run.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\TabletPC" ], "ValueName": "DisableInkball", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TabletShell.admx", "CategoryName": "Accessories", "PolicyName": "DisableInkball_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.TabletPCShell", "Supported": "WindowsVistaOnly - Windows Vista only", "DisplayName": "Do not allow Inkball to run", "ExplainText": "Prevents start of InkBall game.\n\nIf you enable this policy, the InkBall game will not run.\n\nIf you disable this policy, the InkBall game will run.\n\nIf you do not configure this policy, the InkBall game will run.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\TabletPC" ], "ValueName": "DisableInkball", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TabletShell.admx", "CategoryName": "Accessories", "PolicyName": "DisableJournal_1", "Class": "User", "NameSpace": "Microsoft.Policies.TabletPCShell", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Do not allow Windows Journal to be run", "ExplainText": "Prevents start of Windows Journal.\n\nIf you enable this policy, the Windows Journal accessory will not run.\n\nIf you disable this policy, the Windows Journal accessory will run.\n\nIf you do not configure this policy, the Windows Journal accessory will run.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\TabletPC" ], "ValueName": "DisableJournal", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TabletShell.admx", "CategoryName": "Accessories", "PolicyName": "DisableJournal_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.TabletPCShell", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Do not allow Windows Journal to be run", "ExplainText": "Prevents start of Windows Journal.\n\nIf you enable this policy, the Windows Journal accessory will not run.\n\nIf you disable this policy, the Windows Journal accessory will run.\n\nIf you do not configure this policy, the Windows Journal accessory will run.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\TabletPC" ], "ValueName": "DisableJournal", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TabletShell.admx", "CategoryName": "Accessories", "PolicyName": "DisableNoteWriterPrinting_1", "Class": "User", "NameSpace": "Microsoft.Policies.TabletPCShell", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Do not allow printing to Journal Note Writer", "ExplainText": "Prevents printing to Journal Note Writer.\n\nIf you enable this policy, the Journal Note Writer printer driver will not allow printing to it. It will remain displayed in the list of available printers, but attempts to print to it will fail.\n\nIf you disable this policy, you will be able to use this feature to print to a Journal Note.\n\nIf you do not configure this policy, users will be able to use this feature to print to a Journal Note.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\TabletPC" ], "ValueName": "DisableNoteWriterPrinting", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TabletShell.admx", "CategoryName": "Accessories", "PolicyName": "DisableNoteWriterPrinting_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.TabletPCShell", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Do not allow printing to Journal Note Writer", "ExplainText": "Prevents printing to Journal Note Writer.\n\nIf you enable this policy, the Journal Note Writer printer driver will not allow printing to it. It will remain displayed in the list of available printers, but attempts to print to it will fail.\n\nIf you disable this policy, you will be able to use this feature to print to a Journal Note.\n\nIf you do not configure this policy, users will be able to use this feature to print to a Journal Note.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\TabletPC" ], "ValueName": "DisableNoteWriterPrinting", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TabletShell.admx", "CategoryName": "Accessories", "PolicyName": "DisableSnippingTool_1", "Class": "User", "NameSpace": "Microsoft.Policies.TabletPCShell", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Do not allow Snipping Tool to run", "ExplainText": "Prevents the snipping tool from running.\n\nIf you enable this policy setting, the Snipping Tool will not run.\n\nIf you disable this policy setting, the Snipping Tool will run.\n\nIf you do not configure this policy setting, the Snipping Tool will run.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\TabletPC" ], "ValueName": "DisableSnippingTool", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TabletShell.admx", "CategoryName": "Accessories", "PolicyName": "DisableSnippingTool_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.TabletPCShell", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Do not allow Snipping Tool to run", "ExplainText": "Prevents the snipping tool from running.\n\nIf you enable this policy setting, the Snipping Tool will not run.\n\nIf you disable this policy setting, the Snipping Tool will run.\n\nIf you do not configure this policy setting, the Snipping Tool will run.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\TabletPC" ], "ValueName": "DisableSnippingTool", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TabletShell.admx", "CategoryName": "Cursors", "PolicyName": "TurnOffFeedback_1", "Class": "User", "NameSpace": "Microsoft.Policies.TabletPCShell", "Supported": "Windows7ToVista - Windows Server 2008, Windows 7, and Windows Vista", "DisplayName": "Turn off pen feedback", "ExplainText": "Disables visual pen action feedback, except for press and hold feedback.\n\nIf you enable this policy, all visual pen action feedback is disabled except for press and hold feedback. Additionally, the mouse cursors are shown instead of the pen cursors.\n\nIf you disable or do not configure this policy, visual feedback and pen cursors will be shown unless the user disables them in Control Panel.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\TabletPC" ], "ValueName": "TurnOffPenFeedback", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TabletShell.admx", "CategoryName": "Cursors", "PolicyName": "TurnOffFeedback_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.TabletPCShell", "Supported": "Windows7ToVista - Windows Server 2008, Windows 7, and Windows Vista", "DisplayName": "Turn off pen feedback", "ExplainText": "Disables visual pen action feedback, except for press and hold feedback.\n\nIf you enable this policy, all visual pen action feedback is disabled except for press and hold feedback. Additionally, the mouse cursors are shown instead of the pen cursors.\n\nIf you disable or do not configure this policy, visual feedback and pen cursors will be shown unless the user disables them in Control Panel.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\TabletPC" ], "ValueName": "TurnOffPenFeedback", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TabletShell.admx", "CategoryName": "HardwareButtons", "PolicyName": "PreventBackEscMapping_1", "Class": "User", "NameSpace": "Microsoft.Policies.TabletPCShell", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Prevent Back-ESC mapping", "ExplainText": "Removes the Back->ESC mapping that normally occurs when menus are visible, and for applications that subscribe to this behavior.\n\nIf you enable this policy, a button assigned to Back will not map to ESC.\n\nIf you disable this policy, Back->ESC mapping will occur.\n\nIf you do not configure this policy, Back->ESC mapping will occur.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\TabletPC" ], "ValueName": "PreventButtonBackEscapeMapping", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TabletShell.admx", "CategoryName": "HardwareButtons", "PolicyName": "PreventBackEscMapping_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.TabletPCShell", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Prevent Back-ESC mapping", "ExplainText": "Removes the Back->ESC mapping that normally occurs when menus are visible, and for applications that subscribe to this behavior.\n\nIf you enable this policy, a button assigned to Back will not map to ESC.\n\nIf you disable this policy, Back->ESC mapping will occur.\n\nIf you do not configure this policy, Back->ESC mapping will occur.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\TabletPC" ], "ValueName": "PreventButtonBackEscapeMapping", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TabletShell.admx", "CategoryName": "HardwareButtons", "PolicyName": "PreventLaunchApp_1", "Class": "User", "NameSpace": "Microsoft.Policies.TabletPCShell", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Prevent launch an application", "ExplainText": "Prevents the user from launching an application from a Tablet PC hardware button.\n\nIf you enable this policy, applications cannot be launched from a hardware button, and \"Launch an application\" is removed from the drop down menu for configuring button actions (in the Tablet PC Control Panel buttons tab).\n\nIf you disable this policy, applications can be launched from a hardware button.\n\nIf you do not configure this policy, applications can be launched from a hardware button.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\TabletPC" ], "ValueName": "PreventButtonApplicationLaunch", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TabletShell.admx", "CategoryName": "HardwareButtons", "PolicyName": "PreventLaunchApp_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.TabletPCShell", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Prevent launch an application", "ExplainText": "Prevents the user from launching an application from a Tablet PC hardware button.\n\nIf you enable this policy, applications cannot be launched from a hardware button, and \"Launch an application\" is removed from the drop down menu for configuring button actions (in the Tablet PC Control Panel buttons tab).\n\nIf you disable this policy, applications can be launched from a hardware button.\n\nIf you do not configure this policy, applications can be launched from a hardware button.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\TabletPC" ], "ValueName": "PreventButtonApplicationLaunch", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TabletShell.admx", "CategoryName": "HardwareButtons", "PolicyName": "PreventPressAndHold_1", "Class": "User", "NameSpace": "Microsoft.Policies.TabletPCShell", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Prevent press and hold", "ExplainText": "Prevents press and hold actions on hardware buttons, so that only one action is available per button.\n\nIf you enable this policy, press and hold actions are unavailable, and the button configuration dialog will display the following text: \"Some settings are controlled by Group Policy. If a setting is unavailable, contact your system administrator.\"\n\nIf you disable this policy, press and hold actions for buttons will be available.\n\nIf you do not configure this policy, press and hold actions will be available.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\TabletPC" ], "ValueName": "PreventButtonPressAndHold", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TabletShell.admx", "CategoryName": "HardwareButtons", "PolicyName": "PreventPressAndHold_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.TabletPCShell", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Prevent press and hold", "ExplainText": "Prevents press and hold actions on hardware buttons, so that only one action is available per button.\n\nIf you enable this policy, press and hold actions are unavailable, and the button configuration dialog will display the following text: \"Some settings are controlled by Group Policy. If a setting is unavailable, contact your system administrator.\"\n\nIf you disable this policy, press and hold actions for buttons will be available.\n\nIf you do not configure this policy, press and hold actions will be available.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\TabletPC" ], "ValueName": "PreventButtonPressAndHold", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TabletShell.admx", "CategoryName": "HardwareButtons", "PolicyName": "TurnOffButtons_1", "Class": "User", "NameSpace": "Microsoft.Policies.TabletPCShell", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn off hardware buttons", "ExplainText": "Turns off Tablet PC hardware buttons.\n\nIf you enable this policy, no actions will occur when the buttons are pressed, and the buttons tab in Tablet PC Control Panel will be removed.\n\nIf you disable this policy, user and OEM defined button actions will occur when the buttons are pressed.\n\nIf you do not configure this policy, user and OEM defined button actions will occur when the buttons are pressed.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\TabletPC" ], "ValueName": "TurnOffButtons", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TabletShell.admx", "CategoryName": "HardwareButtons", "PolicyName": "TurnOffButtons_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.TabletPCShell", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn off hardware buttons", "ExplainText": "Turns off Tablet PC hardware buttons.\n\nIf you enable this policy, no actions will occur when the buttons are pressed, and the buttons tab in Tablet PC Control Panel will be removed.\n\nIf you disable this policy, user and OEM defined button actions will occur when the buttons are pressed.\n\nIf you do not configure this policy, user and OEM defined button actions will occur when the buttons are pressed.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\TabletPC" ], "ValueName": "TurnOffButtons", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TabletShell.admx", "CategoryName": "PenFlicksLearning", "PolicyName": "PreventFlicksLearningMode_1", "Class": "User", "NameSpace": "Microsoft.Policies.TabletPCShell", "Supported": "Windows7ToVista - Windows Server 2008, Windows 7, and Windows Vista", "DisplayName": "Prevent Flicks Learning Mode", "ExplainText": "Makes pen flicks learning mode unavailable.\n\nIf you enable this policy, pen flicks are still available but learning mode is not. Pen flicks are off by default and can be turned on system-wide, but cannot be restricted to learning mode applications. This means that the pen flicks training triggers in Internet Explorer are disabled and that the pen flicks notification will never be displayed. However, pen flicks, the pen flicks tray icon and pen flicks training (that can be accessed through CPL) are still available. Conceptually this policy is a subset of the Disable pen flicks policy.\n\nIf you disable or do not configure this policy, all the features described above will be available.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\TabletPC" ], "ValueName": "PreventFlicksLearningMode", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TabletShell.admx", "CategoryName": "PenFlicksLearning", "PolicyName": "PreventFlicksLearningMode_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.TabletPCShell", "Supported": "Windows7ToVista - Windows Server 2008, Windows 7, and Windows Vista", "DisplayName": "Prevent Flicks Learning Mode", "ExplainText": "Makes pen flicks learning mode unavailable.\n\nIf you enable this policy, pen flicks are still available but learning mode is not. Pen flicks are off by default and can be turned on system-wide, but cannot be restricted to learning mode applications. This means that the pen flicks training triggers in Internet Explorer are disabled and that the pen flicks notification will never be displayed. However, pen flicks, the pen flicks tray icon and pen flicks training (that can be accessed through CPL) are still available. Conceptually this policy is a subset of the Disable pen flicks policy.\n\nIf you disable or do not configure this policy, all the features described above will be available.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\TabletPC" ], "ValueName": "PreventFlicksLearningMode", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TabletShell.admx", "CategoryName": "PenUXBehaviors", "PolicyName": "PreventFlicks_1", "Class": "User", "NameSpace": "Microsoft.Policies.TabletPCShell", "Supported": "Windows7ToVista - Windows Server 2008, Windows 7, and Windows Vista", "DisplayName": "Prevent flicks", "ExplainText": "Makes pen flicks and all related features unavailable.\n\nIf you enable this policy, pen flicks and all related features are unavailable. This includes: pen flicks themselves, pen flicks training, pen flicks training triggers in Internet Explorer, the pen flicks notification and the pen flicks tray icon.\n\nIf you disable or do not configure this policy, pen flicks and related features are available.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\TabletPC" ], "ValueName": "PreventFlicks", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TabletShell.admx", "CategoryName": "PenUXBehaviors", "PolicyName": "PreventFlicks_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.TabletPCShell", "Supported": "Windows7ToVista - Windows Server 2008, Windows 7, and Windows Vista", "DisplayName": "Prevent flicks", "ExplainText": "Makes pen flicks and all related features unavailable.\n\nIf you enable this policy, pen flicks and all related features are unavailable. This includes: pen flicks themselves, pen flicks training, pen flicks training triggers in Internet Explorer, the pen flicks notification and the pen flicks tray icon.\n\nIf you disable or do not configure this policy, pen flicks and related features are available.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\TabletPC" ], "ValueName": "PreventFlicks", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Taskbar.admx", "CategoryName": "StartMenu", "PolicyName": "HideSCAPower", "Class": "User", "NameSpace": "Microsoft.Policies.TaskBar2", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Remove the battery meter", "ExplainText": "This policy setting allows you to remove the battery meter from the system control area.\n\nIf you enable this policy setting, the battery meter is not displayed in the system notification area.\n\nIf you disable or do not configure this policy setting, the battery meter is displayed in the system notification area.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "HideSCAPower", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Taskbar.admx", "CategoryName": "StartMenu", "PolicyName": "HideSCANetwork", "Class": "User", "NameSpace": "Microsoft.Policies.TaskBar2", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Remove the networking icon", "ExplainText": "This policy setting allows you to remove the networking icon from the system control area.\n\nIf you enable this policy setting, the networking icon is not displayed in the system notification area.\n\nIf you disable or do not configure this policy setting, the networking icon is displayed in the system notification area.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "HideSCANetwork", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Taskbar.admx", "CategoryName": "StartMenu", "PolicyName": "HideSCAVolume", "Class": "User", "NameSpace": "Microsoft.Policies.TaskBar2", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Remove the volume control icon", "ExplainText": "This policy setting allows you to remove the volume control icon from the system control area.\n\nIf you enable this policy setting, the volume control icon is not displayed in the system notification area.\n\nIf you disable or do not configure this policy setting, the volume control icon is displayed in the system notification area.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "HideSCAVolume", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Taskbar.admx", "CategoryName": "StartMenu", "PolicyName": "HideSCAHealth", "Class": "User", "NameSpace": "Microsoft.Policies.TaskBar2", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Remove the Security and Maintenance icon", "ExplainText": "This policy setting allows you to remove Security and Maintenance from the system control area.\n\nIf you enable this policy setting, the Security and Maintenance icon is not displayed in the system notification area.\n\nIf you disable or do not configure this policy setting, the Security and Maintenance icon is displayed in the system notification area.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "HideSCAHealth", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Taskbar.admx", "CategoryName": "StartMenu", "PolicyName": "HideSCAMeetNow", "Class": "User", "NameSpace": "Microsoft.Policies.TaskBar2", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Remove the Meet Now icon", "ExplainText": "This policy setting allows you to remove the Meet Now icon from the system control area.\n\nIf you enable this policy setting, the Meet Now icon is not displayed in the system notification area.\n\nIf you disable or do not configure this policy setting, the Meet Now icon is displayed in the system notification area.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "HideSCAMeetNow", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Taskbar.admx", "CategoryName": "StartMenu", "PolicyName": "TaskbarLockAll", "Class": "User", "NameSpace": "Microsoft.Policies.TaskBar2", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Lock all taskbar settings", "ExplainText": "This policy setting allows you to lock all taskbar settings.\n\nIf you enable this policy setting, the user cannot access the taskbar control panel. The user is also unable to resize, move or rearrange toolbars on their taskbar.\n\nIf you disable or do not configure this policy setting, the user will be able to set any taskbar setting that is not prevented by another policy setting.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "TaskbarLockAll", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Taskbar.admx", "CategoryName": "StartMenu", "PolicyName": "TaskbarNoAddRemoveToolbar", "Class": "User", "NameSpace": "Microsoft.Policies.TaskBar2", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Prevent users from adding or removing toolbars", "ExplainText": "This policy setting allows you to prevent users from adding or removing toolbars.\n\nIf you enable this policy setting, the user is not allowed to add or remove any toolbars to the taskbar. Applications are not able to add toolbars either.\n\nIf you disable or do not configure this policy setting, the users and applications are able to add toolbars to the taskbar.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "TaskbarNoAddRemoveToolbar", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Taskbar.admx", "CategoryName": "StartMenu", "PolicyName": "TaskbarNoDragToolbar", "Class": "User", "NameSpace": "Microsoft.Policies.TaskBar2", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Prevent users from rearranging toolbars", "ExplainText": "This policy setting allows you to prevent users from rearranging toolbars.\n\nIf you enable this policy setting, users are not able to drag or drop toolbars to the taskbar.\n\nIf you disable or do not configure this policy setting, users are able to rearrange the toolbars on the taskbar.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "TaskbarNoDragToolbar", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Taskbar.admx", "CategoryName": "StartMenu", "PolicyName": "TaskbarNoNotification", "Class": "User", "NameSpace": "Microsoft.Policies.TaskBar2", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn off all balloon notifications", "ExplainText": "This policy setting allows you to turn off all notification balloons.\n\nIf you enable this policy setting, no notification balloons are shown to the user.\n\nIf you disable or do not configure this policy setting, notification balloons are shown to the user.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "TaskbarNoNotification", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Taskbar.admx", "CategoryName": "StartMenu", "PolicyName": "TaskbarNoRedock", "Class": "User", "NameSpace": "Microsoft.Policies.TaskBar2", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Prevent users from moving taskbar to another screen dock location", "ExplainText": "This policy setting allows you to prevent users from moving taskbar to another screen dock location.\n\nIf you enable this policy setting, users are not able to drag their taskbar to another area of the monitor(s).\n\nIf you disable or do not configure this policy setting, users are able to drag their taskbar to another area of the monitor unless prevented by another policy setting.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "TaskbarNoRedock", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Taskbar.admx", "CategoryName": "StartMenu", "PolicyName": "TaskbarNoResize", "Class": "User", "NameSpace": "Microsoft.Policies.TaskBar2", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Prevent users from resizing the taskbar", "ExplainText": "This policy setting allows you to prevent users from resizing the taskbar.\n\nIf you enable this policy setting, users are not be able to resize their taskbar.\n\nIf you disable or do not configure this policy setting, users are able to resize their taskbar unless prevented by another setting.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "TaskbarNoResize", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Taskbar.admx", "CategoryName": "StartMenu", "PolicyName": "TaskbarNoThumbnail", "Class": "User", "NameSpace": "Microsoft.Policies.TaskBar2", "Supported": "WindowsVistaOnly - Windows Vista only", "DisplayName": "Turn off taskbar thumbnails", "ExplainText": "This policy setting allows you to turn off taskbar thumbnails.\n\nIf you enable this policy setting, the taskbar thumbnails are not displayed and the system uses standard text for the tooltips.\n\nIf you disable or do not configure this policy setting, the taskbar thumbnails are displayed.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "TaskbarNoThumbnail", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Taskbar.admx", "CategoryName": "StartMenu", "PolicyName": "TaskbarNoPinnedList", "Class": "Both", "NameSpace": "Microsoft.Policies.TaskBar2", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Remove pinned programs from the Taskbar", "ExplainText": "This policy setting allows you to remove pinned programs from the taskbar.\n\nIf you enable this policy setting, pinned programs are prevented from being shown on the Taskbar. Users cannot pin programs to the Taskbar.\n\nIf you disable or do not configure this policy setting, users can pin programs so that the program shortcuts stay on the Taskbar.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Explorer", "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "TaskbarNoPinnedList", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Taskbar.admx", "CategoryName": "StartMenu", "PolicyName": "NoSystraySystemPromotion", "Class": "User", "NameSpace": "Microsoft.Policies.TaskBar2", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Turn off automatic promotion of notification icons to the taskbar", "ExplainText": "This policy setting allows you to turn off automatic promotion of notification icons to the taskbar.\n\nIf you enable this policy setting, newly added notification icons are not temporarily promoted to the Taskbar. Users can still configure icons to be shown or hidden in the Notification Control Panel.\n\nIf you disable or do not configure this policy setting, newly added notification icons are temporarily promoted to the Taskbar.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "NoSystraySystemPromotion", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Taskbar.admx", "CategoryName": "StartMenu", "PolicyName": "EnableLegacyBalloonNotifications", "Class": "User", "NameSpace": "Microsoft.Policies.TaskBar2", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Disable showing balloon notifications as toasts.", "ExplainText": "This policy disables the functionality that converts balloons to toast notifications.\n\nIf you enable this policy setting, system and application notifications will render as balloons instead of toast notifications.\n\nEnable this policy setting if a specific app or system component that uses balloon notifications has compatibility issues with toast notifications.\n\nIf you disable or don\u2019t configure this policy setting, all notifications will appear as toast notifications.\n\nA reboot is required for this policy setting to take effect.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "EnableLegacyBalloonNotifications", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Taskbar.admx", "CategoryName": "StartMenu", "PolicyName": "NoBalloonFeatureAdvertisements", "Class": "User", "NameSpace": "Microsoft.Policies.TaskBar2", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Turn off feature advertisement balloon notifications", "ExplainText": "This policy setting allows you to turn off feature advertisement balloon notifications.\n\nIf you enable this policy setting, certain notification balloons that are marked as feature advertisements are not shown.\n\nIf you disable do not configure this policy setting, feature advertisement balloons are shown.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "NoBalloonFeatureAdvertisements", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Taskbar.admx", "CategoryName": "StartMenu", "PolicyName": "NoRemoteDestinations", "Class": "User", "NameSpace": "Microsoft.Policies.TaskBar2", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Do not display or track items in Jump Lists from remote locations", "ExplainText": "This policy setting allows you to control displaying or tracking items in Jump Lists from remote locations.\n\nThe Start Menu and Taskbar display Jump Lists off of programs. These menus include files, folders, websites and other relevant items for that program. This helps users more easily reopen their most important documents and other tasks.\n\nIf you enable this policy setting, the Start Menu and Taskbar only track the files that the user opens locally on this computer. Files that the user opens over the network from remote computers are not tracked or shown in the Jump Lists. Use this setting to reduce network traffic, particularly over slow network connections.\n\nIf you disable or do not configure this policy setting, all files that the user opens appear in the menus, including files located remotely on another computer.\n\nNote: This setting does not prevent Windows from displaying remote files that the user has explicitly pinned to the Jump Lists. See the \"\"Do not allow pinning items in Jump Lists\"\" policy setting.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "NoRemoteDestinations", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Taskbar.admx", "CategoryName": "StartMenu", "PolicyName": "NoPinningToTaskbar", "Class": "User", "NameSpace": "Microsoft.Policies.TaskBar2", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Do not allow pinning programs to the Taskbar", "ExplainText": "This policy setting allows you to control pinning programs to the Taskbar.\n\nIf you enable this policy setting, users cannot change the programs currently pinned to the Taskbar. If any programs are already pinned to the Taskbar, these programs continue to show in the Taskbar. However, users cannot unpin these programs already pinned to the Taskbar, and they cannot pin new programs to the Taskbar.\n\nIf you disable or do not configure this policy setting, users can change the programs currently pinned to the Taskbar.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "NoPinningToTaskbar", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Taskbar.admx", "CategoryName": "StartMenu", "PolicyName": "NoPinningToDestinations", "Class": "User", "NameSpace": "Microsoft.Policies.TaskBar2", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Do not allow pinning items in Jump Lists", "ExplainText": "This policy setting allows you to control pinning items in Jump Lists.\n\nIf you enable this policy setting, users cannot pin files, folders, websites, or other items to their Jump Lists in the Start Menu and Taskbar. Users also cannot unpin existing items pinned to their Jump Lists. Existing items already pinned to their Jump Lists will continue to show.\n\nIf you disable or do not configure this policy setting, users can pin files, folders, websites, and other items to a program's Jump List so that the items is always present in this menu.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "NoPinningToDestinations", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Taskbar.admx", "CategoryName": "StartMenu", "PolicyName": "TaskbarNoMultimon", "Class": "User", "NameSpace": "Microsoft.Policies.TaskBar2", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Do not allow taskbars on more than one display", "ExplainText": "This policy setting allows you to prevent taskbars from being displayed on more than one monitor.\n\nIf you enable this policy setting, users are not able to show taskbars on more than one display. The multiple display section is not enabled in the taskbar properties dialog.\n\nIf you disable or do not configure this policy setting, users can show taskbars on more than one display.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "TaskbarNoMultimon", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Taskbar.admx", "CategoryName": "StartMenu", "PolicyName": "ShowWindowsStoreAppsOnTaskbar", "Class": "User", "NameSpace": "Microsoft.Policies.TaskBar2", "Supported": "Windows_6_3 - At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1", "DisplayName": "Show packaged Microsoft Store apps on the taskbar", "ExplainText": "This policy setting allows users to see packaged Microsoft Store apps on the taskbar.\n\nIf you enable this policy setting, users will see packaged Microsoft Store apps on the taskbar.\n\nIf you disable this policy setting, users won\u2019t see packaged Microsoft Store apps on the taskbar.\n\nIf you don\u2019t configure this policy setting, the default setting for the user\u2019s device will be used, and the user can choose to change it.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "ShowWindowsStoreAppsOnTaskbar", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "2" } ] }, { "File": "Taskbar.admx", "CategoryName": "StartMenu", "PolicyName": "DisableNotificationCenter", "Class": "Both", "NameSpace": "Microsoft.Policies.TaskBar2", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Remove Notifications and Action Center", "ExplainText": "This policy setting removes Notifications and Action Center from the notification area on the taskbar.\n\nThe notification area is located at the far right end of the taskbar and includes icons for current notifications and the system clock.\n\nIf this setting is enabled, Notifications and Action Center is not displayed in the notification area. The user will be able to read notifications when they appear, but they won\u2019t be able to review any notifications they miss.\n\nIf you disable or do not configure this policy setting, Notification and Security and Maintenance will be displayed on the taskbar.\n\nA reboot is required for this policy setting to take effect.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Explorer", "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "DisableNotificationCenter", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Taskbar.admx", "CategoryName": "StartMenu", "PolicyName": "NoPinningStoreToTaskbar", "Class": "User", "NameSpace": "Microsoft.Policies.TaskBar2", "Supported": "Windows_6_3 - At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1", "DisplayName": "Do not allow pinning Store app to the Taskbar", "ExplainText": "This policy setting allows you to control pinning the Store app to the Taskbar.\n\nIf you enable this policy setting, users cannot pin the Store app to the Taskbar. If the Store app is already pinned to the Taskbar, it will be removed from the Taskbar on next login.\n\nIf you disable or do not configure this policy setting, users can pin the Store app to the Taskbar.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "NoPinningStoreToTaskbar", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Taskbar.admx", "CategoryName": "StartMenu", "PolicyName": "ConfigureTaskbarCalendar", "Class": "User", "NameSpace": "Microsoft.Policies.TaskBar2", "Supported": "Windows_10_0_RS2 - At least Windows Server 2016, Windows 10 Version 1703", "DisplayName": "Show additional calendar", "ExplainText": "By default, the calendar is set according to the locale of the operating system, and users can show an additional calendar. For zh-CN and zh-SG locales, an additional calendar shows the lunar month and date and holiday names in Simplified Chinese (Lunar) by default. For zh-TW, zh-HK, and zh-MO locales, an additional calendar shows the lunar month and date and holiday names in Traditional Chinese (Lunar) by default.\n\nIf you enable this policy setting, users can show an additional calendar in either Simplified Chinese (Lunar) or Traditional Chinese (Lunar), regardless of the locale.\n\nIf you disable this policy setting, users cannot show an additional calendar, regardless of the locale.\n\nIf you do not configure this policy setting, the calendar will be set according to the default logic.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Settings" ], "ValueName": "AllowConfigureTaskbarCalendar", "Elements": [ { "Type": "Enum", "ValueName": "ConfigureTaskbarCalendar", "Items": [ { "DisplayName": "Simplified Chinese (Lunar)", "Data": "2" }, { "DisplayName": "Traditional Chinese (Lunar)", "Data": "3" } ], "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Taskbar.admx", "CategoryName": "Chat", "PolicyName": "ConfigureChatIcon", "Class": "Machine", "NameSpace": "Microsoft.Policies.TaskBar2", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Configures the Chat icon on the taskbar", "ExplainText": "This policy setting allows you to configure the Chat icon on the taskbar.\n\nIf you enable this policy setting and set it to Show, the Chat icon will be displayed on the taskbar by default. Users can show or hide it in Settings.\n\nIf you enable this policy setting and set it to Hide, the Chat icon will be hidden by default. Users can show or hide it in Settings.\n\nIf you enable this policy setting and set it to Disabled, the Chat icon will not be displayed, and users cannot show or hide it in Settings.\n\nIf you disable or do not configure this policy setting, the Chat icon will be configured according to the defaults for your Windows edition.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Windows Chat" ], "Elements": [ { "Type": "Enum", "ValueName": "ChatIcon", "Items": [ { "DisplayName": "Show", "Data": "1" }, { "DisplayName": "Hide", "Data": "2" }, { "DisplayName": "Disabled", "Data": "3" } ], "Required": true } ] }, { "File": "Taskbar.admx", "CategoryName": "StartMenu", "PolicyName": "HideTaskViewButton", "Class": "Both", "NameSpace": "Microsoft.Policies.TaskBar2", "Supported": "Windows_11_0_NOSERVER_ENTERPRISE_EDUCATION_PRO_SANDBOX - At least Windows 11 Pro, Enterprise, or Education with Windows Sandbox", "DisplayName": "Hide the TaskView button", "ExplainText": "This policy setting allows you to hide the TaskView button.\n\nIf you enable this policy setting, the TaskView button will be hidden and the Settings toggle will be disabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Explorer", "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "HideTaskViewButton", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Taskbar.admx", "CategoryName": "StartMenu", "PolicyName": "AlwaysShowNotificationIcon", "Class": "User", "NameSpace": "Microsoft.Policies.TaskBar2", "Supported": "Windows_11_0_22H2 - At least Windows 11 Version 22H2", "DisplayName": "Show notification bell icon", "ExplainText": "This policy setting allows you to show the notification bell icon in the system tray.\n\nIf you enable this policy setting, the notification icon will always be shown. Otherwise, the notification icon will only be shown when there's a special status (for example, Do Not Disturb is turned on).\n\nA reboot is required for this policy setting to take effect.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "AlwaysShowNotificationIcon", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Taskbar.admx", "CategoryName": "StartMenu", "PolicyName": "TurnOffAbbreviatedDateTimeFormat", "Class": "User", "NameSpace": "Microsoft.Policies.TaskBar2", "Supported": "Windows_11_0_22H2 - At least Windows 11 Version 22H2", "DisplayName": "Turn off abbreviated time and date format", "ExplainText": "This policy setting allows you to show the longer time and date format in the system tray.\u200b\n\nIf this setting is enabled, the time format will include the AM/PM time marker and the date will include the year.\u200b\n\nA reboot is required for this policy setting to take effect.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "TurnOffAbbreviatedDateTimeFormat", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Taskbar.admx", "CategoryName": "StartMenu", "PolicyName": "ConfigureTaskbarSmallButtonBehavior", "Class": "Both", "NameSpace": "Microsoft.Policies.TaskBar2", "Supported": "Windows_11_0_NOSERVER_ENTERPRISE_EDUCATION_PRO_SANDBOX - At least Windows 11 Pro, Enterprise, or Education with Windows Sandbox", "DisplayName": "Configure Taskbar Small Button Behavior", "ExplainText": "This policy setting allows you to configure the behavior of small taskbar buttons.\n\nWhen set to:\n- Always: The taskbar always uses small buttons.\n- When taskbar is full: The taskbar dynamically switches between small buttons and standard button sizes based on available space.\n- Never: The taskbar never uses small buttons. Only standard sized buttons will be used.\n\nWhen this policy is enabled, one of the above options must be selected, and users cannot change the \"Show smaller taskbar buttons\" option in the Settings UI.\n\nWhen this policy disabled or not configured, no option is applied by Group Policy. Windows defaults to the \"When the taskbar is full\" behavior, and users can manually change this setting in the Settings UI.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Explorer", "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "Elements": [ { "Type": "Enum", "ValueName": "ConfigureTaskbarSmallButtonBehavior", "Items": [ { "DisplayName": "Always", "Data": "0" }, { "DisplayName": "When taskbar is full", "Data": "1" }, { "DisplayName": "Never", "Data": "2" } ], "Required": true } ] }, { "File": "TaskScheduler.admx", "CategoryName": "TaskScheduler", "PolicyName": "AllowBrowse_1", "Class": "User", "NameSpace": "Microsoft.Policies.TaskScheduler", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Prohibit Browse", "ExplainText": "Limits newly scheduled to items on the user's Start menu, and prevents the user from changing the scheduled program for existing tasks.\n\nThis setting removes the Browse button from the Schedule Task Wizard and from the Task tab of the properties dialog box for a task. Also, users cannot edit the \"Run\" box or the \"Start in\" box that determine the program and path for a task.\n\nAs a result, when users create a task, they must select a program from the list in the Scheduled Task Wizard, which displays only the tasks that appear on the Start menu and its submenus. Once a task is created, users cannot change the program a task runs.\n\nImportant: This setting does not prevent users from creating a new task by pasting or dragging any program into the Scheduled Tasks folder. To prevent this action, use the \"Prohibit Drag-and-Drop\" setting.\n\nNote: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Task Scheduler5.0" ], "ValueName": "Allow Browse", "Elements": [] }, { "File": "TaskScheduler.admx", "CategoryName": "TaskScheduler", "PolicyName": "AllowBrowse_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.TaskScheduler", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Prohibit Browse", "ExplainText": "Limits newly scheduled to items on the user's Start menu, and prevents the user from changing the scheduled program for existing tasks.\n\nThis setting removes the Browse button from the Schedule Task Wizard and from the Task tab of the properties dialog box for a task. Also, users cannot edit the \"Run\" box or the \"Start in\" box that determine the program and path for a task.\n\nAs a result, when users create a task, they must select a program from the list in the Scheduled Task Wizard, which displays only the tasks that appear on the Start menu and its submenus. Once a task is created, users cannot change the program a task runs.\n\nImportant: This setting does not prevent users from creating a new task by pasting or dragging any program into the Scheduled Tasks folder. To prevent this action, use the \"Prohibit Drag-and-Drop\" setting.\n\nNote: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Task Scheduler5.0" ], "ValueName": "Allow Browse", "Elements": [] }, { "File": "TaskScheduler.admx", "CategoryName": "TaskScheduler", "PolicyName": "DisableAdvanced_1", "Class": "User", "NameSpace": "Microsoft.Policies.TaskScheduler", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Hide Advanced Properties Checkbox in Add Scheduled Task Wizard", "ExplainText": "This setting removes the \"Open advanced properties for this task when I click Finish\" checkbox from the last page of the Scheduled Task Wizard. This policy is only designed to simplify task creation for beginning users.\n\nThe checkbox, when checked, instructs Task Scheduler to automatically open the newly created task's property sheet upon completion of the \"Add Scheduled Task\" wizard. The task's property sheet allows users to change task characteristics such as: the program the task runs, details of its schedule, idle time and power management settings, and its security context. Beginning users will often not be interested or confused by having the property sheet displayed automatically. Note that the checkbox is not checked by default even if this setting is Disabled or Not Configured.\n\nNote: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Task Scheduler5.0" ], "ValueName": "Disable Advanced", "Elements": [] }, { "File": "TaskScheduler.admx", "CategoryName": "TaskScheduler", "PolicyName": "DisableAdvanced_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.TaskScheduler", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Hide Advanced Properties Checkbox in Add Scheduled Task Wizard", "ExplainText": "This setting removes the \"Open advanced properties for this task when I click Finish\" checkbox from the last page of the Scheduled Task Wizard. This policy is only designed to simplify task creation for beginning users.\n\nThe checkbox, when checked, instructs Task Scheduler to automatically open the newly created task's property sheet upon completion of the \"Add Scheduled Task\" wizard. The task's property sheet allows users to change task characteristics such as: the program the task runs, details of its schedule, idle time and power management settings, and its security context. Beginning users will often not be interested or confused by having the property sheet displayed automatically. Note that the checkbox is not checked by default even if this setting is Disabled or Not Configured.\n\nNote: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Task Scheduler5.0" ], "ValueName": "Disable Advanced", "Elements": [] }, { "File": "TaskScheduler.admx", "CategoryName": "TaskScheduler", "PolicyName": "DragAndDrop_1", "Class": "User", "NameSpace": "Microsoft.Policies.TaskScheduler", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Prohibit Drag-and-Drop", "ExplainText": "Prevents users from adding or removing tasks by moving or copying programs in the Scheduled Tasks folder.\n\nThis setting disables the Cut, Copy, Paste, and Paste Shortcut items on the context menu and the Edit menu in Scheduled Tasks. It also disables the drag-and-drop features of the Scheduled Tasks folder.\n\nAs a result, users cannot add new scheduled tasks by dragging, moving, or copying a document or program into the Scheduled tasks folder.\n\nThis setting does not prevent users from using other methods to create new tasks, and it does not prevent users from deleting tasks.\n\nNote: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Task Scheduler5.0" ], "ValueName": "DragAndDrop", "Elements": [] }, { "File": "TaskScheduler.admx", "CategoryName": "TaskScheduler", "PolicyName": "DragAndDrop_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.TaskScheduler", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Prohibit Drag-and-Drop", "ExplainText": "Prevents users from adding or removing tasks by moving or copying programs in the Scheduled Tasks folder.\n\nThis setting disables the Cut, Copy, Paste, and Paste Shortcut items on the context menu and the Edit menu in Scheduled Tasks. It also disables the drag-and-drop features of the Scheduled Tasks folder.\n\nAs a result, users cannot add new scheduled tasks by dragging, moving, or copying a document or program into the Scheduled tasks folder.\n\nThis setting does not prevent users from using other methods to create new tasks, and it does not prevent users from deleting tasks.\n\nNote: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Task Scheduler5.0" ], "ValueName": "DragAndDrop", "Elements": [] }, { "File": "TaskScheduler.admx", "CategoryName": "TaskScheduler", "PolicyName": "Execution_1", "Class": "User", "NameSpace": "Microsoft.Policies.TaskScheduler", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Prevent Task Run or End", "ExplainText": "Prevents users from starting and stopping tasks manually.\n\nThis setting removes the Run and End Task items from the context menu that appears when you right-click a task. As a result, users cannot start tasks manually or force tasks to end before they are finished.\n\nNote: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Task Scheduler5.0" ], "ValueName": "Execution", "Elements": [] }, { "File": "TaskScheduler.admx", "CategoryName": "TaskScheduler", "PolicyName": "Execution_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.TaskScheduler", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Prevent Task Run or End", "ExplainText": "Prevents users from starting and stopping tasks manually.\n\nThis setting removes the Run and End Task items from the context menu that appears when you right-click a task. As a result, users cannot start tasks manually or force tasks to end before they are finished.\n\nNote: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Task Scheduler5.0" ], "ValueName": "Execution", "Elements": [] }, { "File": "TaskScheduler.admx", "CategoryName": "TaskScheduler", "PolicyName": "PropertyPages_1", "Class": "User", "NameSpace": "Microsoft.Policies.TaskScheduler", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Hide Property Pages", "ExplainText": "Prevents users from viewing and changing the properties of an existing task.\n\nThis setting removes the Properties item from the File menu in Scheduled Tasks and from the context menu that appears when you right-click a task. As a result, users cannot change any properties of a task. They can only see the properties that appear in Detail view and in the task preview.\n\nThis setting prevents users from viewing and changing characteristics such as the program the task runs, its schedule details, idle time and power management settings, and its security context.\n\nNote: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.\n\nTip: This setting affects existing tasks only. To prevent users from changing the properties of newly created tasks, use the \"Remove Advanced Menu\" setting.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Task Scheduler5.0" ], "ValueName": "Property Pages", "Elements": [] }, { "File": "TaskScheduler.admx", "CategoryName": "TaskScheduler", "PolicyName": "PropertyPages_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.TaskScheduler", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Hide Property Pages", "ExplainText": "Prevents users from viewing and changing the properties of an existing task.\n\nThis setting removes the Properties item from the File menu in Scheduled Tasks and from the context menu that appears when you right-click a task. As a result, users cannot change any properties of a task. They can only see the properties that appear in Detail view and in the task preview.\n\nThis setting prevents users from viewing and changing characteristics such as the program the task runs, its schedule details, idle time and power management settings, and its security context.\n\nNote: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.\n\nTip: This setting affects existing tasks only. To prevent users from changing the properties of newly created tasks, use the \"Remove Advanced Menu\" setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Task Scheduler5.0" ], "ValueName": "Property Pages", "Elements": [] }, { "File": "TaskScheduler.admx", "CategoryName": "TaskScheduler", "PolicyName": "TaskCreation_1", "Class": "User", "NameSpace": "Microsoft.Policies.TaskScheduler", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Prohibit New Task Creation", "ExplainText": "Prevents users from creating new tasks.\n\nThis setting removes the Add Scheduled Task item that starts the New Task Wizard. Also, the system does not respond when users try to move, paste, or drag programs or documents into the Scheduled Tasks folder.\n\nNote: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.\n\nImportant: This setting does not prevent administrators of a computer from using At.exe to create new tasks or prevent administrators from submitting tasks from remote computers.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Task Scheduler5.0" ], "ValueName": "Task Creation", "Elements": [] }, { "File": "TaskScheduler.admx", "CategoryName": "TaskScheduler", "PolicyName": "TaskCreation_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.TaskScheduler", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Prohibit New Task Creation", "ExplainText": "Prevents users from creating new tasks.\n\nThis setting removes the Add Scheduled Task item that starts the New Task Wizard. Also, the system does not respond when users try to move, paste, or drag programs or documents into the Scheduled Tasks folder.\n\nNote: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.\n\nImportant: This setting does not prevent administrators of a computer from using At.exe to create new tasks or prevent administrators from submitting tasks from remote computers.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Task Scheduler5.0" ], "ValueName": "Task Creation", "Elements": [] }, { "File": "TaskScheduler.admx", "CategoryName": "TaskScheduler", "PolicyName": "TaskDeletion_1", "Class": "User", "NameSpace": "Microsoft.Policies.TaskScheduler", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Prohibit Task Deletion", "ExplainText": "Prevents users from deleting tasks from the Scheduled Tasks folder.\n\nThis setting removes the Delete command from the Edit menu in the Scheduled Tasks folder and from the menu that appears when you right-click a task. Also, the system does not respond when users try to cut or drag a task from the Scheduled Tasks folder.\n\nNote: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.\n\nImportant: This setting does not prevent administrators of a computer from using At.exe to delete tasks.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Task Scheduler5.0" ], "ValueName": "Task Deletion", "Elements": [] }, { "File": "TaskScheduler.admx", "CategoryName": "TaskScheduler", "PolicyName": "TaskDeletion_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.TaskScheduler", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Prohibit Task Deletion", "ExplainText": "Prevents users from deleting tasks from the Scheduled Tasks folder.\n\nThis setting removes the Delete command from the Edit menu in the Scheduled Tasks folder and from the menu that appears when you right-click a task. Also, the system does not respond when users try to cut or drag a task from the Scheduled Tasks folder.\n\nNote: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.\n\nImportant: This setting does not prevent administrators of a computer from using At.exe to delete tasks.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Task Scheduler5.0" ], "ValueName": "Task Deletion", "Elements": [] }, { "File": "tcpip.admx", "CategoryName": "Ipv6Transition", "PolicyName": "ISATAP_State", "Class": "Machine", "NameSpace": "Microsoft.Policies.TCPIP", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Set ISATAP State", "ExplainText": "This policy setting allows you to configure Intra-Site Automatic Tunnel Addressing Protocol (ISATAP), an address-to-router and host-to-host, host-to-router and router-to-host automatic tunneling technology that is used to provide unicast IPv6 connectivity between IPv6 hosts across an IPv4 intranet.\n\nIf you disable or do not configure this policy setting, the local host setting is used.\n\nIf you enable this policy setting, you can configure ISATAP with one of the following settings:\n\nPolicy Default State: No ISATAP interfaces are present on the host.\n\nPolicy Enabled State: If the ISATAP name is resolved successfully, the host will have ISATAP configured with a link-local address and an address for each prefix received from the ISATAP router through stateless address auto-configuration. If the ISATAP name is not resolved successfully, the host will have an ISATAP interface configured with a link-local address.\n\nPolicy Disabled State: No ISATAP interfaces are present on the host.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\TCPIP\\v6Transition" ], "ClientExtension": "{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}", "Elements": [ { "Type": "Enum", "ValueName": "ISATAP_State", "Items": [ { "DisplayName": "Default State", "Data": "Default" }, { "DisplayName": "Enabled State", "Data": "Enabled" }, { "DisplayName": "Disabled State", "Data": "Disabled" } ], "Required": true } ] }, { "File": "tcpip.admx", "CategoryName": "Ipv6Transition", "PolicyName": "ISATAP_Router_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.TCPIP", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Set ISATAP Router Name", "ExplainText": "This policy setting allows you to specify a router name or Internet Protocol version 4 (IPv4) address for an ISATAP router.\n\nIf you enable this policy setting, you can specify a router name or IPv4 address for an ISATAP router. If you enter an IPv4 address of the ISATAP router in the text box, DNS services are not required.\n\nIf you disable or do not configure this policy setting, the local host setting is used.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\TCPIP\\v6Transition" ], "ClientExtension": "{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}", "Elements": [ { "Type": "Text", "ValueName": "ISATAP_RouterName" } ] }, { "File": "tcpip.admx", "CategoryName": "Ipv6Transition", "PolicyName": "6to4_State", "Class": "Machine", "NameSpace": "Microsoft.Policies.TCPIP", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Set 6to4 State", "ExplainText": "This policy setting allows you to configure 6to4, an address assignment and router-to-router automatic tunneling technology that is used to provide unicast IPv6 connectivity between IPv6 sites and hosts across the IPv4 Internet. 6to4 uses the global address prefix: 2002:WWXX:YYZZ::/48 in which the letters are a hexadecimal representation of the global IPv4 address (w.x.y.z) assigned to a site.\n\nIf you disable or do not configure this policy setting, the local host setting is used.\n\nIf you enable this policy setting, you can configure 6to4 with one of the following settings:\n\nPolicy Default State: 6to4 is turned off and connectivity with 6to4 will not be available.\n\nPolicy Enabled State: If a global IPv4 address is present, the host will have a 6to4 interface. If no global IPv4 address is present, the host will not have a 6to4 interface.\n\nPolicy Disabled State: 6to4 is turned off and connectivity with 6to4 will not be available.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\TCPIP\\v6Transition" ], "ClientExtension": "{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}", "Elements": [ { "Type": "Enum", "ValueName": "6to4_State", "Items": [ { "DisplayName": "Default State", "Data": "Default" }, { "DisplayName": "Enabled State", "Data": "Enabled" }, { "DisplayName": "Disabled State", "Data": "Disabled" } ], "Required": true } ] }, { "File": "tcpip.admx", "CategoryName": "Ipv6Transition", "PolicyName": "6to4_Router_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.TCPIP", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Set 6to4 Relay Name", "ExplainText": "This policy setting allows you to specify a 6to4 relay name for a 6to4 host. A 6to4 relay is used as a default gateway for IPv6 network traffic sent by the 6to4 host. The 6to4 relay name setting has no effect if 6to4 connectivity is not available on the host.\n\nIf you enable this policy setting, you can specify a relay name for a 6to4 host.\n\nIf you disable or do not configure this policy setting, the local host setting is used, and you cannot specify a relay name for a 6to4 host.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\TCPIP\\v6Transition" ], "ClientExtension": "{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}", "Elements": [ { "Type": "Text", "ValueName": "6to4_RouterName" } ] }, { "File": "tcpip.admx", "CategoryName": "Ipv6Transition", "PolicyName": "6to4_Router_Name_Resolution_Interval", "Class": "Machine", "NameSpace": "Microsoft.Policies.TCPIP", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Set 6to4 Relay Name Resolution Interval", "ExplainText": "This policy setting allows you to specify the interval at which the relay name is resolved. The 6to4 relay name resolution interval setting has no effect if 6to4 connectivity is not available on the host.\n\nIf you enable this policy setting, you can specify the value for the duration at which the relay name is resolved periodically.\n\nIf you disable or do not configure this policy setting, the local host setting is used.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\TCPIP\\v6Transition" ], "ClientExtension": "{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}", "Elements": [ { "Type": "Decimal", "ValueName": "6to4_RouterNameResolutionInterval", "MinValue": "0", "MaxValue": "4294967295", "Required": true } ] }, { "File": "tcpip.admx", "CategoryName": "Ipv6Transition", "PolicyName": "Teredo_State", "Class": "Machine", "NameSpace": "Microsoft.Policies.TCPIP", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Set Teredo State", "ExplainText": "This policy setting allows you to configure Teredo, an address assignment and automatic tunneling technology that provides unicast IPv6 connectivity across the IPv4 Internet.\n\nIf you disable or do not configure this policy setting, the local host settings are used.\n\nIf you enable this policy setting, you can configure Teredo with one of the following settings:\n\nDefault: The default state is \"Client.\"\n\nDisabled: No Teredo interfaces are present on the host.\n\nClient: The Teredo interface is present only when the host is not on a network that includes a domain controller.\n\nEnterprise Client: The Teredo interface is always present, even if the host is on a network that includes a domain controller.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\TCPIP\\v6Transition" ], "ClientExtension": "{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}", "Elements": [ { "Type": "Enum", "ValueName": "Teredo_State", "Items": [ { "DisplayName": "Default State", "Data": "Default" }, { "DisplayName": "Disabled State", "Data": "Disabled" }, { "DisplayName": "Client", "Data": "Client" }, { "DisplayName": "Enterprise Client", "Data": "Enterprise Client" } ], "Required": true } ] }, { "File": "tcpip.admx", "CategoryName": "Ipv6Transition", "PolicyName": "Teredo_Server_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.TCPIP", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Set Teredo Server Name", "ExplainText": "This policy setting allows you to specify the name of the Teredo server. This server name will be used on the Teredo client computer where this policy setting is applied.\n\nIf you enable this policy setting, you can specify a Teredo server name that applies to a Teredo client.\n\nIf you disable or do not configure this policy setting, the local settings on the computer are used to determine the Teredo server name.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\TCPIP\\v6Transition" ], "ClientExtension": "{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}", "Elements": [ { "Type": "Text", "ValueName": "Teredo_ServerName" } ] }, { "File": "tcpip.admx", "CategoryName": "Ipv6Transition", "PolicyName": "Teredo_Refresh_Rate", "Class": "Machine", "NameSpace": "Microsoft.Policies.TCPIP", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Set Teredo Refresh Rate", "ExplainText": "This policy setting allows you to configure the Teredo refresh rate.\n\nNote: On a periodic basis (by default, every 30 seconds), Teredo clients send a single Router Solicitation packet to the Teredo server. The Teredo server sends a Router Advertisement Packet in response. This periodic packet refreshes the IP address and UDP port mapping in the translation table of the Teredo client's NAT device.\n\nIf you enable this policy setting, you can specify the refresh rate. If you choose a refresh rate longer than the port mapping in the Teredo client's NAT device, Teredo might stop working or connectivity might be intermittent.\n\nIf you disable or do not configure this policy setting, the refresh rate is configured using the local settings on the computer. The default refresh rate is 30 seconds.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\TCPIP\\v6Transition" ], "ClientExtension": "{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}", "Elements": [ { "Type": "Decimal", "ValueName": "Teredo_RefreshRate", "MinValue": "1", "MaxValue": "86400", "Required": true } ] }, { "File": "tcpip.admx", "CategoryName": "Ipv6Transition", "PolicyName": "Teredo_Client_Port", "Class": "Machine", "NameSpace": "Microsoft.Policies.TCPIP", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Set Teredo Client Port", "ExplainText": "This policy setting allows you to select the UDP port the Teredo client will use to send packets. If you leave the default of 0, the operating system will select a port (recommended). If you select a UDP port that is already in use by a system, the Teredo client will fail to initialize.\n\nIf you enable this policy setting, you can customize a UDP port for the Teredo client.\n\nIf you disable or do not configure this policy setting, the local host setting is used.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\TCPIP\\v6Transition" ], "ClientExtension": "{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}", "Elements": [ { "Type": "Decimal", "ValueName": "Teredo_ClientPort", "MinValue": "0", "MaxValue": "65535", "Required": true } ] }, { "File": "tcpip.admx", "CategoryName": "Ipv6Transition", "PolicyName": "Teredo_Default_Qualified", "Class": "Machine", "NameSpace": "Microsoft.Policies.TCPIP", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Set Teredo Default Qualified", "ExplainText": "This policy setting allows you to set Teredo to be ready to communicate, a process referred to as qualification. By default, Teredo enters a dormant state when not in use. The qualification process brings it out of a dormant state.\n\nIf you disable or do not configure this policy setting, the local host setting is used.\n\nThis policy setting contains only one state:\n\nPolicy Enabled State: If Default Qualified is enabled, Teredo will attempt qualification immediately and remain qualified if the qualification process succeeds.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\TCPIP\\v6Transition" ], "ClientExtension": "{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}", "Elements": [ { "Type": "Enum", "ValueName": "Teredo_DefaultQualified", "Items": [ { "DisplayName": "Enabled State", "Data": "Enabled" } ], "Required": true } ] }, { "File": "tcpip.admx", "CategoryName": "Ipv6Transition", "PolicyName": "IPHTTPS_ClientState", "Class": "Machine", "NameSpace": "Microsoft.Policies.TCPIP", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Set IP-HTTPS State", "ExplainText": "This policy setting allows you to configure IP-HTTPS, a tunneling technology that uses the HTTPS protocol to provide IP connectivity to a remote network.\n\nIf you disable or do not configure this policy setting, the local host settings are used.\n\nIf you enable this policy setting, you can specify an IP-HTTPS server URL. You will be able to configure IP-HTTPS with one of the following settings:\n\nPolicy Default State: The IP-HTTPS interface is used when there are no other connectivity options.\n\nPolicy Enabled State: The IP-HTTPS interface is always present, even if the host has other connectivity options.\n\nPolicy Disabled State: No IP-HTTPS interfaces are present on the host.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\TCPIP\\v6Transition\\IPHTTPS\\IPHTTPSInterface" ], "ClientExtension": "{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}", "Elements": [ { "Type": "Enum", "ValueName": "IPHTTPS_ClientState", "Items": [ { "DisplayName": "Default State", "Data": "0" }, { "DisplayName": "Enabled State", "Data": "2" }, { "DisplayName": "Disabled State", "Data": "3" } ], "Required": true }, { "Type": "Text", "ValueName": "IPHTTPS_ClientUrl", "Required": true } ] }, { "File": "tcpip.admx", "CategoryName": "Parameters", "PolicyName": "Windows_Scaling_Heuristics_State", "Class": "Machine", "NameSpace": "Microsoft.Policies.TCPIP", "Supported": "Windows7ToVistaAndWindows10 - Windows Server 2008, Windows 7, Windows Vista, and Windows 10", "DisplayName": "Set Window Scaling Heuristics State", "ExplainText": "This policy setting allows you to configure Window Scaling Heuristics. Window Scaling Heuristics is an algorithm to identify connectivity and throughput problems caused by many Firewalls and other middle boxes that don't interpret Window Scaling option correctly.\n\nIf you do not configure this policy setting, the local host settings are used.\n\nIf you enable this policy setting, Window Scaling Heuristics will be enabled and system will try to identify connectivity and throughput problems and take appropriate measures.\n\nIf you disable this policy setting, Window Scaling Heuristics will be disabled and system will not try to identify connectivity and throughput problems casued by Firewalls or other middle boxes.", "KeyPath": [ "HKLM\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters" ], "ValueName": "EnableWsd", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "tcpip.admx", "CategoryName": "Parameters", "PolicyName": "IP_Stateless_Autoconfiguration_Limits_State", "Class": "Machine", "NameSpace": "Microsoft.Policies.TCPIP", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Set IP Stateless Autoconfiguration Limits State", "ExplainText": "This policy setting allows you to configure IP Stateless Autoconfiguration Limits.\n\nIf you enable or do not configure this policy setting, IP Stateless Autoconfiguration Limits will be enabled and system will limit the number of autoconfigured addresses and routes.\n\nIf you disable this policy setting, IP Stateless Autoconfiguration Limits will be disabled and system will not limit the number of autoconfigured addresses and routes.", "KeyPath": [ "HKLM\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters" ], "ValueName": "EnableIPAutoConfigurationLimits", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "tcpip.admx", "CategoryName": "Ipv6Transition", "PolicyName": "IPxlatCfg_01_PermitNonCellularCLAT", "Class": "Machine", "NameSpace": "Microsoft.Policies.TCPIP", "Supported": "Windows11", "DisplayName": "Set CLAT Permit", "ExplainText": "This policy setting allows you to permit or disable the customer-side translator for 464XLAT (CLAT) globally for non-cellular interfaces.\n\nIf you enable this policy setting, CLAT is globally permitted and can be enabled on network interfaces.\n\nIf you disable this policy setting, CLAT is globally disallowed and cannot be enabled.\n\nIf you do not configure this policy setting, the local host setting is used.\n\nNo reboots or service restarts are required for this policy setting to take effect.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\TCPIP\\v6Transition\\IPxlatCfgSvc" ], "ValueName": "PermitNonCellularCLAT", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "tcpip.admx", "CategoryName": "Ipv6Transition", "PolicyName": "IPxlatCfg_02_GetPrefixInfoFromRA", "Class": "Machine", "NameSpace": "Microsoft.Policies.TCPIP", "Supported": "Windows11", "DisplayName": "Set CLAT Get Prefix Information from RA", "ExplainText": "This policy setting allows router advertisements (RA) to be used as a prefix information source for non-cellular CLAT.\n\nIf you enable this policy setting, CLAT will be allowed to discover NAT64 prefixes via RA. If both NAT64 prefix discovery methods are enabled, the order of precedence is (RA, DNS).\n\nIf you disable this policy setting, CLAT will not be allowed to discover NAT64 prefixes via RA.\n\nIf you do not configure this policy setting, the local host setting is used.\n\nA reboot is required for this policy setting to take effect.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\TCPIP\\v6Transition\\IPxlatCfgSvc" ], "ValueName": "GetPrefixInfoFromRA", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "tcpip.admx", "CategoryName": "Ipv6Transition", "PolicyName": "IPxlatCfg_03_GetPrefixInfoFromDNS", "Class": "Machine", "NameSpace": "Microsoft.Policies.TCPIP", "Supported": "Windows11", "DisplayName": "Set CLAT Get Prefix Information from DNS", "ExplainText": "This policy setting allows DNS to be used as a prefix information source for non-cellular CLAT.\n\nIf you enable this policy setting, CLAT will be allowed to discover NAT64 prefixes via DNS. If both NAT64 prefix discovery methods are enabled, the order of precedence is (RA, DNS).\n\nIf you disable this policy setting, CLAT will not be allowed to discover NAT64 prefixes via DNS.\n\nIf you do not configure this policy setting, the local host setting is used.\n\nA reboot is required for this policy setting to take effect.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\TCPIP\\v6Transition\\IPxlatCfgSvc" ], "ValueName": "GetPrefixInfoFromDNS", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TenantRestrictions.admx", "CategoryName": "TenantRestrictions", "PolicyName": "trv2_payload", "Class": "Machine", "NameSpace": "Microsoft.Policies.TenantRestrictions", "Supported": "Windows_10_0_RS7_NOSERVER - At least Windows 10 Version 1909", "DisplayName": "Cloud Policy Details", "ExplainText": "This setting enables and configures the device-based tenant restrictions feature for Azure Active Directory.\n\nWhen you enable this setting, compliant applications will be prevented from accessing disallowed tenants, according to a policy set in your Azure AD tenant.\n\nNote: Creation of a policy in your home tenant is required, and additional security measures for managed devices are recommended for best protection. Refer to Azure AD Tenant Restrictions for more details.\n\nhttps://go.microsoft.com/fwlink/?linkid=2148762\n\nBefore enabling firewall protection, ensure that an App Control for Business policy that correctly tags applications has been applied to the target devices. Enabling firewall protection without a corresponding App Control for Business policy will prevent all applications from reaching Microsoft endpoints. This firewall setting is not supported on all versions of Windows - see the following link for more information.\nFor details about setting up WDAC with tenant restrictions, see https://go.microsoft.com/fwlink/?linkid=2155230", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\TenantRestrictions\\Payload" ], "Elements": [ { "Type": "Text", "ValueName": "cloudid" }, { "Type": "Text", "ValueName": "tenantid", "Required": true }, { "Type": "Text", "ValueName": "policyid", "Required": true }, { "Type": "Boolean", "ValueName": "enforceFirewall", "TrueValue": "1", "FalseAction": "Delete" }, { "Type": "MultiText", "ValueName": "hostnames" }, { "Type": "MultiText", "ValueName": "subdomainSupportedHostnames" }, { "Type": "MultiText", "ValueName": "ipRanges" } ] }, { "File": "TerminalServer.admx", "CategoryName": "AutoSubscription", "PolicyName": "AutoSubscription", "Class": "User", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Enable auto-subscription", "ExplainText": "Controls the list of URLs that the user should be auto-subscribed to", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "AutoSubscription", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_CLIENT", "PolicyName": "TS_CLIENT_DISABLE_PASSWORD_SAVING_1", "Class": "User", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "WindowsXPSP2_Or_WindowsNETSP1 - At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2", "DisplayName": "Do not allow passwords to be saved", "ExplainText": "Controls whether a user can save passwords using Remote Desktop Connection.\n\nIf you enable this setting the credential saving checkbox in Remote Desktop Connection will be disabled and users will no longer be able to save passwords. When a user opens an RDP file using Remote Desktop Connection and saves his settings, any password that previously existed in the RDP file will be deleted.\n\nIf you disable this setting or leave it not configured, the user will be able to save passwords using Remote Desktop Connection", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "DisablePasswordSaving", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_CLIENT", "PolicyName": "TS_CLIENT_DISABLE_PASSWORD_SAVING_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "WindowsXPSP2_Or_WindowsNETSP1 - At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2", "DisplayName": "Do not allow passwords to be saved", "ExplainText": "Controls whether passwords can be saved on this computer from Remote Desktop Connection.\n\nIf you enable this setting the password saving checkbox in Remote Desktop Connection will be disabled and users will no longer be able to save passwords. When a user opens an RDP file using Remote Desktop Connection and saves his settings, any password that previously existed in the RDP file will be deleted.\n\nIf you disable this setting or leave it not configured, the user will be able to save passwords using Remote Desktop Connection.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "DisablePasswordSaving", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_SECURITY", "PolicyName": "TS_ENCRYPTION_POLICY", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Set client connection encryption level", "ExplainText": "Specifies whether to require the use of a specific encryption level to secure communications between client computers and RD Session Host servers during Remote Desktop Protocol (RDP) connections. This policy only applies when you are using native RDP encryption. However, native RDP encryption (as opposed to SSL encryption) is not recommended. This policy does not apply to SSL encryption.\n\nIf you enable this policy setting, all communications between clients and RD Session Host servers during remote connections must use the encryption method specified in this setting. By default, the encryption level is set to High. The following encryption methods are available:\n\n* High: The High setting encrypts data sent from the client to the server and from the server to the client by using strong 128-bit encryption. Use this encryption level in environments that contain only 128-bit clients (for example, clients that run Remote Desktop Connection). Clients that do not support this encryption level cannot connect to RD Session Host servers.\n\n* Client Compatible: The Client Compatible setting encrypts data sent between the client and the server at the maximum key strength supported by the client. Use this encryption level in environments that include clients that do not support 128-bit encryption.\n\n* Low: The Low setting encrypts only data sent from the client to the server by using 56-bit encryption.\n\nIf you disable or do not configure this setting, the encryption level to be used for remote connections to RD Session Host servers is not enforced through Group Policy.\n\nImportant\n\nFIPS compliance can be configured through the System cryptography. Use FIPS compliant algorithms for encryption, hashing, and signing settings in Group Policy (under Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Security Options.) The FIPS compliant setting encrypts and decrypts data sent from the client to the server and from the server to the client, with the Federal Information Processing Standard (FIPS) 140 encryption algorithms, by using Microsoft cryptographic modules. Use this encryption level when communications between clients and RD Session Host servers requires the highest level of encryption.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "Elements": [ { "Type": "Enum", "ValueName": "MinEncryptionLevel", "Items": [ { "DisplayName": "Low Level", "Data": "1" }, { "DisplayName": "Client Compatible", "Data": "2" }, { "DisplayName": "High Level", "Data": "3" } ] } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_SECURITY", "PolicyName": "TS_PASSWORD", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Always prompt for password upon connection", "ExplainText": "This policy setting specifies whether Remote Desktop Services always prompts the client for a password upon connection.\n\nYou can use this setting to enforce a password prompt for users logging on to Remote Desktop Services, even if they already provided the password in the Remote Desktop Connection client.\n\nBy default, Remote Desktop Services allows users to automatically log on by entering a password in the Remote Desktop Connection client.\n\nIf you enable this policy setting, users cannot automatically log on to Remote Desktop Services by supplying their passwords in the Remote Desktop Connection client. They are prompted for a password to log on.\n\nIf you disable this policy setting, users can always log on to Remote Desktop Services automatically by supplying their passwords in the Remote Desktop Connection client.\n\nIf you do not configure this policy setting, automatic logon is not specified at the Group Policy level.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "fPromptForPassword", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_SECURITY", "PolicyName": "TS_SECURITY_LAYER_POLICY", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Require use of specific security layer for remote (RDP) connections", "ExplainText": "This policy setting specifies whether to require the use of a specific security layer to secure communications between clients and RD Session Host servers during Remote Desktop Protocol (RDP) connections.\n\nIf you enable this policy setting, all communications between clients and RD Session Host servers during remote connections must use the security method specified in this setting. The following security methods are available:\n\n* Negotiate: The Negotiate method enforces the most secure method that is supported by the client. If Transport Layer Security (TLS) version 1.0 is supported, it is used to authenticate the RD Session Host server. If TLS is not supported, native Remote Desktop Protocol (RDP) encryption is used to secure communications, but the RD Session Host server is not authenticated. Native RDP encryption (as opposed to SSL encryption) is not recommended.\n\n* RDP: The RDP method uses native RDP encryption to secure communications between the client and RD Session Host server. If you select this setting, the RD Session Host server is not authenticated. Native RDP encryption (as opposed to SSL encryption) is not recommended.\n\n* SSL (TLS 1.0): The SSL method requires the use of TLS 1.0 to authenticate the RD Session Host server. If TLS is not supported, the connection fails. This is the recommended setting for this policy.\n\nIf you disable or do not configure this policy setting, the security method to be used for remote connections to RD Session Host servers is not specified at the Group Policy level.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "Elements": [ { "Type": "Enum", "ValueName": "SecurityLayer", "Items": [ { "DisplayName": "RDP", "Data": "0" }, { "DisplayName": "Negotiate", "Data": "1" }, { "DisplayName": "SSL", "Data": "2" } ] } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_SECURITY", "PolicyName": "TS_USER_AUTHENTICATION_POLICY", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Require user authentication for remote connections by using Network Level Authentication", "ExplainText": "This policy setting allows you to specify whether to require user authentication for remote connections to the RD Session Host server by using Network Level Authentication. This policy setting enhances security by requiring that user authentication occur earlier in the remote connection process.\n\nIf you enable this policy setting, only client computers that support Network Level Authentication can connect to the RD Session Host server.\n\nTo determine whether a client computer supports Network Level Authentication, start Remote Desktop Connection on the client computer, click the icon in the upper-left corner of the Remote Desktop Connection dialog box, and then click About. In the About Remote Desktop Connection dialog box, look for the phrase Network Level Authentication supported.\n\nIf you disable this policy setting, Network Level Authentication is not required for user authentication before allowing remote connections to the RD Session Host server.\n\nIf you do not configure this policy setting, the local setting on the target computer will be enforced. On Windows Server 2012 and Windows 8, Network Level Authentication is enforced by default.\n\nImportant: Disabling this policy setting provides less security because user authentication will occur later in the remote connection process.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "UserAuthentication", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_SECURITY", "PolicyName": "TS_MICROSOFT_ENTRA_ID_AUTHENTICATION_ENFORCEMENT_POLICY", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "Windows_11_0_24H2 - At least Windows 11 Version 24H2", "DisplayName": "Enable Microsoft Entra ID Authentication Enforcement", "ExplainText": "This policy setting allows you to specify whether to require server-side enforcement of Microsoft Entra ID authentication.\n\nIf you enable this policy setting, all Remote Desktop Services clients must use RDS AAD Auth in order to authenticate to RD Session Host servers.\n\nThis policy does not allow fallback to other authentication methods.\n\nNetwork Level Authentication (NLA) is required to be enabled in order for this policy to be effective. Refer to the \"Require user authentication for remote connections by using Network Level Authentication\" policy.\n\nIf you disable or do not configure this policy setting, then Microsoft Entra ID Authentication Enforcement is not enforced.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "EnableMicrosoftEntraIdAuthenticationEnforcement", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_SECURITY", "PolicyName": "TS_DISCONNECT_ON_LOCK_POLICY", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "Windows_11_0_22H2_SERVER", "DisplayName": "Disconnect remote session on lock for legacy authentication", "ExplainText": "This policy setting allows you to configure the user experience when the Remote Desktop session is locked by the user or by a policy. You can specify whether the remote session will show the remote lock screen or disconnect when the remote session is locked. Disconnecting the remote session ensures that a remote session cannot be left on the lock screen and cannot reconnect automatically due to loss of network connectivity.\n\nThis policy applies only when using legacy authentication to authenticate to the remote PC. Legacy authentication is limited to username and password, or certificates like smartcards. Legacy authentication doesn't leverage the Microsoft identity platform, such as Microsoft Entra ID. Legacy authentication includes the NTLM, CredSSP, RDSTLS, TLS, and RDP basic authentication protocols.\n\nIf you enable this policy setting, Remote Desktop connections using legacy authentication will disconnect the remote session when the remote session is locked. Users can reconnect when they're ready and re-enter their credentials when prompted.\n\nIf you disable or do not configure this policy setting, Remote Desktop connections using legacy authentication will show the remote lock screen when the remote session is locked. Users can unlock the remote session using their username and password, or certificates.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "fDisconnectOnLockLegacy", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_SECURITY", "PolicyName": "TS_DISCONNECT_ON_LOCK_AAD_POLICY", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "Windows_11_0_22H2_SERVER", "DisplayName": "Disconnect remote session on lock for Microsoft identity platform authentication", "ExplainText": "This policy setting allows you to configure the user experience when the Remote Desktop session is locked by the user or by a policy. You can specify whether the remote session will show the remote lock screen or disconnect when the remote session is locked. Disconnecting the remote session ensures that a remote session cannot be left on the lock screen and cannot reconnect automatically due to loss of network connectivity.\n\nThis policy applies only when using an identity provider that uses the Microsoft identity platform, such as Microsoft Entra ID, to authenticate to the remote PC. This policy doesn't apply when using Legacy authentication which includes the NTLM, CredSSP, RDSTLS, TLS, and RDP basic authentication protocols.\n\nIf you enable or do not configure this policy setting, Remote Desktop connections using the Microsoft identity platform will disconnect the remote session when the remote session is locked. Users can reconnect when they're ready and can use passwordless authentication if configured.\n\nIf you disable this policy setting, Remote Desktop connections using the Microsoft identity platform will show the remote lock screen when the remote session is locked. Users can unlock the remote session using their username and password, or certificates.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "fDisconnectOnLockMicrosoftIdentity", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_SECURITY", "PolicyName": "TS_CERTIFICATE_TEMPLATE_POLICY", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Server authentication certificate template", "ExplainText": "This policy setting allows you to specify the name of the certificate template that determines which certificate is automatically selected to authenticate an RD Session Host server.\n\nA certificate is needed to authenticate an RD Session Host server when TLS 1.0, 1.1 or 1.2 is used to secure communication between a client and an RD Session Host server during RDP connections.\n\nIf you enable this policy setting, you need to specify a certificate template name. Only certificates created by using the specified certificate template will be considered when a certificate to authenticate the RD Session Host server is automatically selected. Automatic certificate selection only occurs when a specific certificate has not been selected.\n\nIf no certificate can be found that was created with the specified certificate template, the RD Session Host server will issue a certificate enrollment request and will use the current certificate until the request is completed. If more than one certificate is found that was created with the specified certificate template, the certificate that will expire latest and that matches the current name of the RD Session Host server will be selected.\n\nIf you disable or do not configure this policy, the certificate template name is not specified at the Group Policy level. By default, a self-signed certificate is used to authenticate the RD Session Host server.\n\nNote: If you select a specific certificate to be used to authenticate the RD Session Host server, that certificate will take precedence over this policy setting.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "Elements": [ { "Type": "Text", "ValueName": "CertTemplateName", "Required": true } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_GATEWAY", "PolicyName": "TS_GATEWAY_POLICY_AUTH_METHOD", "Class": "User", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "WindowsXPSP2_Or_WindowsNETSP1 - At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2", "DisplayName": "Set RD Gateway authentication method", "ExplainText": "Specifies the authentication method that clients must use when attempting to connect to an RD Session Host server through an RD Gateway server. You can enforce this policy setting or you can allow users to overwrite this policy setting. By default, when you enable this policy setting, it is enforced. When this policy setting is enforced, users cannot override this setting, even if they select the \"Use these RD Gateway server settings\" option on the client.\n\nTo allow users to overwrite this policy setting, select the \"Allow users to change this setting\" check box. When you do this, users can specify an alternate authentication method by configuring settings on the client, using an RDP file, or using an HTML script. If users do not specify an alternate authentication method, the authentication method that you specify in this policy setting is used by default.\n\nIf you disable or do not configure this policy setting, the authentication method that is specified by the user is used, if one is specified. If an authentication method is not specified, the Negotiate protocol that is enabled on the client or a smart card can be used for authentication.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "Elements": [ { "Type": "Boolean", "ValueName": "AllowExplicitLogonMethod", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Enum", "ValueName": "LogonMethod", "Items": [ { "DisplayName": "Ask for credentials, use Negotiate protocol", "Data": "5" }, { "DisplayName": "Ask for credentials, use NTLM protocol", "Data": "2" }, { "DisplayName": "Ask for credentials, use Basic protocol", "Data": "1" }, { "DisplayName": "Use locally logged-on credentials", "Data": "4" }, { "DisplayName": "Use smart-card", "Data": "3" } ] } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_GATEWAY", "PolicyName": "TS_GATEWAY_POLICY_ENABLE", "Class": "User", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "WindowsXPSP2_Or_WindowsNETSP1 - At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2", "DisplayName": "Enable connection through RD Gateway", "ExplainText": "If you enable this policy setting, when Remote Desktop Connection cannot connect directly to a remote computer (an RD Session Host server or a computer with Remote Desktop enabled), the clients will attempt to connect to the remote computer through an RD Gateway server. In this case, the clients will attempt to connect to the RD Gateway server that is specified in the \"Set RD Gateway server address\" policy setting.\n\nYou can enforce this policy setting or you can allow users to overwrite this setting. By default, when you enable this policy setting, it is enforced. When this policy setting is enforced, users cannot override this setting, even if they select the \"Use these RD Gateway server settings\" option on the client.\n\nNote: To enforce this policy setting, you must also specify the address of the RD Gateway server by using the \"Set RD Gateway server address\" policy setting, or client connection attempts to any remote computer will fail, if the client cannot connect directly to the remote computer. To enhance security, it is also highly recommended that you specify the authentication method by using the \"Set RD Gateway authentication method\" policy setting. If you do not specify an authentication method by using this policy setting, either the NTLM protocol that is enabled on the client or a smart card can be used.\n\nTo allow users to overwrite this policy setting, select the \"Allow users to change this setting\" check box. When you do this, users on the client can choose not to connect through the RD Gateway server by selecting the \"Do not use an RD Gateway server\" option. Users can specify a connection method by configuring settings on the client, using an RDP file, or using an HTML script. If users do not specify a connection method, the connection method that you specify in this policy setting is used by default.\n\nIf you disable or do not configure this policy setting, clients will not use the RD Gateway server address that is specified in the \"Set RD Gateway server address\" policy setting. If an RD Gateway server is specified by the user, a client connection attempt will be made through that RD Gateway server.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "UseProxy", "Elements": [ { "Type": "Boolean", "ValueName": "AllowExplicitUseProxy", "TrueValue": "1", "FalseValue": "0" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_GATEWAY", "PolicyName": "TS_GATEWAY_POLICY_SERVER", "Class": "User", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "WindowsXPSP2_Or_WindowsNETSP1 - At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2", "DisplayName": "Set RD Gateway server address", "ExplainText": "Specifies the address of the RD Gateway server that clients must use when attempting to connect to an RD Session Host server. You can enforce this policy setting or you can allow users to overwrite this policy setting. By default, when you enable this policy setting, it is enforced. When this policy setting is enforced, users cannot override this setting, even if they select the \"Use these RD Gateway server settings\" option on the client.\n\nNote: It is highly recommended that you also specify the authentication method by using the \"Set RD Gateway authentication method\" policy setting. If you do not specify an authentication method by using this setting, either the NTLM protocol that is enabled on the client or a smart card can be used.\n\nTo allow users to overwrite the \"Set RD Gateway server address\" policy setting and connect to another RD Gateway server, you must select the \"Allow users to change this setting\" check box and users will be allowed to specify an alternate RD Gateway server. Users can specify an alternative RD Gateway server by configuring settings on the client, using an RDP file, or using an HTML script. If users do not specify an alternate RD Gateway server, the server that you specify in this policy setting is used by default.\n\nNote: If you disable or do not configure this policy setting, but enable the \"Enable connections through RD Gateway\" policy setting, client connection attempts to any remote computer will fail, if the client cannot connect directly to the remote computer. If an RD Gateway server is specified by the user, a client connection attempt will be made through that RD Gateway server.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "Elements": [ { "Type": "Boolean", "ValueName": "AllowExplicitProxyName", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Text", "ValueName": "ProxyName", "Required": true, "MaxLength": "260" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_CONNECTIONS", "PolicyName": "TS_AUTO_RECONNECT", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Automatic reconnection", "ExplainText": "Specifies whether to allow Remote Desktop Connection clients to automatically reconnect to sessions on an RD Session Host server if their network link is temporarily lost. By default, a maximum of twenty reconnection attempts are made at five second intervals.\n\nIf the status is set to Enabled, automatic reconnection is attempted for all clients running Remote Desktop Connection whenever their network connection is lost.\n\nIf the status is set to Disabled, automatic reconnection of clients is prohibited.\n\nIf the status is set to Not Configured, automatic reconnection is not specified at the Group Policy level. However, users can configure automatic reconnection using the \"Reconnect if connection is dropped\" checkbox on the Experience tab in Remote Desktop Connection.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "fDisableAutoReconnect", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_SESSIONS", "PolicyName": "TS_COLORDEPTH", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "Windows7ToXP - Windows Server 2008, Windows Server 2003, Windows 7, Windows Vista, and Windows XP", "DisplayName": "Limit maximum color depth", "ExplainText": "This policy setting allows you to specify the maximum color resolution (color depth) for Remote Desktop Services connections.\n\nYou can use this policy setting to set a limit on the color depth of any connection that uses RDP. Limiting the color depth can improve connection performance, particularly over slow links, and reduce server load.\n\nIf you enable this policy setting, the color depth that you specify is the maximum color depth allowed for a user's RDP connection. The actual color depth for the connection is determined by the color support available on the client computer. If you select Client Compatible, the highest color depth supported by the client will be used.\n\nIf you disable or do not configure this policy setting, the color depth for connections is not specified at the Group Policy level.\n\nNote:\n1. Setting the color depth to 24 bits is only supported on Windows Server 2003 and Windows XP Professional.\n2. The value specified in this policy setting is not applied to connections from client computers that are using at least Remote Desktop Protocol 8.0 (computers running at least Windows 8 or Windows Server 2012). The 32-bit color depth format is always used for these connections.\n3. For connections from client computers that are using Remote Desktop Protocol 7.1 or earlier versions that are connecting to computers running at least Windows 8 or Windows Server 2012, the minimum of the following values is used as the color depth format:\na. Value specified by this policy setting\nb. Maximum color depth supported by the client\nc. Value requested by the client\n\nIf the client does not support at least 16 bits, the connection is terminated.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "Elements": [ { "Type": "Enum", "ValueName": "ColorDepth", "Items": [ { "DisplayName": "Client Compatible", "Data": "999" }, { "DisplayName": "15 bit", "Data": "2" }, { "DisplayName": "16 bit", "Data": "3" }, { "DisplayName": "24 bit", "Data": "4" }, { "DisplayName": "32 bit", "Data": "5" } ] } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_SESSIONS", "PolicyName": "TS_MAXMONITOR", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Limit number of monitors", "ExplainText": "This policy setting allows you to limit the number of monitors that a user can use to display a Remote Desktop Services session. Limiting the number of monitors to display a Remote Desktop Services session can improve connection performance, particularly over slow links, and reduce server load.\n\nIf you enable this policy setting, you can specify the number of monitors that can be used to display a Remote Desktop Services session. You can specify a number from 1 to 16.\n\nIf you disable or do not configure this policy setting, the number of monitors that can be used to display a Remote Desktop Services session is not specified at the Group Policy level.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "Elements": [ { "Type": "Decimal", "ValueName": "MaxMonitors", "MinValue": "1", "MaxValue": "16", "Required": true } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_CONNECTIONS", "PolicyName": "TS_DISABLE_CONNECTIONS", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Allow users to connect remotely by using Remote Desktop Services", "ExplainText": "This policy setting allows you to configure remote access to computers by using Remote Desktop Services.\n\nIf you enable this policy setting, users who are members of the Remote Desktop Users group on the target computer can connect remotely to the target computer by using Remote Desktop Services.\n\nIf you disable this policy setting, users cannot connect remotely to the target computer by using Remote Desktop Services. The target computer will maintain any current connections, but will not accept any new incoming connections.\n\nIf you do not configure this policy setting, Remote Desktop Services uses the Remote Desktop setting on the target computer to determine whether the remote connection is allowed. This setting is found on the Remote tab in the System properties sheet. By default, remote connections are not allowed.\n\nNote: You can limit which clients are able to connect remotely by using Remote Desktop Services by configuring the policy setting at Computer Configuration\\Administrative Templates\\Windows Components\\Remote Desktop Services\\Remote Desktop Session Host\\Security\\Require user authentication for remote connections by using Network Level Authentication.\n\nYou can limit the number of users who can connect simultaneously by configuring the policy setting at Computer Configuration\\Administrative Templates\\Windows Components\\Remote Desktop Services\\Remote Desktop Session Host\\Connections\\Limit number of connections, or by configuring the policy setting Maximum Connections by using the Remote Desktop Session Host WMI Provider.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "Elements": [ { "Type": "EnabledList", "ValueName": "fDenyTSConnections", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "fDenyTSConnections", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "Data": "1" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_SESSIONS", "PolicyName": "TS_MAXDISPLAYRES", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Limit maximum display resolution", "ExplainText": "This policy setting allows you to specify the maximum display resolution that can be used by each monitor used to display a Remote Desktop Services session. Limiting the resolution used to display a remote session can improve connection performance, particularly over slow links, and reduce server load.\n\nIf you enable this policy setting, you must specify a resolution width and height. The resolution specified will be the maximum resolution that can be used by each monitor used to display a Remote Desktop Services session.\n\nIf you disable or do not configure this policy setting, the maximum resolution that can be used by each monitor to display a Remote Desktop Services session will be determined by the values specified on the Display Settings tab in the Remote Desktop Session Host Configuration tool.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "Elements": [ { "Type": "Decimal", "ValueName": "MaxXResolution", "MinValue": "640", "MaxValue": "8192", "Required": true }, { "Type": "Decimal", "ValueName": "MaxYResolution", "MinValue": "480", "MaxValue": "8192", "Required": true } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_SESSIONS", "PolicyName": "TS_DISABLE_REMOTE_DESKTOP_WALLPAPER", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Enforce Removal of Remote Desktop Wallpaper", "ExplainText": "Specifies whether desktop wallpaper is displayed to remote clients connecting via Remote Desktop Services.\n\nYou can use this setting to enforce the removal of wallpaper during a Remote Desktop Services session. By default, Windows XP Professional displays wallpaper to remote clients connecting through Remote Desktop, depending on the client configuration (see the Experience tab in the Remote Desktop Connection options for more information). Servers running Windows Server 2003 do not display wallpaper by default to Remote Desktop Services sessions.\n\nIf the status is set to Enabled, wallpaper never appears in a Remote Desktop Services session.\n\nIf the status is set to Disabled, wallpaper might appear in a Remote Desktop Services session, depending on the client configuration.\n\nIf the status is set to Not Configured, the default behavior applies.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "fNoRemoteDesktopWallpaper", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_CONNECTIONS", "PolicyName": "TS_FORCIBLE_LOGOFF", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "TS_SUPPORTED_WindowsXP_Win2K3_only - At least Windows XP and Windows Server 2003 only", "DisplayName": "Deny logoff of an administrator logged in to the console session", "ExplainText": "This policy setting determines whether an administrator attempting to connect remotely to the console of a server can log off an administrator currently logged on to the console.\n\nThis policy is useful when the currently connected administrator does not want to be logged off by another administrator. If the connected administrator is logged off, any data not previously saved is lost.\n\nIf you enable this policy setting, logging off the connected administrator is not allowed.\n\nIf you disable or do not configure this policy setting, logging off the connected administrator is allowed.\n\nNote: The console session is also known as Session 0. Console access can be obtained by using the /console switch from Remote Desktop Connection in the computer field name or from the command line.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "fDisableForcibleLogoff", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_CONNECTIONS", "PolicyName": "TS_KEEP_ALIVE", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "WindowsNET - At least Windows Server 2003", "DisplayName": "Configure keep-alive connection interval", "ExplainText": "This policy setting allows you to enter a keep-alive interval to ensure that the session state on the RD Session Host server is consistent with the client state.\n\nAfter an RD Session Host server client loses the connection to an RD Session Host server, the session on the RD Session Host server might remain active instead of changing to a disconnected state, even if the client is physically disconnected from the RD Session Host server. If the client logs on to the same RD Session Host server again, a new session might be established (if the RD Session Host server is configured to allow multiple sessions), and the original session might still be active.\n\nIf you enable this policy setting, you must enter a keep-alive interval. The keep-alive interval determines how often, in minutes, the server checks the session state. The range of values you can enter is 1 to 999,999.\n\nIf you disable or do not configure this policy setting, a keep-alive interval is not set and the server will not check the session state.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "KeepAliveEnable", "Elements": [ { "Type": "Decimal", "ValueName": "KeepAliveInterval", "MinValue": "1", "MaxValue": "999999" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_LICENSING", "PolicyName": "TS_LICENSE_SERVERS", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "TS_SUPPORTED_Win2k3_Sp1 - At least Windows Server 2003 with Service Pack 1", "DisplayName": "Use the specified Remote Desktop license servers", "ExplainText": "This policy setting allows you to specify the order in which an RD Session Host server attempts to locate Remote Desktop license servers.\n\nIf you enable this policy setting, an RD Session Host server first attempts to locate the specified license servers. If the specified license servers cannot be located, the RD Session Host server will attempt automatic license server discovery. In the automatic license server discovery process, an RD Session Host server in a Windows Server-based domain attempts to contact a license server in the following order:\n\n1. Remote Desktop license servers that are published in Active Directory Domain Services.\n\n2. Remote Desktop license servers that are installed on domain controllers in the same domain as the RD Session Host server.\n\nIf you disable or do not configure this policy setting, the RD Session Host server does not specify a license server at the Group Policy level.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "Elements": [ { "Type": "Text", "ValueName": "LicenseServers", "Required": true } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_LICENSING", "PolicyName": "TS_LICENSE_TOOLTIP", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "TS_SUPPORTED_Win2k3_Sp1 - At least Windows Server 2003 with Service Pack 1", "DisplayName": "Hide notifications about RD Licensing problems that affect the RD Session Host server", "ExplainText": "This policy setting determines whether notifications are displayed on an RD Session Host server when there are problems with RD Licensing that affect the RD Session Host server.\n\nBy default, notifications are displayed on an RD Session Host server after you log on as a local administrator, if there are problems with RD Licensing that affect the RD Session Host server. If applicable, a notification will also be displayed that notes the number of days until the licensing grace period for the RD Session Host server will expire.\n\nIf you enable this policy setting, these notifications will not be displayed on the RD Session Host server.\n\nIf you disable or do not configure this policy setting, these notifications will be displayed on the RD Session Host server after you log on as a local administrator.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "Elements": [ { "Type": "EnabledList", "ValueName": "fDisableTerminalServerTooltip", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "fDisableTerminalServerTooltip", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_LICENSING", "PolicyName": "TS_LICENSING_MODE", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "TS_SUPPORTED_Win2k3_Sp1 - At least Windows Server 2003 with Service Pack 1", "DisplayName": "Set the Remote Desktop licensing mode", "ExplainText": "This policy setting allows you to specify the type of Remote Desktop Services client access license (RDS CAL) that is required to connect to this RD Session Host server.\n\nYou can use this policy setting to select one of two licensing modes: Per User or Per Device.\n\nPer User licensing mode requires that each user account connecting to this RD Session Host server have an RDS Per User CAL issued from an RD Licensing server.\n\nPer Device licensing mode requires that each device connecting to this RD Session Host server have an RDS Per Device CAL issued from an RD Licensing server.\n\nIf you enable this policy setting, the Remote Desktop licensing mode that you specify is honored by the Remote Desktop license server and RD Session Host.\n\nIf you disable or do not configure this policy setting, the licensing mode is not specified at the Group Policy level.\n\nNote: AAD Per User mode is deprecated on Windows 11 and above.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "Elements": [ { "Type": "Enum", "ValueName": "LicensingMode", "Items": [ { "DisplayName": "Per Device", "Data": "2" }, { "DisplayName": "Per User", "Data": "4" }, { "DisplayName": "AAD Per User", "Data": "6" } ] } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_CONNECTIONS", "PolicyName": "TS_MAX_CON_POLICY", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "WindowsNET - At least Windows Server 2003", "DisplayName": "Limit number of connections", "ExplainText": "Specifies whether Remote Desktop Services limits the number of simultaneous connections to the server.\n\nYou can use this setting to restrict the number of Remote Desktop Services sessions that can be active on a server. If this number is exceeded, addtional users who try to connect receive an error message telling them that the server is busy and to try again later. Restricting the number of sessions improves performance because fewer sessions are demanding system resources. By default, RD Session Host servers allow an unlimited number of Remote Desktop Services sessions, and Remote Desktop for Administration allows two Remote Desktop Services sessions.\n\nTo use this setting, enter the number of connections you want to specify as the maximum for the server. To specify an unlimited number of connections, type 999999.\n\nIf the status is set to Enabled, the maximum number of connections is limited to the specified number consistent with the version of Windows and the mode of Remote Desktop Services running on the server.\n\nIf the status is set to Disabled or Not Configured, limits to the number of connections are not enforced at the Group Policy level.\n\nNote: This setting is designed to be used on RD Session Host servers (that is, on servers running Windows with Remote Desktop Session Host role service installed).", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "Elements": [ { "Type": "Decimal", "ValueName": "MaxInstanceCount", "MinValue": "1", "MaxValue": "999999" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_SESSIONS", "PolicyName": "TS_NoDisconnectMenu", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "TS_SUPPORTED_Win2k - At least Windows 2000 Terminal Services", "DisplayName": "Remove \"Disconnect\" option from Shut Down dialog", "ExplainText": "This policy setting allows you to remove the \"Disconnect\" option from the Shut Down Windows dialog box in Remote Desktop Services sessions.\n\nYou can use this policy setting to prevent users from using this familiar method to disconnect their client from an RD Session Host server.\n\nIf you enable this policy setting, \"Disconnect\" does not appear as an option in the drop-down list in the Shut Down Windows dialog box.\n\nIf you disable or do not configure this policy setting, \"Disconnect\" is not removed from the list in the Shut Down Windows dialog box.\n\nNote: This policy setting affects only the Shut Down Windows dialog box. It does not prevent users from using other methods to disconnect from a Remote Desktop Services session. This policy setting also does not prevent disconnected sessions at the server. You can control how long a disconnected session remains active on the server by configuring the \"Computer Configuration\\Administrative Templates\\Windows Components\\Remote Desktop Services\\RD Session Host\\Session Time Limits\\Set time limit for disconnected sessions\" policy setting.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoDisconnect", "Elements": [] }, { "File": "TerminalServer.admx", "CategoryName": "TS_SESSIONS", "PolicyName": "TS_NoSecurityMenu", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "TS_SUPPORTED_Win2k - At least Windows 2000 Terminal Services", "DisplayName": "Remove Windows Security item from Start menu", "ExplainText": "Specifies whether to remove the Windows Security item from the Settings menu on Remote Desktop clients. You can use this setting to prevent inexperienced users from logging off from Remote Desktop Services inadvertently.\n\nIf the status is set to Enabled, Windows Security does not appear in Settings on the Start menu. As a result, users must type a security attention sequence, such as CTRL+ALT+END, to open the Windows Security dialog box on the client computer.\n\nIf the status is set to Disabled or Not Configured, Windows Security remains in the Settings menu.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoNTSecurity", "Elements": [] }, { "File": "TerminalServer.admx", "CategoryName": "TS_CONNECTIONS", "PolicyName": "TS_RDSAppX_WaitForRegistration", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "TS_SUPPORTED_Windows8_Enterprise_AND_Server - At least Windows 8 Enterprise or Windows Server 2012", "DisplayName": "Suspend user sign-in to complete app registration", "ExplainText": "This policy setting allows you to specify whether the app registration is completed before showing the Start screen to the user.\n\nBy default, when a new user signs in to a computer, the Start screen is shown and apps are registered in the background. However, some apps may not work until app registration is complete.\n\nIf you enable this policy setting, user sign-in is blocked for up to 6 minutes to complete the app registration. You can use this policy setting when customizing the Start screen on Remote Desktop Session Host servers.\n\nIf you disable or do not configure this policy setting, the Start screen is shown and apps are registered in the background.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services\\AllUserInstallAgent" ], "ValueName": "LogonWaitForPackageRegistration", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_CONNECTIONS", "PolicyName": "TS_RemoteControl_1", "Class": "User", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "TS_SUPPORTED_ONLY_LEGACY - Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows 7, Windows Vista, and Windows XP", "DisplayName": "Set rules for remote control of Remote Desktop Services user sessions", "ExplainText": "If you enable this policy setting, administrators can interact with a user's Remote Desktop Services session based on the option selected. Select the desired level of control and permission from the options list:\n\n1. No remote control allowed: Disallows an administrator to use remote control or view a remote user session.\n2. Full Control with user's permission: Allows the administrator to interact with the session, with the user's consent.\n3. Full Control without user's permission: Allows the administrator to interact with the session, without the user's consent.\n4. View Session with user's permission: Allows the administrator to watch the session of a remote user with the user's consent.\n5. View Session without user's permission: Allows the administrator to watch the session of a remote user without the user's consent.\n\nIf you disable this policy setting, administrators can interact with a user's Remote Desktop Services session, with the user's consent.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "Elements": [ { "Type": "Enum", "ValueName": "Shadow", "Items": [ { "DisplayName": "No remote control allowed", "Data": "0" }, { "DisplayName": "Full Control with user's permission", "Data": "1" }, { "DisplayName": "Full Control without user's permission", "Data": "2" }, { "DisplayName": "View Session with user's permission", "Data": "3" }, { "DisplayName": "View Session without user's permission", "Data": "4" } ] } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_CONNECTIONS", "PolicyName": "TS_RemoteControl_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "TS_SUPPORTED_ONLY_LEGACY - Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows 7, Windows Vista, and Windows XP", "DisplayName": "Set rules for remote control of Remote Desktop Services user sessions", "ExplainText": "If you enable this policy setting, administrators can interact with a user's Remote Desktop Services session based on the option selected. Select the desired level of control and permission from the options list:\n\n1. No remote control allowed: Disallows an administrator to use remote control or view a remote user session.\n2. Full Control with user's permission: Allows the administrator to interact with the session, with the user's consent.\n3. Full Control without user's permission: Allows the administrator to interact with the session, without the user's consent.\n4. View Session with user's permission: Allows the administrator to watch the session of a remote user with the user's consent.\n5. View Session without user's permission: Allows the administrator to watch the session of a remote user without the user's consent.\n\nIf you disable this policy setting, administrators can interact with a user's Remote Desktop Services session, with the user's consent.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "Elements": [ { "Type": "Enum", "ValueName": "Shadow", "Items": [ { "DisplayName": "No remote control allowed", "Data": "0" }, { "DisplayName": "Full Control with user's permission", "Data": "1" }, { "DisplayName": "Full Control without user's permission", "Data": "2" }, { "DisplayName": "View Session with user's permission", "Data": "3" }, { "DisplayName": "View Session without user's permission", "Data": "4" } ] } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_CONNECTIONS", "PolicyName": "TS_SINGLE_SESSION", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "WindowsNET - At least Windows Server 2003", "DisplayName": "Restrict Remote Desktop Services users to a single Remote Desktop Services session", "ExplainText": "This policy setting allows you to restrict users to a single Remote Desktop Services session.\n\nIf you enable this policy setting, users who log on remotely by using Remote Desktop Services will be restricted to a single session (either active or disconnected) on that server. If the user leaves the session in a disconnected state, the user automatically reconnects to that session at the next logon.\n\nIf you disable this policy setting, users are allowed to make unlimited simultaneous remote connections by using Remote Desktop Services.\n\nIf you do not configure this policy setting, this policy setting is not specified at the Group Policy level.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "fSingleSessionPerUser", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_SESSIONS", "PolicyName": "TS_START_PROGRAM_1", "Class": "User", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "WindowsNET - At least Windows Server 2003", "DisplayName": "Start a program on connection", "ExplainText": "Configures Remote Desktop Services to run a specified program automatically upon connection.\n\nYou can use this setting to specify a program to run automatically when a user logs on to a remote computer.\n\nBy default, Remote Desktop Services sessions provide access to the full Windows desktop, unless otherwise specified with this setting, by the server administrator, or by the user in configuring the client connection. Enabling this setting overrides the \"Start Program\" settings set by the server administrator or user. The Start menu and Windows Desktop are not displayed, and when the user exits the program the session is automatically logged off.\n\nTo use this setting, in Program path and file name, type the fully qualified path and file name of the executable file to be run when the user logs on. If necessary, in Working Directory, type the fully qualified path to the starting directory for the program. If you leave Working Directory blank, the program runs with its default working directory. If the specified program path, file name, or working directory is not the name of a valid directory, the RD Session Host server connection fails with an error message.\n\nIf the status is set to Enabled, Remote Desktop Services sessions automatically run the specified program and use the specified Working Directory (or the program default directory, if Working Directory is not specified) as the working directory for the program.\n\nIf the status is set to Disabled or Not Configured, Remote Desktop Services sessions start with the full desktop, unless the server administrator or user specify otherwise. (See \"Computer Configuration\\Administrative Templates\\System\\Logon\\Run these programs at user logon\" setting.)\n\nNote: This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Configuration setting overrides.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services\\fInheritInitialProgram" ], "Elements": [ { "Type": "Text", "ValueName": "InitialProgram", "Required": true }, { "Type": "Text", "ValueName": "WorkDirectory" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_SESSIONS", "PolicyName": "TS_START_PROGRAM_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "WindowsNET - At least Windows Server 2003", "DisplayName": "Start a program on connection", "ExplainText": "Configures Remote Desktop Services to run a specified program automatically upon connection.\n\nYou can use this setting to specify a program to run automatically when a user logs on to a remote computer.\n\nBy default, Remote Desktop Services sessions provide access to the full Windows desktop, unless otherwise specified with this setting, by the server administrator, or by the user in configuring the client connection. Enabling this setting overrides the \"Start Program\" settings set by the server administrator or user. The Start menu and Windows Desktop are not displayed, and when the user exits the program the session is automatically logged off.\n\nTo use this setting, in Program path and file name, type the fully qualified path and file name of the executable file to be run when the user logs on. If necessary, in Working Directory, type the fully qualified path to the starting directory for the program. If you leave Working Directory blank, the program runs with its default working directory. If the specified program path, file name, or working directory is not the name of a valid directory, the RD Session Host server connection fails with an error message.\n\nIf the status is set to Enabled, Remote Desktop Services sessions automatically run the specified program and use the specified Working Directory (or the program default directory, if Working Directory is not specified) as the working directory for the program.\n\nIf the status is set to Disabled or Not Configured, Remote Desktop Services sessions start with the full desktop, unless the server administrator or user specify otherwise. (See \"Computer Configuration\\Administrative Templates\\System\\Logon\\Run these programs at user logon\" setting.)\n\nNote: This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Configuration setting overrides.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "Elements": [ { "Type": "Text", "ValueName": "InitialProgram", "Required": true }, { "Type": "Text", "ValueName": "WorkDirectory" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_SECURITY", "PolicyName": "TS_TSCC_PERMISSIONS_POLICY", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "WindowsNET - At least Windows Server 2003", "DisplayName": "Do not allow local administrators to customize permissions", "ExplainText": "This policy setting specifies whether to disable the administrator rights to customize security permissions for the Remote Desktop Session Host server.\n\nYou can use this setting to prevent administrators from making changes to the user groups allowed to connect remotely to the RD Session Host server. By default, administrators are able to make such changes.\n\nIf you enable this policy setting the default security descriptors for existing groups on the RD Session Host server cannot be changed. All the security descriptors are read-only.\n\nIf you disable or do not configure this policy setting, server administrators have full read/write permissions to the user security descriptors by using the Remote Desktop Session WMI Provider.\n\nNote: The preferred method of managing user access is by adding a user to the Remote Desktop Users group.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "fWritableTSCCPermTab", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_SESSIONS", "PolicyName": "TS_TURNOFF_SINGLEAPP", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "TS_SUPPORTED_Win2k3_Sp1 - At least Windows Server 2003 with Service Pack 1", "DisplayName": "Always show desktop on connection", "ExplainText": "This policy setting determines whether the desktop is always displayed after a client connects to a remote computer or an initial program can run. It can be used to require that the desktop be displayed after a client connects to a remote computer, even if an initial program is already specified in the default user profile, Remote Desktop Connection, Remote Desktop Services client, or through Group Policy.\n\nIf you enable this policy setting, the desktop is always displayed when a client connects to a remote computer. This policy setting overrides any initial program policy settings.\n\nIf you disable or do not configure this policy setting, an initial program can be specified that runs on the remote computer after the client connects to the remote computer. If an initial program is not specified, the desktop is always displayed on the remote computer after the client connects to the remote computer.\n\nNote: If this policy setting is enabled, then the \"Start a program on connection\" policy setting is ignored.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "fTurnOffSingleAppMode", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_PROFILES", "PolicyName": "TS_USER_HOME", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "WindowsNET - At least Windows Server 2003", "DisplayName": "Set Remote Desktop Services User Home Directory", "ExplainText": "Specifies whether Remote Desktop Services uses the specified network share or local directory path as the root of the user's home directory for a Remote Desktop Services session.\n\nTo use this setting, select the location for the home directory (network or local) from the Location drop-down list. If you choose to place the directory on a network share, type the Home Dir Root Path in the form \\\\Computername\\Sharename, and then select the drive letter to which you want the network share to be mapped.\n\nIf you choose to keep the home directory on the local computer, type the Home Dir Root Path in the form \"Drive:\\Path\" (without quotes), without environment variables or ellipses. Do not specify a placeholder for user alias, because Remote Desktop Services automatically appends this at logon.\n\nNote: The Drive Letter field is ignored if you choose to specify a local path. If you choose to specify a local path but then type the name of a network share in Home Dir Root Path, Remote Desktop Services places user home directories in the network location.\n\nIf the status is set to Enabled, Remote Desktop Services creates the user's home directory in the specified location on the local computer or the network. The home directory path for each user is the specified Home Dir Root Path and the user's alias.\n\nIf the status is set to Disabled or Not Configured, the user's home directory is as specified at the server.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "Elements": [ { "Type": "Enum", "ValueName": "WFHomeDirUNC", "Items": [ { "DisplayName": "On the Network", "Data": "1" }, { "DisplayName": "On the Local machine", "Data": "0" } ] }, { "Type": "Text", "ValueName": "WFHomeDir", "Required": true }, { "Type": "Enum", "ValueName": "WFHomeDirDrive", "Items": [ { "DisplayName": "G:", "Data": "G:" }, { "DisplayName": "H:", "Data": "H:" }, { "DisplayName": "I:", "Data": "I:" }, { "DisplayName": "J:", "Data": "J:" }, { "DisplayName": "K:", "Data": "K:" }, { "DisplayName": "L:", "Data": "L:" }, { "DisplayName": "M:", "Data": "M:" }, { "DisplayName": "N:", "Data": "N:" }, { "DisplayName": "O:", "Data": "O:" }, { "DisplayName": "P:", "Data": "P:" }, { "DisplayName": "Q:", "Data": "Q:" }, { "DisplayName": "R:", "Data": "R:" }, { "DisplayName": "S:", "Data": "S:" }, { "DisplayName": "T:", "Data": "T:" }, { "DisplayName": "U:", "Data": "U:" }, { "DisplayName": "V:", "Data": "V:" }, { "DisplayName": "W:", "Data": "W:" }, { "DisplayName": "X:", "Data": "X:" }, { "DisplayName": "Y:", "Data": "Y:" }, { "DisplayName": "Z:", "Data": "Z:" } ] } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_PROFILES", "PolicyName": "TS_USER_PROFILES", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "WindowsNET - At least Windows Server 2003", "DisplayName": "Set path for Remote Desktop Services Roaming User Profile", "ExplainText": "This policy setting allows you to specify the network path that Remote Desktop Services uses for roaming user profiles.\n\nBy default, Remote Desktop Services stores all user profiles locally on the RD Session Host server. You can use this policy setting to specify a network share where user profiles can be centrally stored, allowing a user to access the same profile for sessions on all RD Session Host servers that are configured to use the network share for user profiles.\n\nIf you enable this policy setting, Remote Desktop Services uses the specified path as the root directory for all user profiles. The profiles are contained in subfolders named for the account name of each user.\n\nTo configure this policy setting, type the path to the network share in the form of \\\\Computername\\Sharename. Do not specify a placeholder for the user account name, because Remote Desktop Services automatically adds this when the user logs on and the profile is created. If the specified network share does not exist, Remote Desktop Services displays an error message on the RD Session Host server and will store the user profiles locally on the RD Session Host server.\n\nIf you disable or do not configure this policy setting, user profiles are stored locally on the RD Session Host server. You can configure a user's profile path on the Remote Desktop Services Profile tab on the user's account Properties dialog box.\n\nNotes:\n1. The roaming user profiles enabled by the policy setting apply only to Remote Desktop Services connections. A user might also have a Windows roaming user profile configured. The Remote Desktop Services roaming user profile always takes precedence in a Remote Desktop Services session.\n2. To configure a mandatory Remote Desktop Services roaming user profile for all users connecting remotely to the RD Session Host server, use this policy setting together with the \"Use mandatory profiles on the RD Session Host server\" policy setting located in Computer Configuration\\Administrative Templates\\Windows Components\\Remote Desktop Services\\RD Session Host\\Profiles. The path set in the \"Set path for Remote Desktop Services Roaming User Profile\" policy setting should contain the mandatory profile.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "Elements": [ { "Type": "Text", "ValueName": "WFProfilePath", "Required": true } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_PROFILES", "PolicyName": "TS_USER_MANDATORY_PROFILES", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "TS_SUPPORTED_Win2k3_Sp2 - At least Windows Server 2003 with Service Pack 2", "DisplayName": "Use mandatory profiles on the RD Session Host server", "ExplainText": "This policy setting allows you to specify whether Remote Desktop Services uses a mandatory profile for all users connecting remotely to the RD Session Host server.\n\nIf you enable this policy setting, Remote Desktop Services uses the path specified in the \"Set path for Remote Desktop Services Roaming User Profile\" policy setting as the root folder for the mandatory user profile. All users connecting remotely to the RD Session Host server use the same user profile.\n\nIf you disable or do not configure this policy setting, mandatory user profiles are not used by users connecting remotely to the RD Session Host server.\n\nNote:\n\nFor this policy setting to take effect, you must also enable and configure the \"Set path for Remote Desktop Services Roaming User Profile\" policy setting.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "WFDontAppendUserNameToProfile", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_PROFILES", "PolicyName": "TS_DELETE_ROAMING_USER_PROFILES", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "TS_SUPPORTED_Windows7_Server - At least Windows Server 2008 R2", "DisplayName": "Limit the size of the entire roaming user profile cache", "ExplainText": "This policy setting allows you to limit the size of the entire roaming user profile cache on the local drive. This policy setting only applies to a computer on which the Remote Desktop Session Host role service is installed.\n\nNote: If you want to limit the size of an individual user profile, use the \"Limit profile size\" policy setting located in User Configuration\\Policies\\Administrative Templates\\System\\User Profiles.\n\nIf you enable this policy setting, you must specify a monitoring interval (in minutes) and a maximum size (in gigabytes) for the entire roaming user profile cache. The monitoring interval determines how often the size of the entire roaming user profile cache is checked. When the size of the entire roaming user profile cache exceeds the maximum size that you have specified, the oldest (least recently used) roaming user profiles will be deleted until the size of the entire roaming user profile cache is less than the maximum size specified.\n\nIf you disable or do not configure this policy setting, no restriction is placed on the size of the entire roaming user profile cache on the local drive.\n\nNote: This policy setting is ignored if the \"Prevent Roaming Profile changes from propagating to the server\" policy setting located in Computer Configuration\\Policies\\Administrative Templates\\System\\User Profiles is enabled.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "DeleteRoamingUserProfile", "Elements": [ { "Type": "Decimal", "ValueName": "MonitoringInterval", "MinValue": "15", "MaxValue": "10080", "Required": true }, { "Type": "Decimal", "ValueName": "ProfileDirectoryQuota", "MinValue": "5", "MaxValue": "10000", "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_LICENSE_SERVER", "PolicyName": "TS_LICENSE_SECGROUP", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "WindowsNET - At least Windows Server 2003", "DisplayName": "License server security group", "ExplainText": "This policy setting allows you to specify the RD Session Host servers to which a Remote Desktop license server will offer Remote Desktop Services client access licenses (RDS CALs).\n\nYou can use this policy setting to control which RD Session Host servers are issued RDS CALs by the Remote Desktop license server. By default, a license server issues an RDS CAL to any RD Session Host server that requests one.\n\nIf you enable this policy setting and this policy setting is applied to a Remote Desktop license server, the license server will only respond to RDS CAL requests from RD Session Host servers whose computer accounts are a member of the RDS Endpoint Servers group on the license server.\n\nBy default, the RDS Endpoint Servers group is empty.\n\nIf you disable or do not configure this policy setting, the Remote Desktop license server issues an RDS CAL to any RD Session Host server that requests one. The RDS Endpoint Servers group is not deleted or changed in any way by disabling or not configuring this policy setting.\n\nNote: You should only enable this policy setting when the license server is a member of a domain. You can only add computer accounts for RD Session Host servers to the RDS Endpoint Servers group when the license server is a member of a domain.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "fSecureLicensing", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_LICENSE_SERVER", "PolicyName": "TS_PreventLicenseUpgrade", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "WindowsNET - At least Windows Server 2003", "DisplayName": "Prevent license upgrade", "ExplainText": "This policy setting allows you to specify which version of Remote Desktop Services client access license (RDS CAL) a Remote Desktop Services license server will issue to clients connecting to RD Session Host servers running other Windows-based operating systems.\n\nA license server attempts to provide the most appropriate RDS or TS CAL for a connection. For example, a Windows Server 2008 license server will try to issue a Windows Server 2008 TS CAL for clients connecting to a terminal server running Windows Server 2008, and will try to issue a Windows Server 2003 TS CAL for clients connecting to a terminal server running Windows Server 2003.\n\nBy default, if the most appropriate RDS CAL is not available for a connection, a Windows Server 2008 license server will issue a Windows Server 2008 TS CAL, if available, to the following:\n\n* A client connecting to a Windows Server 2003 terminal server\n* A client connecting to a Windows 2000 terminal server\n\nIf you enable this policy setting, the license server will only issue a temporary RDS CAL to the client if an appropriate RDS CAL for the RD Session Host server is not available. If the client has already been issued a temporary RDS CAL and the temporary RDS CAL has expired, the client will not be able to connect to the RD Session Host server unless the RD Licensing grace period for the RD Session Host server has not expired.\n\nIf you disable or do not configure this policy setting, the license server will exhibit the default behavior noted earlier.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "fPreventLicenseUpgrade", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_REDIRECTION", "PolicyName": "TS_CLIENT_AUDIO", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Allow audio and video playback redirection", "ExplainText": "This policy setting allows you to specify whether users can redirect the remote computer's audio and video output in a Remote Desktop Services session.\nUsers can specify where to play the remote computer's audio output by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can choose to play the remote audio on the remote computer or on the local computer. Users can also choose to not play the audio. Video playback can be configured by using the videoplayback setting in a Remote Desktop Protocol (.rdp) file. By default, video playback is enabled.\n\nBy default, audio and video playback redirection is not allowed when connecting to a computer running Windows Server 2008 R2, Windows Server 2008, or Windows Server 2003. Audio and video playback redirection is allowed by default when connecting to a computer running Windows 8, Windows Server 2012, Windows 7, Windows Vista, or Windows XP Professional.\n\nIf you enable this policy setting, audio and video playback redirection is allowed.\n\nIf you disable this policy setting, audio and video playback redirection is not allowed, even if audio playback redirection is specified in RDC, or video playback is specified in the .rdp file.\n\nIf you do not configure this policy setting audio and video playback redirection is not specified at the Group Policy level.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "fDisableCam", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_REDIRECTION", "PolicyName": "TS_CLIENT_AUDIO_QUALITY", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Limit audio playback quality", "ExplainText": "This policy setting allows you to limit the audio playback quality for a Remote Desktop Services session. Limiting the quality of audio playback can improve connection performance, particularly over slow links.\n\nIf you enable this policy setting, you must select one of the following: High, Medium, or Dynamic. If you select High, the audio will be sent without any compression and with minimum latency. This requires a large amount of bandwidth. If you select Medium, the audio will be sent with some compression and with minimum latency as determined by the codec that is being used. If you select Dynamic, the audio will be sent with a level of compression that is determined by the bandwidth of the remote connection.\n\nThe audio playback quality that you specify on the remote computer by using this policy setting is the maximum quality that can be used for a Remote Desktop Services session, regardless of the audio playback quality configured on the client computer. For example, if the audio playback quality configured on the client computer is higher than the audio playback quality configured on the remote computer, the lower level of audio playback quality will be used.\n\nAudio playback quality can be configured on the client computer by using the audioqualitymode setting in a Remote Desktop Protocol (.rdp) file. By default, audio playback quality is set to Dynamic.\n\nIf you disable or do not configure this policy setting, audio playback quality will be set to Dynamic.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "Elements": [ { "Type": "Enum", "ValueName": "AllowedAudioQualityMode", "Items": [ { "DisplayName": "Dynamic", "Data": "1" }, { "DisplayName": "Medium", "Data": "3" }, { "DisplayName": "High", "Data": "7" } ] } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_REDIRECTION", "PolicyName": "TS_CLIENT_AUDIO_CAPTURE", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Allow audio recording redirection", "ExplainText": "This policy setting allows you to specify whether users can record audio to the remote computer in a Remote Desktop Services session.\nUsers can specify whether to record audio to the remote computer by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can record audio by using an audio input device on the local computer, such as a built-in microphone.\n\nBy default, audio recording redirection is not allowed when connecting to a computer running Windows Server 2008 R2. Audio recording redirection is allowed by default when connecting to a computer running at least Windows 7, or Windows Server 2008 R2.\n\nIf you enable this policy setting, audio recording redirection is allowed.\n\nIf you disable this policy setting, audio recording redirection is not allowed, even if audio recording redirection is specified in RDC.\n\nIf you do not configure this policy setting, Audio recording redirection is not specified at the Group Policy level.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "fDisableAudioCapture", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_REDIRECTION", "PolicyName": "TS_CLIENT_CLIPBOARD", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Do not allow Clipboard redirection", "ExplainText": "This policy setting specifies whether to prevent the sharing of Clipboard contents (Clipboard redirection) between a remote computer and a client computer during a Remote Desktop Services session.\n\nYou can use this setting to prevent users from redirecting Clipboard data to and from the remote computer and the local computer. By default, Remote Desktop Services allows Clipboard redirection.\n\nIf you enable this policy setting, users cannot redirect Clipboard data.\n\nIf you disable this policy setting, Remote Desktop Services always allows Clipboard redirection.\n\nIf you do not configure this policy setting, Clipboard redirection is not specified at the Group Policy level.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "fDisableClip", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_REDIRECTION", "PolicyName": "TS_CLIENT_CLIPBOARDRESTRICTION_SC", "Class": "Both", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "Windows_11_0_22H2 - At least Windows 11 Version 22H2", "DisplayName": "Restrict clipboard transfer from server to client", "ExplainText": "This policy setting allows you to restrict clipboard data transfers from server to client.\n\nIf you enable this policy setting, you must choose from the following behaviors:\n\n- Disable clipboard transfers from server to client.\n\n- Allow plain text copying from server to client.\n\n- Allow plain text and images copying from server to client.\n\n- Allow plain text, images and Rich Text Format copying from server to client.\n\n- Allow plain text, images, Rich Text Format and HTML copying from server to client.\n\nIf you disable or do not configure this policy setting, users can copy arbitrary contents from server to client if clipboard redirection is enabled.\n\nNote: This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the stricter restriction will be used.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services", "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "Elements": [ { "Type": "Enum", "ValueName": "SCClipLevel", "Items": [ { "DisplayName": "Disable clipboard transfers from server to client", "Data": "0" }, { "DisplayName": "Allow plain text", "Data": "1" }, { "DisplayName": "Allow plain text and images", "Data": "2" }, { "DisplayName": "Allow plain text, images and Rich Text Format", "Data": "3" }, { "DisplayName": "Allow plain text, images, Rich Text Format and HTML", "Data": "4" } ], "Required": true } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_REDIRECTION", "PolicyName": "TS_CLIENT_CLIPBOARDRESTRICTION_CS", "Class": "Both", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "Windows_11_0_22H2 - At least Windows 11 Version 22H2", "DisplayName": "Restrict clipboard transfer from client to server", "ExplainText": "This policy setting allows you to restrict clipboard data transfers from client to server.\n\nIf you enable this policy setting, you must choose from the following behaviors:\n\n- Disable clipboard transfers from client to server.\n\n- Allow plain text copying from client to server.\n\n- Allow plain text and images copying from client to server.\n\n- Allow plain text, images and Rich Text Format copying from client to server.\n\n- Allow plain text, images, Rich Text Format and HTML copying from client to server.\n\nIf you disable or do not configure this policy setting, users can copy arbitrary contents from client to server if clipboard redirection is enabled.\n\nNote: This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the stricter restriction will be used.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services", "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "Elements": [ { "Type": "Enum", "ValueName": "CSClipLevel", "Items": [ { "DisplayName": "Disable clipboard transfers from client to server", "Data": "0" }, { "DisplayName": "Allow plain text", "Data": "1" }, { "DisplayName": "Allow plain text and images", "Data": "2" }, { "DisplayName": "Allow plain text, images and Rich Text Format", "Data": "3" }, { "DisplayName": "Allow plain text, images, Rich Text Format and HTML", "Data": "4" } ], "Required": true } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_REDIRECTION", "PolicyName": "TS_CLIENT_COM", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Do not allow COM port redirection", "ExplainText": "This policy setting specifies whether to prevent the redirection of data to client COM ports from the remote computer in a Remote Desktop Services session.\n\nYou can use this setting to prevent users from redirecting data to COM port peripherals or mapping local COM ports while they are logged on to a Remote Desktop Services session. By default, Remote Desktop Services allows this COM port redirection.\n\nIf you enable this policy setting, users cannot redirect server data to the local COM port.\n\nIf you disable this policy setting, Remote Desktop Services always allows COM port redirection.\n\nIf you do not configure this policy setting, COM port redirection is not specified at the Group Policy level.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "fDisableCcm", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_PRINT_REDIRECTION", "PolicyName": "TS_CLIENT_DEFAULT_M", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Do not set default client printer to be default printer in a session", "ExplainText": "This policy setting allows you to specify whether the client default printer is automatically set as the default printer in a session on an RD Session Host server.\n\nBy default, Remote Desktop Services automatically designates the client default printer as the default printer in a session on an RD Session Host server. You can use this policy setting to override this behavior.\n\nIf you enable this policy setting, the default printer is the printer specified on the remote computer.\n\nIf you disable this policy setting, the RD Session Host server automatically maps the client default printer and sets it as the default printer upon connection.\n\nIf you do not configure this policy setting, the default printer is not specified at the Group Policy level.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "fForceClientLptDef", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_PRINT_REDIRECTION", "PolicyName": "TS_EASY_PRINT", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "TS_SUPPORTED_WindowsServer2008OrWin7 - At least Windows Server 2008 or Windows 7", "DisplayName": "Use Remote Desktop Easy Print printer driver first", "ExplainText": "This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers.\n\nIf you enable or do not configure this policy setting, the RD Session Host server first tries to use the Remote Desktop Easy Print printer driver to install all client printers. If for any reason the Remote Desktop Easy Print printer driver cannot be used, a printer driver on the RD Session Host server that matches the client printer is used. If the RD Session Host server does not have a printer driver that matches the client printer, the client printer is not available for the Remote Desktop session.\n\nIf you disable this policy setting, the RD Session Host server tries to find a suitable printer driver to install the client printer. If the RD Session Host server does not have a printer driver that matches the client printer, the server tries to use the Remote Desktop Easy Print driver to install the client printer. If for any reason the Remote Desktop Easy Print printer driver cannot be used, the client printer is not available for the Remote Desktop Services session.\n\nNote: If the \"Do not allow client printer redirection\" policy setting is enabled, the \"Use Remote Desktop Easy Print printer driver first\" policy setting is ignored.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "UseUniversalPrinterDriverFirst", "Elements": [ { "Type": "EnabledValue", "Data": "3" }, { "Type": "DisabledValue", "Data": "4" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_PRINT_REDIRECTION", "PolicyName": "TS_EASY_PRINT_User", "Class": "User", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "TS_SUPPORTED_WindowsServer2008OrWin7 - At least Windows Server 2008 or Windows 7", "DisplayName": "Use Remote Desktop Easy Print printer driver first", "ExplainText": "This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers.\n\nIf you enable or do not configure this policy setting, the RD Session Host server first tries to use the Remote Desktop Easy Print printer driver to install all client printers. If for any reason the Remote Desktop Easy Print printer driver cannot be used, a printer driver on the RD Session Host server that matches the client printer is used. If the RD Session Host server does not have a printer driver that matches the client printer, the client printer is not available for the Remote Desktop session.\n\nIf you disable this policy setting, the RD Session Host server tries to find a suitable printer driver to install the client printer. If the RD Session Host server does not have a printer driver that matches the client printer, the server tries to use the Remote Desktop Easy Print driver to install the client printer. If for any reason the Remote Desktop Easy Print printer driver cannot be used, the client printer is not available for the Remote Desktop Services session.\n\nNote: If the \"Do not allow client printer redirection\" policy setting is enabled, the \"Use Remote Desktop Easy Print printer driver first\" policy setting is ignored.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "UseUniversalPrinterDriverFirst", "Elements": [ { "Type": "EnabledValue", "Data": "3" }, { "Type": "DisabledValue", "Data": "4" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_REDIRECTION", "PolicyName": "TS_CLIENT_DRIVE_M", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Do not allow drive redirection", "ExplainText": "This policy setting specifies whether to prevent the mapping of client drives in a Remote Desktop Services session (drive redirection).\n\nBy default, an RD Session Host server maps client drives automatically upon connection. Mapped drives appear in the session folder tree in File Explorer or Computer in the format on . You can use this policy setting to override this behavior.\n\nIf you enable this policy setting, client drive redirection is not allowed in Remote Desktop Services sessions, and Clipboard file copy redirection is not allowed on computers running Windows XP, Windows Server 2003, Windows Server 2012 (and later) or Windows 8 (and later).\n\nIf you disable this policy setting, client drive redirection is always allowed. In addition, Clipboard file copy redirection is always allowed if Clipboard redirection is allowed.\n\nIf you do not configure this policy setting, client drive redirection and Clipboard file copy redirection are not specified at the Group Policy level.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "fDisableCdm", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_REDIRECTION", "PolicyName": "TS_CLIENT_LPT", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Do not allow LPT port redirection", "ExplainText": "This policy setting specifies whether to prevent the redirection of data to client LPT ports during a Remote Desktop Services session.\n\nYou can use this setting to prevent users from mapping local LPT ports and redirecting data from the remote computer to local LPT port peripherals. By default, Remote Desktop Services allows LPT port redirection.\n\nIf you enable this policy setting, users in a Remote Desktop Services session cannot redirect server data to the local LPT port.\n\nIf you disable this policy setting, LPT port redirection is always allowed.\n\nIf you do not configure this policy setting, LPT port redirection is not specified at the Group Policy level.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "fDisableLPT", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_REDIRECTION", "PolicyName": "TS_CLIENT_PNP", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Do not allow supported Plug and Play device redirection", "ExplainText": "This policy setting lets you control the redirection of supported Plug and Play and RemoteFX USB devices, such as Windows Portable Devices, to the remote computer in a Remote Desktop Services session.\n\nBy default, Remote Desktop Services does not allow redirection of supported Plug and Play and RemoteFX USB devices.\n\nIf you disable this policy setting, users can redirect their supported Plug and Play devices to the remote computer. Users can use the More option on the Local Resources tab of Remote Desktop Connection to choose the supported Plug and Play devices to redirect to the remote computer.\n\nIf you enable this policy setting, users cannot redirect their supported Plug and Play devices to the remote computer.If you do not configure this policy setting, users can redirect their supported Plug and Play devices to the remote computer only if it is running Windows Server 2012 R2 and earlier versions.\n\nNote: You can disable redirection of specific types of supported Plug and Play devices by using Computer Configuration\\Administrative Templates\\System\\Device Installation\\Device Installation Restrictions policy settings.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "fDisablePNPRedir", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_REDIRECTION", "PolicyName": "TS_CAMERA_REDIRECTION", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "Windows_10_0_RS4 - At least Windows Server 2016, Windows 10 Version 1803", "DisplayName": "Do not allow video capture redirection", "ExplainText": "This policy setting lets you control the redirection of video capture devices to the remote computer in a Remote Desktop Services session.\n\nBy default, Remote Desktop Services allows redirection of video capture devices.\n\nIf you enable this policy setting, users cannot redirect their video capture devices to the remote computer.\n\nIf you disable or do not configure this policy setting, users can redirect their video capture devices to the remote computer. Users can use the More option on the Local Resources tab of Remote Desktop Connection to choose the video capture devices to redirect to the remote computer.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "fDisableCameraRedir", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_REDIRECTION", "PolicyName": "TS_LOCATION_REDIRECTION", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "Windows_10_0_21H2_NOSERVER - At least Windows 10 Version 2106", "DisplayName": "Do not allow location redirection", "ExplainText": "This policy setting lets you control the redirection of location data to the remote computer in a Remote Desktop Services session.\n\nBy default, Remote Desktop Services allows redirection of location data.\n\nIf you enable this policy setting, users cannot redirect their location data to the remote computer.\n\nIf you disable or do not configure this policy setting, users can redirect their location data to the remote computer.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "fDisableLocationRedir", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_PRINT_REDIRECTION", "PolicyName": "TS_CLIENT_PRINTER", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Do not allow client printer redirection", "ExplainText": "This policy setting allows you to specify whether to prevent the mapping of client printers in Remote Desktop Services sessions.\n\nYou can use this policy setting to prevent users from redirecting print jobs from the remote computer to a printer attached to their local (client) computer. By default, Remote Desktop Services allows this client printer mapping.\n\nIf you enable this policy setting, users cannot redirect print jobs from the remote computer to a local client printer in Remote Desktop Services sessions.\n\nIf you disable this policy setting, users can redirect print jobs with client printer mapping.\n\nIf you do not configure this policy setting, client printer mapping is not specified at the Group Policy level.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "fDisableCpm", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_PRINT_REDIRECTION", "PolicyName": "TS_FALLBACKPRINTDRIVERTYPE", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "TS_SUPPORTED_Win2k3_Sp1_Only - Windows Server 2003 with Service Pack 1 only", "DisplayName": "Specify RD Session Host server fallback printer driver behavior", "ExplainText": "This policy setting allows you to specify the RD Session Host server fallback printer driver behavior.\n\nBy default, the RD Session Host server fallback printer driver is disabled. If the RD Session Host server does not have a printer driver that matches the client's printer, no printer will be available for the Remote Desktop Services session.\n\nIf you enable this policy setting, the fallback printer driver is enabled, and the default behavior is for the RD Session Host server to find a suitable printer driver. If one is not found, the client's printer is not available. You can choose to change this default behavior. The available options are:\n\n\"Do nothing if one is not found\" - If there is a printer driver mismatch, the server will attempt to find a suitable driver. If one is not found, the client's printer is not available. This is the default behavior.\n\n\"Default to PCL if one is not found\" - If no suitable printer driver can be found, default to the Printer Control Language (PCL) fallback printer driver.\n\n\"Default to PS if one is not found\" - If no suitable printer driver can be found, default to the PostScript (PS) fallback printer driver.\n\n\"Show both PCL and PS if one is not found\" - If no suitable driver can be found, show both PS and PCL-based fallback printer drivers.\n\nIf you disable this policy setting, the RD Session Host server fallback driver is disabled and the RD Session Host server will not attempt to use the fallback printer driver.\n\nIf you do not configure this policy setting, the fallback printer driver behavior is off by default.\n\nNote: If the \"Do not allow client printer redirection\" setting is enabled, this policy setting is ignored and the fallback printer driver is disabled.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "fPolicyFallbackPrintDriver", "Elements": [ { "Type": "Enum", "ValueName": "FallbackPrintDriverType", "Items": [ { "DisplayName": "Do nothing if one is not found.", "Data": "1" }, { "DisplayName": "Default to PCL if one is not found.", "Data": "2" }, { "DisplayName": "Default to PS if one is not found.", "Data": "3" }, { "DisplayName": "Show both PCL and PS if one is not found.", "Data": "4" } ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_REDIRECTION", "PolicyName": "TS_SMART_CARD", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Do not allow smart card device redirection", "ExplainText": "This policy setting allows you to control the redirection of smart card devices in a Remote Desktop Services session.\n\nIf you enable this policy setting, Remote Desktop Services users cannot use a smart card to log on to a Remote Desktop Services session.\n\nIf you disable or do not configure this policy setting, smart card device redirection is allowed. By default, Remote Desktop Services automatically redirects smart card devices on connection.\n\nNote: The client computer must be running at least Microsoft Windows 2000 Server or at least Microsoft Windows XP Professional and the target server must be joined to a domain.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "fEnableSmartCard", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_REDIRECTION", "PolicyName": "TS_TIME_ZONE", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "WindowsNET - At least Windows Server 2003", "DisplayName": "Allow time zone redirection", "ExplainText": "This policy setting determines whether the client computer redirects its time zone settings to the Remote Desktop Services session.\n\nIf you enable this policy setting, clients that are capable of time zone redirection send their time zone information to the server. The server base time is then used to calculate the current session time (current session time = server base time + client time zone).\n\nIf you disable or do not configure this policy setting, the client computer does not redirect its time zone information and the session time zone is the same as the server time zone.\n\nNote: Time zone redirection is possible only when connecting to at least a Microsoft Windows Server 2003 terminal server with a client using RDP 5.1 and later.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "fEnableTimeZoneRedirection", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_REDIRECTION", "PolicyName": "TS_UIA", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "Windows_10_0_21H2_NOSERVER - At least Windows 10 Version 2106", "DisplayName": "Allow UI Automation redirection", "ExplainText": "This policy setting determines whether User Interface (UI) Automation client applications running on the local computer can access UI elements on the server.\n\nUI Automation gives programs access to most UI elements, which lets you use assistive technology products like Magnifier and Narrator that need to interact with the UI in order to work properly. UI information also allows automated test scripts to interact with the UI.\n\nRemote Desktop sessions don't currently support UI Automation redirection.\n\nIf you enable or don't configure this policy setting, any UI Automation clients on your local computer can interact with remote apps. For example, you can use your local computer's Narrator and Magnifier clients to interact with UI on a web page you opened in a remote session.\n\nIf you disable this policy setting, UI Automation clients running on your local computer can't interact with remote apps.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "EnableUiaRedirection", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_REDIRECTION", "PolicyName": "TS_WEBAUTHN", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "Windows_10_0_20H1 - At least Windows Server 2019, Windows 10 Version 2004", "DisplayName": "Do not allow WebAuthn redirection", "ExplainText": "This policy setting lets you control the redirection of web authentication (WebAuthn) requests from a Remote Desktop session to the local device. This redirection enables users to authenticate to resources inside the Remote Desktop session using their local\u202fauthenticator (e.g., Windows Hello for Business, security key, or other).\n\nBy default, Remote Desktop allows redirection of WebAuthn requests.\n\nIf you enable this policy setting, users can't use their local authenticator inside the Remote Desktop session.\n\nIf you disable or do not configure this policy setting, users can use local authenticators inside the Remote Desktop session.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "fDisableWebAuthn", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_CLIENT", "PolicyName": "TS_CLIPRDR_CLOUD_CLIP_INTEGRATION", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "Windows_11_0_22H2_NOSERVER - At least Windows 11 Version 22H2", "DisplayName": "Disable Cloud Clipboard integration for server-to-client data transfer", "ExplainText": "This policy setting lets you control whether data transferred from the remote session to the client using clipboard redirection is added to the client-side Cloud Clipboard.\n\nBy default, Remote Desktop disables integration with the client-side Cloud Clipboard for data transfered from the remote session using clipboard redirection.\n\nIf you enable or do not configure this policy setting, data copied in the remote session and pasted on the client, will not be added to the client-side Cloud Clipboard.\n\nIf you disable this policy setting, data copied in the remote session and pasted on the client, will be added to the client-side Cloud Clipboard (if enabled).", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services\\Client" ], "ValueName": "DisableCloudClipboardIntegration", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_SECURITY", "PolicyName": "TS_RPC_ENCRYPTION", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "WindowsNET - At least Windows Server 2003", "DisplayName": "Require secure RPC communication", "ExplainText": "Specifies whether a Remote Desktop Session Host server requires secure RPC communication with all clients or allows unsecured communication.\n\nYou can use this setting to strengthen the security of RPC communication with clients by allowing only authenticated and encrypted requests.\n\nIf the status is set to Enabled, Remote Desktop Services accepts requests from RPC clients that support secure requests, and does not allow unsecured communication with untrusted clients.\n\nIf the status is set to Disabled, Remote Desktop Services always requests security for all RPC traffic. However, unsecured communication is allowed for RPC clients that do not respond to the request.\n\nIf the status is set to Not Configured, unsecured communication is allowed.\n\nNote: The RPC interface is used for administering and configuring Remote Desktop Services.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "fEncryptRPCTraffic", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_SD_Node", "PolicyName": "TS_JOIN_SESSION_DIRECTORY", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "WindowsNET_Enterprise - At least Windows Server 2003, Enterprise Edition", "DisplayName": "Join RD Connection Broker", "ExplainText": "This policy setting allows you to specify whether the RD Session Host server should join a farm in RD Connection Broker. RD Connection Broker tracks user sessions and allows a user to reconnect to their existing session in a load-balanced RD Session Host server farm. To participate in RD Connection Broker, the Remote Desktop Session Host role service must be installed on the server.\n\nIf the policy setting is enabled, the RD Session Host server joins the farm that is specified in the RD Connection Broker farm name policy setting. The farm exists on the RD Connection Broker server that is specified in the Configure RD Connection Broker server name policy setting.\n\nIf you disable this policy setting, the server does not join a farm in RD Connection Broker, and user session tracking is not performed. If the policy setting is disabled, you cannot use either the Remote Desktop Session Host Configuration tool or the Remote Desktop Services WMI Provider to join the server to RD Connection Broker.\n\nIf the policy setting is not configured, the policy setting is not specified at the Group Policy level.\n\nNotes:\n\n1. If you enable this policy setting, you must also enable the Configure RD Connection Broker farm name and Configure RD Connection Broker server name policy settings.\n\n2. For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "SessionDirectoryActive", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_SD_Node", "PolicyName": "TS_SD_ClustName", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "WindowsNET_Enterprise - At least Windows Server 2003, Enterprise Edition", "DisplayName": "Configure RD Connection Broker farm name", "ExplainText": "This policy setting allows you to specify the name of a farm to join in RD Connection Broker. RD Connection Broker uses the farm name to determine which RD Session Host servers are in the same RD Session Host server farm. Therefore, you must use the same farm name for all RD Session Host servers in the same load-balanced farm. The farm name does not have to correspond to a name in Active Directory Domain Services.\n\nIf you specify a new farm name, a new farm is created in RD Connection Broker. If you specify an existing farm name, the server joins that farm in RD Connection Broker.\n\nIf you enable this policy setting, you must specify the name of a farm in RD Connection Broker.\n\nIf you disable or do not configure this policy setting, the farm name is not specified at the Group Policy level.\n\nNotes:\n\n1. This policy setting is not effective unless both the Join RD Connection Broker and the Configure RD Connection Broker server name policy settings are enabled and configured by using Group Policy.\n\n2. For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "Elements": [ { "Type": "Text", "ValueName": "SessionDirectoryClusterName", "Required": true, "MaxLength": "128" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_SD_Node", "PolicyName": "TS_SD_EXPOSE_ADDRESS", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "WindowsNET_Enterprise - At least Windows Server 2003, Enterprise Edition", "DisplayName": "Use IP Address Redirection", "ExplainText": "This policy setting allows you to specify the redirection method to use when a client device reconnects to an existing Remote Desktop Services session in a load-balanced RD Session Host server farm. This setting applies to an RD Session Host server that is configured to use RD Connection Broker and not to the RD Connection Broker server.\n\nIf you enable this policy setting, a Remote Desktop Services client queries the RD Connection Broker server and is redirected to their existing session by using the IP address of the RD Session Host server where their session exists. To use this redirection method, client computers must be able to connect directly by IP address to RD Session Host servers in the farm.\n\nIf you disable this policy setting, the IP address of the RD Session Host server is not sent to the client. Instead, the IP address is embedded in a token. When a client reconnects to the load balancer, the routing token is used to redirect the client to their existing session on the correct RD Session Host server in the farm. Only disable this setting when your network load-balancing solution supports the use of RD Connection Broker routing tokens and you do not want clients to directly connect by IP address to RD Session Host servers in the load-balanced farm.\n\nIf you do not configure this policy setting, the Use IP address redirection policy setting is not enforced at the group Group policy Policy level and the default will be used. This setting is enabled by default.\n\nNotes:\n\n1. For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "SessionDirectoryExposeServerIP", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_SD_Node", "PolicyName": "TS_SD_Loc", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "WindowsNET_Enterprise - At least Windows Server 2003, Enterprise Edition", "DisplayName": "Configure RD Connection Broker server name", "ExplainText": "This policy setting allows you to specify the RD Connection Broker server that the RD Session Host server uses to track and redirect user sessions for a load-balanced RD Session Host server farm. The specified server must be running the Remote Desktop Connection Broker service. All RD Session Host servers in a load-balanced farm should use the same RD Connection Broker server.\n\nIf you enable this policy setting, you must specify the RD Connection Broker server by using its fully qualified domain name (FQDN). In Windows Server 2012, for a high availability setup with multiple RD Connection Broker servers, you must provide a semi-colon separated list of the FQDNs of all the RD Connection Broker servers.\n\nIf you disable or do not configure this policy setting, the policy setting is not specified at the Group Policy level.\n\nNotes:\n\n1. For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard.\n\n2. This policy setting is not effective unless the Join RD Connection Broker policy setting is enabled.\n\n3. To be an active member of an RD Session Host server farm, the computer account for each RD Session Host server in the farm must be a member of one of the following local groups on the RD Connection Broker server: Session Directory Computers, Session Broker Computers, or RDS Endpoint Servers.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "Elements": [ { "Type": "Text", "ValueName": "SessionDirectoryLocation", "Required": true, "MaxLength": "128" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_SESSION_TIME_LIMITS", "PolicyName": "TS_Session_End_On_Limit_1", "Class": "User", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "End session when time limits are reached", "ExplainText": "This policy setting specifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it.\n\nYou can use this setting to direct Remote Desktop Services to end a session (that is, the user is logged off and the session is deleted from the server) after time limits for active or idle sessions are reached. By default, Remote Desktop Services disconnects sessions that reach their time limits.\n\nTime limits are set locally by the server administrator or by using Group Policy. See the policy settings Set time limit for active Remote Desktop Services sessions and Set time limit for active but idle Remote Desktop Services sessions policy settings.\n\nIf you enable this policy setting, Remote Desktop Services ends any session that reaches its time-out limit.\n\nIf you disable this policy setting, Remote Desktop Services always disconnects a timed-out session, even if specified otherwise by the server administrator.\n\nIf you do not configure this policy setting, Remote Desktop Services disconnects a timed-out session, unless specified otherwise in local settings.\n\nNote: This policy setting only applies to time-out limits that are explicitly set by the administrator. This policy setting does not apply to time-out events that occur due to connectivity or network conditions. This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Configuration setting takes precedence.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "fResetBroken", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_SESSION_TIME_LIMITS", "PolicyName": "TS_Session_End_On_Limit_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "End session when time limits are reached", "ExplainText": "This policy setting specifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it.\n\nYou can use this setting to direct Remote Desktop Services to end a session (that is, the user is logged off and the session is deleted from the server) after time limits for active or idle sessions are reached. By default, Remote Desktop Services disconnects sessions that reach their time limits.\n\nTime limits are set locally by the server administrator or by using Group Policy. See the policy settings Set time limit for active Remote Desktop Services sessions and Set time limit for active but idle Remote Desktop Services sessions policy settings.\n\nIf you enable this policy setting, Remote Desktop Services ends any session that reaches its time-out limit.\n\nIf you disable this policy setting, Remote Desktop Services always disconnects a timed-out session, even if specified otherwise by the server administrator.\n\nIf you do not configure this policy setting, Remote Desktop Services disconnects a timed-out session, unless specified otherwise in local settings.\n\nNote: This policy setting only applies to time-out limits that are explicitly set by the administrator. This policy setting does not apply to time-out events that occur due to connectivity or network conditions. This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Configuration setting takes precedence.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "fResetBroken", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_SESSION_TIME_LIMITS", "PolicyName": "TS_SESSIONS_Disconnected_Timeout_1", "Class": "User", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Set time limit for disconnected sessions", "ExplainText": "This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions.\n\nYou can use this policy setting to specify the maximum amount of time that a disconnected session remains active on the server. By default, Remote Desktop Services allows users to disconnect from a Remote Desktop Services session without logging off and ending the session.\n\nWhen a session is in a disconnected state, running programs are kept active even though the user is no longer actively connected. By default, these disconnected sessions are maintained for an unlimited time on the server.\n\nIf you enable this policy setting, disconnected sessions are deleted from the server after the specified amount of time. To enforce the default behavior that disconnected sessions are maintained for an unlimited time, select Never. If you have a console session, disconnected session time limits do not apply.\n\nIf you disable or do not configure this policy setting, this policy setting is not specified at the Group Policy level. Be y default, Remote Desktop Services disconnected sessions are maintained for an unlimited amount of time.\n\nNote: This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "Elements": [ { "Type": "Enum", "ValueName": "MaxDisconnectionTime", "Items": [ { "DisplayName": "Never", "Data": "0" }, { "DisplayName": "1 minute", "Data": "60000" }, { "DisplayName": "5 minutes", "Data": "300000" }, { "DisplayName": "10 minutes", "Data": "600000" }, { "DisplayName": "15 minutes", "Data": "900000" }, { "DisplayName": "30 minutes", "Data": "1800000" }, { "DisplayName": "1 hour", "Data": "3600000" }, { "DisplayName": "2 hours", "Data": "7200000" }, { "DisplayName": "3 hours", "Data": "10800000" }, { "DisplayName": "6 hours", "Data": "21600000" }, { "DisplayName": "8 hours", "Data": "28800000" }, { "DisplayName": "12 hours", "Data": "43200000" }, { "DisplayName": "16 hours", "Data": "57600000" }, { "DisplayName": "18 hours", "Data": "64800000" }, { "DisplayName": "1 day", "Data": "86400000" }, { "DisplayName": "2 days", "Data": "172800000" }, { "DisplayName": "3 days", "Data": "259200000" }, { "DisplayName": "4 days", "Data": "345600000" }, { "DisplayName": "5 days", "Data": "432000000" } ] }, { "Type": "DisabledList", "ValueName": "MaxDisconnectionTime", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_SESSION_TIME_LIMITS", "PolicyName": "TS_SESSIONS_Disconnected_Timeout_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Set time limit for disconnected sessions", "ExplainText": "This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions.\n\nYou can use this policy setting to specify the maximum amount of time that a disconnected session remains active on the server. By default, Remote Desktop Services allows users to disconnect from a Remote Desktop Services session without logging off and ending the session.\n\nWhen a session is in a disconnected state, running programs are kept active even though the user is no longer actively connected. By default, these disconnected sessions are maintained for an unlimited time on the server.\n\nIf you enable this policy setting, disconnected sessions are deleted from the server after the specified amount of time. To enforce the default behavior that disconnected sessions are maintained for an unlimited time, select Never. If you have a console session, disconnected session time limits do not apply.\n\nIf you disable or do not configure this policy setting, this policy setting is not specified at the Group Policy level. Be y default, Remote Desktop Services disconnected sessions are maintained for an unlimited amount of time.\n\nNote: This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "Elements": [ { "Type": "Enum", "ValueName": "MaxDisconnectionTime", "Items": [ { "DisplayName": "Never", "Data": "0" }, { "DisplayName": "1 minute", "Data": "60000" }, { "DisplayName": "5 minutes", "Data": "300000" }, { "DisplayName": "10 minutes", "Data": "600000" }, { "DisplayName": "15 minutes", "Data": "900000" }, { "DisplayName": "30 minutes", "Data": "1800000" }, { "DisplayName": "1 hour", "Data": "3600000" }, { "DisplayName": "2 hours", "Data": "7200000" }, { "DisplayName": "3 hours", "Data": "10800000" }, { "DisplayName": "6 hours", "Data": "21600000" }, { "DisplayName": "8 hours", "Data": "28800000" }, { "DisplayName": "12 hours", "Data": "43200000" }, { "DisplayName": "16 hours", "Data": "57600000" }, { "DisplayName": "18 hours", "Data": "64800000" }, { "DisplayName": "1 day", "Data": "86400000" }, { "DisplayName": "2 days", "Data": "172800000" }, { "DisplayName": "3 days", "Data": "259200000" }, { "DisplayName": "4 days", "Data": "345600000" }, { "DisplayName": "5 days", "Data": "432000000" } ] }, { "Type": "DisabledList", "ValueName": "MaxDisconnectionTime", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_SESSION_TIME_LIMITS", "PolicyName": "TS_SESSIONS_Idle_Limit_1", "Class": "User", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Set time limit for active but idle Remote Desktop Services sessions", "ExplainText": "This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it is automatically disconnected.\n\nIf you enable this policy setting, you must select the desired time limit in the Idle session limit list. Remote Desktop Services will automatically disconnect active but idle sessions after the specified amount of time. The user receives a warning two minutes before the session disconnects, which allows the user to press a key or move the mouse to keep the session active. If you have a console session, idle session time limits do not apply.\n\nIf you disable or do not configure this policy setting, the time limit is not specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active but idle for an unlimited amount of time.\n\nIf you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\\Administrative Templates\\Windows Components\\Remote Desktop Services\\Remote Desktop Session Host\\Session Time Limits\\End session when time limits are reached.\n\nNote: This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "Elements": [ { "Type": "Enum", "ValueName": "MaxIdleTime", "Items": [ { "DisplayName": "Never", "Data": "0" }, { "DisplayName": "1 minute", "Data": "60000" }, { "DisplayName": "5 minutes", "Data": "300000" }, { "DisplayName": "10 minutes", "Data": "600000" }, { "DisplayName": "15 minutes", "Data": "900000" }, { "DisplayName": "30 minutes", "Data": "1800000" }, { "DisplayName": "1 hour", "Data": "3600000" }, { "DisplayName": "2 hours", "Data": "7200000" }, { "DisplayName": "3 hours", "Data": "10800000" }, { "DisplayName": "6 hours", "Data": "21600000" }, { "DisplayName": "8 hours", "Data": "28800000" }, { "DisplayName": "12 hours", "Data": "43200000" }, { "DisplayName": "16 hours", "Data": "57600000" }, { "DisplayName": "18 hours", "Data": "64800000" }, { "DisplayName": "1 day", "Data": "86400000" }, { "DisplayName": "2 days", "Data": "172800000" }, { "DisplayName": "3 days", "Data": "259200000" }, { "DisplayName": "4 days", "Data": "345600000" }, { "DisplayName": "5 days", "Data": "432000000" } ], "Required": true } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_SESSION_TIME_LIMITS", "PolicyName": "TS_SESSIONS_Idle_Limit_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Set time limit for active but idle Remote Desktop Services sessions", "ExplainText": "This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it is automatically disconnected.\n\nIf you enable this policy setting, you must select the desired time limit in the Idle session limit list. Remote Desktop Services will automatically disconnect active but idle sessions after the specified amount of time. The user receives a warning two minutes before the session disconnects, which allows the user to press a key or move the mouse to keep the session active. If you have a console session, idle session time limits do not apply.\n\nIf you disable or do not configure this policy setting, the time limit is not specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active but idle for an unlimited amount of time.\n\nIf you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\\Administrative Templates\\Windows Components\\Remote Desktop Services\\Remote Desktop Session Host\\Session Time Limits\\End session when time limits are reached.\n\nNote: This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "Elements": [ { "Type": "Enum", "ValueName": "MaxIdleTime", "Items": [ { "DisplayName": "Never", "Data": "0" }, { "DisplayName": "1 minute", "Data": "60000" }, { "DisplayName": "5 minutes", "Data": "300000" }, { "DisplayName": "10 minutes", "Data": "600000" }, { "DisplayName": "15 minutes", "Data": "900000" }, { "DisplayName": "30 minutes", "Data": "1800000" }, { "DisplayName": "1 hour", "Data": "3600000" }, { "DisplayName": "2 hours", "Data": "7200000" }, { "DisplayName": "3 hours", "Data": "10800000" }, { "DisplayName": "6 hours", "Data": "21600000" }, { "DisplayName": "8 hours", "Data": "28800000" }, { "DisplayName": "12 hours", "Data": "43200000" }, { "DisplayName": "16 hours", "Data": "57600000" }, { "DisplayName": "18 hours", "Data": "64800000" }, { "DisplayName": "1 day", "Data": "86400000" }, { "DisplayName": "2 days", "Data": "172800000" }, { "DisplayName": "3 days", "Data": "259200000" }, { "DisplayName": "4 days", "Data": "345600000" }, { "DisplayName": "5 days", "Data": "432000000" } ], "Required": true } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_SESSION_TIME_LIMITS", "PolicyName": "TS_SESSIONS_Limits_1", "Class": "User", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Set time limit for active Remote Desktop Services sessions", "ExplainText": "This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it is automatically disconnected.\n\nIf you enable this policy setting, you must select the desired time limit in the Active session limit list. Remote Desktop Services will automatically disconnect active sessions after the specified amount of time. The user receives a warning two minutes before the Remote Desktop Services session disconnects, which allows the user to save open files and close programs. If you have a console session, active session time limits do not apply.\n\nIf you disable or do not configure this policy setting, this policy setting is not specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active for an unlimited amount of time.\n\nIf you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\\Administrative Templates\\Windows Components\\Remote Desktop Services\\Remote Desktop Session Host\\Session Time Limits\\End session when time limits are reached.\n\nNote: This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "Elements": [ { "Type": "Enum", "ValueName": "MaxConnectionTime", "Items": [ { "DisplayName": "Never", "Data": "0" }, { "DisplayName": "1 minute", "Data": "60000" }, { "DisplayName": "5 minutes", "Data": "300000" }, { "DisplayName": "10 minutes", "Data": "600000" }, { "DisplayName": "15 minutes", "Data": "900000" }, { "DisplayName": "30 minutes", "Data": "1800000" }, { "DisplayName": "1 hour", "Data": "3600000" }, { "DisplayName": "2 hours", "Data": "7200000" }, { "DisplayName": "3 hours", "Data": "10800000" }, { "DisplayName": "6 hours", "Data": "21600000" }, { "DisplayName": "8 hours", "Data": "28800000" }, { "DisplayName": "12 hours", "Data": "43200000" }, { "DisplayName": "16 hours", "Data": "57600000" }, { "DisplayName": "18 hours", "Data": "64800000" }, { "DisplayName": "1 day", "Data": "86400000" }, { "DisplayName": "2 days", "Data": "172800000" }, { "DisplayName": "3 days", "Data": "259200000" }, { "DisplayName": "4 days", "Data": "345600000" }, { "DisplayName": "5 days", "Data": "432000000" } ] } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_SESSION_TIME_LIMITS", "PolicyName": "TS_SESSIONS_Limits_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Set time limit for active Remote Desktop Services sessions", "ExplainText": "This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it is automatically disconnected.\n\nIf you enable this policy setting, you must select the desired time limit in the Active session limit list. Remote Desktop Services will automatically disconnect active sessions after the specified amount of time. The user receives a warning two minutes before the Remote Desktop Services session disconnects, which allows the user to save open files and close programs. If you have a console session, active session time limits do not apply.\n\nIf you disable or do not configure this policy setting, this policy setting is not specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active for an unlimited amount of time.\n\nIf you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\\Administrative Templates\\Windows Components\\Remote Desktop Services\\Remote Desktop Session Host\\Session Time Limits\\End session when time limits are reached.\n\nNote: This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "Elements": [ { "Type": "Enum", "ValueName": "MaxConnectionTime", "Items": [ { "DisplayName": "Never", "Data": "0" }, { "DisplayName": "1 minute", "Data": "60000" }, { "DisplayName": "5 minutes", "Data": "300000" }, { "DisplayName": "10 minutes", "Data": "600000" }, { "DisplayName": "15 minutes", "Data": "900000" }, { "DisplayName": "30 minutes", "Data": "1800000" }, { "DisplayName": "1 hour", "Data": "3600000" }, { "DisplayName": "2 hours", "Data": "7200000" }, { "DisplayName": "3 hours", "Data": "10800000" }, { "DisplayName": "6 hours", "Data": "21600000" }, { "DisplayName": "8 hours", "Data": "28800000" }, { "DisplayName": "12 hours", "Data": "43200000" }, { "DisplayName": "16 hours", "Data": "57600000" }, { "DisplayName": "18 hours", "Data": "64800000" }, { "DisplayName": "1 day", "Data": "86400000" }, { "DisplayName": "2 days", "Data": "172800000" }, { "DisplayName": "3 days", "Data": "259200000" }, { "DisplayName": "4 days", "Data": "345600000" }, { "DisplayName": "5 days", "Data": "432000000" } ] } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_TEMP", "PolicyName": "TS_TEMP_DELETE", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "WindowsNET - At least Windows Server 2003", "DisplayName": "Do not delete temp folders upon exit", "ExplainText": "This policy setting specifies whether Remote Desktop Services retains a user's per-session temporary folders at logoff.\n\nYou can use this setting to maintain a user's session-specific temporary folders on a remote computer, even if the user logs off from a session. By default, Remote Desktop Services deletes a user's temporary folders when the user logs off.\n\nIf you enable this policy setting, a user's per-session temporary folders are retained when the user logs off from a session.\n\nIf you disable this policy setting, temporary folders are deleted when a user logs off, even if the server administrator specifies otherwise.\n\nIf you do not configure this policy setting, Remote Desktop Services deletes the temporary folders from the remote computer at logoff, unless specified otherwise by the server administrator.\n\nNote: This setting only takes effect if per-session temporary folders are in use on the server. If you enable the Do not use temporary folders per session policy setting, this policy setting has no effect.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "DeleteTempDirsOnExit", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_TEMP", "PolicyName": "TS_TEMP_PER_SESSION", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "WindowsNET - At least Windows Server 2003", "DisplayName": "Do not use temporary folders per session", "ExplainText": "This policy setting allows you to prevent Remote Desktop Services from creating session-specific temporary folders.\n\nYou can use this policy setting to disable the creation of separate temporary folders on a remote computer for each session. By default, Remote Desktop Services creates a separate temporary folder for each active session that a user maintains on a remote computer. These temporary folders are created on the remote computer in a Temp folder under the user's profile folder and are named with the sessionid.\n\nIf you enable this policy setting, per-session temporary folders are not created. Instead, a user's temporary files for all sessions on the remote computer are stored in a common Temp folder under the user's profile folder on the remote computer.\n\nIf you disable this policy setting, per-session temporary folders are always created, even if the server administrator specifies otherwise.\n\nIf you do not configure this policy setting, per-session temporary folders are created unless the server administrator specifies otherwise.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "PerSessionTempDir", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_CLIENT", "PolicyName": "TS_CLIENT_ALLOW_UNSIGNED_FILES_1", "Class": "User", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "TS_SUPPORTED_Vista_SP1 - At least Windows Vista with Service Pack 1", "DisplayName": "Allow .rdp files from unknown publishers", "ExplainText": "This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from unknown publishers on the client computer.\n\nIf you enable or do not configure this policy setting, users can run unsigned .rdp files and .rdp files from unknown publishers on the client computer. Before a user starts an RDP session, the user receives a warning message and is asked to confirm whether they want to connect.\n\nIf you disable this policy setting, users cannot run unsigned .rdp files and .rdp files from unknown publishers on the client computer. If the user tries to start an RDP session, the user receives a message that the publisher has been blocked.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "AllowUnsignedFiles", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_CLIENT", "PolicyName": "TS_CLIENT_ALLOW_UNSIGNED_FILES_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "TS_SUPPORTED_Vista_SP1 - At least Windows Vista with Service Pack 1", "DisplayName": "Allow .rdp files from unknown publishers", "ExplainText": "This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from unknown publishers on the client computer.\n\nIf you enable or do not configure this policy setting, users can run unsigned .rdp files and .rdp files from unknown publishers on the client computer. Before a user starts an RDP session, the user receives a warning message and is asked to confirm whether they want to connect.\n\nIf you disable this policy setting, users cannot run unsigned .rdp files and .rdp files from unknown publishers on the client computer. If the user tries to start an RDP session, the user receives a message that the publisher has been blocked.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "AllowUnsignedFiles", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_CLIENT", "PolicyName": "TS_CLIENT_ALLOW_SIGNED_FILES_1", "Class": "User", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "TS_SUPPORTED_Vista_SP1 - At least Windows Vista with Service Pack 1", "DisplayName": "Allow .rdp files from valid publishers and user's default .rdp settings", "ExplainText": "This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one issued by an authority recognized by the client, such as the issuers in the client's Third-Party Root Certification Authorities certificate store. This policy setting also controls whether the user can start an RDP session by using default .rdp settings (for example, when a user directly opens the Remote Desktop Connection [RDC] client without specifying an .rdp file).\n\nIf you enable or do not configure this policy setting, users can run .rdp files that are signed with a valid certificate. Users can also start an RDP session with default .rdp settings by directly opening the RDC client. When a user starts an RDP session, the user is asked to confirm whether they want to connect.\n\nIf you disable this policy setting, users cannot run .rdp files that are signed with a valid certificate. Additionally, users cannot start an RDP session by directly opening the RDC client and specifying the remote computer name. When a user tries to start an RDP session, the user receives a message that the publisher has been blocked.\n\nNote: You can define this policy setting in the Computer Configuration node or in the User Configuration node. If you configure this policy setting for the computer, all users on the computer are affected.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "AllowSignedFiles", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_CLIENT", "PolicyName": "TS_CLIENT_ALLOW_SIGNED_FILES_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "TS_SUPPORTED_Vista_SP1 - At least Windows Vista with Service Pack 1", "DisplayName": "Allow .rdp files from valid publishers and user's default .rdp settings", "ExplainText": "This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one that is issued by an authority recognized by the client, such as the issuers in the client's Third-Party Root Certification Authorities certificate store. This policy setting also controls whether the user can start an RDP session by using default .rdp settings (for example, when a user directly opens the Remote Desktop Connection [RDC] client without specifying an .rdp file).\n\nIf you enable or do not configure this policy setting, users can run .rdp files that are signed with a valid certificate. Users can also start an RDP session with default .rdp settings by directly opening the RDC client. When a user starts an RDP session, the user is asked to confirm whether they want to connect.\n\nIf you disable this policy setting, users cannot run .rdp files that are signed with a valid certificate. Additionally, users cannot start an RDP session by directly opening the RDC client and specifying the remote computer name. When a user tries to start an RDP session, the user receives a message that the publisher has been blocked.\n\nNote: You can define this policy setting in the Computer Configuration node or in the User Configuration node. If you configure this policy setting for the computer, all users on the computer are affected.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "AllowSignedFiles", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_CLIENT", "PolicyName": "TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_1", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "TS_SUPPORTED_Vista_SP1 - At least Windows Vista with Service Pack 1", "DisplayName": "Specify SHA1 thumbprints of certificates representing trusted .rdp publishers", "ExplainText": "This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted Remote Desktop Protocol (.rdp) file publishers.\n\nIf you enable this policy setting, any certificate with an SHA1 thumbprint that matches a thumbprint on the list is trusted. If a user tries to start an .rdp file that is signed by a trusted certificate, the user does not receive any warning messages when they start the file. To obtain the thumbprint, view the certificate details, and then click the Thumbprint field.\n\nIf you disable or do not configure this policy setting, no publisher is treated as a trusted .rdp publisher.\n\nNotes:\n\nYou can define this policy setting in the Computer Configuration node or in the User Configuration node. If you configure this policy setting for the computer, the list of certificate thumbprints trusted for a user is a combination of the list defined for the computer and the list defined for the user.\n\nThis policy setting overrides the behavior of the \"Allow .rdp files from valid publishers and user's default .rdp settings\" policy setting.\n\nIf the list contains a string that is not a certificate thumbprint, it is ignored.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "Elements": [ { "Type": "Text", "ValueName": "TrustedCertThumbprints", "Required": true } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_CLIENT", "PolicyName": "TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_2", "Class": "User", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "TS_SUPPORTED_Vista_SP1 - At least Windows Vista with Service Pack 1", "DisplayName": "Specify SHA1 thumbprints of certificates representing trusted .rdp publishers", "ExplainText": "This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted Remote Desktop Protocol (.rdp) file publishers.\n\nIf you enable this policy setting, any certificate with an SHA1 thumbprint that matches a thumbprint on the list is trusted. If a user tries to start an .rdp file that is signed by a trusted certificate, the user does not receive any warning messages when they start the file. To obtain the thumbprint, view the certificate details, and then click the Thumbprint field.\n\nIf you disable or do not configure this policy setting, no publisher is treated as a trusted .rdp publisher.\n\nNote:\n\nYou can define this policy setting in the Computer Configuration node or in the User Configuration node. If you configure this policy setting for the computer, the list of certificate thumbprints trusted for a user is a combination of the list defined for the computer and the list defined for the user.\n\nThis policy setting overrides the behavior of the \"Allow .rdp files from valid publishers and user's default .rdp settings\" policy setting.\n\nIf the list contains a string that is not a certificate thumbprint, it is ignored.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "Elements": [ { "Type": "Text", "ValueName": "TrustedCertThumbprints", "Required": true } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_CLIENT", "PolicyName": "TS_PROMT_CREDS_CLIENT_COMP", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "TS_SUPPORTED_Vista_SP1 - At least Windows Vista with Service Pack 1", "DisplayName": "Prompt for credentials on the client computer", "ExplainText": "This policy setting determines whether a user will be prompted on the client computer to provide credentials for a remote connection to an RD Session Host server.\n\nIf you enable this policy setting, a user will be prompted on the client computer instead of on the RD Session Host server to provide credentials for a remote connection to an RD Session Host server. If saved credentials for the user are available on the client computer, the user will not be prompted to provide credentials.\n\nNote: If you enable this policy setting in releases of Windows Server 2008 R2 with SP1 or Windows Server 2008 R2, and a user is prompted on both the client computer and on the RD Session Host server to provide credentials, clear the Always prompt for password check box on the Log on Settings tab in Remote Desktop Session Host Configuration.\n\nIf you disable or do not configure this policy setting, the version of the operating system on the RD Session Host server will determine when a user is prompted to provide credentials for a remote connection to an RD Session Host server. For Windows Server 2003 and Windows 2000 Server a user will be prompted on the terminal server to provide credentials for a remote connection. For Windows Server 2008 and Windows Server 2008 R2, a user will be prompted on the client computer to provide credentials for a remote connection.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "PromptForCredsOnClient", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_CLIENT", "PolicyName": "TS_SERVER_AUTH", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "TS_SUPPORTED_Vista_SP1 - At least Windows Vista with Service Pack 1", "DisplayName": "Configure server authentication for client", "ExplainText": "This policy setting allows you to specify whether the client will establish a connection to the RD Session Host server when the client cannot authenticate the RD Session Host server.\n\nIf you enable this policy setting, you must specify one of the following settings:\n\nAlways connect, even if authentication fails: The client connects to the RD Session Host server even if the client cannot authenticate the RD Session Host server.\n\nWarn me if authentication fails: The client attempts to authenticate the RD Session Host server. If the RD Session Host server can be authenticated, the client establishes a connection to the RD Session Host server. If the RD Session Host server cannot be authenticated, the user is prompted to choose whether to connect to the RD Session Host server without authenticating the RD Session Host server.\n\nDo not connect if authentication fails: The client establishes a connection to the RD Session Host server only if the RD Session Host server can be authenticated.\n\nIf you disable or do not configure this policy setting, the authentication setting that is specified in Remote Desktop Connection or in the .rdp file determines whether the client establishes a connection to the RD Session Host server when the client cannot authenticate the RD Session Host server.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "Elements": [ { "Type": "Enum", "ValueName": "AuthenticationLevel", "Items": [ { "DisplayName": "Always connect, even if authentication fails", "Data": "0" }, { "DisplayName": "Warn me if authentication fails", "Data": "2" }, { "DisplayName": "Do not connect if authentication fails", "Data": "1" } ] } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_SESSIONS", "PolicyName": "TS_SERVER_IMAGE_QUALITY", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Configure image quality for RemoteFX Adaptive Graphics", "ExplainText": "This policy setting allows you to specify the visual quality for remote users when connecting to this computer by using Remote Desktop Connection. You can use this policy setting to balance the network bandwidth usage with the visual quality that is delivered.\nIf you enable this policy setting and set quality to Low, RemoteFX Adaptive Graphics uses an encoding mechanism that results in low quality images. This mode consumes the lowest amount of network bandwidth of the quality modes.\nIf you enable this policy setting and set quality to Medium, RemoteFX Adaptive Graphics uses an encoding mechanism that results in medium quality images. This mode provides better graphics quality than low quality and uses less bandwidth than high quality.\nIf you enable this policy setting and set quality to High, RemoteFX Adaptive Graphics uses an encoding mechanism that results in high quality images and consumes moderate network bandwidth.\nIf you enable this policy setting and set quality to Lossless, RemoteFX Adaptive Graphics uses lossless encoding. In this mode, the color integrity of the graphics data is not impacted. However, this setting results in a significant increase in network bandwidth consumption. We recommend that you set this for very specific cases only.\nIf you disable or do not configure this policy setting, RemoteFX Adaptive Graphics uses an encoding mechanism that results in medium quality images.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "Elements": [ { "Type": "Enum", "ValueName": "ImageQuality", "Items": [ { "DisplayName": "Lossless", "Data": "1" }, { "DisplayName": "High", "Data": "2" }, { "DisplayName": "Medium", "Data": "3" }, { "DisplayName": "Low", "Data": "4" } ] } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_SESSIONS", "PolicyName": "TS_SERVER_PROFILE", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Configure RemoteFX Adaptive Graphics", "ExplainText": "This policy setting allows the administrator to configure the RemoteFX experience for Remote Desktop Session Host or Remote Desktop Virtualization Host servers. By default, the system will choose the best experience based on available nework bandwidth.\n\nIf you enable this policy setting, the RemoteFX experience could be set to one of the following options:\n1. Let the system choose the experience for the network condition\n2. Optimize for server scalability\n3. Optimize for minimum bandwidth usage\n\nIf you disable or do not configure this policy setting, the RemoteFX experience will change dynamically based on the network condition.\"", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "Elements": [ { "Type": "Enum", "ValueName": "GraphicsProfile", "Items": [ { "DisplayName": "Let the system choose experience for network condition", "Data": "2" }, { "DisplayName": "Optimize for server scalability", "Data": "1" }, { "DisplayName": "Optimize for minimum bandwidth usage", "Data": "3" } ] } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_SESSIONS", "PolicyName": "TS_SERVER_COMPRESSOR", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "TS_SUPPORTED_Vista_SP1 - At least Windows Vista with Service Pack 1", "DisplayName": "Configure compression for RemoteFX data", "ExplainText": "This policy setting allows you to specify which Remote Desktop Protocol (RDP) compression algorithm to use.\n\nBy default, servers use an RDP compression algorithm that is based on the server's hardware configuration.\n\nIf you enable this policy setting, you can specify which RDP compression algorithm to use. If you select the algorithm that is optimized to use less memory, this option is less memory-intensive, but uses more network bandwidth. If you select the algorithm that is optimized to use less network bandwidth, this option uses less network bandwidth, but is more memory-intensive. Additionally, a third option is available that balances memory usage and network bandwidth. In Windows 8 only the compression algorithm that balances memory usage and bandwidth is used.\n\nYou can also choose not to use an RDP compression algorithm. Choosing not to use an RDP compression algorithm will use more network bandwidth and is only recommended if you are using a hardware device that is designed to optimize network traffic. Even if you choose not to use an RDP compression algorithm, some graphics data will still be compressed.\n\nIf you disable or do not configure this policy setting, the default RDP compression algorithm will be used.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "Elements": [ { "Type": "Enum", "ValueName": "MaxCompressionLevel", "Items": [ { "DisplayName": "Optimized to use less memory", "Data": "1" }, { "DisplayName": "Optimized to use less network bandwidth", "Data": "3" }, { "DisplayName": "Balances memory and network bandwidth", "Data": "2" }, { "DisplayName": "Do not use an RDP compression algorithm", "Data": "0" } ] } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_SESSIONS", "PolicyName": "TS_SERVER_WDDM_GRAPHICS_DRIVER", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "TS_SUPPORTED_1903_TO_2004 - Windows 10 Version 1903, Windows 10 Version 1909, and Windows 10 Version 2004", "DisplayName": "Use WDDM graphics display driver for Remote Desktop Connections", "ExplainText": "This policy setting lets you enable WDDM graphics display driver for Remote Desktop Connections.\n\nIf you enable or do not configure this policy setting, Remote Desktop Connections will use WDDM graphics display driver.\n\nIf you disable this policy setting, Remote Desktop Connections will NOT use WDDM graphics display driver. In this case, the Remote Desktop Connections will use XDDM graphics display driver.\n\nFor this change to take effect, you must restart Windows.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "fEnableWddmDriver", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_SESSIONS", "PolicyName": "TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "Windows_6_3_NOARM - At least Windows Server 2012 R2 or Windows 8.1", "DisplayName": "Use advanced RemoteFX graphics for RemoteApp", "ExplainText": "This policy setting allows you to enable RemoteApp programs to use advanced graphics, including support for transparency, live thumbnails, and seamless application moves. This policy setting applies only to RemoteApp programs and does not apply to remote desktop sessions.\n\nIf you enable or do not configure this policy setting, RemoteApp programs published from this RD Session Host server will use these advanced graphics.\n\nIf you disable this policy setting, RemoteApp programs published from this RD Session Host server will not use these advanced graphics. You may want to choose this option if you discover that applications published as RemoteApp programs do not support these advanced graphics.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "fEnableRemoteFXAdvancedRemoteApp", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_SESSIONS", "PolicyName": "TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "Windows_11_0_22H2 - At least Windows 11 Version 22H2", "DisplayName": "Enable enhanced shell experience for RemoteApp", "ExplainText": "This policy setting enables an enhanced shell experience for RemoteApp sessions, offering support for default file associations, Run/RunOnce registry keys, and more. This policy setting applies only to RemoteApp sessions and does not apply to Remote Desktop sessions.\n\nIf you enable or do not configure this policy setting, RemoteApp sessions on RD Session Host servers will have the enhanced shell experience.\n\nIf you disable this policy setting, RemoteApp sessions will not have the enhanced shell experience and will use the legacy shell behavior. This may be needed if compatibility issues arise in published RemoteApp programs.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "UseShellAppRuntimeRemoteApp", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_SESSIONS", "PolicyName": "TS_SERVER_AVC_HW_ENCODE_PREFERRED", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Configure H.264/AVC hardware encoding for Remote Desktop Connections", "ExplainText": "This policy setting lets you enable H.264/AVC hardware encoding support for Remote Desktop Connections. When you enable hardware encoding, if an error occurs, we will attempt to use software encoding. If you disable or do not configure this policy, we will always use software encoding.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "AVCHardwareEncodePreferred", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_SESSIONS", "PolicyName": "TS_SERVER_AVC444_MODE_PREFERRED", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Prioritize H.264/AVC 444 graphics mode for Remote Desktop Connections", "ExplainText": "This policy setting prioritizes the H.264/AVC 444 graphics mode for non-RemoteFX vGPU scenarios. When you use this setting on the RDP server, the server will use H.264/AVC 444 as the codec in an RDP 10 connection where both the client and server can use H.264/AVC 444.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "AVC444ModePreferred", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_CLIENT", "PolicyName": "TS_CLIENT_DISABLE_HARDWARE_MODE", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Do not allow hardware accelerated decoding", "ExplainText": "This policy setting specifies whether the Remote Desktop Connection can use hardware acceleration if supported hardware is available. If you use this setting, the Remote Desktop Client will use only software decoding. For example, if you have a problem that you suspect may be related to hardware acceleration, use this setting to disable the acceleration; then, if the problem still occurs, you will know that there are additional issues to investigate. If you disable this setting or leave it not configured, the Remote Desktop client will use hardware accelerated decoding if supported hardware is available.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services\\Client" ], "ValueName": "EnableHardwareMode", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_LEGACY_REMOTEFX", "PolicyName": "TS_SERVER_VISEXP", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "TS_SUPPORTED_ONLY_Windows7_OR_SERVER2K8R2 - Windows 7 or Windows Server 2008 R2 (and their subsequent Service Packs) only", "DisplayName": "Optimize visual experience for Remote Desktop Service Sessions", "ExplainText": "This policy setting allows you to specify the visual experience that remote users receive in Remote Desktop Services sessions. Remote sessions on the remote computer are then optimized to support this visual experience.\n\nBy default, Remote Desktop Services sessions are optimized for rich multimedia, such as applications that use Silverlight or Windows Presentation Foundation.\n\nIf you enable this policy setting, you must select the visual experience for which you want to optimize Remote Desktop Services sessions. You can select either Rich multimedia or Text.\n\nIf you disable or do not configure this policy setting, Remote Desktop Services sessions are optimized for rich multimedia.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "Elements": [ { "Type": "Enum", "ValueName": "VisualExperiencePolicy", "Items": [ { "DisplayName": "Rich multimedia", "Data": "1" }, { "DisplayName": "Text", "Data": "2" } ] } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_USB_REDIRECTION", "PolicyName": "TS_USB_REDIRECTION_DISABLE", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "TS_SUPPORTED_Windows7_OR_SERVER2K8R2_SP1 - At least Windows 7 with Service Pack 1 or Windows Server 2008 R2 with Service Pack 1", "DisplayName": "Allow RDP redirection of other supported RemoteFX USB devices from this computer", "ExplainText": "This policy setting allows you to permit RDP redirection of other supported RemoteFX USB devices from this computer. Redirected RemoteFX USB devices will not be available for local usage on this computer.\n\nIf you enable this policy setting, you can choose to give the ability to redirect other supported RemoteFX USB devices over RDP to all users or only to users who are in the Administrators group on the computer.\n\nIf you disable or do not configure this policy setting, other supported RemoteFX USB devices are not available for RDP redirection by using any user account.\n\nFor this change to take effect, you must restart Windows.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services\\Client" ], "ClientExtension": "{4bcd6cde-777b-48b6-9804-43568e23545d}", "Elements": [ { "Type": "Enum", "ValueName": "fUsbRedirectionEnableMode", "Items": [ { "DisplayName": "Adminstrators Only", "Data": "1" }, { "DisplayName": "Adminstrators and Users", "Data": "2" } ], "Required": true } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_LEGACY_REMOTEFX", "PolicyName": "TS_EnableVirtualGraphics", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "TS_SUPPORTED_ONLY_Windows7_OR_SERVER2K8R2 - Windows 7 or Windows Server 2008 R2 (and their subsequent Service Packs) only", "DisplayName": "Configure RemoteFX", "ExplainText": "This policy setting allows you to control the availability of RemoteFX on both a Remote Desktop Virtualization Host (RD Virtualization Host) server and a Remote Desktop Session Host (RD Session Host) server.\n\nWhen deployed on an RD Virtualization Host server, RemoteFX delivers a rich user experience by rendering content on the server by using graphics processing units (GPUs). By default, RemoteFX for RD Virtualization Host uses server-side GPUs to deliver a rich user experience over LAN connections and RDP 7.1.\n\nWhen deployed on an RD Session Host server, RemoteFX delivers a rich user experience by using a hardware-accelerated compression scheme.\n\nIf you enable this policy setting, RemoteFX will be used to deliver a rich user experience over LAN connections and RDP 7.1.\n\nIf you disable this policy setting, RemoteFX will be disabled.\n\nIf you do not configure this policy setting, the default behavior will be used. By default, RemoteFX for RD Virtualization Host is enabled and RemoteFX for RD Session Host is disabled.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "fEnableVirtualizedGraphics", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_LEGACY_REMOTEFX", "PolicyName": "TS_RemoteDesktopVirtualGraphics", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "TS_SUPPORTED_ONLY_Windows7_OR_SERVER2K8R2 - Windows 7 or Windows Server 2008 R2 (and their subsequent Service Packs) only", "DisplayName": "Optimize visual experience when using RemoteFX", "ExplainText": "This policy setting allows you to specify the visual experience that remote users will have in Remote Desktop Connection (RDC) connections that use RemoteFX. You can use this policy to balance the network bandwidth usage with the type of graphics experience that is delivered.\n\nDepending on the requirements of your users, you can reduce network bandwidth usage by reducing the screen capture rate. You can also reduce network bandwidth usage by reducing the image quality (increasing the amount of image compression that is performed).\n\nIf you have a higher than average bandwidth network, you can maximize the utilization of bandwidth by selecting the highest setting for screen capture rate and the highest setting for image quality.\n\nBy default, Remote Desktop Connection sessions that use RemoteFX are optimized for a balanced experience over LAN conditions. If you disable or do not configure this policy setting, Remote Desktop Connection sessions that use RemoteFX will be the same as if the medium screen capture rate and the medium image compression settings were selected (the default behavior).", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "Elements": [ { "Type": "Enum", "ValueName": "VGOptimization_CaptureFrameRate", "Items": [ { "DisplayName": "Highest (best quality)", "Data": "1" }, { "DisplayName": "Medium (default)", "Data": "2" }, { "DisplayName": "Lowest", "Data": "3" } ] }, { "Type": "Enum", "ValueName": "VGOptimization_CompressionRatio", "Items": [ { "DisplayName": "Highest (best quality)", "Data": "1" }, { "DisplayName": "Medium (default)", "Data": "2" }, { "DisplayName": "Lowest", "Data": "3" } ] } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_SESSIONS", "PolicyName": "TS_SERVER_LEGACY_RFX", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Enable RemoteFX encoding for RemoteFX clients designed for Windows Server 2008 R2 SP1", "ExplainText": "This policy setting allows you to configure graphics encoding to use the RemoteFX Codec on the Remote Desktop Session Host server so that the sessions are compatible with non-Windows thin client devices designed for Windows Server 2008 R2 SP1. These clients only support the Windows Server 2008 R2 SP1 RemoteFX Codec.If you enable this policy setting, users' sessions on this server will only use the Windows Server 2008 R2 SP1 RemoteFX Codec for encoding. This mode is compatible with thin client devices that only support the Windows Server 2008 R2 SP1 RemoteFX Codec.If you disable or do not configure this policy setting, non-Windows thin clients that only support the Windows Server 2008 R2 SP1 RemoteFX Codec will not be able to connect to this server. This policy setting applies only to clients that are using Remote Desktop Protocol (RDP) 7.1, and does not affect clients that are using other RDP versions.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "fEnableVirtualizedGraphics", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_RADC", "PolicyName": "TS_RADC_DefaultConnection", "Class": "User", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Specify default connection URL", "ExplainText": "This policy setting specifies the default connection URL for RemoteApp and Desktop Connections. The default connection URL is a specific connection that can only be configured by using Group Policy. In addition to the capabilities that are common to all connections, the default connection URL allows document file types to be associated with RemoteApp programs.\n\nThe default connection URL must be configured in the form of http://contoso.com/rdweb/Feed/webfeed.aspx.\n\nIf you enable this policy setting, the specified URL is configured as the default connection URL for the user and replaces any existing connection URL. The user cannot change the default connection URL. The user's default logon credentials are used when setting up the default connection URL.\n\nIf you disable or do not configure this policy setting, the user has no default connection URL.\n\nNote: RemoteApp programs that are installed through RemoteApp and Desktop Connections from an untrusted server can compromise the security of a user's account.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Workspaces" ], "Elements": [ { "Type": "Text", "ValueName": "DefaultConnectionURL", "Required": true, "MaxLength": "2083", "ClientExtension": "{4D2F9B6F-1E52-4711-A382-6A8B1A003DE6}" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_CONNECTIONS", "PolicyName": "TS_SELECT_NETWORK_DETECT", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Select network detection on the server", "ExplainText": "This policy setting allows you to specify how the Remote Desktop Protocol will try to detect the network quality (bandwidth and latency).\n\nYou can choose to disable Connect Time Detect, Continuous Network Detect, or both Connect Time Detect and Continuous Network Detect.\n\nIf you disable Connect Time Detect, Remote Desktop Protocol will not determine the network quality at the connect time, and it will assume that all traffic to this server originates from a low-speed connection.\n\nIf you disable Continuous Network Detect, Remote Desktop Protocol will not try to adapt the remote user experience to varying network quality.\n\nIf you disable Connect Time Detect and Continuous Network Detect, Remote Desktop Protocol will not try to determine the network quality at the connect time; instead it will assume that all traffic to this server originates from a low-speed connection, and it will not try to adapt the user experience to varying network quality.\n\nIf you disable or do not configure this policy setting, Remote Desktop Protocol will spend up to a few seconds trying to determine the network quality prior to the connection, and it will continuously try to adapt the user experience to varying network quality.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "Elements": [ { "Type": "Enum", "ValueName": "SelectNetworkDetect", "Items": [ { "DisplayName": "Use both Connect Time Detect and Continuous Network Detect", "Data": "0" }, { "DisplayName": "Turn off Connect Time Detect", "Data": "1" }, { "DisplayName": "Turn off Continuous Network Detect", "Data": "2" }, { "DisplayName": "Turn off Connect Time Detect and Continuous Network Detect", "Data": "3" } ] } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_CONNECTIONS", "PolicyName": "TS_SELECT_TRANSPORT", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Select RDP transport protocols", "ExplainText": "This policy setting allows you to specify which protocols can be used for Remote Desktop Protocol (RDP) access to this server.\n\nIf you enable this policy setting, you must specify if you would like RDP to use UDP.\n\nYou can select one of the following options: \"Use either UDP or TCP (default)\" or \"Use only TCP\"\n\nIf you select \"Use either UDP or TCP\" and the UDP connection is successful, most of the RDP traffic will use UDP.\n\nIf the UDP connection is not successful or if you select \"Use only TCP,\" all of the RDP traffic will use TCP.\n\nIf you disable or do not configure this policy setting, RDP will choose the optimal protocols for delivering the best user experience.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "Elements": [ { "Type": "Enum", "ValueName": "SelectTransport", "Items": [ { "DisplayName": "Use either UDP or TCP", "Data": "2" }, { "DisplayName": "Use only TCP", "Data": "1" } ] } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_CLIENT", "PolicyName": "TS_CLIENT_TURN_OFF_UDP", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "TS_SUPPORTED_Windows8_or_ARM - At least Windows 8 or Windows RT", "DisplayName": "Turn Off UDP On Client", "ExplainText": "This policy setting specifies whether the UDP protocol will be used to access servers via Remote Desktop Protocol.\n\nIf you enable this policy setting, Remote Desktop Protocol traffic will only use the TCP protocol.\n\nIf you disable or do not configure this policy setting, Remote Desktop Protocol traffic will attempt to use both TCP and UDP protocols.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services\\Client" ], "ValueName": "fClientDisableUDP", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TerminalServer.admx", "CategoryName": "TS_SESSIONS", "PolicyName": "TS_DX_USE_FULL_HWGPU", "Class": "Machine", "NameSpace": "Microsoft.Policies.TerminalServer", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Use hardware graphics adapters for all Remote Desktop Services sessions", "ExplainText": "This policy setting enables system administrators to change the graphics rendering for all Remote Desktop Services sessions.\n\nIf you enable this policy setting, all Remote Desktop Services sessions use the hardware graphics renderer instead of the Microsoft Basic Render Driver as the default adapter.\n\nIf you disable this policy setting, all Remote Desktop Services sessions use the Microsoft Basic Render Driver as the default adapter.\n\nIf you do not configure this policy setting, Remote Desktop Services sessions on the RD Session Host server use the Microsoft Basic Render Driver as the default adapter. In all other cases, Remote Desktop Services sessions use the hardware graphics renderer by default.\n\nNOTE: The policy setting enables load-balancing of graphics processing units (GPU) on a computer with more than one GPU installed. The GPU configuration of the local session is not affected by this policy setting.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services" ], "ValueName": "bEnumerateHWBeforeSW", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TextInput.admx", "CategoryName": "TextInput", "PolicyName": "AllowLanguageFeaturesUninstall", "Class": "Machine", "NameSpace": "Microsoft.Policies.TextInput", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Allow uninstallation of language features when a language is uninstalled", "ExplainText": "When this policy setting is enabled, some language features (such as handwriting recognizers and spell checking dictionaries) included with a language can be uninstalled from a user\u2019s machine when the language is uninstalled. The language can be reinstalled with a different selection of included language features if needed. When this policy setting is disabled, language features remain on the user\u2019s machine when the language is uninstalled.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\TextInput" ], "ValueName": "AllowLanguageFeaturesUninstall", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TextInput.admx", "CategoryName": "TextInput", "PolicyName": "AllowLinguisticDataCollection", "Class": "Machine", "NameSpace": "Microsoft.Policies.TextInput", "Supported": "Windows_10_0_RS4 - At least Windows Server 2016, Windows 10 Version 1803", "DisplayName": "Improve inking and typing recognition", "ExplainText": "This policy setting controls the ability to send inking and typing data to Microsoft to improve the language recognition and suggestion capabilities of apps and services running on Windows.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\TextInput" ], "ValueName": "AllowLinguisticDataCollection", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Thumbnails.admx", "CategoryName": "WindowsExplorer", "PolicyName": "DisableThumbnails", "Class": "User", "NameSpace": "Microsoft.Policies.Thumbnails", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn off the display of thumbnails and only display icons.", "ExplainText": "This policy setting allows you to configure how File Explorer displays thumbnail images or icons on the local computer.\n\nFile Explorer displays thumbnail images by default.\n\nIf you enable this policy setting, File Explorer displays only icons and never displays thumbnail images.\n\nIf you disable or do not configure this policy setting, File Explorer displays only thumbnail images.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "DisableThumbnails", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Thumbnails.admx", "CategoryName": "WindowsExplorer", "PolicyName": "DisableThumbnailsOnNetworkFolders", "Class": "User", "NameSpace": "Microsoft.Policies.Thumbnails", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn off the display of thumbnails and only display icons on network folders", "ExplainText": "This policy setting allows you to configure how File Explorer displays thumbnail images or icons on network folders.\n\nFile Explorer displays only icons and never displays thumbnail images on network folders by default.\n\nIf you disable this policy setting, File Explorer displays thumbnail images on network folders.\n\nIf you enable or do not configure this policy setting, File Explorer displays only icons and never displays thumbnail images on network folders.\n\nNote: Allowing the use of thumbnail images from network folders can expose the users' computers to security risks.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "DisableThumbnailsOnNetworkFolders", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "Thumbnails.admx", "CategoryName": "WindowsExplorer", "PolicyName": "DisableThumbsDBOnNetworkFolders", "Class": "User", "NameSpace": "Microsoft.Policies.Thumbnails", "Supported": "MicrosoftWindowsVista_SP1", "DisplayName": "Turn off the caching of thumbnails in hidden thumbs.db files", "ExplainText": "Turns off the caching of thumbnails in hidden thumbs.db files.\n\nThis policy setting allows you to configure File Explorer to cache thumbnails of items residing in network folders in hidden thumbs.db files.\n\nIf you enable this policy setting, File Explorer does not create, read from, or write to thumbs.db files.\n\nIf you disable or do not configure this policy setting, File Explorer creates, reads from, and writes to thumbs.db files.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "DisableThumbsDBOnNetworkFolders", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TouchInput.admx", "CategoryName": "TouchInput", "PolicyName": "TouchInputOff_1", "Class": "User", "NameSpace": "Microsoft.Policies.TabletPCTouchInput", "Supported": "Windows7ToVista - Windows Server 2008, Windows 7, and Windows Vista", "DisplayName": "Turn off Tablet PC touch input", "ExplainText": "Turn off Tablet PC touch input\n\nTurns off touch input, which allows the user to interact with their computer using their finger.\n\nIf you enable this setting, the user will not be able to produce input with touch. They will not be able to use touch input or touch gestures such as tap and double tap, the touch pointer, and other touch-specific features.\n\nIf you disable this setting, the user can produce input with touch, by using gestures, the touch pointer, and other-touch specific features.\n\nIf you do not configure this setting, touch input is on by default.\n\nNote: Changes to this setting will not take effect until the user logs off.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\TabletPC" ], "ValueName": "TurnOffTouchInput", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TouchInput.admx", "CategoryName": "TouchInput", "PolicyName": "TouchInputOff_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.TabletPCTouchInput", "Supported": "Windows7ToVista - Windows Server 2008, Windows 7, and Windows Vista", "DisplayName": "Turn off Tablet PC touch input", "ExplainText": "Turn off Tablet PC touch input\n\nTurns off touch input, which allows the user to interact with their computer using their finger.\n\nIf you enable this setting, the user will not be able to produce input with touch. They will not be able to use touch input or touch gestures such as tap and double tap, the touch pointer, and other touch-specific features.\n\nIf you disable this setting, the user can produce input with touch, by using gestures, the touch pointer, and other-touch specific features.\n\nIf you do not configure this setting, touch input is on by default.\n\nNote: Changes to this setting will not take effect until the user logs off.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\TabletPC" ], "ValueName": "TurnOffTouchInput", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TouchInput.admx", "CategoryName": "TouchInput", "PolicyName": "PanningEverywhereOff_1", "Class": "User", "NameSpace": "Microsoft.Policies.TabletPCTouchInput", "Supported": "Windows7Only - Windows Server 2008 R2 and Windows 7", "DisplayName": "Turn off Touch Panning", "ExplainText": "Turn off Panning\nTurns off touch panning, which allows users pan inside windows by touch. On a compatible PC with a touch digitizer, by default users are able to scroll or pan inside a scrolling area by dragging up or down directly on the scrolling content.\n\nIf you enable this setting, the user will not be able to pan windows by touch.\n\nIf you disable this setting, the user can pan windows by touch.\n\nIf you do not configure this setting, Touch Panning is on by default.\n\nNote: Changes to this setting will not take effect until the user logs off.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\TabletPC" ], "ValueName": "TurnOffPanning", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TouchInput.admx", "CategoryName": "TouchInput", "PolicyName": "PanningEverywhereOff_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.TabletPCTouchInput", "Supported": "Windows7Only - Windows Server 2008 R2 and Windows 7", "DisplayName": "Turn off Touch Panning", "ExplainText": "Turn off Panning\nTurns off touch panning, which allows users pan inside windows by touch. On a compatible PC with a touch digitizer, by default users are able to scroll or pan inside a scrolling area by dragging up or down directly on the scrolling content.\n\nIf you enable this setting, the user will not be able to pan windows by touch.\n\nIf you disable this setting, the user can pan windows by touch.\n\nIf you do not configure this setting, Touch Panning is on by default.\n\nNote: Changes to this setting will not take effect until the user logs off.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\TabletPC" ], "ValueName": "TurnOffPanning", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TPM.admx", "CategoryName": "TPMCategory", "PolicyName": "OSManagedAuth_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.TrustedPlatformModule", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Configure the level of TPM owner authorization information available to the operating system", "ExplainText": "This policy setting configures how much of the TPM owner authorization information is stored in the registry of the local computer. Depending on the amount of TPM owner authorization information stored locally, the operating system and TPM-based applications can perform certain TPM actions which require TPM owner authorization without requiring the user to enter the TPM owner password.\n\nYou can choose to have the operating system store either the full TPM owner authorization value, the TPM administrative delegation blob plus the TPM user delegation blob, or none.\n\nIf you enable this policy setting, Windows will store the TPM owner authorization in the registry of the local computer according to the operating system managed TPM authentication setting you choose.\n\nChoose the operating system managed TPM authentication setting of \"Full\" to store the full TPM owner authorization, the TPM administrative delegation blob and the TPM user delegation blob in the local registry. This setting allows use of the TPM without requiring remote or external storage of the TPM owner authorization value. This setting is appropriate for scenarios which do not depend on preventing reset of the TPM anti-hammering logic or changing the TPM owner authorization value. Some TPM-based applications may require this setting be changed before features which depend on the TPM anti-hammering logic can be used.\n\nChoose the operating system managed TPM authentication setting of \"Delegated\" to store only the TPM administrative delegation blob and the TPM user delegation blob in the local registry. This setting is appropriate for use with TPM-based applications that depend on the TPM anti-hammering logic.\n\nChoose the operating system managed TPM authentication setting of \"None\" for compatibility with previous operating systems and applications or for use with scenarios that require TPM owner authorization not be stored locally. Using this setting might cause issues with some TPM-based applications.\n\nNote: If the operating system managed TPM authentication setting is changed from \"Full\" to \"Delegated\", the full TPM owner authorization value will be regenerated and any copies of the original TPM owner authorization value will be invalid.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\TPM" ], "Elements": [ { "Type": "Enum", "ValueName": "OSManagedAuthLevel", "Items": [ { "DisplayName": "Full", "Data": "4" }, { "DisplayName": "Delegated", "Data": "2" }, { "DisplayName": "None", "Data": "0" } ], "Required": true } ] }, { "File": "TPM.admx", "CategoryName": "TPMCategory", "PolicyName": "BlockedCommandsList_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.TrustedPlatformModule", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Configure the list of blocked TPM commands", "ExplainText": "This policy setting allows you to manage the Group Policy list of Trusted Platform Module (TPM) commands blocked by Windows.\n\nIf you enable this policy setting, Windows will block the specified commands from being sent to the TPM on the computer. TPM commands are referenced by a command number. For example, command number 129 is TPM_OwnerReadInternalPub, and command number 170 is TPM_FieldUpgrade. To find the command number associated with each TPM command with TPM 1.2, run \"tpm.msc\" and navigate to the \"Command Management\" section.\n\nIf you disable or do not configure this policy setting, only those TPM commands specified through the default or local lists may be blocked by Windows. The default list of blocked TPM commands is pre-configured by Windows. You can view the default list by running \"tpm.msc\", navigating to the \"Command Management\" section, and making visible the \"On Default Block List\" column. The local list of blocked TPM commands is configured outside of Group Policy by running \"tpm.msc\" or through scripting against the Win32_Tpm interface. See related policy settings to enforce or ignore the default and local lists of blocked TPM commands.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Tpm\\BlockedCommands" ], "ValueName": "Enabled", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Tpm\\BlockedCommands\\List" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TPM.admx", "CategoryName": "TPMCategory", "PolicyName": "IgnoreDefaultList_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.TrustedPlatformModule", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Ignore the default list of blocked TPM commands", "ExplainText": "This policy setting allows you to enforce or ignore the computer's default list of blocked Trusted Platform Module (TPM) commands.\n\nIf you enable this policy setting, Windows will ignore the computer's default list of blocked TPM commands and will only block those TPM commands specified by Group Policy or the local list.\n\nThe default list of blocked TPM commands is pre-configured by Windows. You can view the default list by running \"tpm.msc\", navigating to the \"Command Management\" section, and making visible the \"On Default Block List\" column. The local list of blocked TPM commands is configured outside of Group Policy by running \"tpm.msc\" or through scripting against the Win32_Tpm interface. See the related policy setting to configure the Group Policy list of blocked TPM commands.\n\nIf you disable or do not configure this policy setting, Windows will block the TPM commands in the default list, in addition to commands in the Group Policy and local lists of blocked TPM commands.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\TPM\\BlockedCommands" ], "ValueName": "IgnoreDefaultList", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TPM.admx", "CategoryName": "TPMCategory", "PolicyName": "IgnoreLocalList_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.TrustedPlatformModule", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Ignore the local list of blocked TPM commands", "ExplainText": "This policy setting allows you to enforce or ignore the computer's local list of blocked Trusted Platform Module (TPM) commands.\n\nIf you enable this policy setting, Windows will ignore the computer's local list of blocked TPM commands and will only block those TPM commands specified by Group Policy or the default list.\n\nThe local list of blocked TPM commands is configured outside of Group Policy by running \"tpm.msc\" or through scripting against the Win32_Tpm interface. The default list of blocked TPM commands is pre-configured by Windows. See the related policy setting to configure the Group Policy list of blocked TPM commands.\n\nIf you disable or do not configure this policy setting, Windows will block the TPM commands found in the local list, in addition to commands in the Group Policy and default lists of blocked TPM commands.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\TPM\\BlockedCommands" ], "ValueName": "IgnoreLocalList", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TPM.admx", "CategoryName": "TPMCategory", "PolicyName": "StandardUserAuthorizationFailureDuration_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.TrustedPlatformModule", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Standard User Lockout Duration", "ExplainText": "This policy setting allows you to manage the duration in minutes for counting standard user authorization failures for Trusted Platform Module (TPM) commands requiring authorization. If the number of TPM commands with an authorization failure within the duration equals a threshold, a standard user is prevented from sending commands requiring authorization to the TPM.\n\nThis setting helps administrators prevent the TPM hardware from entering a lockout mode because it slows the speed standard users can send commands requiring authorization to the TPM.\n\nAn authorization failure occurs each time a standard user sends a command to the TPM and receives an error response indicating an authorization failure occurred. Authorization failures older than this duration are ignored.\n\nFor each standard user two thresholds apply. Exceeding either threshold will prevent the standard user from sending a command to the TPM that requires authorization.\n\nThe Standard User Lockout Threshold Individual value is the maximum number of authorization failures each standard user may have before the user is not allowed to send commands requiring authorization to the TPM.\n\nThe Standard User Lockout Total Threshold value is the maximum total number of authorization failures all standard users may have before all standard users are not allowed to send commands requiring authorization to the TPM.\n\nThe TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a lockout mode it is global for all users including administrators and Windows features like BitLocker Drive Encryption. The number of authorization failures a TPM allows and how long it stays locked out vary by TPM manufacturer. Some TPMs may enter lockout mode for successively longer periods of time with fewer authorization failures depending on past failures. Some TPMs may require a system restart to exit the lockout mode. Other TPMs may require the system to be on so enough clock cycles elapse before the TPM exits the lockout mode.\n\nAn administrator with the TPM owner password may fully reset the TPM's hardware lockout logic using the TPM Management Console (tpm.msc). Each time an administrator resets the TPM's hardware lockout logic all prior standard user TPM authorization failures are ignored; allowing standard users to use the TPM normally again immediately.\n\nIf this value is not configured, a default value of 480 minutes (8 hours) is used.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Tpm" ], "Elements": [ { "Type": "Decimal", "ValueName": "StandardUserAuthorizationFailureDuration", "MinValue": "0", "MaxValue": "10000", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Tpm" ] } ] }, { "File": "TPM.admx", "CategoryName": "TPMCategory", "PolicyName": "StandardUserAuthorizationFailureIndividualThreshold_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.TrustedPlatformModule", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Standard User Individual Lockout Threshold", "ExplainText": "This policy setting allows you to manage the maximum number of authorization failures for each standard user for the Trusted Platform Module (TPM). If the number of authorization failures for the user within the duration for Standard User Lockout Duration equals this value, the standard user is prevented from sending commands to the Trusted Platform Module (TPM) that require authorization.\n\nThis setting helps administrators prevent the TPM hardware from entering a lockout mode because it slows the speed standard users can send commands requiring authorization to the TPM.\n\nAn authorization failure occurs each time a standard user sends a command to the TPM and receives an error response indicating an authorization failure occurred. Authorization failures older than the duration are ignored.\n\nFor each standard user two thresholds apply. Exceeding either threshold will prevent the standard user from sending a command to the TPM that requires authorization.\n\nThis value is the maximum number of authorization failures each standard user may have before the user is not allowed to send commands requiring authorization to the TPM.\n\nThe Standard User Lockout Total Threshold value is the maximum total number of authorization failures all standard users may have before all standard users are not allowed to send commands requiring authorization to the TPM.\n\nThe TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a lockout mode it is global for all users including administrators and Windows features like BitLocker Drive Encryption. The number of authorization failures a TPM allows and how long it stays locked out vary by TPM manufacturer. Some TPMs may enter lockout mode for successively longer periods of time with fewer authorization failures depending on past failures. Some TPMs may require a system restart to exit the lockout mode. Other TPMs may require the system to be on so enough clock cycles elapse before the TPM exits the lockout mode.\n\nAn administrator with the TPM owner password may fully reset the TPM's hardware lockout logic using the TPM Management Console (tpm.msc). Each time an administrator resets the TPM's hardware lockout logic all prior standard user TPM authorization failures are ignored; allowing standard users to use the TPM normally again immediately.\n\nIf this value is not configured, a default value of 4 is used.\n\nA value of zero means the OS will not allow standard users to send commands to the TPM which may cause an authorization failure.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Tpm" ], "Elements": [ { "Type": "Decimal", "ValueName": "StandardUserAuthorizationFailureIndividualThreshold", "MinValue": "0", "MaxValue": "100", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Tpm" ] } ] }, { "File": "TPM.admx", "CategoryName": "TPMCategory", "PolicyName": "StandardUserAuthorizationFailureTotalThreshold_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.TrustedPlatformModule", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Standard User Total Lockout Threshold", "ExplainText": "This policy setting allows you to manage the maximum number of authorization failures for all standard users for the Trusted Platform Module (TPM). If the total number of authorization failures for all standard users within the duration for Standard User Lockout Duration equals this value, all standard users are prevented from sending commands to the Trusted Platform Module (TPM) that require authorization.\n\nThis setting helps administrators prevent the TPM hardware from entering a lockout mode because it slows the speed standard users can send commands requiring authorization to the TPM.\n\nAn authorization failure occurs each time a standard user sends a command to the TPM and receives an error response indicating an authorization failure occurred. Authorization failures older than the duration are ignored.\n\nFor each standard user two thresholds apply. Exceeding either threshold will prevent the standard user from sending a command to the TPM that requires authorization.\n\nThe Standard User Individual Lockout value is the maximum number of authorization failures each standard user may have before the user is not allowed to send commands requiring authorization to the TPM.\n\nThis value is the maximum total number of authorization failures all standard users may have before all standard users are not allowed to send commands requiring authorization to the TPM.\n\nThe TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a lockout mode it is global for all users including administrators and Windows features like BitLocker Drive Encryption. The number of authorization failures a TPM allows and how long it stays locked out vary by TPM manufacturer. Some TPMs may enter lockout mode for successively longer periods of time with fewer authorization failures depending on past failures. Some TPMs may require a system restart to exit the lockout mode. Other TPMs may require the system to be on so enough clock cycles elapse before the TPM exits the lockout mode.\n\nAn administrator with the TPM owner password may fully reset the TPM's hardware lockout logic using the TPM Management Console (tpm.msc). Each time an administrator resets the TPM's hardware lockout logic all prior standard user TPM authorization failures are ignored; allowing standard users to use the TPM normally again immediately.\n\nIf this value is not configured, a default value of 9 is used.\n\nA value of zero means the OS will not allow standard users to send commands to the TPM which may cause an authorization failure.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Tpm" ], "Elements": [ { "Type": "Decimal", "ValueName": "StandardUserAuthorizationFailureTotalThreshold", "MinValue": "0", "MaxValue": "100", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Tpm" ] } ] }, { "File": "TPM.admx", "CategoryName": "TPMCategory", "PolicyName": "UseLegacyDAP_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.TrustedPlatformModule", "Supported": "Windows_10_0_RS2 - At least Windows Server 2016, Windows 10 Version 1703", "DisplayName": "Configure the system to use legacy Dictionary Attack Prevention Parameters setting for TPM 2.0.", "ExplainText": "This policy setting configures the TPM to use the Dictionary Attack Prevention Parameters (lockout threshold and recovery time) to the values that were used for Windows 10 Version 1607 and below. Setting this policy will take effect only if a) the TPM was originally prepared using a version of Windows after Windows 10 Version 1607 and b) the System has a TPM 2.0. Note that enabling this policy will only take effect after the TPM maintenance task runs (which typically happens after a system restart). Once this policy has been enabled on a system and has taken effect (after a system restart), disabling it will have no impact and the system's TPM will remain configured using the legacy Dictionary Attack Prevention parameters, regardless of the value of this group policy. The only way for the disabled setting of this policy to take effect on a system where it was once enabled is to a) disable it from group policy and b)clear the TPM on the system.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\TPM" ], "ValueName": "UseLegacyDictionaryAttackParameters", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TPM.admx", "CategoryName": "DSHACategory", "PolicyName": "OptIntoDSHA_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.TrustedPlatformModule", "Supported": "Windows_10_0_RS3 - At least Windows Server 2016, Windows 10 Version 1709", "DisplayName": "Enable Device Health Attestation Monitoring and Reporting", "ExplainText": "This group policy enables Device Health Attestation reporting (DHA-report) on supported devices. It enables supported devices to send Device Health Attestation related information (device boot logs, PCR values, TPM certificate, etc.) to Device Health Attestation Service (DHA-Service) every time a device starts. Device Health Attestation Service validates the security state and health of the devices, and makes the findings accessible to enterprise administrators via a cloud based reporting portal. This policy is independent of DHA reports that are initiated by device manageability solutions (like MDM or SCCM), and will not interfere with their workflows.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\DeviceHealthAttestationService" ], "ValueName": "EnableDeviceHealthAttestationService", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "TPM.admx", "CategoryName": "TPMCategory", "PolicyName": "ClearTPMIfNotReady_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.TrustedPlatformModule", "Supported": "Windows_10_0_RS3 - At least Windows Server 2016, Windows 10 Version 1709", "DisplayName": "Configure the system to clear the TPM if it is not in a ready state.", "ExplainText": "This policy setting configures the system to prompt the user to clear the TPM if the TPM is detected to be in any state other than Ready. This policy will take effect only if the system\u2019s TPM is in a state other than Ready, including if the TPM is \"Ready, with reduced functionality\". The prompt to clear the TPM will start occurring after the next reboot, upon user login only if the logged in user is part of the Administrators group for the system. The prompt can be dismissed, but will reappear after every reboot and login until the policy is disabled or until the TPM is in a Ready state.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\TPM" ], "ValueName": "ClearTPMIfNotReadyGP", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "UEV", "PolicyName": "EnableUEV", "Class": "Machine", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows_10_0_NOARM - At least Windows Server 2016 or Windows 10", "DisplayName": "Enable UEV", "ExplainText": "This policy setting allows you to enable or disable User Experience Virtualization (UE-V) feature. Reboot is needed for enable to take effect. With Auto-register inbox templates enabled, the UE-V inbox templates such as Office 2016 will be automatically registered when the UE-V Service is enabled. If this option is changed, it will only take effect when UE-V service is re-enabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent" ], "ClientExtension": "{169EBF44-942F-4C43-87CE-13C93996EBBE}", "ValueName": "Enabled", "Elements": [ { "Type": "Boolean", "ValueName": "RegisterInboxTemplates", "TrueValue": "1", "FalseValue": "0" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" }, { "Type": "EnabledList", "ValueName": "Enabled", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\UEV\\Agent" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "Enabled", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\UEV\\Agent" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "UEV", "PolicyName": "RepositoryTimeout", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Synchronization timeout", "ExplainText": "This policy setting configures the number of milliseconds that the computer waits when retrieving user settings from the settings storage location.\nYou can use this setting to override the default value of 2000 milliseconds.\nIf you enable this policy setting, set the number of milliseconds that the system waits to retrieve settings.\nIf you disable or do not configure this policy setting, the default value of 2000 milliseconds is used.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration" ], "Elements": [ { "Type": "Decimal", "ValueName": "SyncTimeoutInMilliseconds", "MinValue": "2000", "MaxValue": "40000000", "Required": true } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "UEV", "PolicyName": "SettingsStoragePath", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Settings storage path", "ExplainText": "This policy setting configures where the settings package files that contain user settings are stored.\nIf you enable this policy setting, the user settings are stored in the specified location.\nIf you disable or do not configure this policy setting, the user settings are stored in the user\u2019s home directory if configured for your environment.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration" ], "Elements": [ { "Type": "Text", "ValueName": "SettingsStoragePath", "Required": true, "Expandable": true } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "UEV", "PolicyName": "MaxPackageSizeInBytes", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Settings package size warning threshold", "ExplainText": "This policy setting allows you to configure the UE-V Agent to write a warning event to the event log when a settings package file size reaches a defined threshold. By default the UE-V Agent does not report information about package file size.\nIf you enable this policy setting, specify the threshold file size in bytes. When the settings package file exceeds this threshold the UE-V Agent will write a warning event to the event log.\nIf you disable or do not configure this policy setting, no event is written to the event log to report settings package size.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration" ], "Elements": [ { "Type": "Decimal", "ValueName": "MaxPackageSizeInBytes", "MinValue": "0", "MaxValue": "4000000000", "Required": true, "StoreAsText": false } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "UEV", "PolicyName": "SettingsTemplateCatalogPath", "Class": "Machine", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Settings template catalog path", "ExplainText": "This policy setting configures where custom settings location templates are stored and if the catalog will be used to replace the default Microsoft templates installed with the UE-V Agent.\nIf you enable this policy setting, the UE-V Agent checks the specified location once each day and updates its synchronization behavior based on the templates in this location. Settings location templates added or updated since the last check are registered by the UE-V Agent. The UE-V Agent deregisters templates that were removed from this location.\nIf you specify a UNC path and leave the option to replace the default Microsoft templates unchecked, the UE-V Agent will use the default Microsoft templates installed by the UE-V Agent and custom templates in the settings template catalog. If there are custom templates in the settings template catalog which use the same ID as the default Microsoft templates, they will be ignored.\nIf you specify a UNC path and check the option to replace the default Microsoft templates, all of the default Microsoft templates installed by the UE-V Agent will be deleted from the computer and only the templates located in the settings template catalog will be used.\nIf you disable this policy setting, the UE-V Agent will not use the custom settings location templates. If you disable this policy setting after it has been enabled, the UE-V Agent will not restore the default Microsoft templates.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration" ], "Elements": [ { "Type": "Text", "ValueName": "SettingsTemplateCatalogPath", "Required": true, "Expandable": true }, { "Type": "Boolean", "ValueName": "OverrideMSTemplates", "TrueValue": "1", "FalseValue": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "InternetExplorerCommon", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Internet Explorer Common Settings", "ExplainText": "This policy setting configures the synchronization of user settings which are common between the versions of Internet Explorer.\nBy default, the user settings which are common between the versions of Internet Explorer synchronize between computers. Use the policy setting to prevent the user settings of Internet Explorer from synchronization between computers.\nIf you enable this policy setting, the user settings which are common between the versions of Internet Explorer continue to synchronize.\nIf you disable this policy setting, the user settings which are common between the versions of Internet Explorer are excluded from settings synchronization. If any version of the Internet Explorer settings are enabled this policy setting should not be disabled.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftInternetExplorer.Common", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftInternetExplorer.Common", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "InternetExplorer8", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Internet Explorer 8", "ExplainText": "This policy setting configures the synchronization of user settings for Internet Explorer 8.\nBy default, the user settings of Internet Explorer 8 synchronize between computers. Use the policy setting to prevent the user settings for Internet Explorer 8 from synchronization between computers.\nIf you enable this policy setting, the Internet Explorer 8 user settings continue to synchronize.\nIf you disable this policy setting, Internet Explorer 8 user settings are excluded from the synchronization settings.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "ValueName": "MicrosoftInternetExplorer.Version8", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "InternetExplorer9", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Internet Explorer 9", "ExplainText": "This policy setting configures the synchronization of user settings for Internet Explorer 9.\nBy default, the user settings of Internet Explorer 9 synchronize between computers. Use the policy setting to prevent the user settings for Internet Explorer 9 from synchronization between computers.\nIf you enable this policy setting, the Internet Explorer 9 user settings continue to synchronize.\nIf you disable this policy setting, Internet Explorer 9 user settings are excluded from the synchronization settings.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "ValueName": "MicrosoftInternetExplorer.Version9", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "InternetExplorer10", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Internet Explorer 10", "ExplainText": "This policy setting configures the synchronization of user settings of Internet Explorer 10.\nBy default, the user settings of Internet Explorer 10 synchronize between computers. Use the policy setting to prevent the user settings for Internet Explorer 10 from synchronization between computers.\nIf you enable this policy setting, the Internet Explorer 10 user settings continue to synchronize.\nIf you disable this policy setting, Internet Explorer 10 user settings are excluded from the synchronization settings.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "ValueName": "MicrosoftInternetExplorer.Version10", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "InternetExplorer11", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Internet Explorer 11", "ExplainText": "This policy setting configures the synchronization of user settings of Internet Explorer 11.\nBy default, the user settings of Internet Explorer 11 synchronize between computers. Use the policy setting to prevent the user settings for Internet Explorer 11 from synchronization between computers.\nIf you enable this policy setting, the Internet Explorer 11 user settings continue to synchronize.\nIf you disable this policy setting, Internet Explorer 11 user settings are excluded from the synchronization settings.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "ValueName": "MicrosoftInternetExplorer.Version11", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "Calculator", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Calculator", "ExplainText": "This policy setting configures the synchronization of user settings of Calculator.\nBy default, the user settings of Calculator synchronize between computers. Use the policy setting to prevent the user settings of Calculator from synchronization between computers.\nIf you enable this policy setting, the Calculator user settings continue to synchronize.\nIf you disable this policy setting, Calculator user settings are excluded from the synchronization settings.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "ValueName": "MicrosoftCalculator6", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "Notepad", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Notepad", "ExplainText": "This policy setting configures the synchronization of user settings of Notepad.\nBy default, the user settings of Notepad synchronize between computers. Use the policy setting to prevent the user settings of Notepad from synchronization between computers.\nIf you enable this policy setting, the Notepad user settings continue to synchronize.\nIf you disable this policy setting, Notepad user settings are excluded from the synchronization settings.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "ValueName": "MicrosoftNotepad6", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "Wordpad", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "WordPad", "ExplainText": "This policy setting configures the synchronization of user settings of WordPad.\nBy default, the user settings of WordPad synchronize between computers. Use the policy setting to prevent the user settings of WordPad from synchronization between computers.\nIf you enable this policy setting, the WordPad user settings continue to synchronize.\nIf you disable this policy setting, WordPad user settings are excluded from the synchronization settings.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "ValueName": "MicrosoftWordpad6", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2016Common", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows_10_0_NOARM - At least Windows Server 2016 or Windows 10", "DisplayName": "Microsoft Office 2016 Common Settings", "ExplainText": "This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2016 applications.\nBy default, the user settings which are common between the Microsoft Office Suite 2016 applications synchronize between computers. Use the policy setting to prevent the user settings which are common between the Microsoft Office Suite 2016 applications from synchronization between computers.\nIf you enable this policy setting, the user settings which are common between the Microsoft Office Suite 2016 applications continue to synchronize.\nIf you disable this policy setting, the user settings which are common between the Microsoft Office Suite 2016 applications are excluded from the synchronization settings. If any of the Microsoft Office Suite 2016 applications are enabled, this policy setting should not be disabled.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016Win32.Common", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016Win64.Common", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016Win32.Common", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016Win64.Common", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2016Access", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows_10_0_NOARM - At least Windows Server 2016 or Windows 10", "DisplayName": "Microsoft Access 2016", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft Access 2016.\nBy default, the user settings of Microsoft Access 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Access 2016 from synchronization between computers.\nIf you enable this policy setting, Microsoft Access 2016 user settings continue to synchronize.\nIf you disable this policy setting, Microsoft Access 2016 user settings are excluded from the synchronization settings.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016Win32.Access", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016Win64.Access", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016Win32.Access", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016Win64.Access", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2016Excel", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows_10_0_NOARM - At least Windows Server 2016 or Windows 10", "DisplayName": "Microsoft Excel 2016", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft Excel 2016.\nBy default, the user settings of Microsoft Excel 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Excel 2016 from synchronization between computers.\nIf you enable this policy setting, Microsoft Excel 2016 user settings continue to synchronize.\nIf you disable this policy setting, Microsoft Excel 2016 user settings are excluded from the synchronization settings.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016Win32.Excel", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016Win64.Excel", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016Win32.Excel", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016Win64.Excel", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2016Lync", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows_10_0_NOARM - At least Windows Server 2016 or Windows 10", "DisplayName": "Microsoft Lync 2016", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft Lync 2016.\nBy default, the user settings of Microsoft Lync 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Lync 2016 from synchronization between computers.\nIf you enable this policy setting, Microsoft Lync 2016 user settings continue to synchronize.\nIf you disable this policy setting, Microsoft Lync 2016 user settings are excluded from the synchronization settings.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftLync2016Win32", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftLync2016Win64", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftLync2016Win32", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftLync2016Win64", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2016UploadCenter", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows_10_0_NOARM - At least Windows Server 2016 or Windows 10", "DisplayName": "Microsoft Office 2016 Upload Center", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft Office 2016 Upload Center.\nBy default, the user settings of Microsoft Office 2016 Upload Center synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Office 2016 Upload Center from synchronization between computers.\nIf you enable this policy setting, Microsoft Office 2016 Upload Center user settings continue to synchronize.\nIf you disable this policy setting, Microsoft Office 2016 Upload Center user settings are excluded from the synchronization settings.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016Win32.UploadCenter", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016Win64.UploadCenter", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016Win32.UploadCenter", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016Win64.UploadCenter", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2016OneDriveForBusiness", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows_10_0_NOARM - At least Windows Server 2016 or Windows 10", "DisplayName": "Microsoft OneDrive for Business 2016", "ExplainText": "This policy setting configures the synchronization of user settings for OneDrive for Business 2016.\nBy default, the user settings of OneDrive for Business 2016 synchronize between computers. Use the policy setting to prevent the user settings of OneDrive for Business 2016 from synchronization between computers.\nIf you enable this policy setting, OneDrive for Business 2016 user settings continue to synchronize.\nIf you disable this policy setting, OneDrive for Business 2016 user settings are excluded from the synchronization settings.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016Win32.OneDrive", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016Win64.OneDrive", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016Win32.OneDrive", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016Win64.OneDrive", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2016OneNote", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows_10_0_NOARM - At least Windows Server 2016 or Windows 10", "DisplayName": "Microsoft OneNote 2016", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft OneNote 2016.\nBy default, the user settings of Microsoft OneNote 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft OneNote 2016 from synchronization between computers.\nIf you enable this policy setting, Microsoft OneNote 2016 user settings continue to synchronize.\nIf you disable this policy setting, Microsoft OneNote 2016 user settings are excluded from the synchronization settings.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016Win32.OneNote", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016Win64.OneNote", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016Win32.OneNote", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016Win64.OneNote", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2016Outlook", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows_10_0_NOARM - At least Windows Server 2016 or Windows 10", "DisplayName": "Microsoft Outlook 2016", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft Outlook 2016.\nBy default, the user settings of Microsoft Outlook 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Outlook 2016 from synchronization between computers.\nIf you enable this policy setting, Microsoft Outlook 2016 user settings continue to synchronize.\nIf you disable this policy setting, Microsoft Outlook 2016 user settings are excluded from the synchronization settings.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016Win32.Outlook", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016Win64.Outlook", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016Win32.Outlook", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016Win64.Outlook", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2016PowerPoint", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows_10_0_NOARM - At least Windows Server 2016 or Windows 10", "DisplayName": "Microsoft PowerPoint 2016", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft PowerPoint 2016.\nBy default, the user settings of Microsoft PowerPoint 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft PowerPoint 2016 from synchronization between computers.\nIf you enable this policy setting, Microsoft PowerPoint 2016 user settings continue to synchronize.\nIf you disable this policy setting, Microsoft PowerPoint 2016 user settings are excluded from the synchronization settings.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016Win32.PowerPoint", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016Win64.PowerPoint", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016Win32.PowerPoint", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016Win64.PowerPoint", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2016Project", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows_10_0_NOARM - At least Windows Server 2016 or Windows 10", "DisplayName": "Microsoft Project 2016", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft Project 2016.\nBy default, the user settings of Microsoft Project 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Project 2016 from synchronization between computers.\nIf you enable this policy setting, Microsoft Project 2016 user settings continue to synchronize.\nIf you disable this policy setting, Microsoft Project 2016 user settings are excluded from the synchronization settings.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016Win32.Project", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016Win64.Project", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016Win32.Project", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016Win64.Project", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2016Publisher", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows_10_0_NOARM - At least Windows Server 2016 or Windows 10", "DisplayName": "Microsoft Publisher 2016", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft Publisher 2016.\nBy default, the user settings of Microsoft Publisher 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Publisher 2016 from synchronization between computers.\nIf you enable this policy setting, Microsoft Publisher 2016 user settings continue to synchronize.\nIf you disable this policy setting, Microsoft Publisher 2016 user settings are excluded from the synchronization settings.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016Win32.Publisher", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016Win64.Publisher", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016Win32.Publisher", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016Win64.Publisher", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2016Visio", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows_10_0_NOARM - At least Windows Server 2016 or Windows 10", "DisplayName": "Microsoft Visio 2016", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft Visio 2016.\nBy default, the user settings of Microsoft Visio 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Visio 2016 from synchronization between computers.\nIf you enable this policy setting, Microsoft Visio 2016 user settings continue to synchronize.\nIf you disable this policy setting, Microsoft Visio 2016 user settings are excluded from the synchronization settings.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016Win32.Visio", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016Win64.Visio", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016Win32.Visio", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016Win64.Visio", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2016Word", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows_10_0_NOARM - At least Windows Server 2016 or Windows 10", "DisplayName": "Microsoft Word 2016", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft Word 2016.\nBy default, the user settings of Microsoft Word 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Word 2016 from synchronization between computers.\nIf you enable this policy setting, Microsoft Word 2016 user settings continue to synchronize.\nIf you disable this policy setting, Microsoft Word 2016 user settings are excluded from the synchronization settings.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016Win32.Word", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016Win64.Word", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016Win32.Word", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016Win64.Word", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2016CommonBackup", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows_10_0_NOARM - At least Windows Server 2016 or Windows 10", "DisplayName": "Common 2016 backup only", "ExplainText": "This policy setting configures the backup of certain user settings which are common between the Microsoft Office Suite 2016 applications.\nMicrosoft Office Suite 2016 has user settings which are common between applications and are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific common Microsoft Office Suite 2016 applications.\nIf you enable this policy setting, certain user settings which are common between the Microsoft Office Suite 2016 applications will continue to be backed up.\nIf you disable this policy setting, certain user settings which are common between the Microsoft Office Suite 2016 applications will not be backed up.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016BackupWin32.Common", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016BackupWin64.Common", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016BackupWin32.Common", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016BackupWin64.Common", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2016AccessBackup", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows_10_0_NOARM - At least Windows Server 2016 or Windows 10", "DisplayName": "Access 2016 backup only", "ExplainText": "This policy setting configures the backup of certain user settings for Microsoft Access 2016.\nMicrosoft Access 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Access 2016 settings.\nIf you enable this policy setting, certain user settings of Microsoft Access 2016 will continue to be backed up.\nIf you disable this policy setting, certain user settings of Microsoft Access 2016 will not be backed up.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016BackupWin32.Access", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016BackupWin64.Access", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016BackupWin32.Access", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016BackupWin64.Access", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2016ExcelBackup", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows_10_0_NOARM - At least Windows Server 2016 or Windows 10", "DisplayName": "Excel 2016 backup only", "ExplainText": "This policy setting configures the backup of certain user settings for Microsoft Excel 2016.\nMicrosoft Excel 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Excel 2016 settings.\nIf you enable this policy setting, certain user settings of Microsoft Excel 2016 will continue to be backed up.\nIf you disable this policy setting, certain user settings of Microsoft Excel 2016 will not be backed up.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016BackupWin32.Excel", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016BackupWin64.Excel", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016BackupWin32.Excel", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016BackupWin64.Excel", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2016LyncBackup", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows_10_0_NOARM - At least Windows Server 2016 or Windows 10", "DisplayName": "Lync 2016 backup only", "ExplainText": "This policy setting configures the backup of certain user settings for Microsoft Lync 2016.\nMicrosoft Lync 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Lync 2016 settings.\nIf you enable this policy setting, certain user settings of Microsoft Lync 2016 will continue to be backed up.\nIf you disable this policy setting, certain user settings of Microsoft Lync 2016 will not be backed up.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftLync2016BackupWin32", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftLync2016BackupWin64", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftLync2016BackupWin32", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftLync2016BackupWin64", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2016OneNoteBackup", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows_10_0_NOARM - At least Windows Server 2016 or Windows 10", "DisplayName": "OneNote 2016 backup only", "ExplainText": "This policy setting configures the backup of certain user settings for Microsoft OneNote 2016.\nMicrosoft OneNote 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft OneNote 2016 settings.\nIf you enable this policy setting, certain user settings of Microsoft OneNote 2016 will continue to be backed up.\nIf you disable this policy setting, certain user settings of Microsoft OneNote 2016 will not be backed up.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016BackupWin32.OneNote", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016BackupWin64.OneNote", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016BackupWin32.OneNote", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016BackupWin64.OneNote", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2016OutlookBackup", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows_10_0_NOARM - At least Windows Server 2016 or Windows 10", "DisplayName": "Outlook 2016 backup only", "ExplainText": "This policy setting configures the backup of certain user settings for Microsoft Outlook 2016.\nMicrosoft Outlook 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Outlook 2016 settings.\nIf you enable this policy setting, certain user settings of Microsoft Outlook 2016 will continue to be backed up.\nIf you disable this policy setting, certain user settings of Microsoft Outlook 2016 will not be backed up.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016BackupWin32.Outlook", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016BackupWin64.Outlook", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016BackupWin32.Outlook", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016BackupWin64.Outlook", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2016PowerPointBackup", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows_10_0_NOARM - At least Windows Server 2016 or Windows 10", "DisplayName": "PowerPoint 2016 backup only", "ExplainText": "This policy setting configures the backup of certain user settings for Microsoft PowerPoint 2016.\nMicrosoft PowerPoint 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft PowerPoint 2016 settings.\nIf you enable this policy setting, certain user settings of Microsoft PowerPoint 2016 will continue to be backed up.\nIf you disable this policy setting, certain user settings of Microsoft PowerPoint 2016 will not be backed up.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016BackupWin32.PowerPoint", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016BackupWin64.PowerPoint", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016BackupWin32.PowerPoint", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016BackupWin64.PowerPoint", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2016ProjectBackup", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows_10_0_NOARM - At least Windows Server 2016 or Windows 10", "DisplayName": "Project 2016 backup only", "ExplainText": "This policy setting configures the backup of certain user settings for Microsoft Project 2016.\nMicrosoft Project 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Project 2016 settings.\nIf you enable this policy setting, certain user settings of Microsoft Project 2016 will continue to be backed up.\nIf you disable this policy setting, certain user settings of Microsoft Project 2016 will not be backed up.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016BackupWin32.Project", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016BackupWin64.Project", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016BackupWin32.Project", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016BackupWin64.Project", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2016PublisherBackup", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows_10_0_NOARM - At least Windows Server 2016 or Windows 10", "DisplayName": "Publisher 2016 backup only", "ExplainText": "This policy setting configures the backup of certain user settings for Microsoft Publisher 2016.\nMicrosoft Publisher 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Publisher 2016 settings.\nIf you enable this policy setting, certain user settings of Microsoft Publisher 2016 will continue to be backed up.\nIf you disable this policy setting, certain user settings of Microsoft Publisher 2016 will not be backed up.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016BackupWin32.Publisher", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016BackupWin64.Publisher", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016BackupWin32.Publisher", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016BackupWin64.Publisher", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2016VisioBackup", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows_10_0_NOARM - At least Windows Server 2016 or Windows 10", "DisplayName": "Visio 2016 backup only", "ExplainText": "This policy setting configures the backup of certain user settings for Microsoft Visio 2016.\nMicrosoft Visio 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Visio 2016 settings.\nIf you enable this policy setting, certain user settings of Microsoft Visio 2016 will continue to be backed up.\nIf you disable this policy setting, certain user settings of Microsoft Visio 2016 will not be backed up.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016BackupWin32.Visio", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016BackupWin64.Visio", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016BackupWin32.Visio", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016BackupWin64.Visio", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2016WordBackup", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows_10_0_NOARM - At least Windows Server 2016 or Windows 10", "DisplayName": "Word 2016 backup only", "ExplainText": "This policy setting configures the backup of certain user settings for Microsoft Word 2016.\nMicrosoft Word 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Word 2016 settings.\nIf you enable this policy setting, certain user settings of Microsoft Word 2016 will continue to be backed up.\nIf you disable this policy setting, certain user settings of Microsoft Word 2016 will not be backed up.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016BackupWin32.Word", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016BackupWin64.Word", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016BackupWin32.Word", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016BackupWin64.Word", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice365Common2016", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows_10_0_NOARM - At least Windows Server 2016 or Windows 10", "DisplayName": "Microsoft Office 365 Common 2016", "ExplainText": "This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2016 applications.\nMicrosoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings which are common between the Microsoft Office Suite 2016 applications will synchronize between a user\u2019s work computers with UE-V by default. Use this policy setting to prevent the user settings which are common between the Microsoft Office Suite 2016 applications from synchronization between computers with UE-V.\nIf you enable this policy setting, user settings which are common between the Microsoft Office Suite 2016 applications continue to synchronize with UE-V.\nIf you disable this policy setting, user settings which are common between the Microsoft Office Suite 2016 applications are excluded from synchronization with UE-V.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016Office365Win32.Common", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016Office365Win64.Common", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016Office365Win32.Common", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016Office365Win64.Common", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice365Access2016", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows_10_0_NOARM - At least Windows Server 2016 or Windows 10", "DisplayName": "Microsoft Office 365 Access 2016", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft Office 365 Access 2016.\nMicrosoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Access 2016 will synchronize between a user\u2019s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Access 2016 from synchronization between computers with UE-V.\nIf you enable this policy setting, Microsoft Office 365 Access 2016 user settings continue to sync with UE-V.\nIf you disable this policy setting, Microsoft Office 365 Access 2016 user settings are excluded from synchronization with UE-V.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016Office365Win32.Access", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016Office365Win64.Access", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016Office365Win32.Access", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016Office365Win64.Access", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice365Excel2016", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows_10_0_NOARM - At least Windows Server 2016 or Windows 10", "DisplayName": "Microsoft Office 365 Excel 2016", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft Office 365 Excel 2016.\nMicrosoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Excel 2016 will synchronize between a user\u2019s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Excel 2016 from synchronization between computers with UE-V.\nIf you enable this policy setting, Microsoft Office 365 Excel 2016 user settings continue to sync with UE-V.\nIf you disable this policy setting, Microsoft Office 365 Excel 2016 user settings are excluded from synchronization with UE-V.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016Office365Win32.Excel", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016Office365Win64.Excel", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016Office365Win32.Excel", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016Office365Win64.Excel", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice365Lync2016", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows_10_0_NOARM - At least Windows Server 2016 or Windows 10", "DisplayName": "Microsoft Office 365 Lync 2016", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft Office 365 Lync 2016.\nMicrosoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Lync 2016 will synchronize between a user\u2019s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Lync 2016 from synchronization between computers with UE-V.\nIf you enable this policy setting, Microsoft Office 365 Lync 2016 user settings continue to sync with UE-V.\nIf you disable this policy setting, Microsoft Office 365 Lync 2016 user settings are excluded from synchronization with UE-V.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftLync2016Office365Win32", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftLync2016Office365Win64", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftLync2016Office365Win32", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftLync2016Office365Win64", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice365OneNote2016", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows_10_0_NOARM - At least Windows Server 2016 or Windows 10", "DisplayName": "Microsoft Office 365 OneNote 2016", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft Office 365 OneNote 2016.\nMicrosoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 OneNote 2016 will synchronize between a user\u2019s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 OneNote 2016 from synchronization between computers with UE-V.\nIf you enable this policy setting, Microsoft Office 365 OneNote 2016 user settings continue to sync with UE-V.\nIf you disable this policy setting, Microsoft Office 365 OneNote 2016 user settings are excluded from synchronization with UE-V.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016Office365Win32.OneNote", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016Office365Win64.OneNote", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016Office365Win32.OneNote", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016Office365Win64.OneNote", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice365Outlook2016", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows_10_0_NOARM - At least Windows Server 2016 or Windows 10", "DisplayName": "Microsoft Office 365 Outlook 2016", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft Office 365 Outlook 2016.\nMicrosoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Outlook 2016 will synchronize between a user\u2019s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Outlook 2016 from synchronization between computers with UE-V.\nIf you enable this policy setting, Microsoft Office 365 Outlook 2016 user settings continue to sync with UE-V.\nIf you disable this policy setting, Microsoft Office 365 Outlook 2016 user settings are excluded from synchronization with UE-V.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016Office365Win32.Outlook", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016Office365Win64.Outlook", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016Office365Win32.Outlook", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016Office365Win64.Outlook", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice365PowerPoint2016", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows_10_0_NOARM - At least Windows Server 2016 or Windows 10", "DisplayName": "Microsoft Office 365 PowerPoint 2016", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft Office 365 PowerPoint 2016.\nMicrosoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 PowerPoint 2016 will synchronize between a user\u2019s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 PowerPoint 2016 from synchronization between computers with UE-V.\nIf you enable this policy setting, Microsoft Office 365 PowerPoint 2016 user settings continue to sync with UE-V.\nIf you disable this policy setting, Microsoft Office 365 PowerPoint 2016 user settings are excluded from synchronization with UE-V.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016Office365Win32.PowerPoint", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016Office365Win64.PowerPoint", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016Office365Win32.PowerPoint", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016Office365Win64.PowerPoint", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice365Project2016", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows_10_0_NOARM - At least Windows Server 2016 or Windows 10", "DisplayName": "Microsoft Office 365 Project 2016", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft Office 365 Project 2016.\nMicrosoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Project 2016 will synchronize between a user\u2019s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Project 2016 from synchronization between computers with UE-V.\nIf you enable this policy setting, Microsoft Office 365 Project 2016 user settings continue to sync with UE-V.\nIf you disable this policy setting, Microsoft Office 365 Project 2016 user settings are excluded from synchronization with UE-V.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016Office365Win32.Project", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016Office365Win64.Project", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016Office365Win32.Project", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016Office365Win64.Project", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice365Publisher2016", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows_10_0_NOARM - At least Windows Server 2016 or Windows 10", "DisplayName": "Microsoft Office 365 Publisher 2016", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft Office 365 Publisher 2016.\nMicrosoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Publisher 2016 will synchronize between a user\u2019s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Publisher 2016 from synchronization between computers with UE-V.\nIf you enable this policy setting, Microsoft Office 365 Publisher 2016 user settings continue to sync with UE-V.\nIf you disable this policy setting, Microsoft Office 365 Publisher 2016 user settings are excluded from synchronization with UE-V.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016Office365Win32.Publisher", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016Office365Win64.Publisher", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016Office365Win32.Publisher", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016Office365Win64.Publisher", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice365Visio2016", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows_10_0_NOARM - At least Windows Server 2016 or Windows 10", "DisplayName": "Microsoft Office 365 Visio 2016", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft Office 365 Visio 2016.\nMicrosoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Visio 2016 will synchronize between a user\u2019s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Visio 2016 from synchronization between computers with UE-V.\nIf you enable this policy setting, Microsoft Office 365 Visio 2016 user settings continue to sync with UE-V.\nIf you disable this policy setting, Microsoft Office 365 Visio 2016 user settings are excluded from synchronization with UE-V.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016Office365Win32.Visio", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016Office365Win64.Visio", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016Office365Win32.Visio", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016Office365Win64.Visio", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice365Word2016", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows_10_0_NOARM - At least Windows Server 2016 or Windows 10", "DisplayName": "Microsoft Office 365 Word 2016", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft Office 365 Word 2016.\nMicrosoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Word 2016 will synchronize between a user\u2019s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Word 2016 from synchronization between computers with UE-V.\nIf you enable this policy setting, Microsoft Office 365 Word 2016 user settings continue to sync with UE-V.\nIf you disable this policy setting, Microsoft Office 365 Word 2016 user settings are excluded from synchronization with UE-V.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016Office365Win32.Word", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2016Office365Win64.Word", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016Office365Win32.Word", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2016Office365Win64.Word", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2013Common", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Microsoft Office 2013 Common Settings", "ExplainText": "This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2013 applications.\nBy default, the user settings which are common between the Microsoft Office Suite 2013 applications synchronize between computers. Use the policy setting to prevent the user settings which are common between the Microsoft Office Suite 2013 applications from synchronization between computers.\nIf you enable this policy setting, the user settings which are common between the Microsoft Office Suite 2013 applications continue to synchronize.\nIf you disable this policy setting, the user settings which are common between the Microsoft Office Suite 2013 applications are excluded from the synchronization settings. If any of the Microsoft Office Suite 2013 applications are enabled, this policy setting should not be disabled.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Win32.Common", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Win64.Common", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Win32.Common", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Win64.Common", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2013Access", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Microsoft Access 2013", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft Access 2013.\nBy default, the user settings of Microsoft Access 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Access 2013 from synchronization between computers.\nIf you enable this policy setting, Microsoft Access 2013 user settings continue to synchronize.\nIf you disable this policy setting, Microsoft Access 2013 user settings are excluded from the synchronization settings.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Win32.Access", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Win64.Access", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Win32.Access", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Win64.Access", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2013Excel", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Microsoft Excel 2013", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft Excel 2013.\nBy default, the user settings of Microsoft Excel 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Excel 2013 from synchronization between computers.\nIf you enable this policy setting, Microsoft Excel 2013 user settings continue to synchronize.\nIf you disable this policy setting, Microsoft Excel 2013 user settings are excluded from the synchronization settings.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Win32.Excel", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Win64.Excel", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Win32.Excel", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Win64.Excel", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2013InfoPath", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Microsoft InfoPath 2013", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft InfoPath 2013.\nBy default, the user settings of Microsoft InfoPath 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft InfoPath 2013 from synchronization between computers.\nIf you enable this policy setting, Microsoft InfoPath 2013 user settings continue to synchronize.\nIf you disable this policy setting, Microsoft InfoPath 2013 user settings are excluded from the synchronization settings.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Win32.InfoPath", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Win64.InfoPath", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Win32.InfoPath", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Win64.InfoPath", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2013Lync", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Microsoft Lync 2013", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft Lync 2013.\nBy default, the user settings of Microsoft Lync 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Lync 2013 from synchronization between computers.\nIf you enable this policy setting, Microsoft Lync 2013 user settings continue to synchronize.\nIf you disable this policy setting, Microsoft Lync 2013 user settings are excluded from the synchronization settings.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftLync2013Win32", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftLync2013Win64", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftLync2013Win32", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftLync2013Win64", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2013UploadCenter", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Microsoft Office 2013 Upload Center", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft Office 2013 Upload Center.\nBy default, the user settings of Microsoft Office 2013 Upload Center synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Office 2013 Upload Center from synchronization between computers.\nIf you enable this policy setting, Microsoft Office 2013 Upload Center user settings continue to synchronize.\nIf you disable this policy setting, Microsoft Office 2013 Upload Center user settings are excluded from the synchronization settings.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Win32.UploadCenter", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Win64.UploadCenter", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Win32.UploadCenter", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Win64.UploadCenter", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2013OneDriveForBusiness", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Microsoft OneDrive for Business 2013", "ExplainText": "This policy setting configures the synchronization of user settings for OneDrive for Business 2013.\nBy default, the user settings of OneDrive for Business 2013 synchronize between computers. Use the policy setting to prevent the user settings of OneDrive for Business 2013 from synchronization between computers.\nIf you enable this policy setting, OneDrive for Business 2013 user settings continue to synchronize.\nIf you disable this policy setting, OneDrive for Business 2013 user settings are excluded from the synchronization settings.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Win32.OneDrive", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Win64.OneDrive", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Win32.OneDrive", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Win64.OneDrive", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2013OneNote", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Microsoft OneNote 2013", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft OneNote 2013.\nBy default, the user settings of Microsoft OneNote 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft OneNote 2013 from synchronization between computers.\nIf you enable this policy setting, Microsoft OneNote 2013 user settings continue to synchronize.\nIf you disable this policy setting, Microsoft OneNote 2013 user settings are excluded from the synchronization settings.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Win32.OneNote", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Win64.OneNote", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Win32.OneNote", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Win64.OneNote", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2013Outlook", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Microsoft Outlook 2013", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft Outlook 2013.\nBy default, the user settings of Microsoft Outlook 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Outlook 2013 from synchronization between computers.\nIf you enable this policy setting, Microsoft Outlook 2013 user settings continue to synchronize.\nIf you disable this policy setting, Microsoft Outlook 2013 user settings are excluded from the synchronization settings.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Win32.Outlook", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Win64.Outlook", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Win32.Outlook", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Win64.Outlook", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2013PowerPoint", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Microsoft PowerPoint 2013", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft PowerPoint 2013.\nBy default, the user settings of Microsoft PowerPoint 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft PowerPoint 2013 from synchronization between computers.\nIf you enable this policy setting, Microsoft PowerPoint 2013 user settings continue to synchronize.\nIf you disable this policy setting, Microsoft PowerPoint 2013 user settings are excluded from the synchronization settings.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Win32.PowerPoint", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Win64.PowerPoint", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Win32.PowerPoint", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Win64.PowerPoint", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2013Project", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Microsoft Project 2013", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft Project 2013.\nBy default, the user settings of Microsoft Project 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Project 2013 from synchronization between computers.\nIf you enable this policy setting, Microsoft Project 2013 user settings continue to synchronize.\nIf you disable this policy setting, Microsoft Project 2013 user settings are excluded from the synchronization settings.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Win32.Project", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Win64.Project", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Win32.Project", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Win64.Project", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2013Publisher", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Microsoft Publisher 2013", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft Publisher 2013.\nBy default, the user settings of Microsoft Publisher 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Publisher 2013 from synchronization between computers.\nIf you enable this policy setting, Microsoft Publisher 2013 user settings continue to synchronize.\nIf you disable this policy setting, Microsoft Publisher 2013 user settings are excluded from the synchronization settings.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Win32.Publisher", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Win64.Publisher", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Win32.Publisher", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Win64.Publisher", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2013SharePointDesigner", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Microsoft SharePoint Designer 2013", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft SharePoint Designer 2013.\nBy default, the user settings of Microsoft SharePoint Designer 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft SharePoint Designer 2013 from synchronization between computers.\nIf you enable this policy setting, Microsoft SharePoint Designer 2013 user settings continue to synchronize.\nIf you disable this policy setting, Microsoft SharePoint Designer 2013 user settings are excluded from the synchronization settings.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Win32.SharePointDesigner", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Win64.SharePointDesigner", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Win32.SharePointDesigner", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Win64.SharePointDesigner", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2013Visio", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Microsoft Visio 2013", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft Visio 2013.\nBy default, the user settings of Microsoft Visio 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Visio 2013 from synchronization between computers.\nIf you enable this policy setting, Microsoft Visio 2013 user settings continue to synchronize.\nIf you disable this policy setting, Microsoft Visio 2013 user settings are excluded from the synchronization settings.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Win32.Visio", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Win64.Visio", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Win32.Visio", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Win64.Visio", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2013Word", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Microsoft Word 2013", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft Word 2013.\nBy default, the user settings of Microsoft Word 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Word 2013 from synchronization between computers.\nIf you enable this policy setting, Microsoft Word 2013 user settings continue to synchronize.\nIf you disable this policy setting, Microsoft Word 2013 user settings are excluded from the synchronization settings.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Win32.Word", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Win64.Word", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Win32.Word", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Win64.Word", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2013CommonBackup", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Common 2013 backup only", "ExplainText": "This policy setting configures the backup of certain user settings which are common between the Microsoft Office Suite 2013 applications.\nMicrosoft Office Suite 2013 has user settings which are common between applications and are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific common Microsoft Office Suite 2013 applications.\nIf you enable this policy setting, certain user settings which are common between the Microsoft Office Suite 2013 applications will continue to be backed up.\nIf you disable this policy setting, certain user settings which are common between the Microsoft Office Suite 2013 applications will not be backed up.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013BackupWin32.Common", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013BackupWin64.Common", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013BackupWin32.Common", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013BackupWin64.Common", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2013AccessBackup", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Access 2013 backup only", "ExplainText": "This policy setting configures the backup of certain user settings for Microsoft Access 2013.\nMicrosoft Access 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Access 2013 settings.\nIf you enable this policy setting, certain user settings of Microsoft Access 2013 will continue to be backed up.\nIf you disable this policy setting, certain user settings of Microsoft Access 2013 will not be backed up.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013BackupWin32.Access", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013BackupWin64.Access", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013BackupWin32.Access", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013BackupWin64.Access", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2013ExcelBackup", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Excel 2013 backup only", "ExplainText": "This policy setting configures the backup of certain user settings for Microsoft Excel 2013.\nMicrosoft Excel 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Excel 2013 settings.\nIf you enable this policy setting, certain user settings of Microsoft Excel 2013 will continue to be backed up.\nIf you disable this policy setting, certain user settings of Microsoft Excel 2013 will not be backed up.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013BackupWin32.Excel", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013BackupWin64.Excel", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013BackupWin32.Excel", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013BackupWin64.Excel", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2013InfoPathBackup", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "InfoPath 2013 backup only", "ExplainText": "This policy setting configures the backup of certain user settings for Microsoft InfoPath 2013.\nMicrosoft InfoPath 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft InfoPath 2013 settings.\nIf you enable this policy setting, certain user settings of Microsoft InfoPath 2013 will continue to be backed up.\nIf you disable this policy setting, certain user settings of Microsoft InfoPath 2013 will not be backed up.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013BackupWin32.InfoPath", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013BackupWin64.InfoPath", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013BackupWin32.InfoPath", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013BackupWin64.InfoPath", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2013LyncBackup", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Lync 2013 backup only", "ExplainText": "This policy setting configures the backup of certain user settings for Microsoft Lync 2013.\nMicrosoft Lync 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Lync 2013 settings.\nIf you enable this policy setting, certain user settings of Microsoft Lync 2013 will continue to be backed up.\nIf you disable this policy setting, certain user settings of Microsoft Lync 2013 will not be backed up.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftLync2013BackupWin32", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftLync2013BackupWin64", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftLync2013BackupWin32", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftLync2013BackupWin64", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2013OneNoteBackup", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "OneNote 2013 backup only", "ExplainText": "This policy setting configures the backup of certain user settings for Microsoft OneNote 2013.\nMicrosoft OneNote 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft OneNote 2013 settings.\nIf you enable this policy setting, certain user settings of Microsoft OneNote 2013 will continue to be backed up.\nIf you disable this policy setting, certain user settings of Microsoft OneNote 2013 will not be backed up.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013BackupWin32.OneNote", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013BackupWin64.OneNote", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013BackupWin32.OneNote", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013BackupWin64.OneNote", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2013OutlookBackup", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Outlook 2013 backup only", "ExplainText": "This policy setting configures the backup of certain user settings for Microsoft Outlook 2013.\nMicrosoft Outlook 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Outlook 2013 settings.\nIf you enable this policy setting, certain user settings of Microsoft Outlook 2013 will continue to be backed up.\nIf you disable this policy setting, certain user settings of Microsoft Outlook 2013 will not be backed up.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013BackupWin32.Outlook", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013BackupWin64.Outlook", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013BackupWin32.Outlook", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013BackupWin64.Outlook", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2013PowerPointBackup", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "PowerPoint 2013 backup only", "ExplainText": "This policy setting configures the backup of certain user settings for Microsoft PowerPoint 2013.\nMicrosoft PowerPoint 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft PowerPoint 2013 settings.\nIf you enable this policy setting, certain user settings of Microsoft PowerPoint 2013 will continue to be backed up.\nIf you disable this policy setting, certain user settings of Microsoft PowerPoint 2013 will not be backed up.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013BackupWin32.PowerPoint", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013BackupWin64.PowerPoint", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013BackupWin32.PowerPoint", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013BackupWin64.PowerPoint", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2013ProjectBackup", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Project 2013 backup only", "ExplainText": "This policy setting configures the backup of certain user settings for Microsoft Project 2013.\nMicrosoft Project 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Project 2013 settings.\nIf you enable this policy setting, certain user settings of Microsoft Project 2013 will continue to be backed up.\nIf you disable this policy setting, certain user settings of Microsoft Project 2013 will not be backed up.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013BackupWin32.Project", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013BackupWin64.Project", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013BackupWin32.Project", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013BackupWin64.Project", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2013PublisherBackup", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Publisher 2013 backup only", "ExplainText": "This policy setting configures the backup of certain user settings for Microsoft Publisher 2013.\nMicrosoft Publisher 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Publisher 2013 settings.\nIf you enable this policy setting, certain user settings of Microsoft Publisher 2013 will continue to be backed up.\nIf you disable this policy setting, certain user settings of Microsoft Publisher 2013 will not be backed up.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013BackupWin32.Publisher", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013BackupWin64.Publisher", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013BackupWin32.Publisher", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013BackupWin64.Publisher", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2013SharePointDesignerBackup", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "SharePoint Designer 2013 backup only", "ExplainText": "This policy setting configures the backup of certain user settings for Microsoft SharePoint Designer 2013.\nMicrosoft SharePoint Designer 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft SharePoint Designer 2013 settings.\nIf you enable this policy setting, certain user settings of Microsoft SharePoint Designer 2013 will continue to be backed up.\nIf you disable this policy setting, certain user settings of Microsoft SharePoint Designer 2013 will not be backed up.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013BackupWin32.SharePointDesigner", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013BackupWin64.SharePointDesigner", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013BackupWin32.SharePointDesigner", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013BackupWin64.SharePointDesigner", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2013VisioBackup", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Visio 2013 backup only", "ExplainText": "This policy setting configures the backup of certain user settings for Microsoft Visio 2013.\nMicrosoft Visio 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Visio 2013 settings.\nIf you enable this policy setting, certain user settings of Microsoft Visio 2013 will continue to be backed up.\nIf you disable this policy setting, certain user settings of Microsoft Visio 2013 will not be backed up.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013BackupWin32.Visio", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013BackupWin64.Visio", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013BackupWin32.Visio", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013BackupWin64.Visio", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2013WordBackup", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Word 2013 backup only", "ExplainText": "This policy setting configures the backup of certain user settings for Microsoft Word 2013.\nMicrosoft Word 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Word 2013 settings.\nIf you enable this policy setting, certain user settings of Microsoft Word 2013 will continue to be backed up.\nIf you disable this policy setting, certain user settings of Microsoft Word 2013 will not be backed up.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013BackupWin32.Word", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013BackupWin64.Word", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013BackupWin32.Word", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013BackupWin64.Word", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice365Common2013", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Microsoft Office 365 Common 2013", "ExplainText": "This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2013 applications.\nMicrosoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings which are common between the Microsoft Office Suite 2013 applications will synchronize between a user\u2019s work computers with UE-V by default. Use this policy setting to prevent the user settings which are common between the Microsoft Office Suite 2013 applications from synchronization between computers with UE-V.\nIf you enable this policy setting, user settings which are common between the Microsoft Office Suite 2013 applications continue to synchronize with UE-V.\nIf you disable this policy setting, user settings which are common between the Microsoft Office Suite 2013 applications are excluded from synchronization with UE-V.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Office365Win32.Common", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Office365Win64.Common", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Office365Win32.Common", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Office365Win64.Common", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice365Access2013", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Microsoft Office 365 Access 2013", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft Office 365 Access 2013.\nMicrosoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Access 2013 will synchronize between a user\u2019s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Access 2013 from synchronization between computers with UE-V.\nIf you enable this policy setting, Microsoft Office 365 Access 2013 user settings continue to sync with UE-V.\nIf you disable this policy setting, Microsoft Office 365 Access 2013 user settings are excluded from synchronization with UE-V.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Office365Win32.Access", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Office365Win64.Access", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Office365Win32.Access", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Office365Win64.Access", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice365Excel2013", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Microsoft Office 365 Excel 2013", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft Office 365 Excel 2013.\nMicrosoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Excel 2013 will synchronize between a user\u2019s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Excel 2013 from synchronization between computers with UE-V.\nIf you enable this policy setting, Microsoft Office 365 Excel 2013 user settings continue to sync with UE-V.\nIf you disable this policy setting, Microsoft Office 365 Excel 2013 user settings are excluded from synchronization with UE-V.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Office365Win32.Excel", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Office365Win64.Excel", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Office365Win32.Excel", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Office365Win64.Excel", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice365InfoPath2013", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Microsoft Office 365 InfoPath 2013", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft Office 365 InfoPath 2013.\nMicrosoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 InfoPath 2013 will synchronize between a user\u2019s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 InfoPath 2013 from synchronization between computers with UE-V.\nIf you enable this policy setting, Microsoft Office 365 InfoPath 2013 user settings continue to sync with UE-V.\nIf you disable this policy setting, Microsoft Office 365 InfoPath 2013 user settings are excluded from synchronization with UE-V.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Office365Win32.InfoPath", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Office365Win64.InfoPath", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Office365Win32.InfoPath", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Office365Win64.InfoPath", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice365Lync2013", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Microsoft Office 365 Lync 2013", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft Office 365 Lync 2013.\nMicrosoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Lync 2013 will synchronize between a user\u2019s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Lync 2013 from synchronization between computers with UE-V.\nIf you enable this policy setting, Microsoft Office 365 Lync 2013 user settings continue to sync with UE-V.\nIf you disable this policy setting, Microsoft Office 365 Lync 2013 user settings are excluded from synchronization with UE-V.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftLync2013Office365Win32", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftLync2013Office365Win64", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftLync2013Office365Win32", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftLync2013Office365Win64", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice365OneNote2013", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Microsoft Office 365 OneNote 2013", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft Office 365 OneNote 2013.\nMicrosoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 OneNote 2013 will synchronize between a user\u2019s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 OneNote 2013 from synchronization between computers with UE-V.\nIf you enable this policy setting, Microsoft Office 365 OneNote 2013 user settings continue to sync with UE-V.\nIf you disable this policy setting, Microsoft Office 365 OneNote 2013 user settings are excluded from synchronization with UE-V.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Office365Win32.OneNote", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Office365Win64.OneNote", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Office365Win32.OneNote", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Office365Win64.OneNote", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice365Outlook2013", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Microsoft Office 365 Outlook 2013", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft Office 365 Outlook 2013.\nMicrosoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Outlook 2013 will synchronize between a user\u2019s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Outlook 2013 from synchronization between computers with UE-V.\nIf you enable this policy setting, Microsoft Office 365 Outlook 2013 user settings continue to sync with UE-V.\nIf you disable this policy setting, Microsoft Office 365 Outlook 2013 user settings are excluded from synchronization with UE-V.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Office365Win32.Outlook", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Office365Win64.Outlook", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Office365Win32.Outlook", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Office365Win64.Outlook", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice365PowerPoint2013", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Microsoft Office 365 PowerPoint 2013", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft Office 365 PowerPoint 2013.\nMicrosoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 PowerPoint 2013 will synchronize between a user\u2019s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 PowerPoint 2013 from synchronization between computers with UE-V.\nIf you enable this policy setting, Microsoft Office 365 PowerPoint 2013 user settings continue to sync with UE-V.\nIf you disable this policy setting, Microsoft Office 365 PowerPoint 2013 user settings are excluded from synchronization with UE-V.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Office365Win32.PowerPoint", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Office365Win64.PowerPoint", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Office365Win32.PowerPoint", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Office365Win64.PowerPoint", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice365Project2013", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Microsoft Office 365 Project 2013", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft Office 365 Project 2013.\nMicrosoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Project 2013 will synchronize between a user\u2019s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Project 2013 from synchronization between computers with UE-V.\nIf you enable this policy setting, Microsoft Office 365 Project 2013 user settings continue to sync with UE-V.\nIf you disable this policy setting, Microsoft Office 365 Project 2013 user settings are excluded from synchronization with UE-V.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Office365Win32.Project", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Office365Win64.Project", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Office365Win32.Project", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Office365Win64.Project", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice365Publisher2013", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Microsoft Office 365 Publisher 2013", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft Office 365 Publisher 2013.\nMicrosoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Publisher 2013 will synchronize between a user\u2019s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Publisher 2013 from synchronization between computers with UE-V.\nIf you enable this policy setting, Microsoft Office 365 Publisher 2013 user settings continue to sync with UE-V.\nIf you disable this policy setting, Microsoft Office 365 Publisher 2013 user settings are excluded from synchronization with UE-V.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Office365Win32.Publisher", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Office365Win64.Publisher", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Office365Win32.Publisher", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Office365Win64.Publisher", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice365SharePointDesigner2013", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Microsoft Office 365 SharePoint Designer 2013", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft Office 365 SharePoint Designer 2013.\nMicrosoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 SharePoint Designer 2013 will synchronize between a user\u2019s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 SharePoint Designer 2013 from synchronization between computers with UE-V.\nIf you enable this policy setting, Microsoft Office 365 SharePoint Designer 2013 user settings continue to sync with UE-V.\nIf you disable this policy setting, Microsoft Office 365 SharePoint Designer 2013 user settings are excluded from synchronization with UE-V.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Office365Win32.SharePointDesigner", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Office365Win64.SharePointDesigner", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Office365Win32.SharePointDesigner", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Office365Win64.SharePointDesigner", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice365Visio2013", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Microsoft Office 365 Visio 2013", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft Office 365 Visio 2013.\nMicrosoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Visio 2013 will synchronize between a user\u2019s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Visio 2013 from synchronization between computers with UE-V.\nIf you enable this policy setting, Microsoft Office 365 Visio 2013 user settings continue to sync with UE-V.\nIf you disable this policy setting, Microsoft Office 365 Visio 2013 user settings are excluded from synchronization with UE-V.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Office365Win32.Visio", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Office365Win64.Visio", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Office365Win32.Visio", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Office365Win64.Visio", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice365Word2013", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Microsoft Office 365 Word 2013", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft Office 365 Word 2013.\nMicrosoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Word 2013 will synchronize between a user\u2019s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Word 2013 from synchronization between computers with UE-V.\nIf you enable this policy setting, Microsoft Office 365 Word 2013 user settings continue to sync with UE-V.\nIf you disable this policy setting, Microsoft Office 365 Word 2013 user settings are excluded from synchronization with UE-V.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Office365Win32.Word", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2013Office365Win64.Word", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Office365Win32.Word", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2013Office365Win64.Word", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2010Common", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Microsoft Office 2010 Common Settings", "ExplainText": "This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2010 applications.\nBy default, the user settings which are common between the Microsoft Office Suite 2010 applications synchronize between computers. Use the policy setting to prevent the user settings which are common between the Microsoft Office Suite 2010 applications from synchronization between computers.\nIf you enable this policy setting, the user settings which are common between the Microsoft Office Suite 2010 applications continue to synchronize.\nIf you disable this policy setting, the user settings which are common between the Microsoft Office Suite 2010 applications are excluded from the synchronization settings. If any of the Microsoft Office Suite 2010 applications are enabled, this policy setting should not be disabled\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2010Win32.Common", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2010Win64.Common", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2010Win32.Common", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2010Win64.Common", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2010Access", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Microsoft Access 2010", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft Access 2010.\nBy default, the user settings of Microsoft Access 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Access 2010 from synchronization between computers.\nIf you enable this policy setting, Microsoft Access 2010 user settings continue to synchronize.\nIf you disable this policy setting, Microsoft Access 2010 user settings are excluded from the synchronization settings.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2010Win32.Access", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2010Win64.Access", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2010Win32.Access", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2010Win64.Access", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2010Excel", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Microsoft Excel 2010", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft Excel 2010.\nBy default, the user settings of Microsoft Excel 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Excel 2010 from synchronization between computers.\nIf you enable this policy setting, Microsoft Excel 2010 user settings continue to synchronize.\nIf you disable this policy setting, Microsoft Excel 2010 user settings are excluded from the synchronization settings.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2010Win32.Excel", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2010Win64.Excel", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2010Win32.Excel", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2010Win64.Excel", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2010InfoPath", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Microsoft InfoPath 2010", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft InfoPath 2010.\nBy default, the user settings of Microsoft InfoPath 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft InfoPath 2010 from synchronization between computers.\nIf you enable this policy setting, Microsoft InfoPath 2010 user settings continue to synchronize.\nIf you disable this policy setting, Microsoft InfoPath 2010 user settings are excluded from the synchronization settings.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2010Win32.InfoPath", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2010Win64.InfoPath", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2010Win32.InfoPath", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2010Win64.InfoPath", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2010OneNote", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Microsoft OneNote 2010", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft OneNote 2010.\nBy default, the user settings of Microsoft OneNote 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft OneNote 2010 from synchronization between computers.\nIf you enable this policy setting, Microsoft OneNote 2010 user settings continue to synchronize.\nIf you disable this policy setting, Microsoft OneNote 2010 user settings are excluded from the synchronization settings.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2010Win32.OneNote", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2010Win64.OneNote", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2010Win32.OneNote", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2010Win64.OneNote", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2010Lync", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Microsoft Lync 2010", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft Lync 2010.\nBy default, the user settings of Microsoft Lync 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Lync 2010 from synchronization between computers.\nIf you enable this policy setting, Microsoft Lync 2010 user settings continue to synchronize.\nIf you disable this policy setting, Microsoft Lync 2010 user settings are excluded from the synchronization settings.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "ValueName": "MicrosoftLync2010", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2010Outlook", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Microsoft Outlook 2010", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft Outlook 2010.\nBy default, the user settings of Microsoft Outlook 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Outlook 2010 from synchronization between computers.\nIf you enable this policy setting, Microsoft Outlook 2010 user settings continue to synchronize.\nIf you disable this policy setting, Microsoft Outlook 2010 user settings are excluded from the synchronization settings.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2010Win32.Outlook", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2010Win64.Outlook", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2010Win32.Outlook", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2010Win64.Outlook", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2010PowerPoint", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Microsoft PowerPoint 2010", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft PowerPoint 2010.\nBy default, the user settings of Microsoft PowerPoint 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft PowerPoint 2010 from synchronization between computers.\nIf you enable this policy setting, Microsoft PowerPoint 2010 user settings continue to synchronize.\nIf you disable this policy setting, Microsoft PowerPoint 2010 user settings are excluded from the synchronization settings.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2010Win32.PowerPoint", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2010Win64.PowerPoint", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2010Win32.PowerPoint", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2010Win64.PowerPoint", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2010Project", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Microsoft Project 2010", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft Project 2010.\nBy default, the user settings of Microsoft Project 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Project 2010 from synchronization between computers.\nIf you enable this policy setting, Microsoft Project 2010 user settings continue to synchronize.\nIf you disable this policy setting, Microsoft Project 2010 user settings are excluded from the synchronization settings.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2010Win32.Project", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2010Win64.Project", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2010Win32.Project", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2010Win64.Project", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2010Publisher", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Microsoft Publisher 2010", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft Publisher 2010.\nBy default, the user settings of Microsoft Publisher 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Publisher 2010 from synchronization between computers.\nIf you enable this policy setting, Microsoft Publisher 2010 user settings continue to synchronize.\nIf you disable this policy setting, Microsoft Publisher 2010 user settings are excluded from the synchronization settings.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2010Win32.Publisher", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2010Win64.Publisher", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2010Win32.Publisher", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2010Win64.Publisher", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2010SharePointWorkspace", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Microsoft SharePoint Workspace 2010", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft SharePoint Workspace 2010.\nBy default, the user settings of Microsoft SharePoint Workspace 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft SharePoint Workspace 2010 from synchronization between computers.\nIf you enable this policy setting, Microsoft SharePoint Workspace 2010 user settings continue to synchronize.\nIf you disable this policy setting, Microsoft SharePoint Workspace 2010 user settings are excluded from the synchronization settings.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2010Win32.Groove", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2010Win64.Groove", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2010Win32.Groove", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2010Win64.Groove", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2010SharePointDesigner", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Microsoft SharePoint Designer 2010", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft SharePoint Designer 2010.\nBy default, the user settings of Microsoft SharePoint Designer 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft SharePoint Designer 2010 from synchronization between computers.\nIf you enable this policy setting, Microsoft SharePoint Designer 2010 user settings continue to synchronize.\nIf you disable this policy setting, Microsoft SharePoint Designer 2010 user settings are excluded from the synchronization settings.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2010Win32.SharePointDesigner", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2010Win64.SharePointDesigner", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2010Win32.SharePointDesigner", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2010Win64.SharePointDesigner", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2010Word", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Microsoft Word 2010", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft Word 2010.\nBy default, the user settings of Microsoft Word 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Word 2010 from synchronization between computers.\nIf you enable this policy setting, Microsoft Word 2010 user settings continue to synchronize.\nIf you disable this policy setting, Microsoft Word 2010 user settings are excluded from the synchronization settings.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2010Win32.Word", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2010Win64.Word", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2010Win32.Word", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2010Win64.Word", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Applications", "PolicyName": "MicrosoftOffice2010Visio", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Microsoft Visio 2010", "ExplainText": "This policy setting configures the synchronization of user settings for Microsoft Visio 2010.\nBy default, the user settings of Microsoft Visio 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Visio 2010 from synchronization between computers.\nIf you enable this policy setting, Microsoft Visio 2010 user settings continue to synchronize.\nIf you disable this policy setting, Microsoft Visio 2010 user settings are excluded from the synchronization settings.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Elements": [ { "Type": "EnabledList", "ValueName": "MicrosoftOffice2010Win32.Visio", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "EnabledList", "ValueName": "MicrosoftOffice2010Win64.Visio", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2010Win32.Visio", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "MicrosoftOffice2010Win64.Visio", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Applications" ], "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Windows8Apps", "PolicyName": "Finance", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Finance", "ExplainText": "This policy setting configures the synchronization of user settings for the Finance app.\nBy default, the user settings of Finance sync between computers. Use the policy setting to prevent the user settings of Finance from synchronizing between computers.\nIf you enable this policy setting, Finance user settings continue to sync.\nIf you disable this policy setting, Finance user settings are excluded from synchronization.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Windows8AppList\\Microsoft.BingFinance_8wekyb3d8bbwe", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Windows8AppList\\Microsoft.BingFinance_8wekyb3d8bbwe" ], "ValueName": "SyncSettings", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Windows8Apps", "PolicyName": "Maps", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Maps", "ExplainText": "This policy setting configures the synchronization of user settings for the Maps app.\nBy default, the user settings of Maps sync between computers. Use the policy setting to prevent the user settings of Maps from synchronizing between computers.\nIf you enable this policy setting, Maps user settings continue to sync.\nIf you disable this policy setting, Maps user settings are excluded from synchronization.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Windows8AppList\\Microsoft.BingMaps_8wekyb3d8bbwe", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Windows8AppList\\Microsoft.BingMaps_8wekyb3d8bbwe" ], "ValueName": "SyncSettings", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Windows8Apps", "PolicyName": "News", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "News", "ExplainText": "This policy setting configures the synchronization of user settings for the News app.\nBy default, the user settings of News sync between computers. Use the policy setting to prevent the user settings of News from synchronizing between computers.\nIf you enable this policy setting, News user settings continue to sync.\nIf you disable this policy setting, News user settings are excluded from synchronization.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Windows8AppList\\Microsoft.BingNews_8wekyb3d8bbwe", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Windows8AppList\\Microsoft.BingNews_8wekyb3d8bbwe" ], "ValueName": "SyncSettings", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Windows8Apps", "PolicyName": "Sports", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Sports", "ExplainText": "This policy setting configures the synchronization of user settings for the Sports app.\nBy default, the user settings of Sports sync between computers. Use the policy setting to prevent the user settings of Sports from synchronizing between computers.\nIf you enable this policy setting, Sports user settings continue to sync.\nIf you disable this policy setting, Sports user settings are excluded from synchronization.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Windows8AppList\\Microsoft.BingSports_8wekyb3d8bbwe", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Windows8AppList\\Microsoft.BingSports_8wekyb3d8bbwe" ], "ValueName": "SyncSettings", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Windows8Apps", "PolicyName": "Travel", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Travel", "ExplainText": "This policy setting configures the synchronization of user settings for the Travel app.\nBy default, the user settings of Travel sync between computers. Use the policy setting to prevent the user settings of Travel from synchronizing between computers.\nIf you enable this policy setting, Travel user settings continue to sync.\nIf you disable this policy setting, Travel user settings are excluded from synchronization.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Windows8AppList\\Microsoft.BingTravel_8wekyb3d8bbwe", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Windows8AppList\\Microsoft.BingTravel_8wekyb3d8bbwe" ], "ValueName": "SyncSettings", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Windows8Apps", "PolicyName": "Weather", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Weather", "ExplainText": "This policy setting configures the synchronization of user settings for the Weather app.\nBy default, the user settings of Weather sync between computers. Use the policy setting to prevent the user settings of Weather from synchronizing between computers.\nIf you enable this policy setting, Weather user settings continue to sync.\nIf you disable this policy setting, Weather user settings are excluded from synchronization.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Windows8AppList\\Microsoft.BingWeather_8wekyb3d8bbwe", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Windows8AppList\\Microsoft.BingWeather_8wekyb3d8bbwe" ], "ValueName": "SyncSettings", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Windows8Apps", "PolicyName": "Reader", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Reader", "ExplainText": "This policy setting configures the synchronization of user settings for the Reader app.\nBy default, the user settings of Reader sync between computers. Use the policy setting to prevent the user settings of Reader from synchronizing between computers.\nIf you enable this policy setting, Reader user settings continue to sync.\nIf you disable this policy setting, Reader user settings are excluded from the synchronization.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Windows8AppList\\Microsoft.Reader_8wekyb3d8bbwe", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Windows8AppList\\Microsoft.Reader_8wekyb3d8bbwe" ], "ValueName": "SyncSettings", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Windows8Apps", "PolicyName": "Games", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Games", "ExplainText": "This policy setting configures the synchronization of user settings for the Games app.\nBy default, the user settings of Games sync between computers. Use the policy setting to prevent the user settings of Games from synchronizing between computers.\nIf you enable this policy setting, Games user settings continue to sync.\nIf you disable this policy setting, Games user settings are excluded from synchronization.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Windows8AppList\\Microsoft.XboxLIVEGames_8wekyb3d8bbwe", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Windows8AppList\\Microsoft.XboxLIVEGames_8wekyb3d8bbwe" ], "ValueName": "SyncSettings", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Windows8Apps", "PolicyName": "Music", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Music", "ExplainText": "This policy setting configures the synchronization of user settings for the Music app.\nBy default, the user settings of Music sync between computers. Use the policy setting to prevent the user settings of Music from synchronizing between computers.\nIf you enable this policy setting, Music user settings continue to sync.\nIf you disable this policy setting, Music user settings are excluded from the synchronizing settings.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Windows8AppList\\Microsoft.ZuneMusic_8wekyb3d8bbwe", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Windows8AppList\\Microsoft.ZuneMusic_8wekyb3d8bbwe" ], "ValueName": "SyncSettings", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "Windows8Apps", "PolicyName": "Video", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Video", "ExplainText": "This policy setting configures the synchronization of user settings for the Video app.\nBy default, the user settings of Video sync between computers. Use the policy setting to prevent the user settings of Video from synchronizing between computers.\nIf you enable this policy setting, Video user settings continue to sync.\nIf you disable this policy setting, Video user settings are excluded from synchronization.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Windows8AppList\\Microsoft.ZuneVideo_8wekyb3d8bbwe", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\Windows8AppList\\Microsoft.ZuneVideo_8wekyb3d8bbwe" ], "ValueName": "SyncSettings", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "UEV", "PolicyName": "DisableWindowsOSSettings", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Synchronize Windows settings", "ExplainText": "This policy setting configures the synchronization of Windows settings between computers.\nCertain Windows settings will synchronize between computers by default. These settings include Windows themes, Windows desktop settings, Ease of Access settings, and network printers. Use this policy setting to specify which Windows settings synchronize between computers. You can also use these settings to enable synchronization of users' sign-in information for certain apps, networks, and certificates.\nIf you enable this policy setting, only the selected Windows settings synchronize. Unselected Windows settings are excluded from settings synchronization.\nIf you disable this policy setting, all Windows Settings are excluded from the settings synchronization.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\WindowsSettings", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\WindowsSettings" ], "Elements": [ { "Type": "Boolean", "ValueName": "DesktopSettings", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "EaseOfAccessSettings", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "ThemeSettings", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "RoamingCredentialSettings", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "NetworkPrinters", "TrueValue": "1", "FalseValue": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "UEV", "PolicyName": "SyncEnabled", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Use User Experience Virtualization (UE-V)", "ExplainText": "This policy setting allows you to enable or disable User Experience Virtualization (UE-V). Only applies to Windows 10 or earlier.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration" ], "ValueName": "SyncEnabled", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "UEV", "PolicyName": "ConfigureSyncMethod", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Configure Sync Method", "ExplainText": "This policy setting configures the sync provider used by User Experience Virtualization (UE-V) to sync settings between users\u2019 computers. With Sync Method set to \"SyncProvider,\" the UE-V Agent uses a built-in sync provider to keep user settings synchronized between the computer and the settings storage location. This is the default value. You can disable the sync provider on computers that never go offline and are always connected to the settings storage location.\nWhen SyncMethod is set to \"None,\" the UE-V Agent uses no sync provider. Settings are written directly to the settings storage location rather than being cached to sync later.\nSet SyncMethod to \"External\" when an external synchronization engine is being deployed for settings sync. This could use OneDrive, Work Folders, SharePoint or any other engine that uses a local folder to synchronize data between users\u2019 computers. In this mode, UE-V writes settings data to the local folder specified in the settings storage path. These settings are then synchronized to other computers by an external synchronization engine. UE-V has no control over this synchronization. It only reads and writes the settings data when the normal UE-V triggers take place.\nWith notifications enabled, UE-V users receive a message when the settings sync is delayed. The notification delay policy setting defines the delay before a notification appears.\nIf you disable this policy setting, the sync provider is used to synchronize settings between computers and the settings storage location.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration" ], "Elements": [ { "Type": "Enum", "ValueName": "SyncMethod", "Items": [ { "DisplayName": "SyncProvider", "Data": "SyncProvider" }, { "DisplayName": "None", "Data": "None" }, { "DisplayName": "External", "Data": "External" } ], "Required": true }, { "Type": "Boolean", "ValueName": "SettingsImportNotifyEnabled", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Decimal", "ValueName": "SettingsImportNotifyDelayInSeconds", "MinValue": "0", "MaxValue": "4294967200", "Required": false, "StoreAsText": false } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "UEV", "PolicyName": "ConfigureVdi", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "VDI Configuration", "ExplainText": "This policy setting configures the synchronization of User Experience Virtualization (UE-V) rollback information for computers running in a non-persistent, pooled VDI environment. UE-V settings rollback data and checkpoints are normally stored only on the local computer. With this policy setting enabled, the rollback information is copied to the settings storage location when the user logs off or shuts down their VDI session. Enable this setting to register a VDI-specific settings location template and restore data on computers in pooled VDI environments that reset to a clean state on logout. With this policy enabled you can roll settings back to the state when UE-V was installed or to \"last-known-good\" configurations. Only enable this policy setting on computers running in a non-persistent VDI environment. The VDI Collection Name defines the name of the virtual desktop collection containing the virtual computers.\nIf you enable this policy setting, the UE-V rollback state is copied to the settings storage location on logout and restored on login.\nIf you disable this policy setting, no UE-V rollback state is copied to the settings storage location.\nIf you do not configure this policy, no UE-V rollback state is copied to the settings storage location.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\WindowsSettings", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration\\WindowsSettings" ], "ValueName": "VdiState", "Elements": [ { "Type": "Text", "ValueName": "VdiCollectionName", "Required": true, "Expandable": true, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "UEV", "PolicyName": "DisableWin8Sync", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Do not synchronize Windows Apps", "ExplainText": "This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings for Windows apps.\nBy default, the UE-V Agent synchronizes settings for Windows apps between the computer and the settings storage location.\nIf you enable this policy setting, the UE-V Agent will not synchronize settings for Windows apps.\nIf you disable this policy setting, the UE-V Agent will synchronize settings for Windows apps.\nIf you do not configure this policy setting, any defined values are deleted.\nNote: If the user connects their Microsoft account for their computer then the UE-V Agent will not synchronize Windows apps. The Windows apps will default to whatever settings are configured in the Sync your settings configuration in Windows.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration" ], "ValueName": "DontSyncWindows8AppSettings", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "UEV", "PolicyName": "TrayIconEnabled", "Class": "Machine", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Tray Icon", "ExplainText": "This policy setting enables the User Experience Virtualization (UE-V) tray icon. By default, an icon appears in the system tray that displays notifications for UE-V. This icon also provides a link to the UE-V Agent application, Company Settings Center. Users can open the Company Settings Center by right-clicking the icon and selecting Open or by double-clicking the icon. When this group policy setting is enabled, the UE-V tray icon is visible, the UE-V notifications display, and the Company Settings Center is accessible from the tray icon.\nWith this setting disabled, the tray icon does not appear in the system tray, UE-V never displays notifications, and the user cannot access Company Settings Center from the system tray. The Company Settings Center remains accessible through the Control Panel and the Start menu or Start screen.\nIf you do not configure this policy setting, any defined values are deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration" ], "ValueName": "TrayIconEnabled", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "UEV", "PolicyName": "FirstUseNotificationEnabled", "Class": "Machine", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "First Use Notification", "ExplainText": "This policy setting enables a notification in the system tray that appears when the User Experience Virtualization (UE-V) Agent runs for the first time.\nBy default, a notification informs users that Company Settings Center, the user-facing name for the UE-V Agent, now helps to synchronize settings between their work computers.\nWith this setting enabled, the notification appears the first time that the UE-V Agent runs.\nWith this setting disabled, no notification appears.\nIf you do not configure this policy setting, any defined values are deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration" ], "ValueName": "FirstUseNotificationEnabled", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "UEV", "PolicyName": "SyncUnlistedWindows8Apps", "Class": "Machine", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Sync Unlisted Windows Apps", "ExplainText": "This policy setting defines the default settings sync behavior of the User Experience Virtualization (UE-V) Agent for Windows apps that are not explicitly listed in Windows App List.\nBy default, the UE-V Agent only synchronizes settings of those Windows apps included in the Windows App List.\nWith this setting enabled, the settings of all Windows apps not expressly disable in the Windows App List are synchronized.\nWith this setting disabled, only the settings of the Windows apps set to synchronize in the Windows App List are synchronized.\nIf you do not configure this policy setting, any defined values are deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration" ], "ValueName": "SyncUnlistedWindows8Apps", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "UEV", "PolicyName": "SyncProviderPingEnabled", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Ping the settings storage location before sync", "ExplainText": "This policy setting allows you to configure the User Experience Virtualization (UE-V) sync provider to ping the settings storage path before attempting to sync settings. If the ping is successful then the sync provider attempts to synchronize the settings packages. If the ping is unsuccessful then the sync provider doesn\u2019t attempt the synchronization.\nIf you enable this policy setting, the sync provider pings the settings storage location before synchronizing settings packages.\nIf you disable this policy setting, the sync provider doesn\u2019t ping the settings storage location before synchronizing settings packages.\nIf you do not configure this policy, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration" ], "ValueName": "SyncProviderPingEnabled", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "UEV", "PolicyName": "SyncOverMeteredNetwork", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Sync settings over metered connections", "ExplainText": "This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings over metered connections.\nBy default, the UE-V Agent does not synchronize settings over a metered connection.\nWith this setting enabled, the UE-V Agent synchronizes settings over a metered connection.\nWith this setting disabled, the UE-V Agent does not synchronize settings over a metered connection.\nIf you do not configure this policy setting, any defined values are deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration" ], "ValueName": "SyncOverMeteredNetwork", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "UEV", "PolicyName": "SyncOverMeteredNetworkWhenRoaming", "Class": "Both", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Sync settings over metered connections even when roaming", "ExplainText": "This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings over metered connections outside of the home provider network, for example when connected via a roaming connection.\nBy default, the UE-V Agent does not synchronize settings over a metered connection that is roaming.\nWith this setting enabled, the UE-V Agent synchronizes settings over a metered connection that is roaming.\nWith this setting disabled, the UE-V Agent will not synchronize settings over a metered connection that is roaming.\nIf you do not configure this policy setting, any defined values are deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration", "HKCU\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration" ], "ValueName": "SyncOverMeteredNetworkWhenRoaming", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "UEV", "PolicyName": "ContactITDescription", "Class": "Machine", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Contact IT Link Text", "ExplainText": "This policy setting specifies the text of the Contact IT URL hyperlink in the Company Settings Center.\nIf you enable this policy setting, the Company Settings Center displays the specified text in the link to the Contact IT URL.\nIf you disable this policy setting, the Company Settings Center does not display an IT Contact link.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration" ], "Elements": [ { "Type": "Text", "ValueName": "ContactITDescription", "Required": true, "Expandable": true } ] }, { "File": "UserExperienceVirtualization.admx", "CategoryName": "UEV", "PolicyName": "ContactITUrl", "Class": "Machine", "NameSpace": "Microsoft.Policies.UEV", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Contact IT URL", "ExplainText": "This policy setting specifies the URL for the Contact IT link in the Company Settings Center.\nIf you enable this policy setting, the Company Settings Center Contact IT text links to the specified URL. The link can be of any standard protocol such as http or mailto.\nIf you disable this policy setting, the Company Settings Center does not display an IT Contact link.\nIf you do not configure this policy setting, any defined values will be deleted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\UEV\\Agent\\Configuration" ], "Elements": [ { "Type": "Text", "ValueName": "ContactITUrl", "Required": true, "Expandable": true } ] }, { "File": "UserProfiles.admx", "CategoryName": "UserProfiles", "PolicyName": "AddAdminGroupToRUP", "Class": "Machine", "NameSpace": "Microsoft.Policies.UserProfiles", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Add the Administrators security group to roaming user profiles", "ExplainText": "This policy setting adds the Administrator security group to the roaming user profile share.\n\nOnce an administrator has configured a user's roaming profile, the profile will be created at the user's next login. The profile is created at the location that is specified by the administrator.\n\nFor the Windows XP Professional and Windows 2000 Professional operating systems, the default file permissions for the newly generated profile are full control, or read and write access for the user, and no file access for the administrators group.\n\nBy configuring this policy setting, you can alter this behavior.\n\nIf you enable this policy setting, the administrator group is also given full control to the user's profile folder.\n\nIf you disable or do not configure this policy setting, only the user is given full control of their user profile, and the administrators group has no file system access to this folder.\n\nNote: If the policy setting is enabled after the profile is created, the policy setting has no effect.\n\nNote: The policy setting must be configured on the client computer, not the server, for it to have any effect, because the client computer sets the file share permissions for the roaming profile at creation time.\n\nNote: In the default case, administrators have no file access to the user's profile, but they may still take ownership of this folder to grant themselves file permissions.\n\nNote: The behavior when this policy setting is enabled is exactly the same behavior as in Windows NT 4.0.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "AddAdminGroupToRUP", "Elements": [] }, { "File": "UserProfiles.admx", "CategoryName": "UserProfiles", "PolicyName": "CompatibleRUPSecurity", "Class": "Machine", "NameSpace": "Microsoft.Policies.UserProfiles", "Supported": "WindowsXP_SP1_W2K_SP4_NETSERVER - At least Windows Server 2003 operating systems, Windows XP Professional Service Pack 1, or Windows 2000 Service Pack 4", "DisplayName": "Do not check for user ownership of Roaming Profile Folders", "ExplainText": "This policy setting disables the more secure default setting for the user's roaming user profile folder.\n\nAfter an administrator has configured a user's roaming profile, the profile will be created at the user's next login. The profile is created at the location that is specified by the administrator.\n\nFor Windows 2000 Professional pre-SP4 and Windows XP pre-SP1 operating systems, the default file permissions for the newly generated profile are full control access for the user and no file access for the administrators group. No checks are made for the correct permissions if the profile folder already exists. For Windows Server 2003 family, Windows 2000 Professional SP4 and Windows XP SP1, the default behavior is to check the folder for the correct permissions if the profile folder already exists, and not copy files to or from the roaming folder if the permissions are not correct.\n\nBy configuring this policy setting, you can alter this behavior.\n\nIf you enable this policy setting Windows will not check the permissions for the folder in the case where the folder exists.\n\nIf you disable or do not configure this policy setting AND the roaming profile folder exists AND the user or administrators group are not the owner of the folder, Windows will not copy files to or from the roaming folder. The user will be shown an error message and an entry will be written to the event log. The user's cached profile will be used, or a temporary profile issued if no cached profile exists.\n\nNote: The policy setting must be configured on the client computer not the server for it to have any effect because the client computer sets the file share permissions for the roaming profile at creation time.\n\nNote: The behavior when this policy setting is enabled is exactly the same behavior as in Windows 2000 Professional pre-SP4 and Windows XP Professional.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "CompatibleRUPSecurity", "Elements": [] }, { "File": "UserProfiles.admx", "CategoryName": "UserProfiles", "PolicyName": "Connect_HomeDir_ToRoot", "Class": "User", "NameSpace": "Microsoft.Policies.UserProfiles", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Connect home directory to root of the share", "ExplainText": "This policy setting restores the definitions of the %HOMESHARE% and %HOMEPATH% environment variables to those used in Windows NT 4.0 and earlier. Along with %HOMEDRIVE%, these variables define the home directory of a user profile. The home directory is a persistent mapping of a drive letter on the local computer to a local or remote directory.\n\nIf you enable this policy setting, the system uses the Windows NT 4.0 definitions. %HOMESHARE% stores only the network share (such as \\\\server\\share). %HOMEPATH% stores the remainder of the fully qualified path to the home directory (such as \\dir1\\dir2\\homedir). As a result, users can access any directory on the home share by using the home directory drive letter.\n\nIf you disable or do not configure this policy setting, the system uses the definitions introduced with Windows 2000. %HOMESHARE% stores the fully qualified path to the home directory (such as \\\\server\\share\\dir1\\dir2\\homedir). Users can access the home directory and any of its subdirectories from the home drive letter, but they cannot see or access its parent directories. %HOMEPATH% stores a final backslash and is included for compatibility with earlier systems.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "ValueName": "ConnectHomeDirToRoot", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "UserProfiles.admx", "CategoryName": "UserProfiles", "PolicyName": "DeleteRoamingCachedProfiles", "Class": "Machine", "NameSpace": "Microsoft.Policies.UserProfiles", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Delete cached copies of roaming profiles", "ExplainText": "This policy setting determines whether Windows keeps a copy of a user's roaming profile on the local computer's hard drive when the user logs off.\n\nRoaming profiles reside on a network server. By default, when users with roaming profiles log off, the system also saves a copy of their roaming profile on the hard drive of the computer they are using in case the server that stores the roaming profile is unavailable when the user logs on again. The local copy is also used when the remote copy of the roaming user profile is slow to load.\n\nIf you enable this policy setting, any local copies of the user's roaming profile are deleted when the user logs off. The roaming profile still remains on the network server that stores it.\n\nIf you disable or do not configure this policy setting, Windows keeps a copy of a user's roaming profile on the local computer's hard drive when the user logs off.\n\nImportant: Do not enable this policy setting if you are using the slow link detection feature. To respond to a slow link, the system requires a local copy of the user's roaming profile.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "DeleteRoamingCache", "Elements": [] }, { "File": "UserProfiles.admx", "CategoryName": "UserProfiles", "PolicyName": "EnableSlowLinkDetect", "Class": "Machine", "NameSpace": "Microsoft.Policies.UserProfiles", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Disable detection of slow network connections", "ExplainText": "This policy setting disables the detection of slow network connections.\n\nSlow link detection measures the speed of the connection between a user's computer and the remote server that stores the roaming user profile. When the system detects a slow link, the related policy settings in this folder tell the computer how to respond.\n\nIf you enable this policy setting, the system does not detect slow connections or recognize any connections as being slow. As a result, the system does not respond to slow connections to user profiles, and it ignores the policy settings that tell the system how to respond to a slow connection.\n\nIf you disable this policy setting or do not configure it, slow link detection is enabled. The system measures the speed of the connection between the user's computer and profile server. If the connection is slow (as defined by the \"Slow network connection timeout for user profiles\" policy setting), the system applies the other policy settings set in this folder to determine how to proceed. By default, when the connection is slow, the system loads the local copy of the user profile.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "SlowLinkDetectEnabled", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "UserProfiles.admx", "CategoryName": "UserProfiles", "PolicyName": "EnableSlowLinkUI", "Class": "Machine", "NameSpace": "Microsoft.Policies.UserProfiles", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Prompt user when a slow network connection is detected", "ExplainText": "This policy setting provides users with the ability to download their roaming profile, even when a slow network connection with their roaming profile server is detected.\n\nIf you enable this policy setting, users will be allowed to define whether they want their roaming profile to be downloaded when a slow link with their roaming profile server is detected.\n\nIn operating systems earlier than Microsoft Windows Vista, a dialog box will be shown to the user during logon if a slow network connection is detected. The user then is able to choose to download the remote copy of the user profile. In Microsoft Windows Vista, a check box appears on the logon screen and the user must choose whether to download the remote user profile before Windows detects the network connection speed.\n\nIf you disable or do not configure this policy setting, the system does not consult the user. Instead, the system uses the local copy of the user profile. If you have enabled the \"Wait for remote user profile\" policy setting, the system downloads the remote copy of the user profile without consulting the user. In Microsoft Windows Vista, the system will ignore the user choice made on the logon screen.\n\nNote: This policy setting and related policy settings in this folder define the system's response when roaming user profiles are slow to download. To adjust the time within which the user must respond to this notice in operating systems earlier than Microsoft Windows Vista, use the \"Timeout for dialog boxes\" policy setting.\n\nImportant: If the \"Do not detect slow network connections\" setting is enabled, this policy setting is ignored. Also, if the \"Delete cached copies of roaming profiles\" policy setting is enabled, there is no local copy of the roaming profile to load when the system detects a slow connection.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "SlowLinkUIEnabled", "Elements": [] }, { "File": "UserProfiles.admx", "CategoryName": "UserProfiles", "PolicyName": "ExcludeDirectories", "Class": "User", "NameSpace": "Microsoft.Policies.UserProfiles", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Exclude directories in roaming profile", "ExplainText": "This policy setting lets you exclude folders that are normally included in the user's profile. As a result, these folders do not need to be stored by the network server on which the profile resides and do not follow users to other computers.\n\nNote: When excluding content from the profile you should try to exclude the narrowest set of data that will address your needs. For example, if there is one application with data that should not be roamed then add only that application's specific folder under the AppData\\Roaming folder rather than all of the AppData\\Roaming folder to the exclusion list.\n\nBy default, the Appdata\\Local and Appdata\\LocalLow folders and all their subfolders such as the History, Temp, and Temporary Internet Files folders are excluded from the user's roaming profile.\n\nIn operating systems earlier than Microsoft Windows Vista, only the History, Local Settings, Temp, and Temporary Internet Files folders are excluded from the user's roaming profile by default.\n\nIf you enable this policy setting, you can exclude additional folders.\n\nIf you disable this policy setting or do not configure it, only the default folders are excluded.\n\nNote: You cannot use this policy setting to include the default folders in a roaming user profile.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\System" ], "Elements": [ { "Type": "Text", "ValueName": "ExcludeProfileDirs", "MaxLength": "4096" } ] }, { "File": "UserProfiles.admx", "CategoryName": "UserProfiles", "PolicyName": "LeaveAppMgmtData", "Class": "Machine", "NameSpace": "Microsoft.Policies.UserProfiles", "Supported": "WindowsXPSP2_Or_WindowsNETSP1 - At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2", "DisplayName": "Leave Windows Installer and Group Policy Software Installation Data", "ExplainText": "This policy setting determines whether the system retains a roaming user's Windows Installer and Group Policy based software installation data on their profile deletion.\n\nBy default Windows deletes all information related to a roaming user (which includes the user's settings, data, Windows Installer related data, and the like) when their profile is deleted. As a result, the next time a roaming user whose profile was previously deleted on that client logs on, they will need to reinstall all apps published via policy at logon increasing logon time. You can use this policy setting to change this behavior.\n\nIf you enable this policy setting, Windows will not delete Windows Installer or Group Policy software installation data for roaming users when profiles are deleted from the machine. This will improve the performance of Group Policy based Software Installation during user logon when a user profile is deleted and that user subsequently logs on to the machine.\n\nIf you disable or do not configure this policy setting, Windows will delete the entire profile for roaming users, including the Windows Installer and Group Policy software installation data when those profiles are deleted.\n\nNote: If this policy setting is enabled for a machine, local administrator action is required to remove the Windows Installer or Group Policy software installation data stored in the registry and file system of roaming users' profiles on the machine.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "LeaveAppMgmtData", "Elements": [] }, { "File": "UserProfiles.admx", "CategoryName": "UserProfiles", "PolicyName": "LimitSize", "Class": "User", "NameSpace": "Microsoft.Policies.UserProfiles", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Limit profile size", "ExplainText": "This policy setting sets the maximum size of each user profile and determines the system's response when a user profile reaches the maximum size. This policy setting affects both local and roaming profiles.\n\nIf you disable this policy setting or do not configure it, the system does not limit the size of user profiles.\n\nIf you enable this policy setting, you can:\n\n-- Set a maximum permitted user profile size.\n-- Determine whether the registry files are included in the calculation of the profile size.\n-- Determine whether users are notified when the profile exceeds the permitted maximum size.\n-- Specify a customized message notifying users of the oversized profile.\n-- Determine how often the customized message is displayed.\n\nNote: In operating systems earlier than Microsoft Windows Vista, Windows will not allow users to log off until the profile size has been reduced to within the allowable limit. In Microsoft Windows Vista, Windows will not block users from logging off. Instead, if the user has a roaming user profile, Windows will not synchronize the user's profile with the roaming profile server if the maximum profile size limit specified here is exceeded.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\EnableProfileQuota" ], "Elements": [ { "Type": "Text", "ValueName": "ProfileQuotaMessage" }, { "Type": "Decimal", "ValueName": "MaxProfileSize", "MinValue": "300", "MaxValue": "30000000", "Required": true }, { "Type": "Boolean", "ValueName": "IncludeRegInProQuota", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "WarnUser", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Decimal", "ValueName": "WarnUserTimeout", "MinValue": "0", "MaxValue": null, "Required": true } ] }, { "File": "UserProfiles.admx", "CategoryName": "UserProfiles", "PolicyName": "LocalProfile", "Class": "Machine", "NameSpace": "Microsoft.Policies.UserProfiles", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Only allow local user profiles", "ExplainText": "This setting determines if roaming user profiles are available on a particular computer. By default, when roaming profile users log on to a computer, their roaming profile is copied down to the local computer. If they have already logged on to this computer in the past, the roaming profile is merged with the local profile. Similarly, when the user logs off this computer, the local copy of their profile, including any changes they have made, is merged with the server copy of their profile.\n\nUsing the setting, you can prevent users configured to use roaming profiles from receiving their profile on a specific computer.\n\nIf you enable this setting, the following occurs on the affected computer: At first logon, the user receives a new local profile, rather than the roaming profile. At logoff, changes are saved to the local profile. All subsequent logons use the local profile.\n\nIf you disable this setting or do not configure it, the default behavior occurs, as indicated above.\n\nIf you enable both the \"Prevent Roaming Profile changes from propagating to the server\" setting and the \"Only allow local user profiles\" setting, roaming profiles are disabled.\n\nNote: This setting only affects roaming profile users.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "LocalProfile", "Elements": [] }, { "File": "UserProfiles.admx", "CategoryName": "UserProfiles", "PolicyName": "ProfileDlgTimeOut", "Class": "Machine", "NameSpace": "Microsoft.Policies.UserProfiles", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Establish timeout value for dialog boxes", "ExplainText": "This policy setting controls how long Windows waits for a user response before it uses a default user profile for roaming user profiles.\n\nThe default user profile is applied when the user does not respond to messages explaining that any of the following events has occurred:\n\n-- The system detects a slow connection between the user's computer and the server that stores users' roaming user profiles.\n\n-- The system cannot access users' server-based profiles when users log on or off.\n\n-- Users' local profiles are newer than their server-based profiles.\n\nIf you enable this policy setting, you can override the amount of time Windows waits for user input before using a default user profile for roaming user profiles. The default timeout value is 30 seconds. To use this policy setting, type the number of seconds Windows should wait for user input. The minumum value is 0 seconds, and the maximum is 600 seconds.\n\nIf you disable or do not configure this policy setting, Windows waits 30 seconds for user input before applying the default user profile .", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "Elements": [ { "Type": "Decimal", "ValueName": "ProfileDlgTimeOut", "MinValue": "0", "MaxValue": "600", "Required": true } ] }, { "File": "UserProfiles.admx", "CategoryName": "UserProfiles", "PolicyName": "ProfileErrorAction", "Class": "Machine", "NameSpace": "Microsoft.Policies.UserProfiles", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Do not log users on with temporary profiles", "ExplainText": "This policy setting will automatically log off a user when Windows cannot load their profile.\n\nIf Windows cannot access the user profile folder or the profile contains errors that prevent it from loading, Windows logs on the user with a temporary profile. This policy setting allows the administrator to disable this behavior, preventing Windows from loggin on the user with a temporary profile.\n\nIf you enable this policy setting, Windows will not log on a user with a temporary profile. Windows logs the user off if their profile cannot be loaded.\n\nIf you disable this policy setting or do not configure it, Windows logs on the user with a temporary profile when Windows cannot load their user profile.\n\nAlso, see the \"Delete cached copies of roaming profiles\" policy setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "ProfileErrorAction", "Elements": [] }, { "File": "UserProfiles.admx", "CategoryName": "UserProfiles", "PolicyName": "ProfileUnloadTimeout", "Class": "Machine", "NameSpace": "Microsoft.Policies.UserProfiles", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Maximum retries to unload and update user profile", "ExplainText": "This policy setting determines how many times the system tries to unload and update the registry portion of a user profile. When the number of trials specified by this policy setting is exhausted, the system stops trying. As a result, the user profile might not be current, and local and roaming user profiles might not match.\n\nWhen a user logs off of the computer, the system unloads the user-specific section of the registry (HKEY_CURRENT_USER) into a file (NTUSER.DAT) and updates it. However, if another program or service is reading or editing the registry, the system cannot unload it. The system tries repeatedly (at a rate of once per second) to unload and update the registry settings. By default, the system repeats its periodic attempts 60 times (over the course of one minute).\n\nIf you enable this policy setting, you can adjust the number of times the system tries to unload and update the user's registry settings. (You cannot adjust the retry rate.)\n\nIf you disable this policy setting or do not configure it, the system repeats its attempt 60 times.\n\nIf you set the number of retries to 0, the system tries just once to unload and update the user's registry settings. It does not try again.\n\nNote: This policy setting is particularly important to servers running Remote Desktop Services. Because Remote Desktop Services edits the users' registry settings when they log off, the system's first few attempts to unload the user settings are more likely to fail.\n\nThis policy setting does not affect the system's attempts to update the files in the user profile.\n\nTip: Consider increasing the number of retries specified in this policy setting if there are many user profiles stored in the computer's memory. This indicates that the system has not been able to unload the profile.\n\nAlso, check the Application Log in Event Viewer for events generated by Userenv. The system records an event whenever it tries to unload the registry portion of the user profile. The system also records an event when it fails to update the files in a user profile.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "Elements": [ { "Type": "Decimal", "ValueName": "ProfileUnloadTimeout", "MinValue": "0", "MaxValue": "4294967295", "Required": true } ] }, { "File": "UserProfiles.admx", "CategoryName": "UserProfiles", "PolicyName": "Readonlyuserprofile", "Class": "Machine", "NameSpace": "Microsoft.Policies.UserProfiles", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Prevent Roaming Profile changes from propagating to the server", "ExplainText": "This policy setting determines if the changes a user makes to their roaming profile are merged with the server copy of their profile.\n\nBy default, when a user with a roaming profile logs on to a computer, the roaming profile is copied down to the local computer. If the user has logged on to the computer in the past, the roaming profile is merged with the local profile. Similarly, when the user logs off the computer, the local copy of their profile, including any changes, is merged with the server copy of the profile.\n\nUsing this policy setting, you can prevent changes made to a roaming profile on a particular computer from being persisted.\n\nIf you enable this policy setting, changes a user makes to their roaming profile aren't merged with the server (roaming) copy when the user logs off.\n\nIf you disable or not configure this policy setting, the default behavior occurs, as indicated above.\n\nNote: This policy setting only affects roaming profile users.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "ReadOnlyProfile", "Elements": [] }, { "File": "UserProfiles.admx", "CategoryName": "UserProfiles", "PolicyName": "SlowLinkDefault", "Class": "Machine", "NameSpace": "Microsoft.Policies.UserProfiles", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Wait for remote user profile", "ExplainText": "This policy setting directs the system to wait for the remote copy of the roaming user profile to load, even when loading is slow. Also, the system waits for the remote copy when the user is notified about a slow connection, but does not respond in the time allowed.\n\nThis policy setting and related policy settings in this folder together define the system's response when roaming user profiles are slow to load.\n\nIf you enable this policy setting, the system waits for the remote copy of the roaming user profile to load, even when loading is slow.\n\nIf you disable this policy setting or do not configure it, when a remote profile is slow to load, the system loads the local copy of the roaming user profile. The local copy is also used when the user is consulted (as set in the \"Prompt user when slow link is detected\" policy setting), but does not respond in the time allowed (as set in the \"Timeout for dialog boxes\" policy setting).\n\nWaiting for the remote profile is appropriate when users move between computers frequently and the local copy of their profile is not always current. Using the local copy is desirable when quick logging on is a priority.\n\nImportant: If the \"Do not detect slow network connections\" policy setting is enabled, this policy setting is ignored. Also, if the \"Delete cached copies of roaming profiles\" policy setting is enabled, there is no local copy of the roaming profile to load when the system detects a slow connection.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "SlowLinkProfileDefault", "Elements": [] }, { "File": "UserProfiles.admx", "CategoryName": "UserProfiles", "PolicyName": "SlowLinkTimeOut", "Class": "Machine", "NameSpace": "Microsoft.Policies.UserProfiles", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Control slow network connection timeout for user profiles", "ExplainText": "This policy setting defines a slow connection for roaming user profiles and establishes thresholds for two tests of network speed.\n\nTo determine the network performance characteristics, a connection is made to the file share storing the user's profile and 64 kilobytes of data is transfered. From that connection and data transfer, the network's latency and connection speed are determined.\n\nThis policy setting and related policy settings in this folder together define the system's response when roaming user profiles are slow to load.\n\nIf you enable this policy setting, you can change how long Windows waits for a response from the server before considering the connection to be slow.\n\nIf you disable or do not configure this policy setting, Windows considers the network connection to be slow if the server returns less than 500 kilobits of data per second or take 120 milliseconds to respond.Consider increasing this value for clients using DHCP Service-assigned addresses or for computers accessing profiles across dial-up connections.Important: If the \"Do not detect slow network connections\" policy setting is enabled, this policy setting is ignored. Also, if the \"Delete cached copies of roaming profiles\" policy setting is enabled, there is no local copy of the roaming profile to load when the system detects a slow connection.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "Elements": [ { "Type": "Decimal", "ValueName": "UserProfileMinTransferRate", "MinValue": "0", "MaxValue": "4294967200" }, { "Type": "Decimal", "ValueName": "SlowLinkTimeOut", "MinValue": "0", "MaxValue": "20000", "Required": true } ] }, { "File": "UserProfiles.admx", "CategoryName": "UserProfiles", "PolicyName": "CleanupProfiles", "Class": "Machine", "NameSpace": "Microsoft.Policies.UserProfiles", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Delete user profiles older than a specified number of days on system restart", "ExplainText": "This policy setting allows an administrator to automatically delete user profiles on system restart that have not been used within a specified number of days. Note: One day is interpreted as 24 hours after a specific user profile was accessed.\n\nIf you enable this policy setting, the User Profile Service will automatically delete on the next system restart all user profiles on the computer that have not been used within the specified number of days.\n\nIf you disable or do not configure this policy setting, User Profile Service will not automatically delete any profiles on the next system restart.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "Elements": [ { "Type": "Decimal", "ValueName": "CleanupProfiles", "MinValue": "1", "MaxValue": "99999", "Required": true } ] }, { "File": "UserProfiles.admx", "CategoryName": "UserProfiles", "PolicyName": "CscSuspendDirectories", "Class": "User", "NameSpace": "Microsoft.Policies.UserProfiles", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Specify network directories to sync at logon/logoff time only", "ExplainText": "This policy setting allows you to specify which network directories will be synchronized only at logon and logoff via Offline Files. This policy setting is meant to be used in conjunction with Folder Redirection, to help resolve issues with applications that do not work well with Offline Files while the user is online.\n\nIf you enable this policy setting, the network paths specified in this policy setting will be synchronized only by Offline Files during user logon and logoff, and will be taken offline while the user is logged on.\n\nIf you disable or do not configure this policy setting, the paths specified in this policy setting will behave like any other cached data via Offline Files and continue to remain online while the user is logged on, if the network paths are accessible.\n\nNote: You should not use this policy setting to suspend any of the root redirected folders such as Appdata\\Roaming, Start Menu, and Documents. You should suspend only the subfolders of these parent folders.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\System" ], "Elements": [ { "Type": "Text", "ValueName": "CscSuspendDirs", "MaxLength": "4096", "Expandable": true } ] }, { "File": "UserProfiles.admx", "CategoryName": "UserProfiles", "PolicyName": "DontForceUnloadHive", "Class": "Machine", "NameSpace": "Microsoft.Policies.UserProfiles", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Do not forcefully unload the users registry at user logoff", "ExplainText": "This policy setting controls whether Windows forcefully unloads the user's registry at logoff, even if there are open handles to the per-user registry keys.\n\nNote: This policy setting should only be used for cases where you may be running into application compatibility issues due to this specific Windows behavior. It is not recommended to enable this policy by default as it may prevent users from getting an updated version of their roaming user profile.\n\nIf you enable this policy setting, Windows will not forcefully unload the users registry at logoff, but will unload the registry when all open handles to the per-user registry keys are closed.\n\nIf you disable or do not configure this policy setting, Windows will always unload the users registry at logoff, even if there are any open handles to the per-user registry keys at user logoff.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "DisableForceUnload", "Elements": [] }, { "File": "UserProfiles.admx", "CategoryName": "UserProfiles", "PolicyName": "WaitForNetwork", "Class": "Machine", "NameSpace": "Microsoft.Policies.UserProfiles", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Set maximum wait time for the network if a user has a roaming user profile or remote home directory", "ExplainText": "This policy setting controls how long Windows waits for a response from the network before logging on a user without a remote home directory and withou synchronizing roaming user profiles. This policy setting is useful for the cases in which a network might take typically longer to initialize, such as with a wireless network.\n\nNote: Windows doesn't wait for the network if the physical network connection is not available on the computer (if the media is disconnected or the network adapter is not available).\n\nIf you enable this policy setting, Windows waits for the network to become available up to the maximum wait time specified in this policy setting. Setting the value to zero causes Windows to proceed without waiting for the network.\n\nIf you disable or do not configure this policy setting, Windows waits for the network for a maximum of 30 seconds.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "Elements": [ { "Type": "Decimal", "ValueName": "WaitForNetwork", "MinValue": "0", "MaxValue": "300", "Required": true } ] }, { "File": "UserProfiles.admx", "CategoryName": "UserProfiles", "PolicyName": "MachineProfilePath", "Class": "Machine", "NameSpace": "Microsoft.Policies.UserProfiles", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Set roaming profile path for all users logging onto this computer", "ExplainText": "This policy setting specifies whether Windows should use the specified network path as the roaming user profile path for all users logging onto this computer.\n\nTo use this policy setting, type the path to the network share in the form \\\\Computername\\Sharename\\. It is recommended to use a path such as \\\\Computername\\Sharename\\%USERNAME% to give each user an individual profile folder. If not specified, all users logging onto this computer will use the same roaming profile folder as specified by this policy. You need to ensure that you have set the appropriate security on the folder to allow all users to access the profile.\n\nIf you enable this policy setting, all users logging on this computer will use the roaming profile path specified in this policy.\n\nIf you disable or do not configure this policy setting, users logging on this computer will use their local profile or standard roaming user profile.\n\nNote: There are four ways to configure a roaming profile for a user. Windows reads profile configuration in the following order and uses the first configured policy setting it reads.\n\n1. Terminal Services roaming profile path specified by Terminal Services policy\n2. Terminal Services roaming profile path specified by the user object\n3. A per-computer roaming profile path specified in this policy\n4. A per-user roaming profile path specified in the user object", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "Elements": [ { "Type": "Text", "ValueName": "MachineProfilePath", "MaxLength": "260", "Expandable": true } ] }, { "File": "UserProfiles.admx", "CategoryName": "UserProfiles", "PolicyName": "UploadHive", "Class": "Machine", "NameSpace": "Microsoft.Policies.UserProfiles", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Set the schedule for background upload of a roaming user profile's registry file while user is logged on", "ExplainText": "This policy setting sets the schedule for background uploading of a roaming user profile's registry file (ntuser.dat). This policy setting controls only the uploading of a roaming user profile's registry file (other user data and regular profiles are not be uploaded) and uploads it only if the user is logged on. This policy setting does not stop the roaming user profile's registry file from being uploaded at user logoff.\n\nIf \"Run at set interval\" is chosen, then an interval must be set, with a value of 1-720 hours. Once set, Windows uploads the profile's registry file at the specified interval after the user logs on. For example, with a value of 6 hours, the registry file of the roaming user profile is uploaded to the server every six hours while the user is logged on.\n\nIf \"Run at specified time of day\" is chosen, then a time of day must be specified. Once set, Windows uploads the registry file at the same time every day, as long as the user is logged on.\n\nFor both scheduling options, there is a random one hour delay attached per-trigger to avoid overloading the server with simultaneous uploads. For example, if the settings dictate that the user's registry file is to be uploaded at 6pm, it will actually upload at a random time between 6pm and 7pm.\n\nNote: If \"Run at set interval\" is selected, the \"Time of day\" option is disregarded. Likewise, if \"Run at set time of day\" is chosen, the \"Interval (hours)\" option is disregarded.\n\nIf you enable this policy setting, Windows uploads the registry file of the user's roaming user profile in the background according to the schedule set here while the user is logged on. Regular profiles are not affected.\n\nIf this setting is disabled or not configured, the registry file for a roaming user profile will not be uploaded in the background while the user is logged on.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "Elements": [ { "Type": "Enum", "ValueName": "UploadHiveMethod", "Items": [ { "DisplayName": "Run at set interval", "Data": "1" }, { "DisplayName": "Run at specified time of day", "Data": "2" } ] }, { "Type": "Decimal", "ValueName": "UploadHiveInterval", "MinValue": "1", "MaxValue": "720", "Required": true }, { "Type": "Enum", "ValueName": "UploadHiveTime", "Items": [ { "DisplayName": "00:00", "Data": "0" }, { "DisplayName": "01:00", "Data": "1" }, { "DisplayName": "02:00", "Data": "2" }, { "DisplayName": "03:00", "Data": "3" }, { "DisplayName": "04:00", "Data": "4" }, { "DisplayName": "05:00", "Data": "5" }, { "DisplayName": "06:00", "Data": "6" }, { "DisplayName": "07:00", "Data": "7" }, { "DisplayName": "08:00", "Data": "8" }, { "DisplayName": "09:00", "Data": "9" }, { "DisplayName": "10:00", "Data": "10" }, { "DisplayName": "11:00", "Data": "11" }, { "DisplayName": "12:00", "Data": "12" }, { "DisplayName": "13:00", "Data": "13" }, { "DisplayName": "14:00", "Data": "14" }, { "DisplayName": "15:00", "Data": "15" }, { "DisplayName": "16:00", "Data": "16" }, { "DisplayName": "17:00", "Data": "17" }, { "DisplayName": "18:00", "Data": "18" }, { "DisplayName": "19:00", "Data": "19" }, { "DisplayName": "20:00", "Data": "20" }, { "DisplayName": "21:00", "Data": "21" }, { "DisplayName": "22:00", "Data": "22" }, { "DisplayName": "23:00", "Data": "23" } ], "Required": true } ] }, { "File": "UserProfiles.admx", "CategoryName": "UserProfiles", "PolicyName": "UserInfoAccessAction", "Class": "Machine", "NameSpace": "Microsoft.Policies.UserProfiles", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "User management of sharing user name, account picture, and domain information with apps (not desktop apps)", "ExplainText": "This setting prevents users from managing the ability to allow apps to access the user name, account picture, and domain information.\n\nIf you enable this policy setting, sharing of user name, picture and domain information may be controlled by setting one of the following options:\n\n\"Always on\" - users will not be able to change this setting and the user's name and account picture will be shared with apps (not desktop apps). In addition apps (not desktop apps) that have the enterprise authentication capability will also be able to retrieve the user's UPN, SIP/URI, and DNS.\n\n\"Always off\" - users will not be able to change this setting and the user's name and account picture will not be shared with apps (not desktop apps). In addition apps (not desktop apps) that have the enterprise authentication capability will not be able to retrieve the user's UPN, SIP/URI, and DNS. Selecting this option may have a negative impact on certain enterprise software and/or line of business apps that depend on the domain information protected by this setting to connect with network resources.\n\nIf you do not configure or disable this policy the user will have full control over this setting and can turn it off and on. Selecting this option may have a negative impact on certain enterprise software and/or line of business apps that depend on the domain information protected by this setting to connect with network resources if users choose to turn the setting off.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "Elements": [ { "Type": "Enum", "ValueName": "AllowUserInfoAccess", "Items": [ { "DisplayName": "Always on", "Data": "1" }, { "DisplayName": "Always off", "Data": "2" } ], "Required": true } ] }, { "File": "UserProfiles.admx", "CategoryName": "UserProfiles", "PolicyName": "DisableAdvertisingId", "Class": "Machine", "NameSpace": "Microsoft.Policies.UserProfiles", "Supported": "Windows_6_3 - At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1", "DisplayName": "Turn off the advertising ID", "ExplainText": "This policy setting turns off the advertising ID, preventing apps from using the ID for experiences across apps.\n\nIf you enable this policy setting, the advertising ID is turned off. Apps can't use the ID for experiences across apps.\n\nIf you disable or do not configure this policy setting, users can control whether apps can use the advertising ID for experiences across apps.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\AdvertisingInfo" ], "ValueName": "DisabledByGroupPolicy", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "UserProfiles.admx", "CategoryName": "UserProfiles", "PolicyName": "PrimaryComputer_RUP", "Class": "Machine", "NameSpace": "Microsoft.Policies.UserProfiles", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Download roaming profiles on primary computers only", "ExplainText": "This policy setting controls on a per-computer basis whether roaming profiles are downloaded on a user's primary computers only. This policy setting is useful to improve logon performance and to increase security for user data on computers where the user might not want to download private data, such as on a meeting room computer or on a computer in a remote office.\n\nTo designate a user's primary computers, an administrator must use management software or a script to add primary computer attributes to the user's account in Active Directory Domain Services (AD DS). This policy setting also requires the Windows Server 2012 version of the Active Directory schema to function.\n\nIf you enable this policy setting and the user has a roaming profile, the roaming profile is downloaded on the user's primary computer only.\n\nIf you disable or do not configure this policy setting and the user has a roaming profile, the roaming profile is downloaded on every computer that the user logs on to.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "PrimaryComputerEnabledRUP", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "UserProfiles.admx", "CategoryName": "UserProfiles", "PolicyName": "USER_HOME", "Class": "Machine", "NameSpace": "Microsoft.Policies.UserProfiles", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Set user home folder", "ExplainText": "This policy setting allows you to specify the location and root (file share or local path) of a user's home folder for a logon session.\n\nIf you enable this policy setting, the user's home folder is configured to the specified local or network location, creating a new folder for each user name.\n\nTo use this policy setting, in the Location list, choose the location for the home folder. If you choose \"On the network,\" enter the path to a file share in the Path box (for example, \\\\ComputerName\\ShareName), and then choose the drive letter to assign to the file share. If you choose \"On the local computer,\" enter a local path (for example, C:\\HomeFolder) in the Path box.\n\nDo not specify environment variables or ellipses in the path. Also, do not specify a placeholder for the user name because the user name will be appended at logon.\n\nNote: The Drive letter box is ignored if you choose \"On the local computer\" from the Location list. If you choose \"On the local computer\" and enter a file share, the user's home folder will be placed in the network location without mapping the file share to a drive letter.\n\nIf you disable or do not configure this policy setting, the user's home folder is configured as specified in the user's Active Directory Domain Services account.\n\nIf the \"Set Remote Desktop Services User Home Directory\" policy setting is enabled, the \"Set user home folder\" policy setting has no effect.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "Elements": [ { "Type": "Enum", "ValueName": "HomeDirLocation", "Items": [ { "DisplayName": "On the network", "Data": "1" }, { "DisplayName": "On the local computer", "Data": "0" } ] }, { "Type": "Text", "ValueName": "HomeDir", "Required": true }, { "Type": "Enum", "ValueName": "HomeDirDrive", "Items": [ { "DisplayName": "G:", "Data": "G:" }, { "DisplayName": "H:", "Data": "H:" }, { "DisplayName": "I:", "Data": "I:" }, { "DisplayName": "J:", "Data": "J:" }, { "DisplayName": "K:", "Data": "K:" }, { "DisplayName": "L:", "Data": "L:" }, { "DisplayName": "M:", "Data": "M:" }, { "DisplayName": "N:", "Data": "N:" }, { "DisplayName": "O:", "Data": "O:" }, { "DisplayName": "P:", "Data": "P:" }, { "DisplayName": "Q:", "Data": "Q:" }, { "DisplayName": "R:", "Data": "R:" }, { "DisplayName": "S:", "Data": "S:" }, { "DisplayName": "T:", "Data": "T:" }, { "DisplayName": "U:", "Data": "U:" }, { "DisplayName": "V:", "Data": "V:" }, { "DisplayName": "W:", "Data": "W:" }, { "DisplayName": "X:", "Data": "X:" }, { "DisplayName": "Y:", "Data": "Y:" }, { "DisplayName": "Z:", "Data": "Z:" } ] } ] }, { "File": "VolumeEncryption.admx", "CategoryName": "FVECategory", "PolicyName": "ActiveDirectoryBackup_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.VolumeEncryption", "Supported": "WindowsVistaOrServer2008Only - Windows Server 2008 and Windows Vista", "DisplayName": "Store BitLocker recovery information in Active Directory Domain Services (Windows Server 2008 and Windows Vista)", "ExplainText": "This policy setting allows you to manage the Active Directory Domain Services (AD DS) backup of BitLocker Drive Encryption recovery information. This provides an administrative method of recovering data encrypted by BitLocker to prevent data loss due to lack of key information. This policy setting is only applicable to computers running Windows Server 2008 or Windows Vista.\n\nIf you enable this policy setting, BitLocker recovery information is automatically and silently backed up to AD DS when BitLocker is turned on for a computer. This policy setting is applied when you turn on BitLocker.\n\nNote: You might need to set up appropriate schema extensions and access control settings on the domain before AD DS backup can succeed. More information about setting up AD DS backup for BitLocker is available on Microsoft TechNet.\n\nBitLocker recovery information includes the recovery password and some unique identifier data. You can also include a package that contains a BitLocker-protected drive's encryption key. This key package is secured by one or more recovery passwords and may help perform specialized recovery when the disk is damaged or corrupted.\n\nIf you select the option to \"Require BitLocker backup to AD DS\" BitLocker cannot be turned on unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds. This option is selected by default to help ensure that BitLocker recovery is possible. If this option is not selected, AD DS backup is attempted but network or other backup failures do not prevent BitLocker setup. Backup is not automatically retried and the recovery password may not have been stored in AD DS during BitLocker setup.\n\nIf you disable or do not configure this policy setting, BitLocker recovery information is not backed up to AD DS.\n\nNote: Trusted Platform Module (TPM) initialization might occur during BitLocker setup. Enable the \"Turn on TPM backup to Active Directory Domain Services\" policy setting in System\\Trusted Platform Module Services to ensure that TPM information is also backed up.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\FVE" ], "ValueName": "ActiveDirectoryBackup", "Elements": [ { "Type": "Boolean", "ValueName": "RequireActiveDirectoryBackup", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Enum", "ValueName": "ActiveDirectoryInfoToStore", "Items": [ { "DisplayName": "Recovery passwords and key packages", "Data": "1" }, { "DisplayName": "Recovery passwords only", "Data": "2" } ], "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "VolumeEncryption.admx", "CategoryName": "FVECategory", "PolicyName": "ConfigureRecoveryUsage_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.VolumeEncryption", "Supported": "WindowsVistaOrServer2008Only - Windows Server 2008 and Windows Vista", "DisplayName": "Choose how users can recover BitLocker-protected drives (Windows Server 2008 and Windows Vista)", "ExplainText": "This policy setting allows you to control whether the BitLocker Drive Encryption setup wizard can display and specify BitLocker recovery options. This policy is only applicable to computers running Windows Server 2008 or Windows Vista. This policy setting is applied when you turn on BitLocker.\n\nTwo recovery options can be used to unlock BitLocker-encrypted data in the absence of the required startup key information. The user either can type a 48-digit numerical recovery password or insert a USB flash drive containing a 256-bit recovery key.\n\nIf you enable this policy setting, you can configure the options that the setup wizard displays to users for recovering BitLocker encrypted data. Saving to a USB flash drive will store the 48-digit recovery password as a text file and the 256-bit recovery key as a hidden file. Saving to a folder will store the 48-digit recovery password as a text file. Printing will send the 48-digit recovery password to the default printer. For example, not allowing the 48-digit recovery password will prevent users from being able to print or save recovery information to a folder.\n\nIf you disable or do not configure this policy setting, the BitLocker setup wizard will present users with ways to store recovery options.\n\nNote: If Trusted Platform Module (TPM) initialization is needed during the BitLocker setup, TPM owner information will be saved or printed with the BitLocker recovery information.\n\nNote: The 48-digit recovery password will not be available in FIPS-compliance mode.\n\nImportant: This policy setting provides an administrative method of recovering data encrypted by BitLocker to prevent data loss due to lack of key information. If you do not allow both user recovery options you must enable the \"Store BitLocker recovery information in Active Directory Domain Services (Windows Server 2008 and Windows Vista)\" policy setting to prevent a policy error.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\FVE" ], "Elements": [ { "Type": "Enum", "ValueName": "UseRecoveryPassword", "Items": [ { "DisplayName": "Require recovery password (default)", "Data": "1" }, { "DisplayName": "Do not allow recovery password", "Data": "0" } ], "Required": true }, { "Type": "Enum", "ValueName": "UseRecoveryDrive", "Items": [ { "DisplayName": "Require recovery key (default)", "Data": "1" }, { "DisplayName": "Do not allow recovery key", "Data": "0" } ], "Required": true } ] }, { "File": "VolumeEncryption.admx", "CategoryName": "FVECategory", "PolicyName": "ConfigureRecoveryFolder_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.VolumeEncryption", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Choose default folder for recovery password", "ExplainText": "This policy setting allows you to specify the default path that is displayed when the BitLocker Drive Encryption setup wizard prompts the user to enter the location of a folder in which to save the recovery password. This policy setting is applied when you turn on BitLocker.\n\nIf you enable this policy setting, you can specify the path that will be used as the default folder location when the user chooses the option to save the recovery password in a folder. You can specify either a fully qualified path or include the target computer's environment variables in the path. If the path is not valid, the BitLocker setup wizard will display the computer's top-level folder view.\n\nIf you disable or do not configure this policy setting, the BitLocker setup wizard will display the computer's top-level folder view when the user chooses the option to save the recovery password in a folder.\n\nNote: This policy setting does not prevent the user from saving the recovery password in another folder.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\FVE" ], "Elements": [ { "Type": "Text", "ValueName": "DefaultRecoveryFolderPath", "Required": false, "Expandable": true } ] }, { "File": "VolumeEncryption.admx", "CategoryName": "FVECategory", "PolicyName": "EncryptionMethod_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.VolumeEncryption", "Supported": "Windows7ToVista - Windows Server 2008, Windows 7, and Windows Vista", "DisplayName": "Choose drive encryption method and cipher strength (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2)", "ExplainText": "This policy setting allows you to configure the algorithm and cipher strength used by BitLocker Drive Encryption. This policy setting is applied when you turn on BitLocker. Changing the encryption method has no effect if the drive is already encrypted or if encryption is in progress. Consult the BitLocker Drive Encryption Deployment Guide on Microsoft TechNet for more information about the encryption methods available. This policy is only applicable to computers running Windows Server 2008, Windows Vista, Windows Server 2008 R2, or Windows 7.\n\nIf you enable this policy setting you will be able to choose an encryption algorithm and key cipher strength for BitLocker to use to encrypt drives.\n\nIf you disable or do not configure this policy setting, BitLocker will use the default encryption method of AES 128-bit with Diffuser or the encryption method specified by the setup script.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\FVE" ], "Elements": [ { "Type": "Enum", "ValueName": "EncryptionMethod", "Items": [ { "DisplayName": "AES 128-bit with Diffuser", "Data": "1" }, { "DisplayName": "AES 256-bit with Diffuser", "Data": "2" }, { "DisplayName": "AES 128-bit (default)", "Data": "3" }, { "DisplayName": "AES 256-bit", "Data": "4" } ], "Required": true } ] }, { "File": "VolumeEncryption.admx", "CategoryName": "FVECategory", "PolicyName": "EncryptionMethodNoDiffuser_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.VolumeEncryption", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Choose drive encryption method and cipher strength (Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10 [Version 1507])", "ExplainText": "This policy setting allows you to configure the algorithm and cipher strength used by BitLocker Drive Encryption. This policy setting is applied when you turn on BitLocker. Changing the encryption method has no effect if the drive is already encrypted or if encryption is in progress. Consult the BitLocker Drive Encryption Deployment Guide on Microsoft TechNet for more information about the encryption methods available. This policy is only applicable to computers running Windows 8 and later.\n\nIf you enable this policy setting you will be able to choose an encryption algorithm and key cipher strength for BitLocker to use to encrypt drives.\n\nIf you disable or do not configure this policy setting, BitLocker will use AES with the same bit strength (128-bit or 256-bit) as the \"Choose drive encryption method and cipher strength (Windows Vista, Windows Server 2008, Windows 7)\" policy setting, if it is set. If neither policy is set, BitLocker will use the default encryption method of AES 128-bit or the encryption method specified by the setup script.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\FVE" ], "Elements": [ { "Type": "Enum", "ValueName": "EncryptionMethodNoDiffuser", "Items": [ { "DisplayName": "AES 128-bit (default)", "Data": "3" }, { "DisplayName": "AES 256-bit", "Data": "4" } ], "Required": true } ] }, { "File": "VolumeEncryption.admx", "CategoryName": "FVECategory", "PolicyName": "EncryptionMethodWithXts_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.VolumeEncryption", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)", "ExplainText": "This policy setting allows you to configure the algorithm and cipher strength used by BitLocker Drive Encryption. This policy setting is applied when you turn on BitLocker. Changing the encryption method has no effect if the drive is already encrypted, or if encryption is in progress.\n\nIf you enable this policy setting you will be able to configure an encryption algorithm and key cipher strength for fixed data drives, operating system drives, and removable data drives individually. For fixed and operating system drives, we recommend that you use the XTS-AES algorithm. For removable drives, you should use AES-CBC 128-bit or AES-CBC 256-bit if the drive will be used in other devices that are not running Windows 10 (Version 1511).\n\nIf you disable or do not configure this policy setting, BitLocker will use AES with the same bit strength (128-bit or 256-bit) as the \"Choose drive encryption method and cipher strength (Windows Vista, Windows Server 2008, Windows 7)\" and \"Choose drive encryption method and cipher strength\" policy settings (in that order), if they are set. If none of the policies are set, BitLocker will use the default encryption method of XTS-AES 128-bit or the encryption method specified by the setup script.\"", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\FVE" ], "Elements": [ { "Type": "Enum", "ValueName": "EncryptionMethodWithXtsOs", "Items": [ { "DisplayName": "AES-CBC 128-bit", "Data": "3" }, { "DisplayName": "AES-CBC 256-bit", "Data": "4" }, { "DisplayName": "XTS-AES 128-bit (default)", "Data": "6" }, { "DisplayName": "XTS-AES 256-bit", "Data": "7" } ], "Required": true }, { "Type": "Enum", "ValueName": "EncryptionMethodWithXtsFdv", "Items": [ { "DisplayName": "AES-CBC 128-bit", "Data": "3" }, { "DisplayName": "AES-CBC 256-bit", "Data": "4" }, { "DisplayName": "XTS-AES 128-bit (default)", "Data": "6" }, { "DisplayName": "XTS-AES 256-bit", "Data": "7" } ], "Required": true }, { "Type": "Enum", "ValueName": "EncryptionMethodWithXtsRdv", "Items": [ { "DisplayName": "AES-CBC 128-bit (default)", "Data": "3" }, { "DisplayName": "AES-CBC 256-bit", "Data": "4" }, { "DisplayName": "XTS-AES 128-bit", "Data": "6" }, { "DisplayName": "XTS-AES 256-bit", "Data": "7" } ], "Required": true } ] }, { "File": "VolumeEncryption.admx", "CategoryName": "FVECategory", "PolicyName": "MorBehavior_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.VolumeEncryption", "Supported": "Windows_6_3ToVista - Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows 8, Windows Server 2008, Windows 7, and Windows Vista", "DisplayName": "Prevent memory overwrite on restart", "ExplainText": "This policy setting controls computer restart performance at the risk of exposing BitLocker secrets. This policy setting is applied when you turn on BitLocker. BitLocker secrets include key material used to encrypt data. This policy setting applies only when BitLocker protection is enabled.\n\nIf you enable this policy setting, memory will not be overwritten when the computer restarts. Preventing memory overwrite may improve restart performance but will increase the risk of exposing BitLocker secrets.\n\nIf you disable or do not configure this policy setting, BitLocker secrets are removed from memory when the computer restarts.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\FVE" ], "ValueName": "MorBehavior", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "VolumeEncryption.admx", "CategoryName": "FVECategory", "PolicyName": "DisableExternalDMAUnderLock_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.VolumeEncryption", "Supported": "Windows_10_0_RS2 - At least Windows Server 2016, Windows 10 Version 1703", "DisplayName": "Disable new DMA devices when this computer is locked", "ExplainText": "This policy setting allows you to\u00a0block direct memory access (DMA) for all Thunderbolt hot pluggable PCI downstream ports until a user logs into Windows. Once a user logs in, Windows will\u00a0enumerate the PCI devices connected to the host Thunderbolt PCI ports. Every time the user locks the machine, DMA will be blocked on hot plug Thunderbolt PCI ports with no children devices, until the user logs in again. Devices which were already enumerated when the machine was unlocked will continue to function until unplugged or the system is rebooted or hibernated. This policy setting is only enforced when BitLocker or device encryption is enabled.\n\nNote: Some PCs may not be compatible with this policy if the system firmware enables DMA for newly attached Thunderbolt devices before exposing the new devices to Windows.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\FVE" ], "ValueName": "DisableExternalDMAUnderLock", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "VolumeEncryption.admx", "CategoryName": "FVEOSCategory", "PolicyName": "PrebootRecoveryInfo_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.VolumeEncryption", "Supported": "Windows_10_0_NOARM - At least Windows Server 2016 or Windows 10", "DisplayName": "Configure pre-boot recovery message and URL", "ExplainText": "This policy setting lets you configure the entire recovery message or replace the existing URL that are displayed on the pre-boot key recovery screen when the OS drive is locked.\n\nIf you select the \"Use default recovery message and URL\" option, the default BitLocker recovery message and URL will be displayed in the pre-boot key recovery screen. If you have previously configured a custom recovery message or URL and want to revert to the default message, you must keep the policy enabled and select the \"Use default recovery message and URL\" option.\n\nIf you select the \"Use custom recovery message\" option, the message you type in the \"Custom recovery message option\" text box will be displayed in the pre-boot key recovery screen. If a recovery URL is available, include it in the message.\n\nIf you select the \"Use custom recovery URL\" option, the URL you type in the \"Custom recovery URL option\" text box will replace the default URL in the default recovery message, which will be displayed in the pre-boot key recovery screen.\n\nNote: Not all characters and languages are supported in pre-boot. It is strongly recommended that you test that the characters you use for the custom message or URL appear correctly on the pre-boot recovery screen.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\FVE" ], "Elements": [ { "Type": "Enum", "ValueName": "RecoveryKeyMessageSource", "Items": [ { "DisplayName": "PrebootRecoveryInfoEmpty", "Data": "0" }, { "DisplayName": "Use default recovery message and URL", "Data": "1" }, { "DisplayName": "Use custom recovery message", "Data": "2" }, { "DisplayName": "Use custom recovery URL", "Data": "3" } ], "Required": true }, { "Type": "Text", "ValueName": "RecoveryKeyMessage", "Required": false, "MaxLength": "900" }, { "Type": "Text", "ValueName": "RecoveryKeyUrl", "Required": false, "MaxLength": "500" } ] }, { "File": "VolumeEncryption.admx", "CategoryName": "FVEOSCategory", "PolicyName": "EnhancedPIN_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.VolumeEncryption", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Allow enhanced PINs for startup", "ExplainText": "This policy setting allows you to configure whether or not enhanced startup PINs are used with BitLocker.\n\nEnhanced startup PINs permit the use of characters including uppercase and lowercase letters, symbols, numbers, and spaces. This policy setting is applied when you turn on BitLocker.\n\nIf you enable this policy setting, all new BitLocker startup PINs set will be enhanced PINs.\n\nNote: Not all computers may support enhanced PINs in the pre-boot environment. It is strongly recommended that users perform a system check during BitLocker setup.\n\nIf you disable or do not configure this policy setting, enhanced PINs will not be used.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\FVE" ], "ValueName": "UseEnhancedPin", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "VolumeEncryption.admx", "CategoryName": "FVEOSCategory", "PolicyName": "OSPassphrase_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.VolumeEncryption", "Supported": "Windows8NoARM - At least Windows Server 2012 or Windows 8", "DisplayName": "Configure use of passwords for operating system drives", "ExplainText": "This policy setting specifies the constraints for passwords used to unlock BitLocker-protected operating system drives. If non-TPM protectors are allowed on operating system drives, you can provision a password, enforce complexity requirements on the password, and configure a minimum length for the password. For the complexity requirement setting to be effective the Group Policy setting \"Password must meet complexity requirements\" located in Computer Configuration\\Windows Settings\\Security Settings\\Account Policies\\Password Policy\\ must be also enabled.\n\nNote: These settings are enforced when turning on BitLocker, not when unlocking a volume. BitLocker will allow unlocking a drive with any of the protectors available on the drive.\n\nIf you enable this policy setting, users can configure a password that meets the requirements you define. To enforce complexity requirements on the password, select \"Require complexity\".\n\nWhen set to \"Require complexity\" a connection to a domain controller is necessary when BitLocker is enabled to validate the complexity the password. When set to \"Allow complexity\" a connection to a domain controller will be attempted to validate the complexity adheres to the rules set by the policy, but if no domain controllers are found the password will still be accepted regardless of actual password complexity and the drive will be encrypted using that password as a protector. When set to \"Do not allow complexity\", no password complexity validation will be done.\n\nPasswords must be at least 8 characters. To configure a greater minimum length for the password, enter the desired number of characters in the \"Minimum password length\" box.\n\nIf you disable or do not configure this policy setting, the default length constraint of 8 characters will apply to operating system drive passwords and no complexity checks will occur.\n\nNote: Passwords cannot be used if FIPS-compliance is enabled. The \"System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing\" policy setting in Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Security Options specifies whether FIPS-compliance is enabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\FVE" ], "ValueName": "OSPassphrase", "Elements": [ { "Type": "Enum", "ValueName": "OSPassphraseComplexity", "Items": [ { "DisplayName": "Allow password complexity", "Data": "2" }, { "DisplayName": "Do not allow password complexity", "Data": "0" }, { "DisplayName": "Require password complexity", "Data": "1" } ] }, { "Type": "Decimal", "ValueName": "OSPassphraseLength", "MinValue": "8", "MaxValue": "255", "Required": true }, { "Type": "Boolean", "ValueName": "OSPassphraseASCIIOnly", "TrueValue": "1", "FalseValue": "0", "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "VolumeEncryption.admx", "CategoryName": "FVEOSCategory", "PolicyName": "TPMAutoReseal_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.VolumeEncryption", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Reset platform validation data after BitLocker recovery", "ExplainText": "This policy setting allows you to control whether or not platform validation data is refreshed when Windows is started following BitLocker recovery.\n\nIf you enable this policy setting, platform validation data will be refreshed when Windows is started following BitLocker recovery.\n\nIf you disable this policy setting, platform validation data will not be refreshed when Windows is started following BitLocker recovery.\n\nIf you do not configure this policy setting, platform validation data will be refreshed when Windows is started following BitLocker recovery.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\FVE" ], "ValueName": "TPMAutoReseal", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "VolumeEncryption.admx", "CategoryName": "FVEOSCategory", "PolicyName": "DisallowStandardUsersCanChangePIN_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.VolumeEncryption", "Supported": "Windows8NoARM - At least Windows Server 2012 or Windows 8", "DisplayName": "Disallow standard users from changing the PIN or password", "ExplainText": "This policy setting allows you to configure whether or not standard users are allowed to change BitLocker volume PINs, provided they are able to provide the existing PIN first.\n\nThis policy setting is applied when you turn on BitLocker.\n\nIf you enable this policy setting, standard users will not be allowed to change BitLocker PINs or passwords.\n\nIf you disable or do not configure this policy setting, standard users will be permitted to change BitLocker PINs and passwords.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\FVE" ], "ValueName": "DisallowStandardUserPINReset", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "VolumeEncryption.admx", "CategoryName": "FVECategory", "PolicyName": "IdentificationField_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.VolumeEncryption", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Provide the unique identifiers for your organization", "ExplainText": "This policy setting allows you to associate unique organizational identifiers to a new drive that is enabled with BitLocker. These identifiers are stored as the identification field and allowed identification field. The identification field allows you to associate a unique organizational identifier to BitLocker-protected drives. This identifier is automatically added to new BitLocker-protected drives and can be updated on existing BitLocker-protected drives using the manage-bde command-line tool. An identification field is required for management of certificate-based data recovery agents on BitLocker-protected drives and for potential updates to the BitLocker To Go Reader. BitLocker will only manage and update data recovery agents when the identification field on the drive matches the value configured in the identification field. In a similar manner, BitLocker will only update the BitLocker To Go Reader when the identification field on the drive matches the value configured for the identification field.\n\nThe allowed identification field is used in combination with the \"Deny write access to removable drives not protected by BitLocker\" policy setting to help control the use of removable drives in your organization. It is a comma separated list of identification fields from your organization or other external organizations.\n\nYou can configure the identification fields on existing drives by using manage-bde.exe.\n\nIf you enable this policy setting, you can configure the identification field on the BitLocker-protected drive and any allowed identification field used by your organization.\n\nWhen a BitLocker-protected drive is mounted on another BitLocker-enabled computer the identification field and allowed identification field will be used to determine whether the drive is from an outside organization.\n\nIf you disable or do not configure this policy setting, the identification field is not required.\n\nNote: Identification fields are required for management of certificate-based data recovery agents on BitLocker-protected drives. BitLocker will only manage and update certificate-based data recovery agents when the identification field is present on a drive and is identical to the value configured on the computer. The identification field can be any value of 260 characters or fewer.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\FVE" ], "ValueName": "IdentificationField", "Elements": [ { "Type": "Text", "ValueName": "IdentificationFieldString", "MaxLength": "260" }, { "Type": "Text", "ValueName": "SecondaryIdentificationField", "MaxLength": "260" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "VolumeEncryption.admx", "CategoryName": "FVECategory", "PolicyName": "UserCertificateOID_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.VolumeEncryption", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Validate smart card certificate usage rule compliance", "ExplainText": "This policy setting allows you to associate an object identifier from a smart card certificate to a BitLocker-protected drive. This policy setting is applied when you turn on BitLocker.\n\nThe object identifier is specified in the enhanced key usage (EKU) of a certificate. BitLocker can identify which certificates may be used to authenticate a user certificate to a BitLocker-protected drive by matching the object identifier in the certificate with the object identifier that is defined by this policy setting.\n\nDefault object identifier is 1.3.6.1.4.1.311.67.1.1\n\nNote: BitLocker does not require that a certificate have an EKU attribute, but if one is configured for the certificate it must be set to an object identifier (OID) that matches the OID configured for BitLocker.\n\nIf you enable this policy setting, the object identifier specified in the \"Object identifier\" box must match the object identifier in the smart card certificate.\n\nIf you disable or do not configure this policy setting, a default object identifier is used.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\FVE" ], "Elements": [ { "Type": "Text", "ValueName": "CertificateOID", "Required": true } ] }, { "File": "VolumeEncryption.admx", "CategoryName": "FVEOSCategory", "PolicyName": "UseEnhancedBcdProfile_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.VolumeEncryption", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Use enhanced Boot Configuration Data validation profile", "ExplainText": "This policy setting allows you to choose specific Boot Configuration Data (BCD) settings to verify during platform validation.\n\nIf you enable this policy setting, you will be able to add additional settings, remove the default settings, or both.\n\nIf you disable this policy setting, the computer will revert to a BCD profile similar to the default BCD profile used by Windows 7.\n\nIf you do not configure this policy setting, the computer will verify the default Windows BCD settings.\n\nNote: When BitLocker is using Secure Boot for platform and Boot Configuration Data (BCD) integrity validation, as defined by the \"Allow Secure Boot for integrity validation\" group policy, the \"Use enhanced Boot Configuration Data validation profile\" group policy is ignored.\n\nThe setting that controls boot debugging (0x16000010) will always be validated and will have no effect if it is included in the provided fields.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\FVE" ], "ValueName": "OSUseEnhancedBcdProfile", "Elements": [ { "Type": "MultiText", "ValueName": "OSBcdAdditionalSecurityCriticalSettings", "MaxLength": "50" }, { "Type": "MultiText", "ValueName": "OSBcdAdditionalExcludedSettings", "MaxLength": "50" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "VolumeEncryption.admx", "CategoryName": "FVEOSCategory", "PolicyName": "OSRecoveryUsage_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.VolumeEncryption", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Choose how BitLocker-protected operating system drives can be recovered", "ExplainText": "This policy setting allows you to control how BitLocker-protected operating system drives are recovered in the absence of the required startup key information. This policy setting is applied when you turn on BitLocker.\n\nThe \"Allow certificate-based data recovery agent\" check box is used to specify whether a data recovery agent can be used with BitLocker-protected operating system drives. Before a data recovery agent can be used it must be added from the Public Key Policies item in either the Group Policy Management Console or the Local Group Policy Editor. Consult the BitLocker Drive Encryption Deployment Guide on Microsoft TechNet for more information about adding data recovery agents.\n\nIn \"Configure user storage of BitLocker recovery information\" select whether users are allowed, required, or not allowed to generate a 48-digit recovery password or a 256-bit recovery key.\n\nSelect \"Omit recovery options from the BitLocker setup wizard\" to prevent users from specifying recovery options when they turn on BitLocker on a drive. This means that you will not be able to specify which recovery option to use when you turn on BitLocker, instead BitLocker recovery options for the drive are determined by the policy setting.\n\nIn \"Save BitLocker recovery information to Active Directory Domain Services\", choose which BitLocker recovery information to store in AD DS for operating system drives. If you select \"Backup recovery password and key package\", both the BitLocker recovery password and key package are stored in AD DS. Storing the key package supports recovering data from a drive that has been physically corrupted. If you select \"Backup recovery password only,\" only the recovery password is stored in AD DS.\n\nSelect the \"Do not enable BitLocker until recovery information is stored in AD DS for operating system drives\" check box if you want to prevent users from enabling BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds.\n\nNote: If the \"Do not enable BitLocker until recovery information is stored in AD DS for operating system drives\" check box is selected, a recovery password is automatically generated.\n\nIf you enable this policy setting, you can control the methods available to users to recover data from BitLocker-protected operating system drives.\n\nIf this policy setting is disabled or not configured, the default recovery options are supported for BitLocker recovery. By default a DRA is allowed, the recovery options can be specified by the user including the recovery password and recovery key, and recovery information is not backed up to AD DS.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\FVE" ], "ValueName": "OSRecovery", "Elements": [ { "Type": "Boolean", "ValueName": "OSManageDRA", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Enum", "ValueName": "OSRecoveryPassword", "Items": [ { "DisplayName": "Allow 48-digit recovery password", "Data": "2" }, { "DisplayName": "Require 48-digit recovery password", "Data": "1" }, { "DisplayName": "Do not allow 48-digit recovery password", "Data": "0" } ], "Required": true }, { "Type": "Enum", "ValueName": "OSRecoveryKey", "Items": [ { "DisplayName": "Allow 256-bit recovery key", "Data": "2" }, { "DisplayName": "Require 256-bit recovery key", "Data": "1" }, { "DisplayName": "Do not allow 256-bit recovery key", "Data": "0" } ], "Required": true }, { "Type": "Boolean", "ValueName": "OSHideRecoveryPage", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "OSActiveDirectoryBackup", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "OSRequireActiveDirectoryBackup", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Enum", "ValueName": "OSActiveDirectoryInfoToStore", "Items": [ { "DisplayName": "Store recovery passwords and key packages", "Data": "1" }, { "DisplayName": "Store recovery passwords only", "Data": "2" } ], "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "VolumeEncryption.admx", "CategoryName": "FVEOSCategory", "PolicyName": "OSEncryptionType_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.VolumeEncryption", "Supported": "Windows8NoARM - At least Windows Server 2012 or Windows 8", "DisplayName": "Enforce drive encryption type on operating system drives", "ExplainText": "This policy setting allows you to configure the encryption type used by BitLocker Drive Encryption. This policy setting is applied when you turn on BitLocker. Changing the encryption type has no effect if the drive is already encrypted or if encryption is in progress. Choose full encryption to require that the entire drive be encrypted when BitLocker is turned on. Choose used space only encryption to require that only the portion of the drive used to store data is encrypted when BitLocker is turned on.\n\nIf you enable this policy setting the encryption type that BitLocker will use to encrypt drives is defined by this policy and the encryption type option will not be presented in the BitLocker setup wizard.\n\nIf you disable or do not configure this policy setting, the BitLocker setup wizard will ask the user to select the encryption type before turning on BitLocker.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\FVE" ], "Elements": [ { "Type": "Enum", "ValueName": "OSEncryptionType", "Items": [ { "DisplayName": "Allow user to choose (default)", "Data": "0" }, { "DisplayName": "Full encryption", "Data": "1" }, { "DisplayName": "Used Space Only encryption", "Data": "2" } ], "Required": true } ] }, { "File": "VolumeEncryption.admx", "CategoryName": "FVEOSCategory", "PolicyName": "ConfigureStartupUsage_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.VolumeEncryption", "Supported": "WindowsVistaOrServer2008Only - Windows Server 2008 and Windows Vista", "DisplayName": "Require additional authentication at startup (Windows Server 2008 and Windows Vista)", "ExplainText": "This policy setting allows you to control whether the BitLocker Drive Encryption setup wizard will be able to set up an additional authentication method that is required each time the computer starts. This policy setting is applied when you turn on BitLocker.\n\nNote: This policy is only applicable to computers running Windows Server 2008 or Windows Vista.\n\nOn a computer with a compatible Trusted Platform Module (TPM), two authentication methods can be used at startup to provide added protection for encrypted data. When the computer starts, it can require users to insert a USB flash drive containing a startup key. It can also require users to enter a 4-digit to 20-digit startup personal identification number (PIN).\n\nA USB flash drive containing a startup key is needed on computers without a compatible TPM. Without a TPM, BitLocker-encrypted data is protected solely by the key material on this USB flash drive.\n\nIf you enable this policy setting, the wizard will display the page to allow the user to configure advanced startup options for BitLocker. You can further configure setting options for computers with and without a TPM.\n\nIf you disable or do not configure this policy setting, the BitLocker setup wizard will display basic steps that allow users to turn on BitLocker on computers with a TPM. In this basic wizard, no additional startup key or startup PIN can be configured.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\FVE" ], "Elements": [ { "Type": "Boolean", "ValueName": "EnableNonTPM", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Enum", "ValueName": "UsePartialEncryptionKey", "Items": [ { "DisplayName": "Allow startup key with TPM", "Data": "2" }, { "DisplayName": "Require startup key with TPM", "Data": "1" }, { "DisplayName": "Do not allow startup key with TPM", "Data": "0" } ], "Required": true }, { "Type": "Enum", "ValueName": "UsePIN", "Items": [ { "DisplayName": "Allow startup PIN with TPM", "Data": "2" }, { "DisplayName": "Require startup PIN with TPM", "Data": "1" }, { "DisplayName": "Do not allow startup PIN with TPM", "Data": "0" } ], "Required": true } ] }, { "File": "VolumeEncryption.admx", "CategoryName": "FVEOSCategory", "PolicyName": "ConfigureAdvancedStartup_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.VolumeEncryption", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Require additional authentication at startup", "ExplainText": "This policy setting allows you to configure whether BitLocker requires additional authentication each time the computer starts and whether you are using BitLocker with or without a Trusted Platform Module (TPM). This policy setting is applied when you turn on BitLocker.\n\nNote: Only one of the additional authentication options can be required at startup, otherwise a policy error occurs.\n\nIf you want to use BitLocker on a computer without a TPM, select the \"Allow BitLocker without a compatible TPM\" check box. In this mode either a password or a USB drive is required for start-up. When using a startup key, the key information used to encrypt the drive is stored on the USB drive, creating a USB key. When the USB key is inserted the access to the drive is authenticated and the drive is accessible. If the USB key is lost or unavailable or if you have forgotten the password then you will need to use one of the BitLocker recovery options to access the drive.\n\nOn a computer with a compatible TPM, four types of authentication methods can be used at startup to provide added protection for encrypted data. When the computer starts, it can use only the TPM for authentication, or it can also require insertion of a USB flash drive containing a startup key, the entry of a 6-digit to 20-digit personal identification number (PIN), or both.\n\nIf you enable this policy setting, users can configure advanced startup options in the BitLocker setup wizard.\n\nIf you disable or do not configure this policy setting, users can configure only basic options on computers with a TPM.\n\nNote: If you want to require the use of a startup PIN and a USB flash drive, you must configure BitLocker settings using the command-line tool manage-bde instead of the BitLocker Drive Encryption setup wizard.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\FVE" ], "ValueName": "UseAdvancedStartup", "Elements": [ { "Type": "Boolean", "ValueName": "EnableBDEWithNoTPM", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Enum", "ValueName": "UseTPMKey", "Items": [ { "DisplayName": "Allow startup key with TPM", "Data": "2" }, { "DisplayName": "Require startup key with TPM", "Data": "1" }, { "DisplayName": "Do not allow startup key with TPM", "Data": "0" } ], "Required": true }, { "Type": "Enum", "ValueName": "UseTPMPIN", "Items": [ { "DisplayName": "Allow startup PIN with TPM", "Data": "2" }, { "DisplayName": "Require startup PIN with TPM", "Data": "1" }, { "DisplayName": "Do not allow startup PIN with TPM", "Data": "0" } ], "Required": true }, { "Type": "Enum", "ValueName": "UseTPMKeyPIN", "Items": [ { "DisplayName": "Allow startup key and PIN with TPM", "Data": "2" }, { "DisplayName": "Require startup key and PIN with TPM", "Data": "1" }, { "DisplayName": "Do not allow startup key and PIN with TPM", "Data": "0" } ], "Required": true }, { "Type": "Enum", "ValueName": "UseTPM", "Items": [ { "DisplayName": "Allow TPM", "Data": "2" }, { "DisplayName": "Require TPM", "Data": "1" }, { "DisplayName": "Do not allow TPM", "Data": "0" } ], "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "VolumeEncryption.admx", "CategoryName": "FVEOSCategory", "PolicyName": "AllowNetworkUnlockAtStartup_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.VolumeEncryption", "Supported": "Windows8NoARM - At least Windows Server 2012 or Windows 8", "DisplayName": "Allow network unlock at startup", "ExplainText": "This policy setting controls whether a BitLocker-protected computer that is connected to a trusted wired Local Area Network (LAN) and joined to a domain can create and use Network Key Protectors on TPM-enabled computers to automatically unlock the operating system drive when the computer is started.\n\nIf you enable this policy, clients configured with a BitLocker Network Unlock certificate will be able to create and use Network Key Protectors.\n\nTo use a Network Key Protector to unlock the computer, both the computer and the BitLocker Drive Encryption Network Unlock server must be provisioned with a Network Unlock certificate. The Network Unlock certificate is used to create Network Key Protectors, and protects the information exchanged with the server to unlock the computer. You can use the group policy setting \"Computer Configuration\\Windows Settings\\Security Settings\\Public Key Policies\\BitLocker Drive Encryption Network Unlock Certificate\" on the domain controller to distribute this certificate to computers in your organization. This unlock method uses the TPM on the computer, so computers that do not have a TPM cannot create Network Key Protectors to automatically unlock with Network Unlock.\n\nIf you disable or do not configure this policy setting, BitLocker clients will not be able to create and use Network Key Protectors.\n\nNote: For reliability and security, computers should also have a TPM startup PIN that can be used when the computer is disconnected from the wired network or the server at startup.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\FVE" ], "ValueName": "OSManageNKP", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "VolumeEncryption.admx", "CategoryName": "FVEOSCategory", "PolicyName": "PlatformValidation_Deprecated_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.VolumeEncryption", "Supported": "Windows7ToVista - Windows Server 2008, Windows 7, and Windows Vista", "DisplayName": "Configure TPM platform validation profile (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2)", "ExplainText": "This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection.\n\nIf you enable this policy setting before turning on BitLocker, you can configure the boot components that the TPM will validate before unlocking access to the BitLocker-encrypted operating system drive. If any of these components change while BitLocker protection is in effect, the TPM will not release the encryption key to unlock the drive and the computer will instead display the BitLocker Recovery console and require that either the recovery password or recovery key be provided to unlock the drive.\n\nIf you disable or do not configure this policy setting, the TPM uses the default platform validation profile or the platform validation profile specified by the setup script. A platform validation profile consists of a set of Platform Configuration Register (PCR) indices ranging from 0 to 23, The default platform validation profile secures the encryption key against changes to the Core Root of Trust of Measurement (CRTM), BIOS, and Platform Extensions (PCR 0), the Option ROM Code (PCR 2), the Master Boot Record (MBR) Code (PCR 4), the NTFS Boot Sector (PCR 8), the NTFS Boot Block (PCR 9), the Boot Manager (PCR 10), and the BitLocker Access Control (PCR 11). The descriptions of PCR settings for computers that use an Extensible Firmware Interface (EFI) are different than the PCR settings described for computers that use a standard BIOS.\n\nWarning: Changing from the default platform validation profile affects the security and manageability of your computer. BitLocker's sensitivity to platform modifications (malicious or authorized) is increased or decreased depending upon inclusion or exclusion (respectively) of the PCRs.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\FVE\\PlatformValidation" ], "ValueName": "Enabled", "Elements": [ { "Type": "Boolean", "ValueName": "0", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "1", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "2", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "3", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "4", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "5", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "6", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "7", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "8", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "9", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "10", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "11", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "12", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "13", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "14", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "15", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "16", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "17", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "18", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "19", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "20", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "21", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "22", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "23", "TrueValue": "1", "FalseValue": "0" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "VolumeEncryption.admx", "CategoryName": "FVEOSCategory", "PolicyName": "PlatformValidation_BIOS_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.VolumeEncryption", "Supported": "Windows8NoARM - At least Windows Server 2012 or Windows 8", "DisplayName": "Configure TPM platform validation profile for BIOS-based firmware configurations", "ExplainText": "This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection.\n\nImportant: This group policy only applies to computers with BIOS configurations or to computers with UEFI firmware with a Compatibility Service Module (CSM) enabled. Computers using a native UEFI firmware configuration store different values into the Platform Configuration Registers (PCRs). Use the \"Configure TPM platform validation profile for native UEFI firmware configurations\" group policy setting to configure the TPM PCR profile for computers using native UEFI firmware.\n\nIf you enable this policy setting before turning on BitLocker, you can configure the boot components that the TPM will validate before unlocking access to the BitLocker-encrypted operating system drive. If any of these components change while BitLocker protection is in effect, the TPM will not release the encryption key to unlock the drive and the computer will instead display the BitLocker Recovery console and require that either the recovery password or recovery key be provided to unlock the drive.\n\nIf you disable or do not configure this policy setting, BitLocker uses the default platform validation profile or the platform validation profile specified by the setup script. A platform validation profile consists of a set of Platform Configuration Register (PCR) indices ranging from 0 to 23. The default platform validation profile secures the encryption key against changes to the Core Root of Trust of Measurement (CRTM), BIOS, and Platform Extensions (PCR 0), the Option ROM Code (PCR 2), the Master Boot Record (MBR) Code (PCR 4), the NTFS Boot Sector (PCR 8), the NTFS Boot Block (PCR 9), the Boot Manager (PCR 10), and the BitLocker Access Control (PCR 11).\n\nWarning: Changing from the default platform validation profile affects the security and manageability of your computer. BitLocker's sensitivity to platform modifications (malicious or authorized) is increased or decreased depending upon inclusion or exclusion (respectively) of the PCRs.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\FVE\\OSPlatformValidation_BIOS" ], "ValueName": "Enabled", "Elements": [ { "Type": "Boolean", "ValueName": "0", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "1", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "2", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "3", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "4", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "5", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "6", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "7", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "8", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "9", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "10", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "11", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "12", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "13", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "14", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "15", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "16", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "17", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "18", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "19", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "20", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "21", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "22", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "23", "TrueValue": "1", "FalseValue": "0" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "VolumeEncryption.admx", "CategoryName": "FVEOSCategory", "PolicyName": "PlatformValidation_UEFI_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.VolumeEncryption", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Configure TPM platform validation profile for native UEFI firmware configurations", "ExplainText": "This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection.\n\nImportant: This group policy only applies to computers with a native UEFI firmware configuration. Computers with BIOS or UEFI firmware with a Compatibility Service Module (CSM) enabled store different values into the Platform Configuration Registers (PCRs). Use the \"Configure TPM platform validation profile for BIOS-based firmware configurations\" group policy setting to configure the TPM PCR profile for computers with BIOS configurations or computers with UEFI firmware with a CSM enabled.\n\nIf you enable this policy setting before turning on BitLocker, you can configure the boot components that the TPM will validate before unlocking access to the BitLocker-encrypted operating system drive. If any of these components change while BitLocker protection is in effect, the TPM will not release the encryption key to unlock the drive and the computer will instead display the BitLocker Recovery console and require that either the recovery password or recovery key be provided to unlock the drive.\n\nIf you disable or do not configure this policy setting, BitLocker uses the default platform validation profile for the available hardware or the platform validation profile specified by the setup script. A platform validation profile consists of a set of Platform Configuration Register (PCR) indices ranging from 0 to 23.\n\nOn PCs that lack Secure Boot State (PCR 7) support, the default platform validation profile secures the encryption key against changes to the core system firmware executable code (PCR 0), extended or pluggable executable code (PCR 2), boot manager (PCR 4), and the BitLocker access control (PCR 11).\n\nWhen Secure Boot State (PCR7) support is available, the default platform validation profile secures the encryption key using Secure Boot State (PCR 7) and the BitLocker access control (PCR 11).\n\nWarning: Changing from the default platform validation profile affects the security and manageability of your computer. BitLocker's sensitivity to platform modifications (malicious or authorized) is increased or decreased depending upon inclusion or exclusion (respectively) of the PCRs. Specifically, setting this policy with PCR 7 omitted, will override the \"Allow Secure Boot for integrity validation\" group policy, preventing BitLocker from using Secure Boot for platform or Boot Configuration Data (BCD) integrity validation. Setting this policy may result in BitLocker recovery when firmware is updated. If you set this policy to include PCR 0, suspend BitLocker prior to applying firmware updates.\n\nIt is recommended to not configure this policy, to allow Windows to select the PCR profile for the best combination of security and usability based on the available hardware on each PC.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\FVE\\OSPlatformValidation_UEFI" ], "ValueName": "Enabled", "Elements": [ { "Type": "Boolean", "ValueName": "0", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "1", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "2", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "3", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "4", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "5", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "6", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "7", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "8", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "9", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "10", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "11", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "12", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "13", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "14", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "15", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "16", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "17", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "18", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "19", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "20", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "21", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "22", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "23", "TrueValue": "1", "FalseValue": "0" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "VolumeEncryption.admx", "CategoryName": "FVEOSCategory", "PolicyName": "MinimumPINLength_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.VolumeEncryption", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Configure minimum PIN length for startup", "ExplainText": "This policy setting allows you to configure a minimum length for a Trusted Platform Module (TPM) startup PIN. This policy setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of 4 digits and can have a maximum length of 20 digits.\n\nIf you enable this policy setting, you can require a minimum number of digits to be used when setting the startup PIN.\n\nIf you disable or do not configure this policy setting, users can configure a startup PIN of any length between 6 and 20 digits.\n\nNOTE: If minimum PIN length is set below 6 digits, Windows will attempt to update the TPM 2.0 lockout period to be greater than the default when a PIN is changed. If successful, Windows will only reset the TPM lockout period back to default if the TPM is reset.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\FVE" ], "Elements": [ { "Type": "Decimal", "ValueName": "MinimumPIN", "MinValue": "4", "MaxValue": "20", "Required": true } ] }, { "File": "VolumeEncryption.admx", "CategoryName": "FVEOSCategory", "PolicyName": "OSEDrive_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.VolumeEncryption", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Configure use of hardware-based encryption for operating system drives", "ExplainText": "This policy setting allows you to manage BitLocker\u2019s use of hardware-based encryption on operating system drives and specify which encryption algorithms it can use with hardware-based encryption. Using hardware-based encryption can improve performance of drive operations that involve frequent reading or writing of data to the drive.\n\nIf you enable this policy setting, you can specify additional options that control whether BitLocker software-based encryption is used instead of hardware-based encryption on computers that do not support hardware-based encryption and whether you want to restrict the encryption algorithms and cipher suites used with hardware-based encryption.\n\nIf you disable this policy setting, BitLocker cannot use hardware-based encryption with operating system drives and BitLocker software-based encryption will be used by default when the drive is encrypted.\n\nIf you do not configure this policy setting, BitLocker will use software-based encryption irrespective of hardware-based encryption availability.\n\nNote: The \"Choose drive encryption method and cipher strength\" policy setting does not apply to hardware-based encryption. The encryption algorithm used by hardware-based encryption is set when the drive is partitioned. By default, BitLocker uses the algorithm configured on the drive to encrypt the drive. The \"Restrict encryption algorithms and cipher suites allowed for hardware-based encryption\" option enables you to restrict the encryption algorithms that BitLocker can use with hardware encryption. If the algorithm set for the drive is not available, BitLocker will disable the use of hardware-based encryption.\nEncryption algorithms are specified by object identifiers (OID). For example:\n- AES 128 in CBC mode OID: 2.16.840.1.101.3.4.1.2\n- AES 256 in CBC mode OID: 2.16.840.1.101.3.4.1.42", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\FVE" ], "ValueName": "OSHardwareEncryption", "Elements": [ { "Type": "Boolean", "ValueName": "OSAllowSoftwareEncryptionFailover", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "OSRestrictHardwareEncryptionAlgorithms", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Text", "ValueName": "OSAllowedHardwareEncryptionAlgorithms", "Required": false, "Expandable": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "VolumeEncryption.admx", "CategoryName": "FVEOSCategory", "PolicyName": "EnablePrebootInputProtectorsOnSlates_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.VolumeEncryption", "Supported": "Windows8NoARM - At least Windows Server 2012 or Windows 8", "DisplayName": "Enable use of BitLocker authentication requiring preboot keyboard input on slates", "ExplainText": "This policy setting allows users to turn on authentication options that require user input from the pre-boot environment, even if the platform lacks pre-boot input capability.\n\nThe Windows touch keyboard (such as that used by tablets) isn't available in the pre-boot environment where BitLocker requires additional information such as a PIN or Password.\n\nIf you enable this policy setting, devices must have an alternative means of pre-boot input (such as an attached USB keyboard).\n\nIf this policy is not enabled, the Windows Recovery Environment must be enabled on tablets to support the entry of the BitLocker recovery password. When the Windows Recovery Environment is not enabled and this policy is not enabled, you cannot turn on BitLocker on a device that uses the Windows touch keyboard.\n\nNote that if you do not enable this policy setting, options in the \"Require additional authentication at startup\" policy might not be available on such devices. These options include:\n- Configure TPM startup PIN: Required/Allowed\n- Configure TPM startup key and PIN: Required/Allowed\n- Configure use of passwords for operating system drives.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\FVE" ], "ValueName": "OSEnablePrebootInputProtectorsOnSlates", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "VolumeEncryption.admx", "CategoryName": "FVEOSCategory", "PolicyName": "EnablePreBootPinExceptionOnDECapableDevice_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.VolumeEncryption", "Supported": "Windows_10_0_RS2 - At least Windows Server 2016, Windows 10 Version 1703", "DisplayName": "Allow devices compliant with InstantGo or HSTI to opt out of pre-boot PIN.", "ExplainText": "This policy setting allows users on devices that are compliant with InstantGo or Microsoft Hardware Security Test Interface (HSTI) to not have a PIN for pre-boot authentication. This overrides the \"Require startup PIN with TPM\" and \"Require startup key and PIN with TPM\" options of the \"Require additional authentication at startup\" policy on compliant hardware.\n\nIf you enable this policy setting, users on InstantGo and HSTI compliant devices will have the choice to turn on BitLocker without pre-boot authentication.\n\nIf this policy is not enabled, the options of \"Require additional authentication at startup\" policy apply.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\FVE" ], "ValueName": "OSEnablePreBootPinExceptionOnDECapableDevice", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "VolumeEncryption.admx", "CategoryName": "FVEOSCategory", "PolicyName": "AllowSecureBootForIntegrity_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.VolumeEncryption", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Allow Secure Boot for integrity validation", "ExplainText": "This policy setting allows you to configure whether Secure Boot will be allowed as the platform integrity provider for BitLocker operating system drives.\n\nSecure Boot ensures that the PC's pre-boot environment only loads firmware that is digitally signed by authorized software publishers. Secure Boot also provides more flexibility for managing pre-boot configuration than legacy BitLocker integrity checks.\n\nIf you enable or do not configure this policy setting, BitLocker will use Secure Boot for platform integrity if the platform is capable of Secure Boot-based integrity validation.\n\nIf you disable this policy setting, BitLocker will use legacy platform integrity validation, even on systems capable of Secure Boot-based integrity validation.\n\nWhen this policy is enabled and the hardware is capable of using Secure Boot for BitLocker scenarios, the \"Use enhanced Boot Configuration Data validation profile\" group policy setting is ignored and Secure Boot verifies BCD settings according to the Secure Boot policy setting, which is configured separately from BitLocker.\n\nNote: If the group policy setting \"Configure TPM platform validation profile for native UEFI firmware configurations\" is enabled and has PCR 7 omitted, Bitlocker will be prevented from using Secure Boot for platform or Boot Configuration Data (BCD) integrity validation.\n\nWarning: Disabling this policy may result in BitLocker recovery when firmware is updated. If you disable this policy, suspend BitLocker prior to applying firmware updates.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\FVE" ], "ValueName": "OSAllowSecureBootForIntegrity", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "VolumeEncryption.admx", "CategoryName": "FVEFDVCategory", "PolicyName": "FDVRecoveryUsage_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.VolumeEncryption", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Choose how BitLocker-protected fixed drives can be recovered", "ExplainText": "This policy setting allows you to control how BitLocker-protected fixed data drives are recovered in the absence of the required credentials. This policy setting is applied when you turn on BitLocker.\n\nThe \"Allow data recovery agent\" check box is used to specify whether a data recovery agent can be used with BitLocker-protected fixed data drives. Before a data recovery agent can be used it must be added from the Public Key Policies item in either the Group Policy Management Console or the Local Group Policy Editor. Consult the BitLocker Drive Encryption Deployment Guide on Microsoft TechNet for more information about adding data recovery agents.\n\nIn \"Configure user storage of BitLocker recovery information\" select whether users are allowed, required, or not allowed to generate a 48-digit recovery password or a 256-bit recovery key.\n\nSelect \"Omit recovery options from the BitLocker setup wizard\" to prevent users from specifying recovery options when they turn on BitLocker on a drive. This means that you will not be able to specify which recovery option to use when you turn on BitLocker, instead BitLocker recovery options for the drive are determined by the policy setting.\n\nIn \"Save BitLocker recovery information to Active Directory Domain Services\" choose which BitLocker recovery information to store in AD DS for fixed data drives. If you select \"Backup recovery password and key package\", both the BitLocker recovery password and key package are stored in AD DS. Storing the key package supports recovering data from a drive that has been physically corrupted. If you select \"Backup recovery password only,\" only the recovery password is stored in AD DS.\n\nSelect the \"Do not enable BitLocker until recovery information is stored in AD DS for fixed data drives\" check box if you want to prevent users from enabling BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds.\n\nNote: If the \"Do not enable BitLocker until recovery information is stored in AD DS for fixed data drives\" check box is selected, a recovery password is automatically generated.\n\nIf you enable this policy setting, you can control the methods available to users to recover data from BitLocker-protected fixed data drives.\n\nIf this policy setting is not configured or disabled, the default recovery options are supported for BitLocker recovery. By default a DRA is allowed, the recovery options can be specified by the user including the recovery password and recovery key, and recovery information is not backed up to AD DS", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\FVE" ], "ValueName": "FDVRecovery", "Elements": [ { "Type": "Enum", "ValueName": "FDVRecoveryPassword", "Items": [ { "DisplayName": "Allow 48-digit recovery password", "Data": "2" }, { "DisplayName": "Require 48-digit recovery password", "Data": "1" }, { "DisplayName": "Do not allow 48-digit recovery password", "Data": "0" } ], "Required": true }, { "Type": "Enum", "ValueName": "FDVRecoveryKey", "Items": [ { "DisplayName": "Allow 256-bit recovery key", "Data": "2" }, { "DisplayName": "Require 256-bit recovery key", "Data": "1" }, { "DisplayName": "Do not allow 256-bit recovery key", "Data": "0" } ], "Required": true }, { "Type": "Boolean", "ValueName": "FDVManageDRA", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "FDVHideRecoveryPage", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "FDVActiveDirectoryBackup", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "FDVRequireActiveDirectoryBackup", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Enum", "ValueName": "FDVActiveDirectoryInfoToStore", "Items": [ { "DisplayName": "Backup recovery passwords and key packages", "Data": "1" }, { "DisplayName": "Backup recovery passwords only", "Data": "2" } ], "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "VolumeEncryption.admx", "CategoryName": "FVEFDVCategory", "PolicyName": "FDVPassphrase_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.VolumeEncryption", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Configure use of passwords for fixed data drives", "ExplainText": "This policy setting specifies whether a password is required to unlock BitLocker-protected fixed data drives. If you choose to permit the use of a password, you can require that a password be used, enforce complexity requirements on the password, and configure a minimum length for the password. For the complexity requirement setting to be effective the Group Policy setting \"Password must meet complexity requirements\" located in Computer Configuration\\Windows Settings\\Security Settings\\Account Policies\\Password Policy\\ must be also enabled.\n\nNote: These settings are enforced when turning on BitLocker, not when unlocking a volume. BitLocker will allow unlocking a drive with any of the protectors available on the drive.\n\nIf you enable this policy setting, users can configure a password that meets the requirements you define. To require the use of a password, select \"Require password for fixed data drive\". To enforce complexity requirements on the password, select \"Require complexity\".\n\nWhen set to \"Require complexity\" a connection to a domain controller is necessary when BitLocker is enabled to validate the complexity the password. When set to \"Allow complexity\" a connection to a domain controller will be attempted to validate the complexity adheres to the rules set by the policy, but if no domain controllers are found the password will still be accepted regardless of actual password complexity and the drive will be encrypted using that password as a protector. When set to \"Do not allow complexity\", no password complexity validation will be done.\n\nPasswords must be at least 8 characters. To configure a greater minimum length for the password, enter the desired number of characters in the \"Minimum password length\" box.\n\nIf you disable this policy setting, the user is not allowed to use a password.\n\nIf you do not configure this policy setting, passwords will be supported with the default settings, which do not include password complexity requirements and require only 8 characters.\n\nNote: Passwords cannot be used if FIPS-compliance is enabled. The \"System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing\" policy setting in Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Security Options specifies whether FIPS-compliance is enabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\FVE" ], "ValueName": "FDVPassphrase", "Elements": [ { "Type": "Boolean", "ValueName": "FDVEnforcePassphrase", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Enum", "ValueName": "FDVPassphraseComplexity", "Items": [ { "DisplayName": "Allow password complexity", "Data": "2" }, { "DisplayName": "Do not allow password complexity", "Data": "0" }, { "DisplayName": "Require password complexity", "Data": "1" } ] }, { "Type": "Decimal", "ValueName": "FDVPassphraseLength", "MinValue": "8", "MaxValue": "99", "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "VolumeEncryption.admx", "CategoryName": "FVEFDVCategory", "PolicyName": "FDVDenyWriteAccess_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.VolumeEncryption", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Deny write access to fixed drives not protected by BitLocker", "ExplainText": "This policy setting determines whether BitLocker protection is required for fixed data drives to be writable on a computer.\n\nIf you enable this policy setting, all fixed data drives that are not BitLocker-protected will be mounted as read-only. If the drive is protected by BitLocker, it will be mounted with read and write access.\n\nIf you disable or do not configure this policy setting, all fixed data drives on the computer will be mounted with read and write access.", "KeyPath": [ "HKLM\\System\\CurrentControlSet\\Policies\\Microsoft\\FVE" ], "ValueName": "FDVDenyWriteAccess", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "VolumeEncryption.admx", "CategoryName": "FVEFDVCategory", "PolicyName": "FDVHybrid_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.VolumeEncryption", "Supported": "Windows7To1122H2 - At least Windows Server 2008 R2 or Windows 7 through Windows Server 2022 or Windows 11 Version 22H2", "DisplayName": "Allow access to BitLocker-protected fixed data drives from earlier versions of Windows", "ExplainText": "This policy setting configures whether or not fixed data drives formatted with the FAT file system can be unlocked and viewed on computers running Windows Server 2008, Windows Vista, Windows XP with Service Pack 3 (SP3), or Windows XP with Service Pack 2 (SP2) operating systems.\n\nIf this policy setting is enabled or not configured, fixed data drives formatted with the FAT file system can be unlocked on computers running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2, and their content can be viewed. These operating systems have read-only access to BitLocker-protected drives.\n\nWhen this policy setting is enabled, select the \"Do not install BitLocker To Go Reader on FAT formatted fixed drives\" check box to help prevent users from running BitLocker To Go Reader from their fixed drives. If BitLocker To Go Reader (bitlockertogo.exe) is present on a drive that does not have an identification field specified, or if the drive has the same identification field as specified in the \"Provide unique identifiers for your organization\" policy setting, the user will be prompted to update BitLocker and BitLocker To Go Reader will be deleted from the drive. In this situation, for the fixed drive to be unlocked on computers running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2, BitLocker To Go Reader must be installed on the computer. If this check box is not selected, BitLocker To Go Reader will be installed on the fixed drive to enable users to unlock the drive on computers running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2 that do not have BitLocker To Go Reader installed.\n\nIf this policy setting is disabled, fixed data drives formatted with the FAT file system that are BitLocker-protected cannot be unlocked on computers running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2. Bitlockertogo.exe will not be installed.\n\nNote: This policy setting does not apply to drives that are formatted with the NTFS file system.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\FVE" ], "ValueName": "FDVDiscoveryVolumeType", "Elements": [ { "Type": "Boolean", "ValueName": "FDVNoBitLockerToGoReader", "TrueValue": "1", "FalseValue": "0", "Required": true }, { "Type": "EnabledValue", "Data": "FAT32" }, { "Type": "DisabledValue", "Data": "" } ] }, { "File": "VolumeEncryption.admx", "CategoryName": "FVEFDVCategory", "PolicyName": "FDVConfigureSmartCard", "Class": "Machine", "NameSpace": "Microsoft.Policies.VolumeEncryption", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Configure use of smart cards on fixed data drives", "ExplainText": "This policy setting allows you to specify whether smart cards can be used to authenticate user access to the BitLocker-protected fixed data drives on a computer.\n\nIf you enable this policy setting smart cards can be used to authenticate user access to the drive. You can require a smart card authentication by selecting the \"Require use of smart cards on fixed data drives\" check box.\n\nNote: These settings are enforced when turning on BitLocker, not when unlocking a drive. BitLocker will allow unlocking a drive with any of the protectors available on the drive.\n\nIf you disable this policy setting, users are not allowed to use smart cards to authenticate their access to BitLocker-protected fixed data drives.\n\nIf you do not configure this policy setting, smart cards can be used to authenticate user access to a BitLocker-protected drive.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\FVE" ], "ValueName": "FDVAllowUserCert", "Elements": [ { "Type": "Boolean", "ValueName": "FDVEnforceUserCert", "TrueValue": "1", "FalseValue": "0", "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "VolumeEncryption.admx", "CategoryName": "FVEFDVCategory", "PolicyName": "FDVEncryptionType_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.VolumeEncryption", "Supported": "Windows8NoARM - At least Windows Server 2012 or Windows 8", "DisplayName": "Enforce drive encryption type on fixed data drives", "ExplainText": "This policy setting allows you to configure the encryption type used by BitLocker Drive Encryption. This policy setting is applied when you turn on BitLocker. Changing the encryption type has no effect if the drive is already encrypted or if encryption is in progress. Choose full encryption to require that the entire drive be encrypted when BitLocker is turned on. Choose used space only encryption to require that only the portion of the drive used to store data is encrypted when BitLocker is turned on.\n\nIf you enable this policy setting the encryption type that BitLocker will use to encrypt drives is defined by this policy and the encryption type option will not be presented in the BitLocker setup wizard.\n\nIf you disable or do not configure this policy setting, the BitLocker setup wizard will ask the user to select the encryption type before turning on BitLocker.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\FVE" ], "Elements": [ { "Type": "Enum", "ValueName": "FDVEncryptionType", "Items": [ { "DisplayName": "Allow user to choose (default)", "Data": "0" }, { "DisplayName": "Full encryption", "Data": "1" }, { "DisplayName": "Used Space Only encryption", "Data": "2" } ], "Required": true } ] }, { "File": "VolumeEncryption.admx", "CategoryName": "FVEFDVCategory", "PolicyName": "FDVEDrive_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.VolumeEncryption", "Supported": "Windows8NoARM - At least Windows Server 2012 or Windows 8", "DisplayName": "Configure use of hardware-based encryption for fixed data drives", "ExplainText": "This policy setting allows you to manage BitLocker\u2019s use of hardware-based encryption on fixed data drives and specify which encryption algorithms it can use with hardware-based encryption. Using hardware-based encryption can improve performance of drive operations that involve frequent reading or writing of data to the drive.\n\nIf you enable this policy setting, you can specify additional options that control whether BitLocker software-based encryption is used instead of hardware-based encryption on computers that do not support hardware-based encryption and whether you want to restrict the encryption algorithms and cipher suites used with hardware-based encryption.\n\nIf you disable this policy setting, BitLocker cannot use hardware-based encryption with operating system drives and BitLocker software-based encryption will be used by default when the drive is encrypted.\n\nIf you do not configure this policy setting, BitLocker will use software-based encryption irrespective of hardware-based encryption availability.\n\nNote: The \"Choose drive encryption method and cipher strength\" policy setting does not apply to hardware-based encryption. The encryption algorithm used by hardware-based encryption is set when the drive is partitioned. By default, BitLocker uses the algorithm configured on the drive to encrypt the drive. The \"Restrict encryption algorithms and cipher suites allowed for hardware-based encryption\" option enables you to restrict the encryption algorithms that BitLocker can use with hardware encryption. If the algorithm set for the drive is not available, BitLocker will disable the use of hardware-based encryption.\nEncryption algorithms are specified by object identifiers (OID). For example:\n- AES 128 in CBC mode OID: 2.16.840.1.101.3.4.1.2\n- AES 256 in CBC mode OID: 2.16.840.1.101.3.4.1.42", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\FVE" ], "ValueName": "FDVHardwareEncryption", "Elements": [ { "Type": "Boolean", "ValueName": "FDVAllowSoftwareEncryptionFailover", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "FDVRestrictHardwareEncryptionAlgorithms", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Text", "ValueName": "FDVAllowedHardwareEncryptionAlgorithms", "Required": false, "Expandable": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "VolumeEncryption.admx", "CategoryName": "FVERDVCategory", "PolicyName": "RDVRecoveryUsage_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.VolumeEncryption", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Choose how BitLocker-protected removable drives can be recovered", "ExplainText": "This policy setting allows you to control how BitLocker-protected removable data drives are recovered in the absence of the required credentials. This policy setting is applied when you turn on BitLocker.\n\nThe \"Allow data recovery agent\" check box is used to specify whether a data recovery agent can be used with BitLocker-protected removable data drives. Before a data recovery agent can be used it must be added from the Public Key Policies item in either the Group Policy Management Console or the Local Group Policy Editor. Consult the BitLocker Drive Encryption Deployment Guide on Microsoft TechNet for more information about adding data recovery agents.\n\nIn \"Configure user storage of BitLocker recovery information\" select whether users are allowed, required, or not allowed to generate a 48-digit recovery password or a 256-bit recovery key.\n\nSelect \"Omit recovery options from the BitLocker setup wizard\" to prevent users from specifying recovery options when they turn on BitLocker on a drive. This means that you will not be able to specify which recovery option to use when you turn on BitLocker, instead BitLocker recovery options for the drive are determined by the policy setting.\n\nIn \"Save BitLocker recovery information to Active Directory Domain Services\" choose which BitLocker recovery information to store in AD DS for removable data drives. If you select \"Backup recovery password and key package\", both the BitLocker recovery password and key package are stored in AD DS. If you select \"Backup recovery password only\" only the recovery password is stored in AD DS.\n\nSelect the \"Do not enable BitLocker until recovery information is stored in AD DS for removable data drives\" check box if you want to prevent users from enabling BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds.\n\nNote: If the \"Do not enable BitLocker until recovery information is stored in AD DS for fixed data drives\" check box is selected, a recovery password is automatically generated.\n\nIf you enable this policy setting, you can control the methods available to users to recover data from BitLocker-protected removable data drives.\n\nIf this policy setting is not configured or disabled, the default recovery options are supported for BitLocker recovery. By default a DRA is allowed, the recovery options can be specified by the user including the recovery password and recovery key, and recovery information is not backed up to AD DS", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\FVE" ], "ValueName": "RDVRecovery", "Elements": [ { "Type": "Enum", "ValueName": "RDVRecoveryPassword", "Items": [ { "DisplayName": "Allow 48-digit recovery password", "Data": "2" }, { "DisplayName": "Require 48-digit recovery password", "Data": "1" }, { "DisplayName": "Do not allow 48-digit recovery password", "Data": "0" } ], "Required": true }, { "Type": "Enum", "ValueName": "RDVRecoveryKey", "Items": [ { "DisplayName": "Allow 256-bit recovery key", "Data": "2" }, { "DisplayName": "Require 256-bit recovery key", "Data": "1" }, { "DisplayName": "Do not allow 256-bit recovery key", "Data": "0" } ], "Required": true }, { "Type": "Boolean", "ValueName": "RDVManageDRA", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "RDVHideRecoveryPage", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "RDVActiveDirectoryBackup", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "RDVRequireActiveDirectoryBackup", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Enum", "ValueName": "RDVActiveDirectoryInfoToStore", "Items": [ { "DisplayName": "Backup recovery passwords and key packages", "Data": "1" }, { "DisplayName": "Backup recovery passwords only", "Data": "2" } ], "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "VolumeEncryption.admx", "CategoryName": "FVERDVCategory", "PolicyName": "RDVConfigureBDE", "Class": "Machine", "NameSpace": "Microsoft.Policies.VolumeEncryption", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Control use of BitLocker on removable drives", "ExplainText": "This policy setting controls the use of BitLocker on removable data drives. This policy setting is applied when you turn on BitLocker.\n\nWhen this policy setting is enabled you can select property settings that control how users can configure BitLocker. Choose \"Allow users to apply BitLocker protection on removable data drives\" to permit the user to run the BitLocker setup wizard on a removable data drive. Choose \"Allow users to suspend and decrypt BitLocker on removable data drives\" to permit the user to remove BitLocker Drive encryption from the drive or suspend the encryption while maintenance is performed. Consult the BitLocker Drive Encryption Deployment Guide on Microsoft TechNet for more information on suspending BitLocker protection.\n\nIf you do not configure this policy setting, users can use BitLocker on removable disk drives.\n\nIf you disable this policy setting, users cannot use BitLocker on removable disk drives.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\FVE" ], "ValueName": "RDVConfigureBDE", "Elements": [ { "Type": "Boolean", "ValueName": "RDVAllowBDE", "TrueValue": "1", "FalseValue": "0", "Required": true }, { "Type": "Boolean", "ValueName": "RDVDisableBDE", "TrueValue": "1", "FalseValue": "0", "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "VolumeEncryption.admx", "CategoryName": "FVERDVCategory", "PolicyName": "RDVPassphrase_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.VolumeEncryption", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Configure use of passwords for removable data drives", "ExplainText": "This policy setting specifies whether a password is required to unlock BitLocker-protected removable data drives. If you choose to allow use of a password, you can require a password to be used, enforce complexity requirements, and configure a minimum length. For the complexity requirement setting to be effective the Group Policy setting \"Password must meet complexity requirements\" located in Computer Configuration\\Windows Settings\\Security Settings\\Account Policies\\Password Policy\\ must be also enabled.\n\nNote: These settings are enforced when turning on BitLocker, not when unlocking a volume. BitLocker will allow unlocking a drive with any of the protectors available on the drive.\n\nIf you enable this policy setting, users can configure a password that meets the requirements that you define. To require the use of a password, select \"Require password for removable data drive\". To enforce complexity requirements on the password, select \"Require complexity\".\n\nWhen set to \"Require complexity\" a connection to a domain controller is necessary when BitLocker is enabled to validate the complexity the password. When set to \"Allow complexity\" a connection to a domain controller will be attempted to validate the complexity adheres to the rules set by the policy, but if no domain controllers are found the password will still be accepted regardless of actual password complexity and the drive will be encrypted using that password as a protector. When set to \"Do not allow complexity\", no password complexity validation will be done.\n\nPasswords must be at least 8 characters. To configure a greater minimum length for the password, enter the desired number of characters in the \"Minimum password length\" box.\n\nIf you disable this policy setting, the user is not allowed to use a password.\n\nIf you do not configure this policy setting, passwords will be supported with the default settings, which do not include password complexity requirements and require only 8 characters.\n\nNote: Passwords cannot be used if FIPS-compliance is enabled. The \"System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing\" policy setting in Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Security Options specifies whether FIPS-compliance is enabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\FVE" ], "ValueName": "RDVPassphrase", "Elements": [ { "Type": "Boolean", "ValueName": "RDVEnforcePassphrase", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Enum", "ValueName": "RDVPassphraseComplexity", "Items": [ { "DisplayName": "Allow password complexity", "Data": "2" }, { "DisplayName": "Do not allow password complexity", "Data": "0" }, { "DisplayName": "Require password complexity", "Data": "1" } ] }, { "Type": "Decimal", "ValueName": "RDVPassphraseLength", "MinValue": "8", "MaxValue": "99", "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "VolumeEncryption.admx", "CategoryName": "FVERDVCategory", "PolicyName": "RDVDenyWriteAccess_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.VolumeEncryption", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Deny write access to removable drives not protected by BitLocker", "ExplainText": "This policy setting configures whether BitLocker protection is required for a computer to be able to write data to a removable data drive.\n\nIf you enable this policy setting, all removable data drives that are not BitLocker-protected will be mounted as read-only. If the drive is protected by BitLocker, it will be mounted with read and write access.\n\nIf the \"Deny write access to devices configured in another organization\" option is selected, only drives with identification fields matching the computer's identification fields will be given write access. When a removable data drive is accessed it will be checked for valid identification field and allowed identification fields. These fields are defined by the \"Provide the unique identifiers for your organization\" policy setting.\n\nIf you disable or do not configure this policy setting, all removable data drives on the computer will be mounted with read and write access.\n\nNote: This policy setting can be overridden by the policy settings under User Configuration\\Administrative Templates\\System\\Removable Storage Access. If the \"Removable Disks: Deny write access\" policy setting is enabled this policy setting will be ignored.", "KeyPath": [ "HKLM\\System\\CurrentControlSet\\Policies\\Microsoft\\FVE" ], "ValueName": "RDVDenyWriteAccess", "Elements": [ { "Type": "Boolean", "ValueName": "RDVDenyCrossOrg", "TrueValue": "1", "FalseValue": "0", "Required": true, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\FVE" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "VolumeEncryption.admx", "CategoryName": "FVERDVCategory", "PolicyName": "RDVHybrid_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.VolumeEncryption", "Supported": "Windows7To1122H2 - At least Windows Server 2008 R2 or Windows 7 through Windows Server 2022 or Windows 11 Version 22H2", "DisplayName": "Allow access to BitLocker-protected removable data drives from earlier versions of Windows", "ExplainText": "This policy setting configures whether or not removable data drives formatted with the FAT file system can be unlocked and viewed on computers running Windows Server 2008, Windows Vista, Windows XP with Service Pack 3 (SP3), or Windows XP with Service Pack 2 (SP2) operating systems.\n\nIf this policy setting is enabled or not configured, removable data drives formatted with the FAT file system can be unlocked on computers running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2, and their content can be viewed. These operating systems have read-only access to BitLocker-protected drives.\n\nWhen this policy setting is enabled, select the \"Do not install BitLocker To Go Reader on FAT formatted removable drives\" check box to help prevent users from running BitLocker To Go Reader from their removable drives. If BitLocker To Go Reader (bitlockertogo.exe) is present on a drive that does not have an identification field specified, or if the drive has the same identification field as specified in the \"Provide unique identifiers for your organization\" policy setting, the user will be prompted to update BitLocker and BitLocker To Go Reader will be deleted from the drive. In this situation, for the removable drive to be unlocked on computers running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2, BitLocker To Go Reader must be installed on the computer. If this check box is not selected, BitLocker To Go Reader will be installed on the removable drive to enable users to unlock the drive on computers running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2 that do not have BitLocker To Go Reader installed.\n\nIf this policy setting is disabled, removable data drives formatted with the FAT file system that are BitLocker-protected cannot be unlocked on computers running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2. Bitlockertogo.exe will not be installed.\n\nNote: This policy setting does not apply to drives that are formatted with the NTFS file system.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\FVE" ], "ValueName": "RDVDiscoveryVolumeType", "Elements": [ { "Type": "Boolean", "ValueName": "RDVNoBitLockerToGoReader", "TrueValue": "1", "FalseValue": "0", "Required": true }, { "Type": "EnabledValue", "Data": "FAT32" }, { "Type": "DisabledValue", "Data": "" } ] }, { "File": "VolumeEncryption.admx", "CategoryName": "FVERDVCategory", "PolicyName": "RDVConfigureSmartCard", "Class": "Machine", "NameSpace": "Microsoft.Policies.VolumeEncryption", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Configure use of smart cards on removable data drives", "ExplainText": "This policy setting allows you to specify whether smart cards can be used to authenticate user access to BitLocker-protected removable data drives on a computer.\n\nIf you enable this policy setting smart cards can be used to authenticate user access to the drive. You can require a smart card authentication by selecting the \"Require use of smart cards on removable data drives\" check box.\n\nNote: These settings are enforced when turning on BitLocker, not when unlocking a drive. BitLocker will allow unlocking a drive with any of the protectors available on the drive.\n\nIf you disable this policy setting, users are not allowed to use smart cards to authenticate their access to BitLocker-protected removable data drives.\n\nIf you do not configure this policy setting, smart cards are available to authenticate user access to a BitLocker-protected removable data drive.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\FVE" ], "ValueName": "RDVAllowUserCert", "Elements": [ { "Type": "Boolean", "ValueName": "RDVEnforceUserCert", "TrueValue": "1", "FalseValue": "0", "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "VolumeEncryption.admx", "CategoryName": "FVERDVCategory", "PolicyName": "RDVEncryptionType_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.VolumeEncryption", "Supported": "Windows8NoARM - At least Windows Server 2012 or Windows 8", "DisplayName": "Enforce drive encryption type on removable data drives", "ExplainText": "This policy setting allows you to configure the encryption type used by BitLocker Drive Encryption. This policy setting is applied when you turn on BitLocker. Changing the encryption type has no effect if the drive is already encrypted or if encryption is in progress. Choose full encryption to require that the entire drive be encrypted when BitLocker is turned on. Choose used space only encryption to require that only the portion of the drive used to store data is encrypted when BitLocker is turned on.\n\nIf you enable this policy setting the encryption type that BitLocker will use to encrypt drives is defined by this policy and the encryption type option will not be presented in the BitLocker setup wizard.\n\nIf you disable or do not configure this policy setting, the BitLocker setup wizard will ask the user to select the encryption type before turning on BitLocker.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\FVE" ], "Elements": [ { "Type": "Enum", "ValueName": "RDVEncryptionType", "Items": [ { "DisplayName": "Allow user to choose (default)", "Data": "0" }, { "DisplayName": "Full encryption", "Data": "1" }, { "DisplayName": "Used Space Only encryption", "Data": "2" } ], "Required": true } ] }, { "File": "VolumeEncryption.admx", "CategoryName": "FVERDVCategory", "PolicyName": "RDVEDrive_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.VolumeEncryption", "Supported": "Windows8NoARM - At least Windows Server 2012 or Windows 8", "DisplayName": "Configure use of hardware-based encryption for removable data drives", "ExplainText": "This policy setting allows you to manage BitLocker\u2019s use of hardware-based encryption on removable data drives and specify which encryption algorithms it can use with hardware-based encryption. Using hardware-based encryption can improve performance of drive operations that involve frequent reading or writing of data to the drive.\n\nIf you enable this policy setting, you can specify additional options that control whether BitLocker software-based encryption is used instead of hardware-based encryption on computers that do not support hardware-based encryption and whether you want to restrict the encryption algorithms and cipher suites used with hardware-based encryption.\n\nIf you disable this policy setting, BitLocker cannot use hardware-based encryption with operating system drives and BitLocker software-based encryption will be used by default when the drive is encrypted.\n\nIf you do not configure this policy setting, BitLocker will use software-based encryption irrespective of hardware-based encryption availability.\n\nNote: The \"Choose drive encryption method and cipher strength\" policy setting does not apply to hardware-based encryption. The encryption algorithm used by hardware-based encryption is set when the drive is partitioned. By default, BitLocker uses the algorithm configured on the drive to encrypt the drive. The \"Restrict encryption algorithms and cipher suites allowed for hardware-based encryption\" option enables you to restrict the encryption algorithms that BitLocker can use with hardware encryption. If the algorithm set for the drive is not available, BitLocker will disable the use of hardware-based encryption.\nEncryption algorithms are specified by object identifiers (OID). For example:\n- AES 128 in CBC mode OID: 2.16.840.1.101.3.4.1.2\n- AES 256 in CBC mode OID: 2.16.840.1.101.3.4.1.42", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\FVE" ], "ValueName": "RDVHardwareEncryption", "Elements": [ { "Type": "Boolean", "ValueName": "RDVAllowSoftwareEncryptionFailover", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "RDVRestrictHardwareEncryptionAlgorithms", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Text", "ValueName": "RDVAllowedHardwareEncryptionAlgorithms", "Required": false, "Expandable": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "W32Time.admx", "CategoryName": "W32TIME_ROOT", "PolicyName": "W32TIME_POLICY_CONFIG", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsTimeService", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Global Configuration Settings", "ExplainText": "This policy setting allows you to specify Clock discipline and General values for the Windows Time service (W32time) for domain controllers including RODCs.\n\nIf this policy setting is enabled, W32time Service on target machines use the settings provided here. Otherwise, the service on target machines use locally configured settings values.\n\nFor more details on individual parameters, combinations of parameter values as well as definitions of flags, see https://go.microsoft.com/fwlink/?linkid=847809.\n\nFrequencyCorrectRate\nThis parameter controls the rate at which the W32time corrects the local clock's frequency. Lower values cause larger corrections; larger values cause smaller corrections. Default: 4 (scalar).\n\nHoldPeriod\nThis parameter indicates how many consistent time samples the client computer must receive in a series before subsequent time samples are evaluated as potential spikes. Default: 5\n\nLargePhaseOffset\nIf a time sample differs from the client computer's local clock by more than LargePhaseOffset, the local clock is deemed to have drifted considerably, or in other words, spiked. Default: 50,000,000 100-nanosecond units (ns) or 5 seconds.\n\nMaxAllowedPhaseOffset\nIf a response is received that has a time variation that is larger than this parameter value, W32time sets the client computer's local clock immediately to the time that is accepted as accurate from the Network Time Protocol (NTP) server. If the time variation is less than this value, the client computer's local clock is corrected gradually. Default: 300 seconds.\n\nMaxNegPhaseCorrection\nIf a time sample is received that indicates a time in the past (as compared to the client computer's local clock) that has a time difference that is greater than the MaxNegPhaseCorrection value, the time sample is discarded. Default: 172,800 seconds.\n\nMaxPosPhaseCorrection\nIf a time sample is received that indicates a time in the future (as compared to the client computer's local clock) that has a time difference greater than the MaxPosPhaseCorrection value, the time sample is discarded. Default: 172,800 seconds.\n\nPhaseCorrectRate\nThis parameter controls how quickly W32time corrects the client computer's local clock difference to match time samples that are accepted as accurate from the NTP server. Lower values cause the clock to correct more quickly; larger values cause the clock to correct more slowly. Default: 7 (scalar).\n\nPollAdjustFactor\nThis parameter controls how quickly W32time changes polling intervals. When responses are considered to be accurate, the polling interval lengthens automatically. When responses are considered to be inaccurate, the polling interval shortens automatically. Default: 5 (scalar).\n\nSpikeWatchPeriod\nThis parameter specifies the amount of time that samples with time offset larger than LargePhaseOffset are received before these samples are accepted as accurate. SpikeWatchPeriod is used in conjunction with HoldPeriod to help eliminate sporadic, inaccurate time samples that are returned from a peer. Default: 900 seconds.\n\nUpdateInterval\nThis parameter specifies the amount of time that W32time waits between corrections when the clock is being corrected gradually. When it makes a gradual correction, the service adjusts the clock slightly, waits this amount of time, and then checks to see if another adjustment is needed, until the correction is finished. Default: 100 1/100th second units, or 1 second.\n\nGeneral parameters:\n\nAnnounceFlags\nThis parameter is a bitmask value that controls how time service availability is advertised through NetLogon. Default: 0x0a hexadecimal\n\nEventLogFlags\nThis parameter controls special events that may be logged to the Event Viewer System log. Default: 0x02 hexadecimal bitmask.\n\nLocalClockDispersion\nThis parameter indicates the maximum error in seconds that is reported by the NTP server to clients that are requesting a time sample. (Applies only when the NTP server is using the time of the local CMOS clock.) Default: 10 seconds.\n\nMaxPollInterval\nThis parameter controls the maximum polling interval, which defines the maximum amount of time between polls of a peer. Default: 10 in log base-2, or 1024 seconds. (Should not be set higher than 15.)\n\nMinPollInterval\nThis parameter controls the minimum polling interval that defines the minimum amount of time between polls of a peer. Default: 6 in log base-2, or 64 seconds.\n\nClockHoldoverPeriod\nThis parameter indicates the maximum number of seconds a system clock can nominally hold its accuracy without synchronizing with a time source. If this period of time passes without W32time obtaining new samples from any of its input providers, W32time initiates a rediscovery of time sources. Default: 7800 seconds.\n\nRequireSecureTimeSyncRequests\nThis parameter controls whether or not the DC will respond to time sync requests that use older authentication protocols. If enabled (set to 1), the DC will not respond to requests using such protocols. Default: 0 Boolean.\n\nUtilizeSslTimeData\nThis parameter controls whether W32time will use time data computed from SSL traffic on the machine as an additional input for correcting the local clock. Default: 1 (enabled) Boolean\n\nClockAdjustmentAuditLimit\nThis parameter specifies the smallest local clock adjustments that may be logged to the W32time service event log on the target machine. Default: 800 Parts per million (PPM).\n\nRODC parameters:\n\nChainEntryTimeout\nThis parameter specifies the maximum amount of time that an entry can remain in the chaining table before the entry is considered to be expired. Expired entries may be removed when the next request or response is processed. Default: 16 seconds.\n\nChainMaxEntries\nThis parameter controls the maximum number of entries that are allowed in the chaining table. If the chaining table is full and no expired entries can be removed, any incoming requests are discarded. Default: 128 entries.\n\nChainMaxHostEntries\nThis parameter controls the maximum number of entries that are allowed in the chaining table for a particular host. Default: 4 entries.\n\nChainDisable\nThis parameter controls whether or not the chaining mechanism is disabled. If chaining is disabled (set to 0), the RODC can synchronize with any domain controller, but hosts that do not have their passwords cached on the RODC will not be able to synchronize with the RODC. Default: 0 Boolean.\n\nChainLoggingRate\nThis parameter controls the frequency at which an event that indicates the number of successful and unsuccessful chaining attempts is logged to the System log in Event Viewer. Default: 30 minutes.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\W32Time\\Config" ], "Elements": [ { "Type": "Decimal", "ValueName": "FrequencyCorrectRate", "MinValue": "1", "MaxValue": null }, { "Type": "Decimal", "ValueName": "HoldPeriod", "MinValue": "1", "MaxValue": null }, { "Type": "Decimal", "ValueName": "LargePhaseOffset", "MinValue": "0", "MaxValue": "4294967295" }, { "Type": "Decimal", "ValueName": "MaxAllowedPhaseOffset", "MinValue": "0", "MaxValue": null }, { "Type": "Decimal", "ValueName": "MaxNegPhaseCorrection", "MinValue": "0", "MaxValue": "4294967295" }, { "Type": "Decimal", "ValueName": "MaxPosPhaseCorrection", "MinValue": "0", "MaxValue": "4294967295" }, { "Type": "Decimal", "ValueName": "PhaseCorrectRate", "MinValue": "1", "MaxValue": null }, { "Type": "Decimal", "ValueName": "PollAdjustFactor", "MinValue": "1", "MaxValue": null }, { "Type": "Decimal", "ValueName": "SpikeWatchPeriod", "MinValue": "1", "MaxValue": null }, { "Type": "Decimal", "ValueName": "UpdateInterval", "MinValue": "1", "MaxValue": "4294967295" }, { "Type": "Decimal", "ValueName": "AnnounceFlags", "MinValue": "0", "MaxValue": "16" }, { "Type": "Decimal", "ValueName": "EventLogFlags", "MinValue": "0", "MaxValue": "3" }, { "Type": "Decimal", "ValueName": "LocalClockDispersion", "MinValue": "0", "MaxValue": "16" }, { "Type": "Decimal", "ValueName": "MaxPollInterval", "MinValue": "0", "MaxValue": null }, { "Type": "Decimal", "ValueName": "MinPollInterval", "MinValue": "0", "MaxValue": "15" }, { "Type": "Decimal", "ValueName": "ClockHoldoverPeriod", "MinValue": "1024", "MaxValue": "260000" }, { "Type": "Decimal", "ValueName": "RequireSecureTimeSyncRequests", "MinValue": "0", "MaxValue": "1" }, { "Type": "Decimal", "ValueName": "UtilizeSslTimeData", "MinValue": "0", "MaxValue": "1" }, { "Type": "Decimal", "ValueName": "ClockAdjustmentAuditLimit", "MinValue": "128", "MaxValue": null }, { "Type": "Decimal", "ValueName": "ChainEntryTimeout", "MinValue": "2", "MaxValue": "16" }, { "Type": "Decimal", "ValueName": "ChainMaxEntries", "MinValue": "128", "MaxValue": "1024" }, { "Type": "Decimal", "ValueName": "ChainMaxHostEntries", "MinValue": "1", "MaxValue": "4" }, { "Type": "Decimal", "ValueName": "ChainDisable", "MinValue": "0", "MaxValue": "1" }, { "Type": "Decimal", "ValueName": "ChainLoggingRate", "MinValue": "0", "MaxValue": "10080" } ] }, { "File": "W32Time.admx", "CategoryName": "W32TIME_TIMEPROVIDERS", "PolicyName": "W32TIME_POLICY_CONFIGURE_NTPCLIENT", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsTimeService", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Configure Windows NTP Client", "ExplainText": "This policy setting specifies a set of parameters for controlling the Windows NTP Client.\n\nIf you enable this policy setting, you can specify the following parameters for the Windows NTP Client.\n\nIf you disable or do not configure this policy setting, the WIndows NTP Client uses the defaults of each of the following parameters.\n\nNtpServer\nThe Domain Name System (DNS) name or IP address of an NTP time source. This value is in the form of \"\"dnsName,flags\"\" where \"\"flags\"\" is a hexadecimal bitmask of the flags for that host. For more information, see the NTP Client Group Policy Settings Associated with Windows Time section of the Windows Time Service Group Policy Settings. The default value is \"\"time.windows.com,0x09\"\".\n\nType\nThis value controls the authentication that W32time uses. The default value is NT5DS.\n\nCrossSiteSyncFlags\nThis value, expressed as a bitmask, controls how W32time chooses time sources outside its own site. The possible values are 0, 1, and 2. Setting this value to 0 (None) indicates that the time client should not attempt to synchronize time outside its site. Setting this value to 1 (PdcOnly) indicates that only the computers that function as primary domain controller (PDC) emulator operations masters in other domains can be used as synchronization partners when the client has to synchronize time with a partner outside its own site. Setting a value of 2 (All) indicates that any synchronization partner can be used. This value is ignored if the NT5DS value is not set. The default value is 2 decimal (0x02 hexadecimal).\n\nResolvePeerBackoffMinutes\nThis value, expressed in minutes, controls how long W32time waits before it attempts to resolve a DNS name when a previous attempt failed. The default value is 15 minutes.\n\nResolvePeerBackoffMaxTimes\nThis value controls how many times W32time attempts to resolve a DNS name before the discovery process is restarted. Each time DNS name resolution fails, the amount of time to wait before the next attempt will be twice the previous amount. The default value is seven attempts.\n\nSpecialPollInterval\nThis NTP client value, expressed in seconds, controls how often a manually configured time source is polled when the time source is configured to use a special polling interval. If the SpecialInterval flag is enabled on the NTPServer setting, the client uses the value that is set as the SpecialPollInterval, instead of a variable interval between MinPollInterval and MaxPollInterval values, to determine how frequently to poll the time source. SpecialPollInterval must be in the range of [MinPollInterval, MaxPollInterval], else the nearest value of the range is picked. Default: 1024 seconds.\n\nEventLogFlags\nThis value is a bitmask that controls events that may be logged to the System log in Event Viewer. Setting this value to 0x1 indicates that W32time will create an event whenever a time jump is detected. Setting this value to 0x2 indicates that W32time will create an event whenever a time source change is made. Because it is a bitmask value, setting 0x3 (the addition of 0x1 and 0x2) indicates that both time jumps and time source changes will be logged.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\W32time\\TimeProviders\\NtpClient" ], "Elements": [ { "Type": "Text", "ValueName": "NtpServer", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\W32time\\Parameters" ] }, { "Type": "Enum", "ValueName": "Type", "Items": [ { "DisplayName": "NoSync", "Data": "NoSync" }, { "DisplayName": "NTP", "Data": "NTP" }, { "DisplayName": "NT5DS", "Data": "NT5DS" }, { "DisplayName": "AllSync", "Data": "AllSync" } ], "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\W32time\\Parameters" ] }, { "Type": "Decimal", "ValueName": "CrossSiteSyncFlags", "MinValue": "0", "MaxValue": "2" }, { "Type": "Decimal", "ValueName": "ResolvePeerBackoffMinutes", "MinValue": "0", "MaxValue": null }, { "Type": "Decimal", "ValueName": "ResolvePeerBackoffMaxTimes", "MinValue": "0", "MaxValue": null }, { "Type": "Decimal", "ValueName": "SpecialPollInterval", "MinValue": "0", "MaxValue": "131072" }, { "Type": "Decimal", "ValueName": "EventLogFlags", "MinValue": "0", "MaxValue": "3" } ] }, { "File": "W32Time.admx", "CategoryName": "W32TIME_TIMEPROVIDERS", "PolicyName": "W32TIME_POLICY_ENABLE_NTPCLIENT", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsTimeService", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Enable Windows NTP Client", "ExplainText": "This policy setting specifies whether the Windows NTP Client is enabled.\n\nEnabling the Windows NTP Client allows your computer to synchronize its computer clock with other NTP servers. You might want to disable this service if you decide to use a third-party time provider.\n\nIf you enable this policy setting, you can set the local computer clock to synchronize time with NTP servers.\n\nIf you disable or do not configure this policy setting, the local computer clock does not synchronize time with NTP servers.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\W32time\\TimeProviders\\NtpClient" ], "ValueName": "Enabled", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "W32Time.admx", "CategoryName": "W32TIME_TIMEPROVIDERS", "PolicyName": "W32TIME_POLICY_ENABLE_NTPSERVER", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsTimeService", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Enable Windows NTP Server", "ExplainText": "This policy setting allows you to specify whether the Windows NTP Server is enabled.\n\nIf you enable this policy setting for the Windows NTP Server, your computer can service NTP requests from other computers.\n\nIf you disable or do not configure this policy setting, your computer cannot service NTP requests from other computers.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\W32Time\\TimeProviders\\NtpServer" ], "ValueName": "Enabled", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WCM.admx", "CategoryName": "WCM_Category", "PolicyName": "WCM_BlockNonDomain", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsConnectionManager", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Prohibit connection to non-domain networks when connected to domain authenticated network", "ExplainText": "This policy setting prevents computers from connecting to both a domain based network and a non-domain based network at the same time.\n\nIf this policy setting is enabled, the computer responds to automatic and manual network connection attempts based on the following circumstances:\n\nAutomatic connection attempts\n- When the computer is already connected to a domain based network, all automatic connection attempts to non-domain networks are blocked.\n- When the computer is already connected to a non-domain based network, automatic connection attempts to domain based networks are blocked.\n\nManual connection attempts\n- When the computer is already connected to either a non-domain based network or a domain based network over media other than Ethernet, and a user attempts to create a manual connection to an additional network in violation of this policy setting, the existing network connection is disconnected and the manual connection is allowed.\n- When the computer is already connected to either a non-domain based network or a domain based network over Ethernet, and a user attempts to create a manual connection to an additional network in violation of this policy setting, the existing Ethernet connection is maintained and the manual connection attempt is blocked.\n\nIf this policy setting is not configured or is disabled, computers are allowed to connect simultaneously to both domain and non-domain networks.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WcmSvc\\GroupPolicy" ], "ValueName": "fBlockNonDomain", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WCM.admx", "CategoryName": "WCM_Category", "PolicyName": "WCM_MinimizeConnections", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsConnectionManager", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Minimize the number of simultaneous connections to the Internet or a Windows Domain", "ExplainText": "This policy setting determines if a computer can have multiple connections to the internet or to a Windows domain. If multiple connections are allowed, it then determines how network traffic will be routed.\n\nIf this policy setting is set to 0, a computer can have simultaneous connections to the internet, to a Windows domain, or to both. Internet traffic can be routed over any connection - including a cellular connection and any metered network. This was previously the Disabled state for this policy setting. This option was first available in Windows 8.\n\nIf this policy setting is set to 1, any new automatic internet connection is blocked when the computer has at least one active internet connection to a preferred type of network. Here's the order of preference (from most preferred to least preferred): Ethernet, WLAN, then cellular. Ethernet is always preferred when connected. Users can still manually connect to any network. This was previously the Enabled state for this policy setting. This option was first available in Windows 8.\n\nIf this policy setting is set to 2, the behavior is similar to 1. However, if a cellular data connection is available, it will always stay connected for services that require a cellular connection. When the user is connected to a WLAN or Ethernet connection, no internet traffic will be routed over the cellular connection. This option was first available in Windows 10 (Version 1703).\n\nIf this policy setting is set to 3, the behavior is similar to 2. However, if there's an Ethernet connection, Windows won't allow users to connect to a WLAN manually. A WLAN can only be connected (automatically or manually) when there's no Ethernet connection.\n\nThis policy setting is related to the \"Enable Windows to soft-disconnect a computer from a network\" policy setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WcmSvc\\GroupPolicy" ], "Elements": [ { "Type": "Enum", "ValueName": "fMinimizeConnections", "Items": [ { "DisplayName": "0 = Allow simultaneous connections", "Data": "0" }, { "DisplayName": "1 = Minimize simultaneous connections", "Data": "1" }, { "DisplayName": "2 = Stay connected to cellular", "Data": "2" }, { "DisplayName": "3 = Prevent Wi-Fi when on Ethernet", "Data": "3" } ], "Required": true } ] }, { "File": "WCM.admx", "CategoryName": "WCM_Category", "PolicyName": "WCM_DisableRoaming", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsConnectionManager", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Prohibit connection to roaming Mobile Broadband networks", "ExplainText": "This policy setting prevents clients from connecting to Mobile Broadband networks when the client is registered on a roaming provider network.\n\nIf this policy setting is enabled, all automatic and manual connection attempts to roaming provider networks are blocked until the client registers with the home provider network.\n\nIf this policy setting is not configured or is disabled, clients are allowed to connect to roaming provider Mobile Broadband networks.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WcmSvc\\GroupPolicy" ], "ValueName": "fBlockRoaming", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WCM.admx", "CategoryName": "WCM_Category", "PolicyName": "WCM_DisablePowerManagement", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsConnectionManager", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Disable power management in connected standby mode", "ExplainText": "This policy setting specifies that power management is disabled when the machine enters connected standby mode.\n\nIf this policy setting is enabled, Windows Connection Manager does not manage adapter radios to reduce power consumption when the machine enters connected standby mode.\n\nIf this policy setting is not configured or is disabled, power management is enabled when the machine enters connected standby mode.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WcmSvc\\GroupPolicy" ], "ValueName": "fDisablePowerManagement", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WCM.admx", "CategoryName": "WCM_Category", "PolicyName": "WCM_EnableSoftDisconnect", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsConnectionManager", "Supported": "Windows_10_0_RS3 - At least Windows Server 2016, Windows 10 Version 1709", "DisplayName": "Enable Windows to soft-disconnect a computer from a network", "ExplainText": "This policy setting determines whether Windows will soft-disconnect a computer from a network.\n\nIf this policy setting is enabled or not configured, Windows will soft-disconnect a computer from a network when it determines that the computer should no longer be connected to a network.\n\nIf this policy setting is disabled, Windows will disconnect a computer from a network immediately when it determines that the computer should no longer be connected to a network.\n\nWhen soft disconnect is enabled:\n- When Windows decides that the computer should no longer be connected to a network, it waits for traffic to settle on that network. The existing TCP session will continue uninterrupted.\n- Windows then checks the traffic level on the network periodically. If the traffic level is above a certain threshold, no further action is taken. The computer stays connected to the network and continues to use it. For example, if the network connection is currently being used to download files from the Internet, the files will continue to be downloaded using that network connection.\n- When the network traffic drops below this threshold, the computer will be disconnected from the network. Apps that keep a network connection active even when they're not actively using it (for example, email apps) might lose their connection. If this happens, these apps should re-establish their connection over a different network.\n\nThis policy setting depends on other group policy settings. For example, if 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is disabled, Windows will not disconnect from any networks.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WcmSvc\\GroupPolicy" ], "ValueName": "fSoftDisconnectConnections", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WDI.admx", "CategoryName": "Troubleshooting", "PolicyName": "WdiDpsScenarioDataSizeLimitPolicy", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDiagnostics", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Diagnostics: Configure scenario retention", "ExplainText": "This policy setting determines the data retention limit for Diagnostic Policy Service (DPS) scenario data.\n\nIf you enable this policy setting, you must enter the maximum size of scenario data that should be retained in megabytes. Detailed troubleshooting data related to scenarios will be retained until this limit is reached.\n\nIf you disable or do not configure this policy setting, the DPS deletes scenario data once it exceeds 128 megabytes in size.\n\nNo reboots or service restarts are required for this policy setting to take effect: changes take effect immediately.\n\nThis policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenario data will not be deleted. The DPS can be configured with the Services snap-in to the Microsoft Management Console.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WDI" ], "ValueName": "DataRetentionBySizeEnabled", "Elements": [ { "Type": "Decimal", "ValueName": "DirSizeLimit", "MinValue": "0", "MaxValue": null, "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WDI.admx", "CategoryName": "Troubleshooting", "PolicyName": "WdiDpsScenarioExecutionPolicy", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDiagnostics", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Diagnostics: Configure scenario execution level", "ExplainText": "This policy setting determines the execution level for Diagnostic Policy Service (DPS) scenarios.\n\nIf you enable this policy setting, you must select an execution level from the drop-down menu. If you select problem detection and troubleshooting only, the DPS will detect problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will attempt to automatically fix problems it detects or indicate to the user that assisted resolution is available.\n\nIf you disable this policy setting, Windows cannot detect, troubleshoot, or resolve any problems that are handled by the DPS.\n\nIf you do not configure this policy setting, the DPS enables all scenarios for resolution by default, unless you configure separate scenario-specific policy settings.\n\nThis policy setting takes precedence over any scenario-specific policy settings when it is enabled or disabled. Scenario-specific policy settings only take effect if this policy setting is not configured.\n\nNo reboots or service restarts are required for this policy setting to take effect: changes take effect immediately.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WDI" ], "ValueName": "ScenarioExecutionEnabled", "Elements": [ { "Type": "Enum", "ValueName": "EnabledScenarioExecutionLevel", "Items": [ { "DisplayName": "Detection and Troubleshooting Only", "Data": "1" }, { "DisplayName": "Detection, Troubleshooting and Resolution", "Data": "2" } ], "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WebThreatDefense.admx", "CategoryName": "WebThreatDefense", "PolicyName": "ServiceEnabled", "Class": "Machine", "NameSpace": "Microsoft.Policies.WebThreatDefense", "Supported": "Windows_11_0_22H2 - At least Windows 11 Version 22H2", "DisplayName": "Service Enabled", "ExplainText": "This policy setting determines whether Enhanced Phishing Protection in Microsoft Defender SmartScreen is in audit mode or off. Users do not see notifications for any protection scenarios when Enhanced Phishing Protection in Microsoft Defender is in audit mode. Audit mode captures unsafe password entry events and sends telemetry through Microsoft Defender.\n\nIf you enable this policy setting, Enhanced Phishing Protection in Microsoft Defender SmartScreen is enabled in audit mode and your users are unable to turn it off.\n\nIf you disable this policy setting, Enhanced Phishing Protection in Microsoft Defender SmartScreen is off and it will not capture events, send telemetry, or notify users. Additionally, your users are unable to turn it on.\n\nIf you don\u2019t configure this setting, users can decide whether or not they will enable Enhanced Phishing Protection in Microsoft Defender SmartScreen.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WTDS\\Components" ], "ValueName": "ServiceEnabled", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WebThreatDefense.admx", "CategoryName": "WebThreatDefense", "PolicyName": "NotifyMalicious", "Class": "Machine", "NameSpace": "Microsoft.Policies.WebThreatDefense", "Supported": "Windows_11_0_22H2 - At least Windows 11 Version 22H2", "DisplayName": "Notify Malicious", "ExplainText": "This policy setting determines whether Enhanced Phishing Protection in Microsoft Defender SmartScreen warns your users if they type their work or school password into one of the following malicious scenarios: into a reported phishing site, into a Microsoft login URL with an invalid certificate, or into an application connecting to either a reported phishing site or a Microsoft login URL with an invalid certificate.\n\nIf you enable this policy setting, Enhanced Phishing Protection in Microsoft Defender SmartScreen warns your users if they type their work or school password into one of the malicious scenarios described above and encourages them to change their password.\n\nIf you disable or don\u2019t configure this policy setting, Enhanced Phishing Protection in Microsoft Defender SmartScreen will not warn your users if they type their work or school password into one of the malicious scenarios described above.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WTDS\\Components" ], "ValueName": "NotifyMalicious", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WebThreatDefense.admx", "CategoryName": "WebThreatDefense", "PolicyName": "NotifyPasswordReuse", "Class": "Machine", "NameSpace": "Microsoft.Policies.WebThreatDefense", "Supported": "Windows_11_0_22H2 - At least Windows 11 Version 22H2", "DisplayName": "Notify Password Reuse", "ExplainText": "This policy setting determines whether Enhanced Phishing Protection in Microsoft Defender SmartScreen warns your users if they reuse their work or school password.\n\nIf you enable this policy setting, Enhanced Phishing Protection in Microsoft Defender SmartScreen warns users if they reuse their work or school password and encourages them to change it.\n\nIf you disable or don\u2019t configure this policy setting, Enhanced Phishing Protection in Microsoft Defender SmartScreen will not warn users if they reuse their work or school password.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WTDS\\Components" ], "ValueName": "NotifyPasswordReuse", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WebThreatDefense.admx", "CategoryName": "WebThreatDefense", "PolicyName": "NotifyUnsafeApp", "Class": "Machine", "NameSpace": "Microsoft.Policies.WebThreatDefense", "Supported": "Windows_11_0_22H2 - At least Windows 11 Version 22H2", "DisplayName": "Notify Unsafe App", "ExplainText": "This policy setting determines whether Enhanced Phishing Protection in Microsoft Defender SmartScreen warns your users if they type their work or school passwords in Notepad, Winword, or M365 Office apps like OneNote, Word, Excel, etc.\n\nIf you enable this policy setting, Enhanced Phishing Protection in Microsoft Defender SmartScreen warns your users if they store their password in text editor apps.\n\nIf you disable or don\u2019t configure this policy setting, Enhanced Phishing Protection in Microsoft Defender SmartScreen will not warn users if they store their password in text editor apps.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WTDS\\Components" ], "ValueName": "NotifyUnsafeApp", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WebThreatDefense.admx", "CategoryName": "WebThreatDefense", "PolicyName": "AutomaticDataCollection", "Class": "Machine", "NameSpace": "Microsoft.Policies.WebThreatDefense", "Supported": "Windows_11_0_22H2 - At least Windows 11 Version 22H2", "DisplayName": "Automatic Data Collection", "ExplainText": "This policy setting determines whether Enhanced Phishing Protection can collect additional information-such as content displayed, sounds played, and application memory-when your users enter their work or school password into a suspicious website or app. This information is used only for security purposes and helps SmartScreen determine whether the website or app is malicious.\n\nIf you enable this policy setting, Enhanced Phishing Protection may automatically collect additional content for security analysis from a suspicious website or app when your users enter their work or school password into that website or app.\n\nIf you disable this policy setting, Enhanced Phishing Protection will not collect additional content for security analysis when your users enter their work or school password into a suspicious site or app.\n\nIf this policy is not set, Enhanced Phishing Protection automatic data collection will honor the end user\u2019s settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WTDS\\Components" ], "ValueName": "CaptureThreatWindow", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WinCal.admx", "CategoryName": "WinCal", "PolicyName": "TurnOffWinCal_1", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsCalendar", "Supported": "WindowsVistaOnly - Windows Vista only", "DisplayName": "Turn off Windows Calendar", "ExplainText": "Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars, publishing them, and subscribing to other users calendars.\n\nIf you enable this setting, Windows Calendar will be turned off.\n\nIf you disable or do not configure this setting, Windows Calendar will be turned on.\n\nThe default is for Windows Calendar to be turned on.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Windows" ], "ValueName": "TurnOffWinCal", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WinCal.admx", "CategoryName": "WinCal", "PolicyName": "TurnOffWinCal_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsCalendar", "Supported": "WindowsVistaOnly - Windows Vista only", "DisplayName": "Turn off Windows Calendar", "ExplainText": "Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars, publishing them, and subscribing to other users calendars.\n\nIf you enable this setting, Windows Calendar will be turned off.\n\nIf you disable or do not configure this setting, Windows Calendar will be turned on.\n\nThe default is for Windows Calendar to be turned on.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Windows" ], "ValueName": "TurnOffWinCal", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsAnytimeUpgrade.admx", "CategoryName": "WAU", "PolicyName": "Disabled", "Class": "Both", "NameSpace": "Microsoft.Policies.Explorer.WAU", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Prevent the wizard from running.", "ExplainText": "By default, Add features to Windows 10 is available for all administrators.\n\nIf you enable this policy setting, the wizard will not run.\n\nIf you disable this policy setting or set it to Not Configured, the wizard will run.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\WAU", "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\WAU" ], "ValueName": "Disabled", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsBackup.admx", "CategoryName": "BackupServer", "PolicyName": "AllowOnlySystemBackup", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsBackup", "Supported": "WindowsServer2008", "DisplayName": "Allow only system backup", "ExplainText": "This policy setting allows you to manage whether backups of only system volumes is allowed or both OS and data volumes can be backed up.\n\nIf you enable this policy setting, machine administrator/backup operator can backup only volumes hosting OS components and no data only volumes can be backed up.If you disable or do not configure this policy setting, backups can include both system or data volumes.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Backup\\Server" ], "ValueName": "OnlySystemBackup", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsBackup.admx", "CategoryName": "BackupServer", "PolicyName": "DisallowLocallyAttachedStorageAsBackupTarget", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsBackup", "Supported": "WindowsServer2008", "DisplayName": "Disallow locally attached storage as backup target", "ExplainText": "This policy setting allows you to manage whether backups of a machine can run to locally attached storage or not.\n\nIf you enable this policy setting, machine administrator/backup operator cannot use Windows Server Backup to run backups to a locally attached storage or disk.\n\nIf you disable or do not configure this policy setting, there is no restriction on locally attached storage or disk being backup target.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Backup\\Server" ], "ValueName": "NoBackupToDisk", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsBackup.admx", "CategoryName": "BackupServer", "PolicyName": "DisallowNetworkAsBackupTarget", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsBackup", "Supported": "WindowsServer2008", "DisplayName": "Disallow network as backup target", "ExplainText": "This policy setting allows you to manage whether backups of a machine can run to a network share or not.\n\nIf you enable this policy setting, machine administrator/backup operator cannot use Windows Server Backup to run backups to a network share.\n\nIf you disable or do not configure this policy setting, there is no restriction on network share being backup target.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Backup\\Server" ], "ValueName": "NoBackupToNetwork", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsBackup.admx", "CategoryName": "BackupServer", "PolicyName": "DisallowOpticalMediaAsBackupTarget", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsBackup", "Supported": "WindowsServer2008", "DisplayName": "Disallow optical media as backup target", "ExplainText": "This policy setting allows you to manage whether backups of a machine can run to an optical media or not.\n\nIf you enable this policy setting, machine administrator/backup operator cannot use Windows Server Backup to run backups to an optical media.\n\nIf you disable or do not configure this policy setting, there is no restriction on optical media being backup target.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Backup\\Server" ], "ValueName": "NoBackupToOptical", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsBackup.admx", "CategoryName": "BackupServer", "PolicyName": "DisallowRunOnceBackups", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsBackup", "Supported": "WindowsServer2008", "DisplayName": "Disallow run-once backups", "ExplainText": "This policy setting allows you to manage whether run-once backups of a machine can be run or not.\n\nIf you enable this policy setting, machine administrator/backup operator cannot use Windows Server Backup to run non-scheduled run-once backups.\n\nIf you disable or do not configure this policy setting, there is no restriction on running run-once backups.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Backup\\Server" ], "ValueName": "NoRunNowBackup", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsColorSystem.admx", "CategoryName": "WindowsColorSystem", "PolicyName": "ProhibitChangingInstalledProfileList_1", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsColorSystem", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Prohibit installing or uninstalling color profiles", "ExplainText": "This policy setting affects the ability of users to install or uninstall color profiles.\n\nIf you enable this policy setting, users cannot install new color profiles or uninstall previously installed color profiles.\n\nIf you disable or do not configure this policy setting, all users can install new color profiles. Standard users can uninstall color profiles that they previously installed. Administrators will be able to uninstall all color profiles.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\WindowsColorSystem" ], "ValueName": "ProhibitInstallUninstall", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsColorSystem.admx", "CategoryName": "WindowsColorSystem", "PolicyName": "ProhibitChangingInstalledProfileList_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsColorSystem", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Prohibit installing or uninstalling color profiles", "ExplainText": "This policy setting affects the ability of users to install or uninstall color profiles.\n\nIf you enable this policy setting, users cannot install new color profiles or uninstall previously installed color profiles.\n\nIf you disable or do not configure this policy setting, all users can install new color profiles. Standard users can uninstall color profiles that they previously installed. Administrators will be able to uninstall all color profiles.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsColorSystem" ], "ValueName": "ProhibitInstallUninstall", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsConnectNow.admx", "CategoryName": "WCN_Category", "PolicyName": "WCN_DisableWcnUi_1", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsConnectNow", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Prohibit access of the Windows Connect Now wizards", "ExplainText": "This policy setting prohibits access to Windows Connect Now (WCN) wizards.\n\nIf you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks. All the configuration related tasks, including \"Set up a wireless router or access point\" and \"Add a wireless device\" are disabled.\n\nIf you disable or do not configure this policy setting, users can access the wizard tasks, including \"Set up a wireless router or access point\" and \"Add a wireless device.\" The default for this policy setting allows users to access all WCN wizards.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\WCN\\UI" ], "ValueName": "DisableWcnUi", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsConnectNow.admx", "CategoryName": "WCN_Category", "PolicyName": "WCN_DisableWcnUi_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsConnectNow", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Prohibit access of the Windows Connect Now wizards", "ExplainText": "This policy setting prohibits access to Windows Connect Now (WCN) wizards.\n\nIf you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks. All the configuration related tasks, including \"Set up a wireless router or access point\" and \"Add a wireless device\" are disabled.\n\nIf you disable or do not configure this policy setting, users can access the wizard tasks, including \"Set up a wireless router or access point\" and \"Add a wireless device.\" The default for this policy setting allows users to access all WCN wizards.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WCN\\UI" ], "ValueName": "DisableWcnUi", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsConnectNow.admx", "CategoryName": "WCN_Category", "PolicyName": "WCN_EnableRegistrar", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsConnectNow", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Configuration of wireless settings using Windows Connect Now", "ExplainText": "This policy setting allows the configuration of wireless settings using Windows Connect Now (WCN). The WCN Registrar enables the discovery and configuration of devices over Ethernet (UPnP), over In-band 802.11 WLAN, through the Windows Portable Device API (WPD), and via USB Flash drives.\n\nAdditional options are available to allow discovery and configuration over a specific medium.\n\nIf you enable this policy setting, additional choices are available to turn off the operations over a specific medium.\n\nIf you disable this policy setting, operations are disabled over all media.\n\nIf you do not configure this policy setting, operations are enabled over all media.\n\nThe default for this policy setting allows operations over all media.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WCN\\Registrars" ], "ValueName": "EnableRegistrars", "Elements": [ { "Type": "Boolean", "ValueName": "DisableUPnPRegistrar", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "DisableInBand802DOT11Registrar", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "DisableFlashConfigRegistrar", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "DisableWPDRegistrar", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Decimal", "ValueName": "MaxWCNDeviceNumber", "MinValue": "0", "MaxValue": "65535" }, { "Type": "Enum", "ValueName": "HigherPrecedenceRegistrar", "Items": [ { "DisplayName": "WCN over Ethernet (UPnP)", "Data": "1" }, { "DisplayName": "WCN over In-band 802.11 WLAN", "Data": "2" } ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsCopilot.admx", "CategoryName": "WindowsAI", "PolicyName": "DisableAIDataAnalysis", "Class": "Both", "NameSpace": "Microsoft.Policies.WindowsCopilot", "Supported": "Windows_11_0_NOSERVER_ENTERPRISE_EDUCATION_PRO_SANDBOX - At least Windows 11 Pro, Enterprise, or Education with Windows Sandbox", "DisplayName": "Turn off saving snapshots for use with Recall", "ExplainText": "This policy setting allows you to determine whether snapshots of the screen can be saved for use with Recall. For managed devices, snapshots for Recall are not enabled by default. IT administrators cannot, on their own, enable saving snapshots on behalf of their users. The choice to enable saving snapshots requires individual user opt-in consent.\n\nIf the policy is not configured, snapshots won't be saved for use with Recall.\n\nIf you enable this policy, snapshots won't be saved for use with Recall. If snapshots were previously saved on the device, they will be deleted when this policy is enabled.\n\nIf you set this policy to disabled, end users will have a choice to save snapshots of their screen and use Recall to find things they've seen on their device.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsAI", "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsAI" ], "ValueName": "DisableAIDataAnalysis", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsCopilot.admx", "CategoryName": "WindowsAI", "PolicyName": "SetDenyAppListForRecall", "Class": "Both", "NameSpace": "Microsoft.Policies.WindowsCopilot", "Supported": "Windows_11_0_NOSERVER_ENTERPRISE_EDUCATION_PRO_SANDBOX - At least Windows 11 Pro, Enterprise, or Education with Windows Sandbox", "DisplayName": "Set a list of apps to be filtered from snapshots for Recall", "ExplainText": "This policy allows you to define a list of apps that won't be included in snapshots for Recall.\n\nUsers will be able to add additional applications to exclude from snapshots using Recall settings.\n\nThe list can include Application User Model IDs (AUMID) or name of the executable file.\n\nUse a semicolon-separated list of apps to define the deny app list for Recall.\n\nFor example: code.exe;Microsoft.WindowsNotepad_8wekyb3d8bbwe!App;ms-teams.exe\n\nImportant: This setting applies to Enterprise and Education client SKUs only. When configuring this policy setting, changes will not take effect until the device restarts.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsAI\\SetDenyAppListForRecall", "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsAI\\SetDenyAppListForRecall" ], "Elements": [ { "Type": "Text", "ValueName": "DenyAppListForRecall" } ] }, { "File": "WindowsCopilot.admx", "CategoryName": "WindowsAI", "PolicyName": "SetDenyUriListForRecall", "Class": "Both", "NameSpace": "Microsoft.Policies.WindowsCopilot", "Supported": "Windows_11_0_NOSERVER_ENTERPRISE_EDUCATION_PRO_SANDBOX - At least Windows 11 Pro, Enterprise, or Education with Windows Sandbox", "DisplayName": "Set a list of URIs to be filtered from snapshots for Recall", "ExplainText": "This policy setting lets you define a list of URIs that won't be included in snapshots for Recall when a supported browser is used. People within your organization can use Recall settings to add more websites to the list. Define the list using a semicolon to separate URIs.\n\nFor example: https://www.Contoso.com;https://www.WoodgroveBank.com;https://www.Adatum.com\n\nAdding https://www.WoodgroveBank.com to the list would also filter https://Account.WoodgroveBank.com and https://www.WoodgroveBank.com/Account.\n\nImportant: This setting applies to Enterprise and Education client SKUs only. Changes to this policy take effect after device restart.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsAI\\SetDenyUriListForRecall", "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsAI\\SetDenyUriListForRecall" ], "Elements": [ { "Type": "Text", "ValueName": "DenyUriListForRecall" } ] }, { "File": "WindowsCopilot.admx", "CategoryName": "WindowsCopilot", "PolicyName": "TurnOffWindowsCopilot", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsCopilot", "Supported": "Windows_11_0_NOSERVER_ENTERPRISE_EDUCATION_PRO_SANDBOX - At least Windows 11 Pro, Enterprise, or Education with Windows Sandbox", "DisplayName": "Turn off Windows Copilot", "ExplainText": "This policy setting allows you to turn off Windows Copilot.\n\nIf you enable this policy setting, users will not be able to use Copilot. The Copilot icon will not appear on the taskbar either.\n\nIf you disable or do not configure this policy setting, users will be able to use Copilot when it's available to them.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsCopilot" ], "ValueName": "TurnOffWindowsCopilot", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsCopilot.admx", "CategoryName": "WindowsAI", "PolicyName": "SetDataLossPreventionProvider", "Class": "Both", "NameSpace": "Microsoft.Policies.WindowsCopilot", "Supported": "Windows_11_0_NOSERVER_ENTERPRISE_EDUCATION_PRO_SANDBOX - At least Windows 11 Pro, Enterprise, or Education with Windows Sandbox", "DisplayName": "Set the DLP provider ID for Recall", "ExplainText": "This policy allows an admin to specify a DLP provider, which Recall will use if the provider is properly installed. You will need to get the string for this from your provider. It will look something like 'key:HKEY_LOCAL_MACHINE\\Software\\Contoso\\DLP; value:InstallPath; binary:contosoDLP.dll' (without any quotes in the value).\n\nImportant: This setting applies to Enterprise and Education client SKUs only.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsAI", "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsAI" ], "Elements": [ { "Type": "Text", "ValueName": "SetDataLossPreventionProviderKey" } ] }, { "File": "WindowsCopilot.admx", "CategoryName": "WindowsCopilot", "PolicyName": "SetCopilotHardwareKey", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsCopilot", "Supported": "Windows_11_0_NOSERVER - At least Windows 11", "DisplayName": "Set Copilot Hardware Key", "ExplainText": "This policy setting determines which app opens when the user presses the Copilot key on their keyboard. If the policy is enabled, the specified app will open when the user presses the Copilot key. Users can change the key assignment in Settings. If the policy is not configured, Copilot will open if it's available in that country or region.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\CopilotKey" ], "Elements": [ { "Type": "Text", "ValueName": "SetCopilotHardwareKey", "Required": true } ] }, { "File": "WindowsCopilot.admx", "CategoryName": "WindowsAI", "PolicyName": "SetMaximumStorageSpaceForRecallSnapshots", "Class": "Both", "NameSpace": "Microsoft.Policies.WindowsCopilot", "Supported": "Windows_11_0_NOSERVER_ENTERPRISE_EDUCATION_PRO_SANDBOX - At least Windows 11 Pro, Enterprise, or Education with Windows Sandbox", "DisplayName": "Set maximum storage for snapshots used by Recall", "ExplainText": "This policy setting allows you to control the maximum amount of disk space that can be used by Windows to save snapshots for Recall.\n\nYou can set the maximum amount of disk space for snapshots to be 10, 25, 50, 75, 100, or 150 GB.\n\nWhen this setting is not configured, the OS configures the storage allocation for snapshots based on the device storage capacity unless the current user specifies a different value.\n\n25 GB is allocated when the device storage capacity is 256 GB. 75 GB is allocated when the device storage capacity is 512 GB. 150 GB is allocated when the device storage capacity is 1 TB or higher.\n\nIf both maximum storage duration and maximum storage space are set for Recall, then snapshots are deleted when the first maximum is reached.\n\nImportant: This setting applies to Enterprise and Education client SKUs only.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsAI", "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsAI" ], "Elements": [ { "Type": "Enum", "ValueName": "SetMaximumStorageSpaceForRecallSnapshots", "Items": [ { "DisplayName": "Let the OS define the maximum storage amount based on hard drive storage size", "Data": "0" }, { "DisplayName": "10GB", "Data": "10240" }, { "DisplayName": "25GB", "Data": "25600" }, { "DisplayName": "50GB", "Data": "51200" }, { "DisplayName": "75GB", "Data": "76800" }, { "DisplayName": "100GB", "Data": "102400" }, { "DisplayName": "150GB", "Data": "153600" } ] } ] }, { "File": "WindowsCopilot.admx", "CategoryName": "WindowsAI", "PolicyName": "SetMaximumStorageDurationForRecallSnapshots", "Class": "Both", "NameSpace": "Microsoft.Policies.WindowsCopilot", "Supported": "Windows_11_0_NOSERVER_ENTERPRISE_EDUCATION_PRO_SANDBOX - At least Windows 11 Pro, Enterprise, or Education with Windows Sandbox", "DisplayName": "Set maximum duration for storing snapshots used by Recall", "ExplainText": "This policy setting allows you to control the maximum amount of time (in days) that Windows saves snapshots for Recall.\n\nWhen the policy is enabled, you can configure the maximum storage duration to be 30, 60, 90, or 180 days.\n\nWhen this policy is not configured, the maximum storage duration is 90 days unless the current user specifies a different value.\n\nIf both maximum storage duration and maximum storage space are set for Recall, then snapshots are deleted when the first maximum is reached.\n\nImportant: This setting applies to Enterprise and Education client SKUs only.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsAI", "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsAI" ], "Elements": [ { "Type": "Enum", "ValueName": "SetMaximumStorageDurationForRecallSnapshots", "Items": [ { "DisplayName": "Let the OS define the maximum amount of time the snapshots will be saved", "Data": "0" }, { "DisplayName": "30 days", "Data": "30" }, { "DisplayName": "60 days", "Data": "60" }, { "DisplayName": "90 days", "Data": "90" }, { "DisplayName": "180 days", "Data": "180" } ] } ] }, { "File": "WindowsCopilot.admx", "CategoryName": "WindowsAI", "PolicyName": "AllowRecallEnablement", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsCopilot", "Supported": "Windows_11_0_NOSERVER_ENTERPRISE_EDUCATION_PRO_SANDBOX - At least Windows 11 Pro, Enterprise, or Education with Windows Sandbox", "DisplayName": "Allow Recall to be enabled", "ExplainText": "This policy setting allows you to determine whether the Recall optional component is available for end users to enable on their device. By default, Recall is disabled for managed commercial devices. Recall isn't available on managed devices by default, and individual users can't enable Recall on their own.\n\nIf this policy is not configured, end users will have the Recall component in a disabled state.\n\nIf this policy is disabled, the Recall component will be in disabled state and the bits for Recall will be removed from the device. If snapshots were previously saved on the device, they will be deleted when this policy is disabled. Removing Recall requires a device restart.\n\nIf the policy is enabled, end users will have Recall available on their device. Depending on the state of the DisableAIDataAnalysis policy (Turn off saving snapshots for use with Recall), end users will be able to choose if they want to save snapshots of their screen and use Recall to find things they've seen on their device.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsAI" ], "ValueName": "AllowRecallEnablement", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsCopilot.admx", "CategoryName": "WindowsAI", "PolicyName": "DisableClickToDo", "Class": "Both", "NameSpace": "Microsoft.Policies.WindowsCopilot", "Supported": "Windows_11_0_NOSERVER_ENTERPRISE_EDUCATION_PRO_SANDBOX - At least Windows 11 Pro, Enterprise, or Education with Windows Sandbox", "DisplayName": "Disable Click to Do", "ExplainText": "Click to Do lets people take action on content on their screens. When activated, it takes a screenshot of their screen and analyzes it to present actions. Click to Do ends when they exit it, and it can't take screenshots while closed. Screenshot analysis is always performed locally on their device. By default, Click to Do is enabled for users.\n\nThis policy setting allows you to determine whether Click to Do is available for users on their device.\n\nWhen the policy is enabled, the Click to Do component and entry points will not be available to users.\n\nWhen the policy is disabled, users will have Click to Do available on their device.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsAI", "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsAI" ], "ValueName": "DisableClickToDo", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsCopilot.admx", "CategoryName": "Paint", "PolicyName": "DisableImageCreator", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsCopilot", "Supported": "Windows_11_0_22H2 - At least Windows 11 Version 22H2", "DisplayName": "Disable Image Creator", "ExplainText": "This policy setting allows you to control whether Image Creator functionality is disabled in the Windows Paint app. If this policy is enabled, Image Creator functionality will not be accessible in the Paint app. If this policy is disabled or not configured, users will be able to access Image Creator functionality.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Paint" ], "ValueName": "DisableImageCreator", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsCopilot.admx", "CategoryName": "Paint", "PolicyName": "DisableCocreator", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsCopilot", "Supported": "Windows_11_0_22H2 - At least Windows 11 Version 22H2", "DisplayName": "Disable Cocreator", "ExplainText": "This policy setting allows you to control whether Cocreator functionality is disabled in the Windows Paint app. If this policy is enabled, Cocreator functionality will not be accessible in the Paint app. If this policy is disabled or not configured, users will be able to access Cocreator functionality.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Paint" ], "ValueName": "DisableCocreator", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsCopilot.admx", "CategoryName": "Paint", "PolicyName": "DisableGenerativeFill", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsCopilot", "Supported": "Windows_11_0_22H2 - At least Windows 11 Version 22H2", "DisplayName": "Disable generative fill", "ExplainText": "This policy setting allows you to control whether generative fill functionality is disabled in the Windows Paint app. If this policy is enabled, generative fill functionality will not be accessible in the Paint app. If this policy is disabled or not configured, users will be able to access generative fill functionality.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Paint" ], "ValueName": "DisableGenerativeFill", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsCopilot.admx", "CategoryName": "WindowsAI", "PolicyName": "AllowRecallExport", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsCopilot", "Supported": "Windows_11_0_NOSERVER_ENTERPRISE_EDUCATION_PRO_SANDBOX - At least Windows 11 Pro, Enterprise, or Education with Windows Sandbox", "DisplayName": "Allow export of Recall and snapshot information", "ExplainText": "This policy allows you to determine whether users can export their own Recall and snapshot information. Exporting allows users to share their Recall and snapshot information with trusted apps or websites. Users can export from Settings > Privacy & security > Recall & snapshots > Advanced settings > Export snapshots > Export past snapshots > Export.\n\nUsers can also choose to continuously export their snapshots if they turn on the option to Export snapshots from now on from Settings > Privacy & security > Recall & snapshots > Advanced settings > Export snapshots > Export.\n\nBefore starting an export, the user must authenticate with Windows Hello and they are notified that their exported snapshots are encrypted since they might contain sensitive information. The user is also notified that they'll need to provide their Recall export code if they want to allow trusted apps or websites access to exported snapshots. The Recall export code is displayed to users during Recall setup even if this policy is set to disabled or not configured. For managed devices:\n\nWhen you set this policy to enabled, users will be able to export Recall and snapshot information.\n\nIf the policy is set to disabled or not configured, users won't be able to export their Recall and snapshot information.\n\nImportant: This setting applies to devices in the European Economic Area (EEA) only. Export of Recall and snapshot information is a user-initiated process and is per user. IT admins or other users can't initiate an export on behalf of another.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsAI" ], "ValueName": "AllowRecallExport", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsCopilot.admx", "CategoryName": "WindowsAI", "PolicyName": "DisableSettingsAgent", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsCopilot", "Supported": "Windows_11_0_NOSERVER_ENTERPRISE_EDUCATION_PRO_SANDBOX - At least Windows 11 Pro, Enterprise, or Education with Windows Sandbox", "DisplayName": "Disable Settings agentic search experience", "ExplainText": "Settings agentic experience enhances search results within the Settings app by enabling natural language. When activated, it utilizes an AI model to provide intelligent Settings search suggestions.\n\nThis policy setting allows you to determine whether Settings agentic search experience is available for users on their device.\n\nWhen the policy is enabled, the Settings agentic search experience is disabled, limiting search results to statically indexed searches and semantic searches.\n\nWhen the policy is disabled, users will have Settings agentic search experience available on their device.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsAI" ], "ValueName": "DisableSettingsAgent", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsCopilot.admx", "CategoryName": "WindowsAI", "PolicyName": "AgentConnectorMinimumPolicy", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsCopilot", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Agent Connector Minimum Policy", "ExplainText": "Configure the minimum policy value which controls how agent connectors run on the machine.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsAI" ], "Elements": [ { "Type": "Enum", "ValueName": "AgentConnectorMinimumPolicy", "Items": [ { "DisplayName": "User In Control", "Data": "0" }, { "DisplayName": "Restricted", "Data": "1" }, { "DisplayName": "Bypass", "Data": "2" } ] } ] }, { "File": "WindowsCopilot.admx", "CategoryName": "WindowsAI", "PolicyName": "RemoveMicrosoftCopilotApp", "Class": "Both", "NameSpace": "Microsoft.Policies.WindowsCopilot", "Supported": "Windows_11_0_NOSERVER_ENTERPRISE_EDUCATION_PRO_SANDBOX - At least Windows 11 Pro, Enterprise, or Education with Windows Sandbox", "DisplayName": "Remove Microsoft Copilot App", "ExplainText": "This policy setting allows you to uninstall Microsoft Copilot for users in a targeted way. It will apply to devices/users that meet the below conditions:\n\n\u2022 Microsoft 365 Copilot and Microsoft Copilot are both installed\n\n\u2022 The Microsoft Copilot app was not installed by the user\n\n\u2022 The Microsoft Copilot app was not launched in the last 28 days\n\nIf this policy is enabled, the Microsoft Copilot app will be uninstalled. Users can still re-install if they choose to.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsAI", "HKCU\\Software\\Policies\\Microsoft\\Windows\\WindowsAI" ], "ValueName": "RemoveMicrosoftCopilotApp", "Elements": [] }, { "File": "WindowsDefender.admx", "CategoryName": "Features", "PolicyName": "DeviceControlEnabled", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0_RS1 - At least Windows Server 2016, Windows 10 Version 1607", "DisplayName": "Device Control", "ExplainText": "Enable or Disable Defender Device Control on this machine.\nNote: You must be enrolled as E3 or E5 in order for Device Control to be enabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Features" ], "ValueName": "DeviceControlEnabled", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "DeviceControl", "PolicyName": "DeviceControl_PolicyGroups", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0_RS1 - At least Windows Server 2016, Windows 10 Version 1607", "DisplayName": "Define device control policy groups", "ExplainText": "Please follow the device control policy groups xml schema to fill out the policy groups data.\nAlternatively you could use a file path containing the XML groups data.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Device Control\\Policy Groups" ], "Elements": [ { "Type": "Text", "ValueName": "PolicyGroups", "Required": true } ] }, { "File": "WindowsDefender.admx", "CategoryName": "DeviceControl", "PolicyName": "DeviceControl_PolicyRules", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0_RS1 - At least Windows Server 2016, Windows 10 Version 1607", "DisplayName": "Define device control policy rules", "ExplainText": "Please follow the device control policy rules xml schema to fill out the policy rules data.\nAlternatively you could use a file path containing the XML rules data.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Device Control\\Policy Rules" ], "Elements": [ { "Type": "Text", "ValueName": "PolicyRules", "Required": true } ] }, { "File": "WindowsDefender.admx", "CategoryName": "DeviceControl", "PolicyName": "DeviceControl_DefaultEnforcement", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0_RS1 - At least Windows Server 2016, Windows 10 Version 1607", "DisplayName": "Select Device Control Default Enforcement Policy", "ExplainText": "Default Allow: Choosing this default enforcement, will Allow any operations to occur on the attached devices if no policy rules are found to match.\nDefault Deny: Choosing this default enforcement, will Deny any operations to occur on the attached devices if no policy rules are found to match.\n\nDefault Enforcement will establish what decision should be made during the Device Control access checks when none of the policy rules match.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Device Control" ], "Elements": [ { "Type": "Enum", "ValueName": "DefaultEnforcement", "Items": [ { "DisplayName": "Default Allow", "Data": "1" }, { "DisplayName": "Default Deny", "Data": "2" } ], "Required": true } ] }, { "File": "WindowsDefender.admx", "CategoryName": "DeviceControl", "PolicyName": "DeviceControl_DataDuplicationRemoteLocation", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0_RS1 - At least Windows Server 2016, Windows 10 Version 1607", "DisplayName": "Define Device Control evidence data remote location", "ExplainText": "Define evidence file remote location, where Device Control service will move evidence data captured.\n\nWhen configuring this setting, ensure that Device Control is Enabled and that the provided path is a remote path the user can access.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Device Control" ], "Elements": [ { "Type": "Text", "ValueName": "DataDuplicationRemoteLocation", "Required": true } ] }, { "File": "WindowsDefender.admx", "CategoryName": "DeviceControl", "PolicyName": "DeviceControl_DataDuplicationLocalRetentionPeriod", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0_RS1 - At least Windows Server 2016, Windows 10 Version 1607", "DisplayName": "Set the retention period for files in the local device control cache", "ExplainText": "This policy setting determines how long device control retains files for evidence in its local cache on the device. Device control keeps a file in its local cache only if it is unable to upload the file to a designated network share or Azure storage.\n\nBy default, device control retains files in its local cache for 60 days.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Device Control" ], "Elements": [ { "Type": "Decimal", "ValueName": "DataDuplicationLocalRetentionPeriod", "MinValue": "0", "MaxValue": "10000", "Required": true } ] }, { "File": "WindowsDefender.admx", "CategoryName": "DeviceControl", "PolicyName": "DeviceControl_SecuredDevicesConfiguration", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0_RS1 - At least Windows Server 2016, Windows 10 Version 1607", "DisplayName": "Turn on device control for specific device types", "ExplainText": "This policy setting controls which device types, identified by their PrimaryIds, will have device control protection turned on. If you enable this setting for certain device types, device control will regulate access to those devices based on the corresponding custom policy. Device control will be turned off for all other types of supported devices, even if custom protection policies are configured for those devices.\n\nThis setting currently supports these device types: RemovableMediaDevices, CdRomDevices, WpdDevices, and PrinterDevices.\n\nIf you enable this policy setting but do not specify any PrimaryIds, device control will be turned off across all supported device types.\n\nIf you disable or don\u2019t configure this policy setting, device control will be enforced on all supported devicesbased on their corresponding custom policies.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Device Control" ], "Elements": [ { "Type": "Text", "ValueName": "SecuredDevicesConfiguration" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "DeviceControl", "PolicyName": "DeviceControl_CustomSupportLink", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0_RS1 - At least Windows Server 2016, Windows 10 Version 1607", "DisplayName": "Set up a support link for device control notifications", "ExplainText": "This setting enables your organization to specify the \u2018Get Support\u2019 link in device control notifications.\n\nWhen configured, the \u2018Get Support\" button automatically navigates to the specified link.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Device Control" ], "Elements": [ { "Type": "Text", "ValueName": "CustomSupportLink", "Required": false } ] }, { "File": "WindowsDefender.admx", "CategoryName": "DeviceControl", "PolicyName": "DeviceControl_PolicyRefreshFailureInterval", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0_RS1 - At least Windows Server 2016, Windows 10 Version 1607", "DisplayName": "Set the policy refresh rate", "ExplainText": "This setting defines the interval, in minutes, at which the device will retry loading the policy configuration in the case that an error has occurred and the policy could not load.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Device Control" ], "Elements": [ { "Type": "Text", "ValueName": "PolicyRefreshFailureInterval", "Required": false } ] }, { "File": "WindowsDefender.admx", "CategoryName": "DeviceControl", "PolicyName": "DeviceControl_AzureAdRefreshInterval", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0_RS1 - At least Windows Server 2016, Windows 10 Version 1607", "DisplayName": "Set the Azure AD refresh rate", "ExplainText": "This setting defines the interval, in minutes, at which the device will query Azure AD to update related settings, configuration, and group memberships.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Device Control" ], "Elements": [ { "Type": "Text", "ValueName": "AzureAdRefreshInterval", "Required": false } ] }, { "File": "WindowsDefender.admx", "CategoryName": "DeviceControl", "PolicyName": "DeviceControl_DataDuplicationMaximumQuota", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0_RS1 - At least Windows Server 2016, Windows 10 Version 1607", "DisplayName": "Set the data duplication limit (MB)", "ExplainText": "This setting defines the maximum amount of data that can be duplicated for device control.\n\nWhen the limit is reached, files that are copied to removable storage will not be duplicated on the machine.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Device Control" ], "Elements": [ { "Type": "Text", "ValueName": "DataDuplicationMaximumQuota", "Required": false } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Exclusions", "PolicyName": "DisableAutoExclusions", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0_SERVER - At least Windows Server 2016", "DisplayName": "Turn off Auto Exclusions", "ExplainText": "Allows an administrator to specify if Automatic Exclusions feature for Server SKUs should be turned off.\n\nDisabled (Default):\nMicrosoft Defender will exclude pre-defined list of paths from the scan to improve performance.\n\nEnabled:\nMicrosoft Defender will not exclude pre-defined list of paths from scans. This can impact machine performance in some scenarios.\n\nNot configured:\nSame as Disabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Exclusions" ], "ValueName": "DisableAutoExclusions", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "AntiSpywareDefender", "PolicyName": "AllowFastServiceStartup", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Allow antimalware service to startup with normal priority", "ExplainText": "This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance.\n\nIf you enable or do not configure this setting, the antimalware service will load as a normal priority task.\n\nIf you disable this setting, the antimalware service will load as a low priority task.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender" ], "ValueName": "AllowFastServiceStartup", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "AntiSpywareDefender", "PolicyName": "DisableAntiSpywareDefender", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn off Microsoft Defender Antivirus", "ExplainText": "This policy setting turns off Microsoft Defender Antivirus.\n\nIf you enable this policy setting, Microsoft Defender Antivirus does not run, and will not scan computers for malware or other potentially unwanted software.\n\nIf you disable this policy setting, Microsoft Defender Antivirus will run regardless of any other installed antivirus product.\n\nIf you do not configure this policy setting, Windows will internally manage Microsoft Defender Antivirus. If you install another antivirus program, Windows automatically disables Microsoft Defender Antivirus. Otherwise, Microsoft Defender Antivirus will scan your computers for malware and other potentially unwanted software.\n\nEnabling or disabling this policy may lead to unexpected or unsupported behavior. It is recommended that you leave this policy setting unconfigured.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender" ], "ValueName": "DisableAntiSpyware", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "AntiSpywareDefender", "PolicyName": "DisableLocalAdminMerge", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Configure local administrator merge behavior for lists", "ExplainText": "This policy setting controls whether or not complex list settings configured by a local administrator are merged with Group Policy settings. This setting applies to lists such as threats and Exclusions.\n\nIf you disable or do not configure this setting, unique items defined in Group Policy and in preference settings configured by the local administrator will be merged into the resulting effective policy. In the case of conflicts, Group policy Settings will override preference settings.\n\nIf you enable this setting, only items defined by Group Policy will be used in the resulting effective policy. Group Policy settings will override preference settings configured by the local administrator.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender" ], "ValueName": "DisableLocalAdminMerge", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "AntiSpywareDefender", "PolicyName": "DisableRoutinelyTakingAction", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn off routine remediation", "ExplainText": "This policy setting allows you to configure whether Microsoft Defender Antivirus automatically takes action on all detected threats. The action to be taken on a particular threat is determined by the combination of the policy-defined action, user-defined action, and the signature-defined action.\n\nIf you enable this policy setting, Microsoft Defender Antivirus does not automatically take action on the detected threats, but prompts users to choose from the actions available for each threat.\n\nIf you disable or do not configure this policy setting, Microsoft Defender Antivirus automatically takes action on all detected threats after a nonconfigurable delay of approximately five seconds.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender" ], "ValueName": "DisableRoutinelyTakingAction", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "AntiSpywareDefender", "PolicyName": "ProxyBypass", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Define addresses to bypass proxy server", "ExplainText": "This policy, if defined, will prevent antimalware from using the configured proxy server when communicating with the specified IP addresses. The address value should be entered as a valid URL.\n\nIf you enable this setting, the proxy server will be bypassed for the specified addresses.\n\nIf you disable or do not configure this setting, the proxy server will not be bypassed for the specified addresses.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender" ], "Elements": [ { "Type": "Text", "ValueName": "ProxyBypass", "Required": true } ] }, { "File": "WindowsDefender.admx", "CategoryName": "AntiSpywareDefender", "PolicyName": "ProxyPacUrl", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Define proxy auto-config (.pac) for connecting to the network", "ExplainText": "This policy setting defines the URL of a proxy .pac file that should be used when the client attempts to connect the network for security intelligence updates and MAPS reporting. If the proxy auto-config fails or if there is no proxy auto-config specified, the client will fall back to the alternative options (in order):\n1. Proxy server (if specified)\n2. Proxy .pac URL (if specified)\n3. None\n4. Internet Explorer proxy settings\n5. Autodetect\n\nIf you enable this setting, the proxy setting will be set to use the specified proxy .pac according to the order specified above.\n\nIf you disable or do not configure this setting, the proxy will skip over this fallback step according to the order specified above.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender" ], "Elements": [ { "Type": "Text", "ValueName": "ProxyPacUrl", "Required": true } ] }, { "File": "WindowsDefender.admx", "CategoryName": "AntiSpywareDefender", "PolicyName": "ProxyServer", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Define proxy server for connecting to the network", "ExplainText": "This policy setting allows you to configure the named proxy that should be used when the client attempts to connect to the network for security intelligence updates and MAPS reporting. If the named proxy fails or if there is no proxy specified, the client will fall back to the alternative options (in order):\n1. Proxy server (if specified)\n2. Proxy .pac URL (if specified)\n3. None\n4. Internet Explorer proxy settings\n5. Autodetect\n\nIf you enable this setting, the proxy will be set to the specified URL according to the order specified above. The URL should be proceeded with either http:// or https://.\n\nIf you disable or do not configure this setting, the proxy will skip over this fallback step according to the order specified above.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender" ], "Elements": [ { "Type": "Text", "ValueName": "ProxyServer", "Required": true } ] }, { "File": "WindowsDefender.admx", "CategoryName": "AntiSpywareDefender", "PolicyName": "RandomizeScheduleTaskTimes", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Randomize scheduled task times", "ExplainText": "This policy setting allows you to configure the randomization of the scheduled scan start time and the scheduled definition update start time.\n\nIf you enable or do not configure this policy setting, and did not set a randomization window in the Configure scheduled task time randomization window setting , then randomization will be added between 0-4 hours.\nIf you enable or do not configure this policy setting, and set a randomization window in the Configure scheduled task time randomization window setting, the configured randomization window will be used.\nIf you disable this policy setting, but configured the scheduled task time randomization window, randomization will not be done.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender" ], "ValueName": "RandomizeScheduleTaskTimes", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "AntiSpywareDefender", "PolicyName": "SchedulerRandomizationTime", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Configure scheduled task times randomization window", "ExplainText": "This policy setting allows you to configure scheduled task scan start time and the scheduled security intelligence update start time window in hours. This setting affects the Randomize scheduled task times configuration.\n\nIf you enable this setting, you must pick a randomization window in hours. The possible randomization window interval is between 1 and 23 hours. The randomization interval implemented is between 0 and the configured value.\nWhen you enable this setting, Randomize scheduled task times settings uses the randomization window specified in this configuration setting.\nIf you disable or do not configure this policy setting, Randomize scheduled task times settings will randomize scheduled task times between 0-4 hours.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender" ], "Elements": [ { "Type": "Decimal", "ValueName": "SchedulerRandomizationTime", "MinValue": "1", "MaxValue": "23" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "AntiSpywareDefender", "PolicyName": "ServiceKeepAlive", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Allow antimalware service to remain running always", "ExplainText": "This policy setting allows you to configure whether or not the antimalware service remains running when antivirus and antispyware security intelligence is disabled. It is recommended that this setting remain disabled.\n\nIf you enable this setting, the antimalware service will always remain running even if both antivirus and antispyware security intelligence is disabled.\n\nIf you disable or do not configure this setting, the antimalware service will be stopped when both antivirus and antispyware security intelligence is disabled. If the computer is restarted, the service will be started if it is set to Automatic startup. After the service has started, there will be a check to see if antivirus and antispyware security intelligence is enabled. If at least one is enabled, the service will remain running. If both are disabled, the service will be stopped.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender" ], "ValueName": "ServiceKeepAlive", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "AntiSpywareDefender", "PolicyName": "SupportLogLocation", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0_RS1 - At least Windows Server 2016, Windows 10 Version 1607", "DisplayName": "Define the directory path to copy support log files", "ExplainText": "This policy setting allows you to configure the directory path where the support log files would be copied to. The value of this setting should be a valid directory path.\n\nIf you enable this setting, the support log files will be copied to the specified support log location path.\n\nIf you disable or do not configure this setting, the support logs files will not be copied to any location.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender" ], "Elements": [ { "Type": "Text", "ValueName": "SupportLogLocation", "Required": true } ] }, { "File": "WindowsDefender.admx", "CategoryName": "AntiSpywareDefender", "PolicyName": "HideExclusionsFromLocalAdmins", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0_RS1 - At least Windows Server 2016, Windows 10 Version 1607", "DisplayName": "Control whether or not exclusions are visible to Local Admins", "ExplainText": "This policy setting controls whether or not exclusions are visible to Local Admins. For end users (that are not Local Admins) exclusions are not visible, whether or not this setting is enabled.\nDisabled(Default):\nIf you disable or do not configure this setting, Local Admins will be able to see exclusions in the Windows Security App or via PowerShell.\n\nEnabled:\nIf you enable this setting, Local Admins will no longer be able to see the exclusion list in Windows Security App or via PowerShell.\nNote: Applying this setting will not remove exclusions, it will only prevent them from being visible to Local Admins. This is reflected in\u202fGet-MpPreference.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender" ], "ValueName": "HideExclusionsFromLocalAdmins", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "AntiSpywareDefender", "PolicyName": "HideExclusionsFromLocalUsers", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0_RS1 - At least Windows Server 2016, Windows 10 Version 1607", "DisplayName": "Control whether exclusions are visible to local users", "ExplainText": "This policy setting controls whether exclusions are visible to local users on the device.\nUse the policy setting HideExclusionsFromLocalAdmins to hide exclusions from both standard and administrative local users.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender" ], "ValueName": "HideExclusionsFromLocalUsers", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "AntiSpywareDefender", "PolicyName": "Root_PUAProtection", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0_RS1 - At least Windows Server 2016, Windows 10 Version 1607", "DisplayName": "Configure detection for potentially unwanted applications", "ExplainText": "Enable or disable detection for potentially unwanted applications. You can choose to block, audit, or allow when potentially unwanted software is being downloaded or attempts to install itself on your computer.\n\nEnabled:\nSpecify the mode in the Options section:\n-Block: Potentially unwanted software will be blocked.\n-Audit Mode: Potentially unwanted software will not be blocked, however if this feature would have blocked access if it were set to Block, then a record of the event will be in the event logs.\n\nDisabled:\nPotentially unwanted software will not be blocked.\n\nNot configured:\nSame as Disabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender" ], "Elements": [ { "Type": "Enum", "ValueName": "PUAProtection", "Items": [ { "DisplayName": "Disable (Default)", "Data": "0" }, { "DisplayName": "Block", "Data": "1" }, { "DisplayName": "Audit Mode", "Data": "2" } ], "Required": true } ] }, { "File": "WindowsDefender.admx", "CategoryName": "AntiSpywareDefender", "PolicyName": "Root_PlatformUpdateChannel", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0_RS1 - At least Windows Server 2016, Windows 10 Version 1607", "DisplayName": "Select the channel for Microsoft Defender monthly platform updates", "ExplainText": "Enable this policy to specify when devices receive Microsoft Defender platform updates during the monthly gradual rollout.\u200b\n\nBeta Channel: Devices set to this channel will be the first to receive new updates. Select Beta Channel to participate in identifying and reporting issues to Microsoft. Devices in the Windows Insider Program are subscribed to this channel by default. For use in (manual) test environments only and a limited number of devices.\nCurrent Channel (Preview): Devices set to this channel will be offered updates earliest during the monthly gradual release cycle. Suggested for pre-production/validation environments.\nCurrent Channel (Staged): Devices will be offered updates after the monthly gradual release cycle. Suggested to apply to a small, representative part of your production population (~10%).\nCurrent Channel (Broad): Devices will be offered updates only after the gradual release cycle completes. Suggested to apply to a broad set of devices in your production population (~10-100%).\nCritical - Time delay: Devices will be offered updates with a 48-hour delay. Suggested for critical environments only.\n\nIf you disable or do not configure this policy, the device will stay up to date automatically during the gradual release cycle. Suitable for most devices.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender" ], "Elements": [ { "Type": "Enum", "ValueName": "PlatformRing", "Items": [ { "DisplayName": "Beta Channel", "Data": "2" }, { "DisplayName": "Current Channel (Preview)", "Data": "3" }, { "DisplayName": "Current Channel (Staged)", "Data": "4" }, { "DisplayName": "Current Channel (Broad)", "Data": "5" }, { "DisplayName": "Critical - Time delay", "Data": "6" } ], "Required": true } ] }, { "File": "WindowsDefender.admx", "CategoryName": "AntiSpywareDefender", "PolicyName": "Root_EngineUpdateChannel", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0_RS1 - At least Windows Server 2016, Windows 10 Version 1607", "DisplayName": "Select the channel for Microsoft Defender monthly engine updates", "ExplainText": "Enable this policy to specify when devices receive Microsoft Defender engine updates during the monthly gradual rollout.\u200b\n\nBeta Channel: Devices set to this channel will be the first to receive new updates. Select Beta Channel to participate in identifying and reporting issues to Microsoft. Devices in the Windows Insider Program are subscribed to this channel by default. For use in (manual) test environments only and a limited number of devices.\nCurrent Channel (Preview): Devices set to this channel will be offered updates earliest during the monthly gradual release cycle. Suggested for pre-production/validation environments.\nCurrent Channel (Staged): Devices will be offered updates after the monthly gradual release cycle. Suggested to apply to a small, representative part of your production population (~10%).\nCurrent Channel (Broad): Devices will be offered updates only after the gradual release cycle completes. Suggested to apply to a broad set of devices in your production population (~10-100%).\nCritical - Time delay: Devices will be offered updates with a 48-hour delay. Suggested for critical environments only.\n\nIf you disable or do not configure this policy, the device will stay up to date automatically during the gradual release cycle. Suitable for most devices.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender" ], "Elements": [ { "Type": "Enum", "ValueName": "EngineRing", "Items": [ { "DisplayName": "Beta Channel", "Data": "2" }, { "DisplayName": "Current Channel (Preview)", "Data": "3" }, { "DisplayName": "Current Channel (Staged)", "Data": "4" }, { "DisplayName": "Current Channel (Broad)", "Data": "5" }, { "DisplayName": "Critical - Time delay", "Data": "6" } ], "Required": true } ] }, { "File": "WindowsDefender.admx", "CategoryName": "AntiSpywareDefender", "PolicyName": "Root_SecurityIntelligenceUpdateChannel", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0_RS1 - At least Windows Server 2016, Windows 10 Version 1607", "DisplayName": "Select the channel for Microsoft Defender daily security intelligence updates", "ExplainText": "Enable this policy to specify when devices receive Microsoft Defender security intelligence updates during the daily gradual rollout.\n\nCurrent Channel (Staged): Devices will be offered updates after the release cycle. Suggested to apply to a small, representative part of production population (~10%).\nCurrent Channel (Broad): Devices will be offered updates only after the gradual release cycle completes. Suggested to apply to a broad set of devices in your production population (~10-100%).\nCritical - Time delay: Devices will be offered updates with a 48-hour delay. Suggested for critical environments only.\n\nIf you disable or do not configure this policy, the device will stay up to date automatically during the daily release cycle. Suitable for most devices.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender" ], "Elements": [ { "Type": "Enum", "ValueName": "SignaturesRing", "Items": [ { "DisplayName": "Current Channel (Staged)", "Data": "4" }, { "DisplayName": "Current Channel (Broad)", "Data": "5" } ], "Required": true } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Exclusions", "PolicyName": "Exclusions_Extensions", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Extension Exclusions", "ExplainText": "This policy setting allows you specify a list of file types that should be excluded from scheduled, custom, and real-time scanning. File types should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of the file type extension (such as \"obj\" or \"lib\"). The value is not used and it is recommended that this be set to 0.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Exclusions" ], "ValueName": "Exclusions_Extensions", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Exclusions\\Extensions" ] } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Exclusions", "PolicyName": "Exclusions_Paths", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Path Exclusions", "ExplainText": "This policy setting allows you to disable scheduled and real-time scanning for files under the paths specified or for the fully qualified resources specified. Paths should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of a path or a fully qualified resource name. As an example, a path might be defined as: \"c:\\Windows\" to exclude all files in this directory. A fully qualified resource name might be defined as: \"C:\\Windows\\App.exe\". The value is not used and it is recommended that this be set to 0.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Exclusions" ], "ValueName": "Exclusions_Paths", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Exclusions\\Paths" ] } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Exclusions", "PolicyName": "Exclusions_Processes", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Process Exclusions", "ExplainText": "This policy setting allows you to disable real-time scanning for any file opened by any of the specified processes. This policy does not apply to scheduled scans. The process itself will not be excluded. To exclude the process, use the Path exclusion. Processes should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of the path to the process image. Note that only executables can be excluded. For example, a process might be defined as: \"c:\\windows\\app.exe\". The value is not used and it is recommended that this be set to 0.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Exclusions" ], "ValueName": "Exclusions_Processes", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Exclusions\\Processes" ] } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Exclusions", "PolicyName": "Exclusions_IpAddresses", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0_RS3 - At least Windows Server 2016, Windows 10 Version 1709", "DisplayName": "Ip Address Exclusions", "ExplainText": "Allows an administrator to explicitly disable network packet inspection made by wdnisdrv on a particular set of IP addresses.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Exclusions" ], "ValueName": "Exclusions_IpAddresses", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Exclusions\\IpAddresses" ] } ] }, { "File": "WindowsDefender.admx", "CategoryName": "NetworkRealtimeInspection", "PolicyName": "Nis_DisableProtocolRecognition", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Turn on protocol recognition", "ExplainText": "This policy setting allows you to configure protocol recognition for network protection against exploits of known vulnerabilities.\n\nIf you enable or do not configure this setting, protocol recognition will be enabled.\n\nIf you disable this setting, protocol recognition will be disabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\NIS" ], "ValueName": "DisableProtocolRecognition", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "NetworkRealtimeInspection", "PolicyName": "Nis_Consumers_IPS_DisableSignatureRetirement", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Turn on definition retirement", "ExplainText": "This policy setting allows you to configure definition retirement for network protection against exploits of known vulnerabilities. Definition retirement checks to see if a computer has the required security updates necessary to protect it against a particular vulnerability. If the system is not vulnerable to the exploit detected by a definition, then that definition is \"retired\". If all security intelligence for a given protocal are retired then that protocol is no longer parsed. Enabling this feature helps to improve performance. On a computer that is up-to-date with all the latest security updates, network protection will have no impact on network performance.\n\nIf you enable or do not configure this setting, definition retirement will be enabled.\n\nIf you disable this setting, definition retirement will be disabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\NIS\\Consumers\\IPS" ], "ValueName": "DisableSignatureRetirement", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "NetworkRealtimeInspection", "PolicyName": "Nis_Consumers_IPS_sku_differentiation_Signature_Set_Guid", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Specify additional definition sets for network traffic inspection", "ExplainText": "This policy setting defines additional definition sets to enable for network traffic inspection. Definition set GUIDs should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of a definition set GUID. As an example, the definition set GUID to enable test security intelligence is defined as: \"{b54b6ac9-a737-498e-9120-6616ad3bf590}\". The value is not used and it is recommended that this be set to 0.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\NIS\\Consumers\\IPS\\SKU Differentiation" ], "ValueName": "Nis_Consumers_IPS_sku_differentiation_Signature_Set_Guid", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\NIS\\Consumers\\IPS\\SKU Differentiation\\Signature Set GUID" ] } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Quarantine", "PolicyName": "Quarantine_LocalSettingOverridePurgeItemsAfterDelay", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Configure local setting override for the removal of items from Quarantine folder", "ExplainText": "This policy setting configures a local override for the configuration of the number of days items should be kept in the Quarantine folder before being removed. This setting can only be set by Group Policy.\n\nIf you enable this setting, the local preference setting will take priority over Group Policy.\n\nIf you disable or do not configure this setting, Group Policy will take priority over the local preference setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Quarantine" ], "ValueName": "LocalSettingOverridePurgeItemsAfterDelay", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Quarantine", "PolicyName": "Quarantine_PurgeItemsAfterDelay", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Configure removal of items from Quarantine folder", "ExplainText": "This policy setting defines the number of days items should be kept in the Quarantine folder before being removed.\n\nIf you enable this setting, items will be removed from the Quarantine folder after the number of days specified.\n\nIf you disable or do not configure this setting, items will be kept in the quarantine folder indefinitely and will not be automatically removed.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Quarantine" ], "Elements": [ { "Type": "Decimal", "ValueName": "PurgeItemsAfterDelay", "MinValue": "0", "MaxValue": "10000000" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "RealtimeProtection", "PolicyName": "RealtimeProtection_DisableSriptScanning", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Turn on script scanning", "ExplainText": "This policy setting allows you to configure script scanning.\n\nIf you enable or do not configure this setting, script scanning will be enabled.\n\nIf you disable this setting, script scanning will be disabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection" ], "ValueName": "DisableScriptScanning", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "RealtimeProtection", "PolicyName": "RealtimeProtection_OobeEnableRtpAndSigUpdate", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Configure real-time protection and Security Intelligence Updates during OOBE", "ExplainText": "This policy setting allows you to configure whether real-time protection and Security Intelligence Updates are enabled during OOBE (Out of Box experience).\n\nIf you enable this setting, real-time protection and Security Intelligence Updates are enabled during OOBE.\n\nIf you either disable or do not configure this policy setting, real-time protection and Security Intelligence Updates during OOBE is not enabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection" ], "ValueName": "OobeEnableRtpAndSigUpdate", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "RealtimeProtection", "PolicyName": "RealtimeProtection_PerformanceModeStatus", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_11_0_22H1", "DisplayName": "Configure performance mode status", "ExplainText": "This policy controls Microsoft Defender Antivirus performance mode for Dev Drives.\n\nA Dev Drive is a disk drive optimized for higher performance in software development scenarios. When this policy is Enabled or not configured, Performance mode is turned on for Microsoft Defender Antivirus. In Performance mode, Microsoft Defender Antivirus security checks of content stored on Dev Drives are conducted asynchronously to enhance performance. Performance mode requires the following policies also be enabled: \"Enable dev drive\", and \"Dev drive filter attach policy\".\n\nIf you either Enable or do not configure this policy setting, Performance mode is turned on.\n\nIf you Disable this policy setting, Performance mode is turned off and Microsoft Defender Antivirus will protect a Dev Drive in the same way as other drives.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection" ], "ValueName": "DisableAsyncScanOnOpen", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "RealtimeProtection", "PolicyName": "RealtimeProtection_DisableBehaviorMonitoring", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Turn on behavior monitoring", "ExplainText": "This policy setting allows you to configure behavior monitoring.\n\nIf you enable or do not configure this setting, behavior monitoring will be enabled.\n\nIf you disable this setting, behavior monitoring will be disabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection" ], "ValueName": "DisableBehaviorMonitoring", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "RealtimeProtection", "PolicyName": "RealtimeProtection_DisableIOAVProtection", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Scan all downloaded files and attachments", "ExplainText": "This policy setting allows you to configure scanning for all downloaded files and attachments.\n\nIf you enable or do not configure this setting, scanning for all downloaded files and attachments will be enabled.\n\nIf you disable this setting, scanning for all downloaded files and attachments will be disabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection" ], "ValueName": "DisableIOAVProtection", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "RealtimeProtection", "PolicyName": "RealtimeProtection_DisableOnAccessProtection", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Monitor file and program activity on your computer", "ExplainText": "This policy setting allows you to configure monitoring for file and program activity.\n\nIf you enable or do not configure this setting, monitoring for file and program activity will be enabled.\n\nIf you disable this setting, monitoring for file and program activity will be disabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection" ], "ValueName": "DisableOnAccessProtection", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "RealtimeProtection", "PolicyName": "RealtimeProtection_DisableRawWriteNotification", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Turn on raw volume write notifications", "ExplainText": "This policy setting controls whether raw volume write notifications are sent to behavior monitoring.\n\nIf you enable or do not configure this setting, raw write notifications will be enabled.\n\nIf you disable this setting, raw write notifications be disabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection" ], "ValueName": "DisableRawWriteNotification", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "RealtimeProtection", "PolicyName": "DisableRealtimeMonitoring", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn off real-time protection", "ExplainText": "This policy turns off real-time protection in Microsoft Defender Antivirus.\n\nReal-time protection consists of always-on scanning with file and process behavior monitoring and heuristics. When real-time protection is on, Microsoft Defender Antivirus detects malware and potentially unwanted software that attempts to install itself or run on your device, and prompts you to take action on malware detections.\n\nIf you enable this policy setting, real-time protection is turned off.\n\nIf you either disable or do not configure this policy setting, real-time protection is turned on.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection" ], "ValueName": "DisableRealtimeMonitoring", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "RealtimeProtection", "PolicyName": "RealtimeProtection_DisableScanOnRealtimeEnable", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Turn on process scanning whenever real-time protection is enabled", "ExplainText": "This policy setting allows you to configure process scanning when real-time protection is turned on. This helps to catch malware which could start when real-time protection is turned off.\n\nIf you enable or do not configure this setting, a process scan will be initiated when real-time protection is turned on.\n\nIf you disable this setting, a process scan will not be initiated when real-time protection is turned on.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection" ], "ValueName": "DisableScanOnRealtimeEnable", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "RealtimeProtection", "PolicyName": "RealtimeProtection_IOAVMaxSize", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Define the maximum size of downloaded files and attachments to be scanned", "ExplainText": "This policy setting defines the maximum size (in kilobytes) of downloaded files and attachments that will be scanned.\n\nIf you enable this setting, downloaded files and attachments smaller than the size specified will be scanned.\n\nIf you disable or do not configure this setting, a default size will be applied.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection" ], "Elements": [ { "Type": "Decimal", "ValueName": "IOAVMaxSize", "MinValue": "0", "MaxValue": "10000000" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "RealtimeProtection", "PolicyName": "RealtimeProtection_LocalSettingOverrideDisableBehaviorMonitoring", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Configure local setting override for turn on behavior monitoring", "ExplainText": "This policy setting configures a local override for the configuration of behavior monitoring. This setting can only be set by Group Policy.\n\nIf you enable this setting, the local preference setting will take priority over Group Policy.\n\nIf you disable or do not configure this setting, Group Policy will take priority over the local preference setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection" ], "ValueName": "LocalSettingOverrideDisableBehaviorMonitoring", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "RealtimeProtection", "PolicyName": "RealtimeProtection_LocalSettingOverrideDisableOnAccessProtection", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Configure local setting override for monitoring file and program activity on your computer", "ExplainText": "This policy setting configures a local override for the configuration of monitoring for file and program activity on your computer. This setting can only be set by Group Policy.\n\nIf you enable this setting, the local preference setting will take priority over Group Policy.\n\nIf you disable or do not configure this setting, Group Policy will take priority over the local preference setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection" ], "ValueName": "LocalSettingOverrideDisableOnAccessProtection", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "RealtimeProtection", "PolicyName": "RealtimeProtection_LocalSettingOverrideDisableIOAVProtection", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Configure local setting override for scanning all downloaded files and attachments", "ExplainText": "This policy setting configures a local override for the configuration of scanning for all downloaded files and attachments. This setting can only be set by Group Policy.\n\nIf you enable this setting, the local preference setting will take priority over Group Policy.\n\nIf you disable or do not configure this setting, Group Policy will take priority over the local preference setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection" ], "ValueName": "LocalSettingOverrideDisableIOAVProtection", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "RealtimeProtection", "PolicyName": "RealtimeProtection_LocalSettingOverrideDisableRealtimeMonitoring", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Configure local setting override to turn on real-time protection", "ExplainText": "This policy setting configures a local override for the configuration to turn on real-time protection. This setting can only be set by Group Policy.\n\nIf you enable this setting, the local preference setting will take priority over Group Policy.\n\nIf you disable or do not configure this setting, Group Policy will take priority over the local preference setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection" ], "ValueName": "LocalSettingOverrideDisableRealtimeMonitoring", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "RealtimeProtection", "PolicyName": "RealtimeProtection_LocalSettingOverrideRealtimeScanDirection", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Configure local setting override for monitoring for incoming and outgoing file activity", "ExplainText": "This policy setting configures a local override for the configuration of monitoring for incoming and outgoing file activity. This setting can only be set by Group Policy.\n\nIf you enable this setting, the local preference setting will take priority over Group Policy.\n\nIf you disable or do not configure this setting, Group Policy will take priority over the local preference setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection" ], "ValueName": "LocalSettingOverrideRealtimeScanDirection", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "RealtimeProtection", "PolicyName": "RealtimeProtection_RealtimeScanDirection", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Configure monitoring for incoming and outgoing file and program activity", "ExplainText": "This policy setting allows you to configure monitoring for incoming and outgoing files, without having to turn off monitoring entirely. It is recommended for use on servers where there is a lot of incoming and outgoing file activity but for performance reasons need to have scanning disabled for a particular scan direction. The appropriate configuration should be evaluated based on the server role.\n\nNote that this configuration is only honored for NTFS volumes. For any other file system type, full monitoring of file and program activity will be present on those volumes.\n\nThe options for this setting are mutually exclusive:\n0 = Scan incoming and outgoing files (default)\n1 = Scan incoming files only\n2 = Scan outgoing files only\n\nAny other value, or if the value does not exist, resolves to the default (0).\n\nIf you enable this setting, the specified type of monitoring will be enabled.\n\nIf you disable or do not configure this setting, monitoring for incoming and outgoing files will be enabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection" ], "Elements": [ { "Type": "Enum", "ValueName": "RealtimeScanDirection", "Items": [ { "DisplayName": "bi-directional (full on-access)", "Data": "0" }, { "DisplayName": "scan only incoming (disable on-open)", "Data": "1" }, { "DisplayName": "scan only outgoing (disable on-close)", "Data": "2" } ], "Required": true } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Remediation", "PolicyName": "Remediation_LocalSettingOverrideScan_ScheduleTime", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Configure local setting override for the time of day to run a scheduled full scan to complete remediation", "ExplainText": "This policy setting configures a local override for the configuration of the time to run a scheduled full scan to complete remediation. This setting can only be set by Group Policy.\n\nIf you enable this setting, the local preference setting will take priority over Group Policy.\n\nIf you disable or do not configure this setting, Group Policy will take priority over the local preference setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Remediation" ], "ValueName": "LocalSettingOverrideScan_ScheduleTime", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Remediation", "PolicyName": "Remediation_Scan_ScheduleDay", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Specify the day of the week to run a scheduled full scan to complete remediation", "ExplainText": "This policy setting allows you to specify the day of the week on which to perform a scheduled full scan in order to complete remediation. The scan can also be configured to run every day or to never run at all.\n\nThis setting can be configured with the following ordinal number values:\n(0x0) Every Day\n(0x1) Sunday\n(0x2) Monday\n(0x3) Tuesday\n(0x4) Wednesday\n(0x5) Thursday\n(0x6) Friday\n(0x7) Saturday\n(0x8) Never (default)\n\nIf you enable this setting, a scheduled full scan to complete remediation will run at the frequency specified.\n\nIf you disable or do not configure this setting, a scheduled full scan to complete remediation will run at a default frequency.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Remediation" ], "Elements": [ { "Type": "Enum", "ValueName": "Scan_ScheduleDay", "Items": [ { "DisplayName": "Never", "Data": "8" }, { "DisplayName": "Every Day", "Data": "0" }, { "DisplayName": "Sunday", "Data": "1" }, { "DisplayName": "Monday", "Data": "2" }, { "DisplayName": "Tuesday", "Data": "3" }, { "DisplayName": "Wednesday", "Data": "4" }, { "DisplayName": "Thursday", "Data": "5" }, { "DisplayName": "Friday", "Data": "6" }, { "DisplayName": "Saturday", "Data": "7" } ], "Required": true } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Remediation", "PolicyName": "Remediation_Scan_ScheduleTime", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Specify the time of day to run a scheduled full scan to complete remediation", "ExplainText": "This policy setting allows you to specify the time of day at which to perform a scheduled full scan in order to complete remediation. The time value is represented as the number of minutes past midnight (00:00). For example, 120 (0x78) is equivalent to 02:00 AM. The schedule is based on local time on the computer where the scan is executing.\n\nIf you enable this setting, a scheduled full scan to complete remediation will run at the time of day specified.\n\nIf you disable or do not configure this setting, a scheduled full scan to complete remediation will run at a default time.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Remediation" ], "Elements": [ { "Type": "Decimal", "ValueName": "Scan_ScheduleTime", "MinValue": "0", "MaxValue": "1440" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Remediation_BNB_REP", "PolicyName": "Remediation_BNB_REP_RemoteEncryptionProtection_ConfiguredState", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0_RS1 - At least Windows Server 2016, Windows 10 Version 1607", "DisplayName": "Configure Remote Encryption Protection Mode", "ExplainText": "Set the mode for Remote Encryption Protection in Microsoft Defender Antivirus, which can detect and block attempts to replace local files with encrypted versions from another device.\n\nSupported settings:\n* 0 - Not configured or Default: Apply defaults, which can vary depending on the antivirus engine version and the platform\n* 1 - Block: Prevent suspicious and malicious behaviors\n* 2 - Audit: Generate EDR detections without blocking\n* 4 - Off: Feature is off with no performance impact", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Remediation\\Behavioral Network Blocks\\Remote Encryption Protection" ], "Elements": [ { "Type": "Enum", "ValueName": "RemoteEncryptionProtectionConfiguredState", "Items": [ { "DisplayName": "Default", "Data": "0" }, { "DisplayName": "Block", "Data": "1" }, { "DisplayName": "Audit", "Data": "2" }, { "DisplayName": "Off", "Data": "4" } ], "Required": true } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Remediation_BNB_REP", "PolicyName": "Remediation_BNB_REP_RemoteEncryptionProtection_MaxBlockTime", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0_RS1 - At least Windows Server 2016, Windows 10 Version 1607", "DisplayName": "Configure Remote Encryption Protection blocking time", "ExplainText": "Set the maximum time an IP address is blocked by Remote Encryption Protection. After this time, blocked IP addresses will be able to reinitiate connections.\n\nSupported settings:\n* 0 - None: Internal feature logic will determine the actual blocking time\n* Specify other times in 15-minute increments", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Remediation\\Behavioral Network Blocks\\Remote Encryption Protection" ], "Elements": [ { "Type": "Decimal", "ValueName": "RemoteEncryptionProtectionMaxBlockTime", "MinValue": "0", "MaxValue": "4294967295" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Remediation_BNB_REP", "PolicyName": "Remediation_BNB_REP_RemoteEncryptionProtection_Aggressiveness", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0_RS1 - At least Windows Server 2016, Windows 10 Version 1607", "DisplayName": "Configure how aggressively Remote Encryption Protection blocks threats", "ExplainText": "Set the criteria for when remote encryption preventionprotection blocks IP addresses.\n\nSupported settings:\n*0 - Low: Block only when confidence level is 100% (Default)\n*1 - Medium: Use cloud aggregation and block when confidence level is above 99%\n*2 - High: Use cloud intel and context, and block when confidence level is above 90%", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Remediation\\Behavioral Network Blocks\\Remote Encryption Protection" ], "Elements": [ { "Type": "Enum", "ValueName": "RemoteEncryptionProtectionAggressiveness", "Items": [ { "DisplayName": "Low", "Data": "0" }, { "DisplayName": "Medium", "Data": "1" }, { "DisplayName": "High", "Data": "2" } ], "Required": true } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Remediation_BNB_REP", "PolicyName": "Remediation_BNB_REP_RemoteEncryptionProtectionExclusions", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0_RS1 - At least Windows Server 2016, Windows 10 Version 1607", "DisplayName": "Set exclusions from Remote Encryption Protection", "ExplainText": "Specify IP addresses, subnets, and domain names to exclude from Remote Encryption Protection. Note that attackers can spoof excluded addresses and names to bypass protection.\n\nEnter each address or subnet on a new line as a name-value pair:\n- Name column: Enter an IP address or subnet name. For example, \"\"1.1.127.0\"\" will exclude this IP address from getting blocked.\n- Value column: Enter \"\"0\"\" for each item", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Remediation\\Behavioral Network Blocks\\Remote Encryption Protection" ], "ValueName": "RemoteEncryptionProtection_Exclusions", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Remediation\\Behavioral Network Blocks\\Remote Encryption Protection\\RemoteEncryptionProtectionExclusions" ] } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Remediation_BNB_BFP", "PolicyName": "Remediation_BNB_BFP_BruteForceProtection_ConfiguredState", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0_RS1 - At least Windows Server 2016, Windows 10 Version 1607", "DisplayName": "Configure Remote Encryption Protection Mode", "ExplainText": "Set the mode for Brute-Force Protection in Microsoft Defender Antivirus, which can detect and block attempts to forcibly initiate sign in and initiate sessions.\n\nSupported settings:\n* 0 - Not configured or Default: Apply defaults, which can vary depending on the antivirus engine version and the platform\n* 1 - Block: Prevent suspicious and malicious behaviors\n* 2 - Audit: Generate EDR detections without blocking\n* 4 - Off: Feature is off with no performance impact", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Remediation\\Behavioral Network Blocks\\Brute Force Protection" ], "Elements": [ { "Type": "Enum", "ValueName": "BruteForceProtectionConfiguredState", "Items": [ { "DisplayName": "Default", "Data": "0" }, { "DisplayName": "Block", "Data": "1" }, { "DisplayName": "Audit", "Data": "2" }, { "DisplayName": "Off", "Data": "4" } ], "Required": true } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Remediation_BNB_BFP", "PolicyName": "Remediation_BNB_BFP_BruteForceProtection_MaxBlockTime", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0_RS1 - At least Windows Server 2016, Windows 10 Version 1607", "DisplayName": "Configure Brute-Force Protection blocking time", "ExplainText": "Set the maximum time an IP address is blocked by Brute-Force Protection. After this time, blocked IP addresses will be able to sign-in and initiate sessions.\n\nSupported settings:\n* 0 - None: Internal feature logic will determine the actual blocking time\n* Specify other times in 15-minute increments", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Remediation\\Behavioral Network Blocks\\Brute Force Protection" ], "Elements": [ { "Type": "Decimal", "ValueName": "BruteForceProtectionMaxBlockTime", "MinValue": "0", "MaxValue": "4294967295" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Remediation_BNB_BFP", "PolicyName": "Remediation_BNB_BFP_BruteForceProtection_Aggressiveness", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0_RS1 - At least Windows Server 2016, Windows 10 Version 1607", "DisplayName": "Configure Brute-Force Protection aggressiveness", "ExplainText": "Set the criteria for when Brute-Force Protection blocks IP addresses.\n\nSupported settings:\n*0 - Low: Block only when confidence level is 100% (Default)\n*1 - Medium: Use cloud aggregation and block when confidence level is above 99%\n*2 - High: Use cloud intel and context, and block when confidence level is above 90%", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Remediation\\Behavioral Network Blocks\\Brute Force Protection" ], "Elements": [ { "Type": "Enum", "ValueName": "BruteForceProtectionAggressiveness", "Items": [ { "DisplayName": "Low", "Data": "0" }, { "DisplayName": "Medium", "Data": "1" }, { "DisplayName": "High", "Data": "2" } ], "Required": true } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Remediation_BNB_BFP", "PolicyName": "Remediation_BNB_BFP_BruteForceProtectionExclusions", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0_RS1 - At least Windows Server 2016, Windows 10 Version 1607", "DisplayName": "Set exclusions from Brute-Force Protection", "ExplainText": "Specify IP addresses, subnets or workstation names to exclude from Brute-Force Protection. Excluded IP addresses will not be checked for possible brute force activity.\n\nNote that attackers can spoof excluded addresses and names to bypass protection. Ensure the names are unique and unlikely to be guessed by attackers.\n\nEnter each address or subnet on a new line as a name-value pair:\n- Name column: Enter an IP address, subnet name, or workstation name. For example, \"1.1.127.0\" will exclude this IP address from getting blocked by BFP.\n- Value column: Enter \"0\" for each item", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Remediation\\Behavioral Network Blocks\\Brute Force Protection" ], "ValueName": "BruteForceProtection_Exclusions", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Remediation\\Behavioral Network Blocks\\Brute Force Protection\\BruteForceProtectionExclusions" ] } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Reporting", "PolicyName": "Reporting_AdditionalActionTimeout", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Configure time out for detections requiring additional action", "ExplainText": "This policy setting configures the time in minutes before a detection in the \"additional action\" state moves to the \"cleared\" state.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Reporting" ], "Elements": [ { "Type": "Decimal", "ValueName": "AdditionalActionTimeout", "MinValue": "0", "MaxValue": "4294967295" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Reporting", "PolicyName": "Reporting_CriticalFailureTimeout", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Configure time out for detections in critically failed state", "ExplainText": "This policy setting configures the time in minutes before a detection in the \"critically failed\" state to moves to either the \"additional action\" state or the \"cleared\" state.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Reporting" ], "Elements": [ { "Type": "Decimal", "ValueName": "CriticalFailureTimeout", "MinValue": "0", "MaxValue": "4294967295" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Reporting", "PolicyName": "Reporting_DisablegenericrePorts", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Configure Watson events", "ExplainText": "This policy setting allows you to configure whether or not Watson events are sent.\n\nIf you enable or do not configure this setting, Watson events will be sent.\n\nIf you disable this setting, Watson events will not be sent.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Reporting" ], "ValueName": "DisableGenericRePorts", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Reporting", "PolicyName": "Reporting_NonCriticalTimeout", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Configure time out for detections in non-critical failed state", "ExplainText": "This policy setting configures the time in minutes before a detection in the \"non-critically failed\" state moves to the \"cleared\" state.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Reporting" ], "Elements": [ { "Type": "Decimal", "ValueName": "NonCriticalTimeout", "MinValue": "0", "MaxValue": "4294967295" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Reporting", "PolicyName": "Reporting_RecentlyCleanedTimeout", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Configure time out for detections in recently remediated state", "ExplainText": "This policy setting configures the time in minutes before a detection in the \"completed\" state moves to the \"cleared\" state.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Reporting" ], "Elements": [ { "Type": "Decimal", "ValueName": "RecentlyCleanedTimeout", "MinValue": "0", "MaxValue": "4294967295" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Reporting", "PolicyName": "Reporting_WppTracingComponents", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Configure Windows software trace preprocessor components", "ExplainText": "This policy configures Windows software trace preprocessor (WPP Software Tracing) components.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Reporting" ], "Elements": [ { "Type": "Decimal", "ValueName": "WppTracingComponents", "MinValue": "0", "MaxValue": "4294967295" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Reporting", "PolicyName": "Reporting_WppTracingLevel", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Configure WPP tracing level", "ExplainText": "This policy allows you to configure tracing levels for Windows software trace preprocessor (WPP Software Tracing).\nTracing levels are defined as:\n1 - Error\n2 - Warning\n3 - Info\n4 - Debug", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Reporting" ], "Elements": [ { "Type": "Decimal", "ValueName": "WppTracingLevel", "MinValue": "0", "MaxValue": "4294967295" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Reporting", "PolicyName": "Reporting_DisableEnhancedNotifications", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Turn off enhanced notifications", "ExplainText": "Use this policy setting to specify if you want Microsoft Defender Antivirus enhanced notifications to display on clients.\n\nIf you disable or do not configure this setting, Microsoft Defender Antivirus enhanced notifications will display on clients.\n\nIf you enable this setting, Microsoft Defender Antivirus enhanced notifications will not display on clients.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Reporting" ], "ValueName": "DisableEnhancedNotifications", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Reporting", "PolicyName": "Reporting_ServiceHealthReportInterval", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Configure time interval for service health reports", "ExplainText": "This policy setting configures the time interval (in minutes) for the service health reports to be sent from endpoints.\n\nIf you disable or do not configure this setting, the default value will be applied. The default value is set at 60 minutes (1 hour).\n\nIf you configure this setting to 0, no service health reports will be sent.\n\nThe maximum value allowed to be set is 14400 minutes (10 days).", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Reporting" ], "Elements": [ { "Type": "Decimal", "ValueName": "ServiceHealthReportInterval", "MinValue": "0", "MaxValue": "14400" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Reporting", "PolicyName": "Reporting_EnableDynamicSignatureDroppedEventReporting", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Configure whether to report Dynamic Signature dropped events", "ExplainText": "This policy setting configures whether to report Dynamic Signature dropped events.\n\nIf you do not configure this setting, the default value will be applied. The default value is set to disabled (such events are not reported).\nIf you configure this setting to enabled, Dynamic Signature dropped events will be reported.\nIf you configure this setting to disabled, Dynamic Signature dropped events will not be reported.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Reporting" ], "ValueName": "EnableDynamicSignatureDroppedEventReporting", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Scan", "PolicyName": "Scan_AllowPause", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Allow users to pause scan", "ExplainText": "This policy setting allows you to manage whether or not end users can pause a scan in progress.\n\nIf you enable or do not configure this setting, a new context menu will be added to the task tray icon to allow the user to pause a scan.\n\nIf you disable this setting, users will not be able to pause scans.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Scan" ], "ValueName": "AllowPause", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Scan", "PolicyName": "Scan_ArchiveMaxDepth", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Specify the maximum depth to scan archive files", "ExplainText": "This policy setting allows you to configure the maximum directory depth level into which archive files such as .ZIP or .CAB are unpacked during scanning. The default directory depth level is 0.\n\nIf you enable this setting, archive files will be scanned to the directory depth level specified.\n\nIf you disable or do not configure this setting, archive files will be scanned to the default directory depth level.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Scan" ], "Elements": [ { "Type": "Decimal", "ValueName": "ArchiveMaxDepth", "MinValue": "0", "MaxValue": "4294967295" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Scan", "PolicyName": "Scan_ArchiveMaxSize", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Specify the maximum size of archive files to be scanned", "ExplainText": "This policy setting allows you to configure the maximum size of archive files such as .ZIP or .CAB that will be scanned. The value represents file size in kilobytes (KB). The default value is 0 and represents no limit to archive size for scanning.\n\nIf you enable this setting, archive files less than or equal to the size specified will be scanned.\n\nIf you disable or do not configure this setting, archive files will be scanned according to the default value.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Scan" ], "Elements": [ { "Type": "Decimal", "ValueName": "ArchiveMaxSize", "MinValue": "0", "MaxValue": "4294967295" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Scan", "PolicyName": "Scan_AvgCPULoadFactor", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Specify the maximum percentage of CPU utilization during a scan", "ExplainText": "This policy setting allows you to configure the maximum percentage CPU utilization permitted during a scan. Valid values for this setting are a percentage represented by the integers 5 to 100. A value of 0 indicates that there should be no throttling of CPU utilization. The default value is 50.\n\nIf you enable this setting, CPU utilization will not exceed the percentage specified.\n\nIf you disable or do not configure this setting, CPU utilization will not exceed the default value.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Scan" ], "Elements": [ { "Type": "Decimal", "ValueName": "AvgCPULoadFactor", "MinValue": "0", "MaxValue": "100" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Scan", "PolicyName": "CheckForSignaturesBeforeRunningScan", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Check for the latest virus and spyware security intelligence before running a scheduled scan", "ExplainText": "This policy setting allows you to manage whether a check for new virus and spyware security intelligence will occur before running a scan.\n\nThis setting applies to scheduled scans, but it has no effect on scans initiated manually from the user interface or to the ones started from the command line using \"mpcmdrun -Scan\".\n\nIf you enable this setting, a check for new security intelligence will occur before running a scan.\n\nIf you disable this setting or do not configure this setting, the scan will start using the existing security intelligence.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Scan" ], "ValueName": "CheckForSignaturesBeforeRunningScan", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Scan", "PolicyName": "Scan_DisableArchiveScanning", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Scan archive files", "ExplainText": "This policy setting allows you to configure scans for malicious software and unwanted software in archive files such as .ZIP or .CAB files.\n\nIf you enable or do not configure this setting, archive files will be scanned.\n\nIf you disable this setting, archive files will not be scanned. However, archives are always scanned during directed scans.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Scan" ], "ValueName": "DisableArchiveScanning", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Scan", "PolicyName": "Scan_DisableCatchupFullScan", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Turn on catch-up full scan", "ExplainText": "This policy setting allows you to configure catch-up scans for scheduled full scans. A catch-up scan is a scan that is initiated because a regularly scheduled scan was missed. Usually these scheduled scans are missed because the computer was turned off at the scheduled time.\n\nIf you enable this setting, catch-up scans for scheduled full scans will be turned on. If a computer is offline for two consecutive scheduled scans, a catch-up scan is started the next time someone logs on to the computer. If there is no scheduled scan configured, there will be no catch-up scan run.\n\nIf you disable or do not configure this setting, catch-up scans for scheduled full scans will be turned off.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Scan" ], "ValueName": "DisableCatchupFullScan", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Scan", "PolicyName": "Scan_ThrottleForScheduledScanOnly", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0_RS1 - At least Windows Server 2016, Windows 10 Version 1607", "DisplayName": "CPU throttling type", "ExplainText": "This policy setting determines whether the maximum percentage CPU utilization permitted during a scan applies only to scheduled scans, or to both scheduled and custom scans (but not real-time protection). The maximum CPU utilization limit is also referred to as CPU throttling, or a CPU usage limit.\n\nThe default value for this policy setting is True, which means CPU throttling is applied only to scheduled scans.\n\nIf you either enable or do not configure this setting, CPU throttling will apply only to scheduled scans.\n\nIf you disable this setting, CPU throttling will apply to scheduled and custom scans.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Scan" ], "ValueName": "ThrottleForScheduledScanOnly", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Scan", "PolicyName": "Scan_DisableCatchupQuickScan", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Turn on catch-up quick scan", "ExplainText": "This policy setting allows you to configure catch-up scans for scheduled quick scans. A catch-up scan is a scan that is initiated because a regularly scheduled scan was missed. Usually these scheduled scans are missed because the computer was turned off at the scheduled time.\n\nIf you enable this setting, catch-up scans for scheduled quick scans will be turned on. If a computer is offline for two consecutive scheduled scans, a catch-up scan is started the next time someone logs on to the computer. If there is no scheduled scan configured, there will be no catch-up scan run.\n\nIf you disable or do not configure this setting, catch-up scans for scheduled quick scans will be turned off.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Scan" ], "ValueName": "DisableCatchupQuickScan", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Scan", "PolicyName": "Scan_DaysUntilAggressiveCatchupQuickScan", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Trigger a quick scan after X days without any scans", "ExplainText": "This policy setting defines the number of days that can pass since the last scan before an aggresive catchup quick scan is automatically triggered. The value represents the number of days that can pass without any scans being performed before an agressive quick scan will be triggered.\n\nValid values range from 7 to 60 days. If not configured, aggressive quick scans will be disabled. By default, the value is set to 25 days when enabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Scan" ], "Elements": [ { "Type": "Decimal", "ValueName": "DaysUntilAggressiveCatchupQuickScan", "MinValue": "7", "MaxValue": "60" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Scan", "PolicyName": "Scan_DisableEmailScanning", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Turn on e-mail scanning", "ExplainText": "This policy setting allows you to configure e-mail scanning. When e-mail scanning is enabled, the engine will parse the mailbox and mail files, according to their specific format, in order to analyze the mail bodies and attachments. Several e-mail formats are currently supported, for example: pst (Outlook), dbx, mbx, mime (Outlook Express), binhex (Mac). Email scanning is not supported on modern email clients.\n\nIf you enable this setting, e-mail scanning will be enabled.\n\nIf you disable or do not configure this setting, e-mail scanning will be disabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Scan" ], "ValueName": "DisableEmailScanning", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Scan", "PolicyName": "Scan_DisableHeuristics", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Turn on heuristics", "ExplainText": "This policy setting allows you to configure heuristics. Suspicious detections will be suppressed right before reporting to the engine client. Turning off heuristics will reduce the capability to flag new threats. It is recommended that you do not turn off heuristics.\n\nIf you enable or do not configure this setting, heuristics will be enabled.\n\nIf you disable this setting, heuristics will be disabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Scan" ], "ValueName": "DisableHeuristics", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Scan", "PolicyName": "Scan_DisablePackedExeScanning", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Scan packed executables", "ExplainText": "This policy setting allows you to configure scanning for packed executables. It is recommended that this type of scanning remain enabled.\n\nIf you enable or do not configure this setting, packed executables will be scanned.\n\nIf you disable this setting, packed executables will not be scanned.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Scan" ], "ValueName": "DisablePackedExeScanning", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Scan", "PolicyName": "Scan_DisableRemovableDriveScanning", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Scan removable drives", "ExplainText": "This policy setting allows you to manage whether or not to scan for malicious software and unwanted software in the contents of removable drives, such as USB flash drives, when running a full scan.\n\nIf you enable this setting, removable drives will be scanned during any type of scan.\n\nIf you disable or do not configure this setting, removable drives will not be scanned during a full scan. Removable drives may still be scanned during quick scan and custom scan.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Scan" ], "ValueName": "DisableRemovableDriveScanning", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Scan", "PolicyName": "Scan_DisableReparsePointScanning", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Turn on reparse point scanning", "ExplainText": "This policy setting allows you to configure reparse point scanning. If you allow reparse points to be scanned, there is a possible risk of recursion. However, the engine supports following reparse points to a maximum depth so at worst scanning could be slowed. Reparse point scanning is disabled by default and this is the recommended state for this functionality.\n\nIf you enable this setting, reparse point scanning will be enabled.\n\nIf you disable or do not configure this setting, reparse point scanning will be disabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Scan" ], "ValueName": "DisableReparsePointScanning", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Scan", "PolicyName": "Scan_DisableRestorePoint", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Create a system restore point", "ExplainText": "This policy setting allows you to create a system restore point on the computer on a daily basis prior to cleaning.\n\nIf you enable this setting, a system restore point will be created.\n\nIf you disable or do not configure this setting, a system restore point will not be created.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Scan" ], "ValueName": "DisableRestorePoint", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Scan", "PolicyName": "Scan_DisableScanningMappedNetworkDrivesForFullScan", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Run full scan on mapped network drives", "ExplainText": "This policy setting allows you to configure scanning mapped network drives.\n\nIf you enable this setting, mapped network drives will be scanned.\n\nIf you disable or do not configure this setting, mapped network drives will not be scanned.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Scan" ], "ValueName": "DisableScanningMappedNetworkDrivesForFullScan", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Scan", "PolicyName": "Scan_DisableScanningNetworkFiles", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Configure scanning of network files", "ExplainText": "This policy setting allows the scanning of network files using on access protection. The default is enabled. Recommended to remain enabled in most cases.\n\nIf you enable or do not configure this setting, network files will be scanned.\n\nIf you disable this setting, network files will not be scanned.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Scan" ], "ValueName": "DisableScanningNetworkFiles", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Scan", "PolicyName": "Scan_LocalSettingOverrideAvgCPULoadFactor", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Configure local setting override for maximum percentage of CPU utilization", "ExplainText": "This policy setting configures a local override for the configuration of maximum percentage of CPU utilization during scan. This setting can only be set by Group Policy.\n\nIf you enable this setting, the local preference setting will take priority over Group Policy.\n\nIf you disable or do not configure this setting, Group Policy will take priority over the local preference setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Scan" ], "ValueName": "LocalSettingOverrideAvgCPULoadFactor", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Scan", "PolicyName": "Scan_LocalSettingOverrideScanParameters", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Configure local setting override for the scan type to use for a scheduled scan", "ExplainText": "This policy setting configures a local override for the configuration of the scan type to use during a scheduled scan. This setting can only be set by Group Policy.\n\nIf you enable this setting, the local preference setting will take priority over Group Policy.\n\nIf you disable or do not configure this setting, Group Policy will take priority over the local preference setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Scan" ], "ValueName": "LocalSettingOverrideScanParameters", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Scan", "PolicyName": "Scan_LocalSettingOverrideScheduleDay", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Configure local setting override for schedule scan day", "ExplainText": "This policy setting configures a local override for the configuration of scheduled scan day. This setting can only be set by Group Policy.\n\nIf you enable this setting, the local preference setting will take priority over Group Policy.\n\nIf you disable or do not configure this setting, Group Policy will take priority over the local preference setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Scan" ], "ValueName": "LocalSettingOverrideScheduleDay", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Scan", "PolicyName": "Scan_LocalSettingOverrideScheduleQuickScantime", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Configure local setting override for scheduled quick scan time", "ExplainText": "This policy setting configures a local override for the configuration of scheduled quick scan time. This setting can only be set by Group Policy.\n\nIf you enable this setting, the local preference setting will take priority over Group Policy.\n\nIf you disable or do not configure this setting, Group Policy will take priority over the local preference setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Scan" ], "ValueName": "LocalSettingOverrideScheduleQuickScanTime", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Scan", "PolicyName": "Scan_LocalSettingOverrideScheduleTime", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Configure local setting override for scheduled scan time", "ExplainText": "This policy setting configures a local override for the configuration of scheduled scan time. This setting can only be set by Group Policy.\n\nIf you enable this setting, the local preference setting will take priority over Group Policy.\n\nIf you disable or do not configure this setting, Group Policy will take priority over the local preference setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Scan" ], "ValueName": "LocalSettingOverrideScheduleTime", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Scan", "PolicyName": "Scan_PurgeItemsAfterDelay", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Turn on removal of items from scan history folder", "ExplainText": "This policy setting defines the number of days items should be kept in the scan history folder before being permanently removed. The value represents the number of days to keep items in the folder. If set to zero, items will be kept forever and will not be automatically removed. By default, the value is set to 30 days.\n\nIf you enable this setting, items will be removed from the scan history folder after the number of days specified.\n\nIf you disable or do not configure this setting, items will be kept in the scan history folder for the default number of days.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Scan" ], "Elements": [ { "Type": "Decimal", "ValueName": "PurgeItemsAfterDelay", "MinValue": "0", "MaxValue": "4294967295" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Scan", "PolicyName": "Scan_QuickScanInterval", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Specify the interval to run quick scans per day", "ExplainText": "This policy setting allows you to specify an interval at which to perform a quick scan. The time value is represented as the number of hours between quick scans. Valid values range from 1 (every hour) to 24 (once per day). If set to zero, interval quick scans will not occur. By default, this setting is set to 0.\n\nIf you enable this setting, a quick scan will run at the interval specified.\n\nIf you disable or do not configure this setting, quick scan controlled by this config will not be run.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Scan" ], "Elements": [ { "Type": "Decimal", "ValueName": "QuickScanInterval", "MinValue": "0", "MaxValue": "24" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Scan", "PolicyName": "Scan_ScanOnlyIfIdle", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Start the scheduled scan only when computer is on but not in use", "ExplainText": "This policy setting allows you to configure scheduled scans to start only when your computer is on but not in use.\n\nIf you enable or do not configure this setting, scheduled scans will only run when the computer is on but not in use.\n\nIf you disable this setting, scheduled scans will run at the scheduled time.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Scan" ], "ValueName": "ScanOnlyIfIdle", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Scan", "PolicyName": "Scan_ScanParameters", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Specify the scan type to use for a scheduled scan", "ExplainText": "This policy setting allows you to specify the scan type to use during a scheduled scan. Scan type options are:\n1 = Quick Scan (default)\n2 = Full Scan\n\nIf you enable this setting, the scan type will be set to the specified value.\n\nIf you disable or do not configure this setting, the default scan type will used.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Scan" ], "Elements": [ { "Type": "Enum", "ValueName": "ScanParameters", "Items": [ { "DisplayName": "Quick scan", "Data": "1" }, { "DisplayName": "Full system scan", "Data": "2" } ], "Required": true } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Scan", "PolicyName": "Scan_ScheduleDay", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Specify the day of the week to run a scheduled scan", "ExplainText": "This policy setting allows you to specify the day of the week on which to perform a scheduled scan. The scan can also be configured to run every day or to never run at all.\n\nThis setting can be configured with the following ordinal number values:\n(0x0) Every Day\n(0x1) Sunday\n(0x2) Monday\n(0x3) Tuesday\n(0x4) Wednesday\n(0x5) Thursday\n(0x6) Friday\n(0x7) Saturday\n(0x8) Never (default)\n\nIf you enable this setting, a scheduled scan will run at the frequency specified.\n\nIf you disable or do not configure this setting, a scheduled scan will run at a default frequency.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Scan" ], "Elements": [ { "Type": "Enum", "ValueName": "ScheduleDay", "Items": [ { "DisplayName": "Never", "Data": "8" }, { "DisplayName": "Every Day", "Data": "0" }, { "DisplayName": "Sunday", "Data": "1" }, { "DisplayName": "Monday", "Data": "2" }, { "DisplayName": "Tuesday", "Data": "3" }, { "DisplayName": "Wednesday", "Data": "4" }, { "DisplayName": "Thursday", "Data": "5" }, { "DisplayName": "Friday", "Data": "6" }, { "DisplayName": "Saturday", "Data": "7" } ], "Required": true } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Scan", "PolicyName": "Scan_ScheduleQuickScantime", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Specify the time for a daily quick scan", "ExplainText": "This policy setting allows you to specify the time of day at which to perform a daily quick scan. The time value is represented as the number of minutes past midnight (00:00). For example, 120 (0x78) is equivalent to 02:00 AM. By default, this setting is set to disabled. The schedule is based on local time on the computer where the scan is executing.\n\nIf you enable this setting, a daily quick scan will run at the time of day specified.\n\nIf you disable or do not configure this setting, daily quick scan controlled by this config will not be run.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Scan" ], "Elements": [ { "Type": "Decimal", "ValueName": "ScheduleQuickScanTime", "MinValue": "0", "MaxValue": "1440" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Scan", "PolicyName": "Scan_ScheduleTime", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Specify the time of day to run a scheduled scan", "ExplainText": "This policy setting allows you to specify the time of day at which to perform a scheduled scan. The time value is represented as the number of minutes past midnight (00:00). For example, 120 (0x78) is equivalent to 02:00 AM. By default, this setting is set to a time value of 2:00 AM. The schedule is based on local time on the computer where the scan is executing.\n\nIf you enable this setting, a scheduled scan will run at the time of day specified.\n\nIf you disable or do not configure this setting, a scheduled scan will run at a default time.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Scan" ], "Elements": [ { "Type": "Decimal", "ValueName": "ScheduleTime", "MinValue": "0", "MaxValue": "1440" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Scan", "PolicyName": "Scan_MissedScheduledScanCountBeforeCatchup", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Define the number of days after which a catch-up scan is forced", "ExplainText": "This policy setting allows you to define the number of consecutive scheduled scans that can be missed after which a catch-up scan will be forced. By default, the value of this setting is 2 consecutive scheduled scans.\n\nIf you enable this setting, a catch-up scan will occur after the specified number consecutive missed scheduled scans.\n\nIf you disable or do not configure this setting, a catch-up scan will occur after the 2 consecutive missed scheduled scans.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Scan" ], "Elements": [ { "Type": "Decimal", "ValueName": "MissedScheduledScanCountBeforeCatchup", "MinValue": "2", "MaxValue": "20" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Scan", "PolicyName": "Scan_LowCpuPriority", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0_RS5 - At least Windows Server 2016, Windows 10 Version 1809", "DisplayName": "Configure low CPU priority for scheduled scans", "ExplainText": "This policy setting allows you to enable or disable low CPU priority for scheduled scans.\n\nIf you enable this setting, low CPU priority will be used during scheduled scans.\n\nIf you disable or do not configure this setting, not changes will be made to CPU priority for scheduled scans.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Scan" ], "ValueName": "LowCpuPriority", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Scan", "PolicyName": "Scan_QuickScanIncludeExclusions", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Scan excluded files and directories during quick scans", "ExplainText": "This policy setting allows you to scan excluded files and directories during quick scans.\n\nIf you set this policy setting to 1, all files and directories that are excluded from real-time protection using contextual exclusions are scanned during a quick scan.\n\nIf you set this policy to 0 or do not configure it, exclusions are not scanned during quick scans.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Scan" ], "Elements": [ { "Type": "Enum", "ValueName": "QuickScanIncludeExclusions", "Items": [ { "DisplayName": "0", "Data": "0" }, { "DisplayName": "1", "Data": "1" } ], "Required": true } ] }, { "File": "WindowsDefender.admx", "CategoryName": "SignatureUpdate", "PolicyName": "MeteredConnectionUpdates", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Allows Microsoft Defender Antivirus to update and communicate over a metered connection.", "ExplainText": "Disabled (Default):\nUpdates and communications are not allowed over metered connections.\n\nEnabled:\nAllow managed devices to update through metered connections. Data charges may apply.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Signature Updates" ], "ValueName": "MeteredConnectionUpdates", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "ExploitGuard_NetworkProtection", "PolicyName": "AllowNetworkProtectionOnWinServer", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0_RS3 - At least Windows Server 2016, Windows 10 Version 1709", "DisplayName": "This settings controls whether Network Protection is allowed to be configured into block or audit mode on Windows Server.", "ExplainText": "Disabled (Default):\nIf Not Configured or Disabled, network protection is not allowed to be configured into block or audit mode on Windows Server.\n\nEnabled:\nIf Enabled, administrators can control whether Network Protection is allowed to be configured into block or audit mode on Windows Server.\nNote, that this configuration is dependent on the EnableNetworkProtection configuration. If this configuration is false, EnableNetworkProtection will be ignored, otherwise network protection will start on Windows Server depending on the value of EnableNetworkProtection.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Windows Defender Exploit Guard\\Network Protection" ], "ValueName": "AllowNetworkProtectionOnWinServer", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "NetworkRealtimeInspection", "PolicyName": "AllowSwitchToAsyncInspection", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0_RS3 - At least Windows Server 2016, Windows 10 Version 1709", "DisplayName": "Turn on asynchronous inspection", "ExplainText": "Control whether network protection can improve performance by switching from real-time inspection to asynchronous inspection.\n\nDisabled (Default):\nIf Not Configured or Disabled, asynchronous inspection will not be enabled for network protection.\n\nEnabled:\nIf Enabled, switching to asynchronous inspection will be allowed for network protection.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\NIS" ], "ValueName": "AllowSwitchToAsyncInspection", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "NetworkRealtimeInspection", "PolicyName": "DisableDatagramProcessing", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0_RS3 - At least Windows Server 2016, Windows 10 Version 1709", "DisplayName": "This setting controls datagram processing for network protection.", "ExplainText": "Disabled (Default):\nIf Not Configured or Disabled, datagram processing will be enabled for network protection.\n\nEnabled:\nIf Enabled, datagram processing will be disabled for network protection.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\NIS" ], "ValueName": "DisableDatagramProcessing", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "NetworkRealtimeInspection", "PolicyName": "EnableConvertWarnToBlock", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0_RS3 - At least Windows Server 2016, Windows 10 Version 1709", "DisplayName": "Convert warn verdict to block", "ExplainText": "Network protection inspects network traffic and determines whether it allows or blocks traffic or displays a warning.\n\nDisabled (Default):\nIf Not Configured or Disabled, network protection will display a warning for warn verdicts.\n\nEnabled:\nIf this setting is Enabled, network protection blocks network traffic instead of displaying a warning.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\NIS" ], "ValueName": "EnableConvertWarnToBlock", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "SignatureUpdate", "PolicyName": "SignatureUpdate_ASSignatureDue", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Define the number of days before spyware security intelligence is considered out of date", "ExplainText": "This policy setting allows you to define the number of days that must pass before spyware security intelligence is considered out of date. If security intelligence is determined to be out of date, this state may trigger several additional actions, including falling back to an alternative update source or displaying a warning icon in the user interface. By default, this value is set to 7 days.\n\nIf you enable this setting, spyware security intelligence will be considered out of date after the number of days specified have passed without an update.\n\nIf you disable or do not configure this setting, spyware security intelligence will be considered out of date after the default number of days have passed without an update.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Signature Updates" ], "Elements": [ { "Type": "Decimal", "ValueName": "ASSignatureDue", "MinValue": "0", "MaxValue": "4294967295" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "SignatureUpdate", "PolicyName": "SignatureUpdate_AVSignatureDue", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Define the number of days before virus security intelligence is considered out of date", "ExplainText": "This policy setting allows you to define the number of days that must pass before virus security intelligence is considered out of date. If security intelligence is determined to be out of date, this state may trigger several additional actions, including falling back to an alternative update source or displaying a warning icon in the user interface. By default, this value is set to 7 days.\n\nIf you enable this setting, virus security intelligence will be considered out of date after the number of days specified have passed without an update.\n\nIf you disable or do not configure this setting, virus security intelligence will be considered out of date after the default number of days have passed without an update.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Signature Updates" ], "Elements": [ { "Type": "Decimal", "ValueName": "AVSignatureDue", "MinValue": "0", "MaxValue": "4294967295" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "SignatureUpdate", "PolicyName": "SignatureUpdate_DefinitionUpdateFileSharesSources", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Define file shares for downloading security intelligence updates", "ExplainText": "This policy setting allows you to configure UNC file share sources for downloading security intelligence updates. Sources will be contacted in the order specified. The value of this setting should be entered as a pipe-separated string enumerating the security intelligence update sources. For example: \"{\\\\unc1 | \\\\unc2 }\". The list is empty by default.\n\nIf you enable this setting, the specified sources will be contacted for security intelligence updates. Once security intelligence updates have been successfully downloaded from one specified source, the remaining sources in the list will not be contacted.\n\nIf you disable or do not configure this setting, the list will remain empty by default and no sources will be contacted.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Signature Updates" ], "Elements": [ { "Type": "Text", "ValueName": "DefinitionUpdateFileSharesSources", "Required": true } ] }, { "File": "WindowsDefender.admx", "CategoryName": "SignatureUpdate", "PolicyName": "SignatureUpdate_SharedSignaturesLocation", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0_RS6 - At least Windows Server 2016, Windows 10 Version 1903", "DisplayName": "Define security intelligence location for VDI clients.", "ExplainText": "This policy setting allows you to define the security intelligence location for VDI-configured computers.\n\nIf you disable or do not configure this setting, security intelligence will be referred from the default local source.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Signature Updates" ], "Elements": [ { "Type": "Text", "ValueName": "SharedSignatureRoot", "Required": true } ] }, { "File": "WindowsDefender.admx", "CategoryName": "SignatureUpdate", "PolicyName": "SignatureUpdate_SharedSignaturesLocationUpdateAtScheduledTimeOnly", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0_RS6 - At least Windows Server 2016, Windows 10 Version 1903", "DisplayName": "Configure security intelligence updates according to the scheduler for VDI clients.", "ExplainText": "This policy setting allows you to configure security intelligence updates according to the scheduler for VDI-configured computers. It is used together with the shared security intelligence location (SharedSignaturesLocation).\n\nIf you enable this policy setting and configure SharedSignaturesLocation, updates from the configured location occur only at the previously configured scheduled update time.\n\nIf you either disable or do not configure this policy setting, updates occur whenever a new security intelligence update is detected at the location that is specified by SharedSignaturesLocation.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Signature Updates" ], "ValueName": "SharedSignatureRootUpdateAtScheduledTimeOnly", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "SignatureUpdate", "PolicyName": "SignatureUpdate_DisableScanOnUpdate", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Turn on scan after security intelligence update", "ExplainText": "This policy setting allows you to configure the automatic scan which starts after a security intelligence update has occurred.\n\nIf you enable or do not configure this setting, a scan will start following a security intelligence update.\n\nIf you disable this setting, a scan will not start following a security intelligence update.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Signature Updates" ], "ValueName": "DisableScanOnUpdate", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "SignatureUpdate", "PolicyName": "SignatureUpdate_DisableScheduledSignatureUpdateonBattery", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Allow security intelligence updates when running on battery power", "ExplainText": "This policy setting allows you to configure security intelligence updates when the computer is running on battery power.\n\nIf you enable or do not configure this setting, security intelligence updates will occur as usual regardless of power state.\n\nIf you disable this setting, security intelligence updates will be turned off while the computer is running on battery power.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Signature Updates" ], "ValueName": "DisableScheduledSignatureUpdateOnBattery", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "SignatureUpdate", "PolicyName": "SignatureUpdate_DisableUpdateOnStartupWithoutEngine", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Initiate security intelligence update on startup", "ExplainText": "This policy setting allows you to configure security intelligence updates on startup when there is no antimalware engine present.\n\nIf you enable or do not configure this setting, security intelligence updates will be initiated on startup when there is no antimalware engine present.\n\nIf you disable this setting, security intelligence updates will not be initiated on startup when there is no antimalware engine present.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Signature Updates" ], "ValueName": "DisableUpdateOnStartupWithoutEngine", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "SignatureUpdate", "PolicyName": "SignatureUpdate_FallbackOrder", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Define the order of sources for downloading security intelligence updates", "ExplainText": "This policy setting allows you to define the order in which different security intelligence update sources should be contacted. The value of this setting should be entered as a pipe-separated string enumerating the security intelligence update sources in order. Possible values are: \"InternalDefinitionUpdateServer\", \"MicrosoftUpdateServer\", \"MMPC\", and \"FileShares\"\n\nFor example: { InternalDefinitionUpdateServer | MicrosoftUpdateServer | MMPC }\n\nIf you enable this setting, security intelligence update sources will be contacted in the order specified. Once security intelligence updates have been successfully downloaded from one specified source, the remaining sources in the list will not be contacted.\n\nIf you disable or do not configure this setting, security intelligence update sources will be contacted in a default order.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Signature Updates" ], "Elements": [ { "Type": "Text", "ValueName": "FallbackOrder", "Required": true } ] }, { "File": "WindowsDefender.admx", "CategoryName": "SignatureUpdate", "PolicyName": "SignatureUpdate_ForceUpdateFromMU", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Allow security intelligence updates from Microsoft Update", "ExplainText": "This policy setting allows you to enable download of security intelligence updates from Microsoft Update even if the Automatic Updates default server is configured to another download source such as Windows Update.\n\nIf you enable this setting, security intelligence updates will be downloaded from Microsoft Update.\n\nIf you disable or do not configure this setting, security intelligence updates will be downloaded from the configured download source.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Signature Updates" ], "ValueName": "ForceUpdateFromMU", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "SignatureUpdate", "PolicyName": "SignatureUpdate_RealtimeSignatureDelivery", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Allow real-time security intelligence updates based on reports to Microsoft MAPS", "ExplainText": "This policy setting allows you to enable real-time security intelligence updates in response to reports sent to Microsoft MAPS. If the service reports a file as an unknown and Microsoft MAPS finds that the latest security intelligence update has security intelligence for a threat involving that file, the service will receive all of the latest security intelligence for that threat immediately. You must have configured your computer to join Microsoft MAPS for this functionality to work.\n\nIf you enable or do not configure this setting, real-time security intelligence updates will be enabled.\n\nIf you disable this setting, real-time security intelligence updates will disabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Signature Updates" ], "ValueName": "RealtimeSignatureDelivery", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "SignatureUpdate", "PolicyName": "SignatureUpdate_ScheduleDay", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Specify the day of the week to check for security intelligence updates", "ExplainText": "This policy setting allows you to specify the day of the week on which to check for security intelligence updates. The check can also be configured to run every day or to never run at all.\n\nThis setting can be configured with the following ordinal number values:\n(0x0) Every Day (default)\n(0x1) Sunday\n(0x2) Monday\n(0x3) Tuesday\n(0x4) Wednesday\n(0x5) Thursday\n(0x6) Friday\n(0x7) Saturday\n(0x8) Never\n\nIf you enable this setting, the check for security intelligence updates will occur at the frequency specified.\n\nIf you disable or do not configure this setting, the check for security intelligence updates will occur at a default frequency.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Signature Updates" ], "Elements": [ { "Type": "Enum", "ValueName": "ScheduleDay", "Items": [ { "DisplayName": "Never", "Data": "8" }, { "DisplayName": "Every Day", "Data": "0" }, { "DisplayName": "Sunday", "Data": "1" }, { "DisplayName": "Monday", "Data": "2" }, { "DisplayName": "Tuesday", "Data": "3" }, { "DisplayName": "Wednesday", "Data": "4" }, { "DisplayName": "Thursday", "Data": "5" }, { "DisplayName": "Friday", "Data": "6" }, { "DisplayName": "Saturday", "Data": "7" } ], "Required": true } ] }, { "File": "WindowsDefender.admx", "CategoryName": "SignatureUpdate", "PolicyName": "SignatureUpdate_ScheduleTime", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Specify the time to check for security intelligence updates", "ExplainText": "This policy setting allows you to specify the time of day at which to check for security intelligence updates. The time value is represented as the number of minutes past midnight (00:00). For example, 120 (0x78) is equivalent to 02:00 AM. By default this setting is configured to check for security intelligence updates 15 minutes before the scheduled scan time. The schedule is based on local time on the computer where the check is occurring.\n\nIf you enable this setting, the check for security intelligence updates will occur at the time of day specified.\n\nIf you disable or do not configure this setting, the check for security intelligence updates will occur at the default time.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Signature Updates" ], "Elements": [ { "Type": "Decimal", "ValueName": "ScheduleTime", "MinValue": "0", "MaxValue": "1440" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "SignatureUpdate", "PolicyName": "SignatureUpdate_SignatureDisableNotification", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Allow notifications to disable security intelligence based reports to Microsoft MAPS", "ExplainText": "This policy setting allows you to configure the antimalware service to receive notifications to disable individual security intelligence in response to reports it sends to Microsoft MAPS. Microsoft MAPS uses these notifications to disable security intelligence that are causing false positive reports. You must have configured your computer to join Microsoft MAPS for this functionality to work.\n\nIf you enable this setting or do not configure, the antimalware service will receive notifications to disable security intelligence.\n\nIf you disable this setting, the antimalware service will not receive notifications to disable security intelligence.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Signature Updates" ], "ValueName": "SignatureDisableNotification", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "SignatureUpdate", "PolicyName": "SignatureUpdate_SignatureUpdateCatchupInterval", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Define the number of days after which a catch-up security intelligence update is required", "ExplainText": "This policy setting allows you to define the number of days after which a catch-up security intelligence update will be required. By default, the value of this setting is 1 day.\n\nIf you enable this setting, a catch-up security intelligence update will occur after the specified number of days.\n\nIf you disable or do not configure this setting, a catch-up security intelligence update will be required after the default number of days.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Signature Updates" ], "Elements": [ { "Type": "Decimal", "ValueName": "SignatureUpdateCatchupInterval", "MinValue": "0", "MaxValue": "4294967295" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "SignatureUpdate", "PolicyName": "SignatureUpdate_SignatureUpdateInterval", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Specify the interval to check for security intelligence updates", "ExplainText": "This policy setting allows you to specify an interval at which to check for security intelligence updates. The time value is represented as the number of hours between update checks. Valid values range from 1 (every hour) to 24 (once per day).\n\nIf you enable this setting, checks for security intelligence updates will occur at the interval specified.\n\nIf you disable or do not configure this setting, checks for security intelligence updates will occur at the default interval.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Signature Updates" ], "Elements": [ { "Type": "Decimal", "ValueName": "SignatureUpdateInterval", "MinValue": "0", "MaxValue": "24" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "SignatureUpdate", "PolicyName": "SignatureUpdate_UpdateOnStartup", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Check for the latest virus and spyware security intelligence on startup", "ExplainText": "This policy setting allows you to manage whether a check for new virus and spyware security intelligence will occur immediately after service startup.\n\nIf you enable this setting, a check for new security intelligence will occur after service startup.\n\nIf you disable this setting or do not configure this setting, a check for new security intelligence will not occur after service startup.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Signature Updates" ], "ValueName": "UpdateOnStartUp", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Spynet", "PolicyName": "DisableBlockAtFirstSeen", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Configure the 'Block at First Sight' feature", "ExplainText": "This feature ensures the device checks in real time with the Microsoft Active Protection Service (MAPS) before allowing certain content to be run or accessed. If this feature is disabled, the check will not occur, which will lower the protection state of the device.\nEnabled \u2013 The Block at First Sight setting is turned on.\nDisabled \u2013 The Block at First Sight setting is turned off.\n\nThis feature requires these Group Policy settings to be set as follows:\nMAPS -> The \"Join Microsoft MAPS\" must be enabled or the \"Block at First Sight\" feature will not function.\nMAPS -> The \"Send file samples when further analysis is required\" should be set to 1 (Send safe samples) or 3 (Send all samples). Setting to 0 (Always Prompt) will lower the protection state of the device. Setting to 2 (Never send) means the \"Block at First Sight\" feature will not function.\nReal-time Protection -> The \"Scan all downloaded files and attachments\" policy must be enabled or the \"Block at First Sight\" feature will not function.\nReal-time Protection -> Do not enable the \"Turn off real-time protection\" policy or the \"Block at First Sight\" feature will not function.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Spynet" ], "ValueName": "DisableBlockAtFirstSeen", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Spynet", "PolicyName": "Spynet_LocalSettingOverrideSpynetReporting", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Configure local setting override for reporting to Microsoft MAPS", "ExplainText": "This policy setting configures a local override for the configuration to join Microsoft MAPS. This setting can only be set by Group Policy.\n\nIf you enable this setting, the local preference setting will take priority over Group Policy.\n\nIf you disable or do not configure this setting, Group Policy will take priority over the local preference setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Spynet" ], "ValueName": "LocalSettingOverrideSpynetReporting", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Spynet", "PolicyName": "SpynetReporting", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Join Microsoft MAPS", "ExplainText": "This policy setting allows you to join Microsoft MAPS. Microsoft MAPS is the online community that helps you choose how to respond to potential threats. The community also helps stop the spread of new malicious software infections.\n\nYou can choose to send basic or additional information about detected software. Additional information helps Microsoft create new security intelligence and help it to protect your computer. This information can include things like location of detected items on your computer if harmful software was removed. The information will be automatically collected and sent. In some instances, personal information might unintentionally be sent to Microsoft. However, Microsoft will not use this information to identify you or contact you.\n\nPossible options are:\n(0x0) Disabled (default)\n(0x1) Basic membership\n(0x2) Advanced membership\n\nBasic membership will send basic information to Microsoft about software that has been detected, including where the software came from, the actions that you apply or that are applied automatically, and whether the actions were successful.\n\nAdvanced membership, in addition to basic information, will send more information to Microsoft about malicious software, spyware, and potentially unwanted software, including the location of the software, file names, how the software operates, and how it has impacted your computer.\n\nIf you enable this setting, you will join Microsoft MAPS with the membership specified.\n\nIf you disable or do not configure this setting, you will not join Microsoft MAPS.\n\nIn Windows 10, Basic membership is no longer available, so setting the value to 1 or 2 enrolls the device into Advanced membership.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Spynet" ], "Elements": [ { "Type": "Enum", "ValueName": "SpynetReporting", "Items": [ { "DisplayName": "Disabled", "Data": "0" }, { "DisplayName": "Basic MAPS", "Data": "1" }, { "DisplayName": "Advanced MAPS", "Data": "2" } ], "Required": true } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Spynet", "PolicyName": "SubmitSamplesConsent", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Send file samples when further analysis is required", "ExplainText": "This policy setting configures behaviour of samples submission when opt-in for MAPS telemetry is set.\n\nPossible options are:\n(0x0) Always prompt\n(0x1) Send safe samples automatically\n(0x2) Never send\n(0x3) Send all samples automatically", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Spynet" ], "Elements": [ { "Type": "Enum", "ValueName": "SubmitSamplesConsent", "Items": [ { "DisplayName": "Always prompt", "Data": "0" }, { "DisplayName": "Send safe samples", "Data": "1" }, { "DisplayName": "Never send", "Data": "2" }, { "DisplayName": "Send all samples", "Data": "3" } ], "Required": true } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Threats", "PolicyName": "Threats_ThreatIdDefaultAction", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Specify threats upon which default action should not be taken when detected", "ExplainText": "This policy setting customize which remediation action will be taken for each listed Threat ID when it is detected during a scan. Threats should be added under the Options for this setting. Each entry must be listed as a name value pair. The name defines a valid Threat ID, while the value contains the action ID for the remediation action that should be taken.\n\nValid remediation action values are:\n2 = Quarantine\n3 = Remove\n6 = Ignore", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Threats" ], "ValueName": "Threats_ThreatIdDefaultAction", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Threats\\ThreatIdDefaultAction" ] } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Threats", "PolicyName": "Threats_ThreatSeverityDefaultAction", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Specify threat alert levels at which default action should not be taken when detected", "ExplainText": "This policy setting allows you to customize which automatic remediation action will be taken for each threat alert level.Threat alert levels should be added under the Options for this setting. Each entry must be listed as a name value pair. The name defines a threat alert level. The value contains the action ID for the remediation action that should be taken.\n\nValid threat alert levels are:\n1 = Low\n2 = Medium\n4 = High\n5 = Severe\n\nValid remediation action values are:\n2 = Quarantine\n3 = Remove\n6 = Ignore", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Threats" ], "ValueName": "Threats_ThreatSeverityDefaultAction", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Threats\\ThreatSeverityDefaultAction" ] } ] }, { "File": "WindowsDefender.admx", "CategoryName": "ClientInterface", "PolicyName": "UX_Configuration_UILockdown", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Enable headless UI mode", "ExplainText": "This policy setting allows you to configure whether or not to display AM UI to the users.\nIf you enable this setting AM UI won't be available to users.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\UX Configuration" ], "ValueName": "UILockdown", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "ClientInterface", "PolicyName": "UX_Configuration_SuppressRebootNotification", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Suppresses reboot notifications", "ExplainText": "This policy setting allows user to supress reboot notifications in UI only mode (for cases where UI can't be in lockdown mode).\n\nIf you enable this setting AM UI won't show reboot notifications.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\UX Configuration" ], "ValueName": "SuppressRebootNotification", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "ClientInterface", "PolicyName": "UX_Configuration_Notification_Suppress", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Suppress all notifications", "ExplainText": "Use this policy setting to specify if you want Microsoft Defender Antivirus notifications to display on clients.\nIf you disable or do not configure this setting, Microsoft Defender Antivirus notifications will display on clients.\n\nIf you enable this setting, Microsoft Defender Antivirus notifications will not display on clients.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\UX Configuration" ], "ValueName": "Notification_Suppress", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "MpEngine", "PolicyName": "MpEngine_MpCloudBlockLevel", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Select cloud protection level", "ExplainText": "This policy setting determines how aggressive Microsoft Defender Antivirus will be in blocking and scanning suspicious files.\n\nIf this setting is on, Microsoft Defender Antivirus will be more aggressive when identifying suspicious files to block and scan; otherwise, it will be less aggressive and therefore block and scan with less frequency.\n\nFor more information about specific values that are supported, see the Microsoft Defender Antivirus documentation site.\n\nNote: This feature requires the \"Join Microsoft MAPS\" setting enabled in order to function.\n\nPossible options are:\n(0x0) Default Microsoft Defender Antivirus blocking level\n(0x1) Moderate Microsoft Defender Antivirus blocking level, delivers verdict only for high confidence detections\n(0x2) High blocking level - aggressively block unknowns while optimizing client performance (greater chance of false positives)\n(0x4) High+ blocking level \u2013 aggressively block unknowns and apply additional protection measures (may impact client performance)\n(0x6) Zero tolerance blocking level \u2013 block all unknown executables", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\MpEngine" ], "Elements": [ { "Type": "Enum", "ValueName": "MpCloudBlockLevel", "Items": [ { "DisplayName": "Default blocking level", "Data": "0" }, { "DisplayName": "Moderate blocking level", "Data": "1" }, { "DisplayName": "High blocking level", "Data": "2" }, { "DisplayName": "High+ blocking level", "Data": "4" }, { "DisplayName": "Zero tolerance blocking level", "Data": "6" } ], "Required": true } ] }, { "File": "WindowsDefender.admx", "CategoryName": "MpEngine", "PolicyName": "MpEngine_MpBafsExtendedTimeout", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Configure extended cloud check", "ExplainText": "This feature allows Microsoft Defender Antivirus to block a suspicious file for up to 60 seconds, and scan it in the cloud to make sure it's safe.\n\nThe typical cloud check timeout is 10 seconds. To enable the extended cloud check feature, specify the extended time in seconds, up to an additional 50 seconds.\n\nFor example, if the desired timeout is 60 seconds, specify 50 seconds in this setting, which will enable the extended cloud check feature, and will raise the total time to 60 seconds.\n\nNote: This feature depends on three other MAPS settings - \"Configure the 'Block at First Sight' feature; \"Join Microsoft MAPS\"; \"Send file samples when further analysis is required\" all need to be enabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\MpEngine" ], "Elements": [ { "Type": "Decimal", "ValueName": "MpBafsExtendedTimeout", "MinValue": "0", "MaxValue": "50" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "MpEngine", "PolicyName": "MpEngine_EnableFileHashComputation", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0_RS7 - At least Windows Server 2016, Windows 10 Version 1909", "DisplayName": "Enable file hash computation feature", "ExplainText": "Enable or disable file hash computation feature.\n\nEnabled:\nWhen this feature is enabled Microsoft Defender will compute hash value for files it scans.\n\nDisabled:\nFile hash value is not computed\n\nNot configured:\nSame as Disabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\MpEngine" ], "ValueName": "EnableFileHashComputation", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "MpEngine", "PolicyName": "DisableGradualRelease", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0_RS1 - At least Windows Server 2016, Windows 10 Version 1607", "DisplayName": "Disable gradual rollout of Microsoft Defender updates.", "ExplainText": "Enable this policy to disable gradual rollout of Defender updates.\n\nCurrent Channel (Broad): Devices set to this channel will be offered updates last during the gradual release cycle. Best for datacenter machines that only receive limited updates.\n\nNote: This setting applies to both monthly as well as daily Defender updates and will override any previously configured channel selections for platform and engine updates.\n\nIf you disable or do not configure this policy, the device will remain in Current Channel (Default) unless specified otherwise in specific channels for platform and engine updates. Stay up to date automatically during the gradual release cycle. Suitable for most devices.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\MpEngine" ], "ValueName": "DisableGradualRelease", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "ExploitGuard_NetworkProtection", "PolicyName": "ExploitGuard_EnableNetworkProtection", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0_RS3 - At least Windows Server 2016, Windows 10 Version 1709", "DisplayName": "Prevent users and apps from accessing dangerous websites", "ExplainText": "Enable or disable Microsoft Defender Exploit Guard network protection to prevent employees from using any application to access dangerous domains that may host phishing scams, exploit-hosting sites, and other malicious content on the Internet.\n\nEnabled:\nSpecify the mode in the Options section:\n-Block: Users and applications will not be able to access dangerous domains\n-Audit Mode: Users and applications can connect to dangerous domains, however if this feature would have blocked access if it were set to Block, then a record of the event will be in the event logs.\n\nDisabled:\nUsers and applications will not be blocked from connecting to dangerous domains.\n\nNot configured:\nSame as Disabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Windows Defender Exploit Guard\\Network Protection" ], "Elements": [ { "Type": "Enum", "ValueName": "EnableNetworkProtection", "Items": [ { "DisplayName": "Disable (Default)", "Data": "0" }, { "DisplayName": "Block", "Data": "1" }, { "DisplayName": "Audit Mode", "Data": "2" } ], "Required": true } ] }, { "File": "WindowsDefender.admx", "CategoryName": "ExploitGuard_ControlledFolderAccess", "PolicyName": "ExploitGuard_ControlledFolderAccess_EnableControlledFolderAccess", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0_RS3 - At least Windows Server 2016, Windows 10 Version 1709", "DisplayName": "Configure Controlled folder access", "ExplainText": "Enable or disable controlled folder access for untrusted applications. You can choose to block, audit, or allow attempts by untrusted apps to:\n- Modify or delete files in protected folders, such as the Documents folder\n- Write to disk sectors\n\nYou can also choose to only block or audit writes to disk sectors while still allowing the modification or deletion of files in protected folders.\n\nMicrosoft Defender Antivirus automatically determines which applications can be trusted. You can add additional trusted applications in the Configure allowed applications GP setting.\nDefault system folders are automatically protected, but you can add folders in the Configure protected folders GP setting.\n\nBlock:\nThe following will be blocked:\n- Attempts by untrusted apps to modify or delete files in protected folders\n- Attempts by untrusted apps to write to disk sectors\nThe Windows event log will record these blocks under Applications and Services Logs > Microsoft > Windows > Windows Defender > Operational > ID 1123.\n\nDisabled:\nThe following will not be blocked and will be allowed to run:\n- Attempts by untrusted apps to modify or delete files in protected folders\n- Attempts by untrusted apps to write to disk sectors\nThese attempts will not be recorded in the Windows event log.\n\nAudit Mode:\nThe following will not be blocked and will be allowed to run:\n- Attempts by untrusted apps to modify or delete files in protected folders\n- Attempts by untrusted apps to write to disk sectors\nThe Windows event log will record these attempts under Applications and Services Logs > Microsoft > Windows > Windows Defender > Operational > ID 1124.\n\nBlock disk modification only:\nThe following will be blocked:\n- Attempts by untrusted apps to write to disk sectors\nThe Windows event log will record these attempts under Applications and Services Logs > Microsoft > Windows > Windows Defender > Operational > ID 1123.\n\nThe following will not be blocked and will be allowed to run:\n- Attempts by untrusted apps to modify or delete files in protected folders\nThese attempts will not be recorded in the Windows event log.\n\nAudit disk modification only:\nThe following will not be blocked and will be allowed to run:\n- Attempts by untrusted apps to write to disk sectors\n- Attempts by untrusted apps to modify or delete files in protected folders\nOnly attempts to write to protected disk sectors will be recorded in the Windows event log (under Applications and Services Logs > Microsoft > Windows > Windows Defender > Operational > ID 1124).\nAttempts to modify or delete files in protected folders will not be recorded.\n\nNot configured:\nSame as Disabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Windows Defender Exploit Guard\\Controlled Folder Access" ], "Elements": [ { "Type": "Enum", "ValueName": "EnableControlledFolderAccess", "Items": [ { "DisplayName": "Disable (Default)", "Data": "0" }, { "DisplayName": "Block", "Data": "1" }, { "DisplayName": "Audit Mode", "Data": "2" }, { "DisplayName": "Block disk modification only", "Data": "3" }, { "DisplayName": "Audit disk modification only", "Data": "4" } ], "Required": true } ] }, { "File": "WindowsDefender.admx", "CategoryName": "ExploitGuard_ASR", "PolicyName": "ExploitGuard_ASR_Rules", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0_RS3 - At least Windows Server 2016, Windows 10 Version 1709", "DisplayName": "Configure Attack Surface Reduction rules", "ExplainText": "Set the state for each Attack Surface Reduction (ASR) rule.\n\nAfter enabling this setting, you can set each rule to the following in the Options section:\n- Block: the rule will be applied\n- Audit Mode: if the rule would normally cause an event, then it will be recorded (although the rule will not actually be applied)\n- Off: the rule will not be applied\n- Not Configured: the rule is enabled with default values\n- Warn: the rule will be applied and the end-user will have the option to bypass the block\n\nUnless the ASR rule is disabled, a subsample of audit events are collected for ASR rules will the value of not configured.\n\nEnabled:\nSpecify the state for each ASR rule under the Options section for this setting.\nEnter each rule on a new line as a name-value pair:\n- Name column: Enter a valid ASR rule ID\n- Value column: Enter the status ID that relates to state you want to specify for the associated rule\n\nThe following status IDs are permitted under the value column:\n- 1 (Block)\n- 0 (Off)\n- 2 (Audit)\n- 5 (Not Configured)\n- 6 (Warn)\n\nExample:\nxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx 0\nxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx 1\nxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx 2\n\nDisabled:\nNo ASR rules will be configured.\n\nNot configured:\nSame as Disabled.\n\nYou can exclude folders or files in the \"\"Exclude files and paths from Attack Surface Reduction Rules\"\" GP setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Windows Defender Exploit Guard\\ASR" ], "ValueName": "ExploitGuard_ASR_Rules", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Windows Defender Exploit Guard\\ASR\\Rules" ] } ] }, { "File": "WindowsDefender.admx", "CategoryName": "ExploitGuard_ASR", "PolicyName": "ExploitGuard_ASR_ASROnlyExclusions", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0_RS3 - At least Windows Server 2016, Windows 10 Version 1709", "DisplayName": "Exclude files and paths from Attack Surface Reduction Rules", "ExplainText": "Exclude files and paths from Attack Surface Reduction (ASR) rules.\n\nEnabled:\nSpecify the folders or files and resources that should be excluded from ASR rules in the Options section.\nEnter each rule on a new line as a name-value pair:\n- Name column: Enter a folder path or a fully qualified resource name. For example, \"\"C:\\Windows\"\" will exclude all files in that directory. \"\"C:\\Windows\\App.exe\"\" will exclude only that specific file in that specific folder\n- Value column: Enter \"\"0\"\" for each item\n\nDisabled:\nNo exclusions will be applied to the ASR rules.\n\nNot configured:\nSame as Disabled.\n\nYou can configure ASR rules in the Configure Attack Surface Reduction rules GP setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Windows Defender Exploit Guard\\ASR" ], "ValueName": "ExploitGuard_ASR_ASROnlyExclusions", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Windows Defender Exploit Guard\\ASR\\ASROnlyExclusions" ] } ] }, { "File": "WindowsDefender.admx", "CategoryName": "ExploitGuard_ASR", "PolicyName": "ExploitGuard_ASR_ASROnlyPerRuleExclusions", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0_RS3 - At least Windows Server 2016, Windows 10 Version 1709", "DisplayName": "Apply a list of exclusions to specific attack surface reduction (ASR) rules", "ExplainText": "This policy allows an administrator to specify a list of exclusions for specific ASR rules.\nEach entry is a name-value pair. The key indicates the rule GUID, and the value is a set of full paths separated by the > character, indicating the exclusions for that particular ASR rule.\n\nNOTE: The GUID is a KEY, not a value.\n\nExample:\nKEY: \"{75668C1F-73B5-4CF0-BB93-3ECF5DB7C484}\"\nVALUE: \"C:\\Notepad.exe>c:\\regedit.exe>C:\\SomeFolder\\test.exe\"", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Windows Defender Exploit Guard\\ASR" ], "ValueName": "ExploitGuard_ASR_ASROnlyPerRuleExclusions", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Windows Defender Exploit Guard\\ASR\\ASROnlyPerRuleExclusions" ] } ] }, { "File": "WindowsDefender.admx", "CategoryName": "ExploitGuard_ControlledFolderAccess", "PolicyName": "ExploitGuard_ControlledFolderAccess_AllowedApplications", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0_RS3 - At least Windows Server 2016, Windows 10 Version 1709", "DisplayName": "Configure allowed applications", "ExplainText": "Add additional applications that should be considered \"trusted\" by controlled folder access.\n\nThese applications are allowed to modify or delete files in controlled folder access folders.\n\nMicrosoft Defender Antivirus automatically determines which applications should be trusted. You can configure this setting to add additional applications.\n\nEnabled:\nSpecify additional allowed applications in the Options section..\n\nDisabled:\nNo additional applications will be added to the trusted list.\n\nNot configured:\nSame as Disabled.\n\nYou can enable controlled folder access in the Configure controlled folder access GP setting.\n\nDefault system folders are automatically guarded, but you can add folders in the configure protected folders GP setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Windows Defender Exploit Guard\\Controlled Folder Access" ], "ValueName": "ExploitGuard_ControlledFolderAccess_AllowedApplications", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Windows Defender Exploit Guard\\Controlled Folder Access\\AllowedApplications" ] } ] }, { "File": "WindowsDefender.admx", "CategoryName": "ExploitGuard_ControlledFolderAccess", "PolicyName": "ExploitGuard_ControlledFolderAccess_ProtectedFolders", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0_RS3 - At least Windows Server 2016, Windows 10 Version 1709", "DisplayName": "Configure protected folders", "ExplainText": "Specify additional folders that should be guarded by the Controlled folder access feature.\n\nFiles in these folders cannot be modified or deleted by untrusted applications.\n\nDefault system folders are automatically protected. You can configure this setting to add additional folders.\nThe list of default system folders that are protected is shown in Windows Security.\n\nEnabled:\nSpecify additional folders that should be protected in the Options section.\n\nDisabled:\nNo additional folders will be protected.\n\nNot configured:\nSame as Disabled.\n\nYou can enable controlled folder access in the Configure controlled folder access GP setting.\n\nMicrosoft Defender Antivirus automatically determines which applications can be trusted. You can add additional trusted applications in the Configure allowed applications GP setting.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Windows Defender Exploit Guard\\Controlled Folder Access" ], "ValueName": "ExploitGuard_ControlledFolderAccess_ProtectedFolders", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Windows Defender Exploit Guard\\Controlled Folder Access\\ProtectedFolders" ] } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Features", "PolicyName": "Features_TDTFeatureEnabled", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Intel TDT Integration Level", "ExplainText": "This policy setting configures the Intel TDT integration level for Intel TDT-capable devices.\n\nIf you do not configure this setting, the default value will be applied. The default value is controlled by Microsoft security intelligence updates. Microsoft will enable Intel TDT if there is a known threat.\nIf you configure this setting to enabled, Intel TDT integration will turn on.\nIf you configure this setting to disabled, Intel TDT integration will turn off.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Features" ], "ValueName": "TDTFeatureEnabled", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "2" } ] }, { "File": "WindowsDefender.admx", "CategoryName": "Features", "PolicyName": "Features_PassiveRemediation", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefender", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Enable EDR in block mode", "ExplainText": "This policy setting enables or disables EDR in block mode (also known as \"passive remediation\"). EDR in block mode is recommended for devices running Microsoft Defender Antivirus in passive mode. Available with platform release: 4.18.2202.X\n\nThe data type is integer\n\nSupported values:\n\n1: Turn EDR in block mode on\n0: Turn EDR in block mode off", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Features" ], "ValueName": "PassiveRemediation", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefenderSecurityCenter.admx", "CategoryName": "VirusThreatProtection", "PolicyName": "VirusThreatProtection_UILockdown", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefenderSecurityCenter", "Supported": "Windows_10_0_RS3 - At least Windows Server 2016, Windows 10 Version 1709", "DisplayName": "Hide the Virus and threat protection area", "ExplainText": "Hide the Virus and threat protection area in Windows Security.\n\nEnabled:\nThe Virus and threat protection area will be hidden.\n\nDisabled:\nThe Virus and threat protection area will be shown.\n\nNot configured:\nSame as Disabled.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows Defender Security Center\\Virus and threat protection" ], "ValueName": "UILockdown", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefenderSecurityCenter.admx", "CategoryName": "VirusThreatProtection", "PolicyName": "VirusThreatProtection_HideRansomwareRecovery", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefenderSecurityCenter", "Supported": "Windows_10_0_RS4 - At least Windows Server 2016, Windows 10 Version 1803", "DisplayName": "Hide the Ransomware data recovery area", "ExplainText": "Hide the Ransomware data recovery area in Windows Security.\n\nEnabled:\nThe Ransomware data recovery area will be hidden.\n\nDisabled:\nThe Ransomware data recovery area will be shown.\n\nNot configured:\nSame as Disabled.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows Defender Security Center\\Virus and threat protection" ], "ValueName": "HideRansomwareRecovery", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefenderSecurityCenter.admx", "CategoryName": "FirewallNetworkProtection", "PolicyName": "FirewallNetworkProtection_UILockdown", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefenderSecurityCenter", "Supported": "Windows_10_0_RS3 - At least Windows Server 2016, Windows 10 Version 1709", "DisplayName": "Hide the Firewall and network protection area", "ExplainText": "Hide the Firewall and network protection area in Windows Security.\n\nEnabled:\nThe Firewall and network protection area will be hidden.\n\nDisabled:\nThe Firewall and network protection area will be shown.\n\nNot configured:\nSame as Disabled.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows Defender Security Center\\Firewall and network protection" ], "ValueName": "UILockdown", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefenderSecurityCenter.admx", "CategoryName": "AppBrowserProtection", "PolicyName": "AppBrowserProtection_UILockdown", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefenderSecurityCenter", "Supported": "Windows_10_0_RS3 - At least Windows Server 2016, Windows 10 Version 1709", "DisplayName": "Hide the App and browser protection area", "ExplainText": "Hide the App and browser protection area in Windows Security.\n\nEnabled:\nThe App and browser protection area will be hidden.\n\nDisabled:\nThe App and browser protection area will be shown.\n\nNot configured:\nSame as Disabled.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows Defender Security Center\\App and Browser protection" ], "ValueName": "UILockdown", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefenderSecurityCenter.admx", "CategoryName": "AppBrowserProtection", "PolicyName": "AppBrowserProtection_DisallowExploitProtectionOverride", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefenderSecurityCenter", "Supported": "Windows_10_0_RS3 - At least Windows Server 2016, Windows 10 Version 1709", "DisplayName": "Prevent users from modifying settings", "ExplainText": "Prevent users from making changes to the Exploit protection settings area in Windows Security.\n\nEnabled:\nLocal users can not make changes in the Exploit protection settings area.\n\nDisabled:\nLocal users are allowed to make changes in the Exploit protection settings area.\n\nNot configured:\nSame as Disabled.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows Defender Security Center\\App and Browser protection" ], "ValueName": "DisallowExploitProtectionOverride", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefenderSecurityCenter.admx", "CategoryName": "DevicePerformanceHealth", "PolicyName": "DevicePerformanceHealth_UILockdown", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefenderSecurityCenter", "Supported": "Windows_10_0_RS3 - At least Windows Server 2016, Windows 10 Version 1709", "DisplayName": "Hide the Device performance and health area", "ExplainText": "Hide the Device performance and health area in Windows Security.\n\nEnabled:\nThe Device performance and health area will be hidden.\n\nDisabled:\nThe Device performance and health area will be shown.\n\nNot configured:\nSame as Disabled.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows Defender Security Center\\Device performance and health" ], "ValueName": "UILockdown", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefenderSecurityCenter.admx", "CategoryName": "FamilyOptions", "PolicyName": "FamilyOptions_UILockdown", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefenderSecurityCenter", "Supported": "Windows_10_0_RS3 - At least Windows Server 2016, Windows 10 Version 1709", "DisplayName": "Hide the Family options area", "ExplainText": "Hide the Family options area in Windows Security.\n\nEnabled:\nThe Family options area will be hidden.\n\nDisabled:\nThe Family options area will be shown.\n\nNot configured:\nSame as Disabled.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows Defender Security Center\\Family options" ], "ValueName": "UILockdown", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefenderSecurityCenter.admx", "CategoryName": "Notifications", "PolicyName": "Notifications_DisableNotifications", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefenderSecurityCenter", "Supported": "Windows_10_0_RS3 - At least Windows Server 2016, Windows 10 Version 1709", "DisplayName": "Hide all notifications", "ExplainText": "Hide notifications from Windows Security.\n\nEnabled:\nLocal users will not see notifications from Windows Security.\n\nDisabled:\nLocal users can see notifications from Windows Security.\n\nNot configured:\nSame as Disabled.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows Defender Security Center\\Notifications" ], "ValueName": "DisableNotifications", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefenderSecurityCenter.admx", "CategoryName": "Notifications", "PolicyName": "Notifications_DisableEnhancedNotifications", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefenderSecurityCenter", "Supported": "Windows_10_0_RS3 - At least Windows Server 2016, Windows 10 Version 1709", "DisplayName": "Hide non-critical notifications", "ExplainText": "Only show critical notifications from Windows Security.\n\nIf the Suppress all notifications GP setting has been enabled, this setting will have no effect.\n\nEnabled:\nLocal users will only see critical notifications from Windows Security. They will not see other types of notifications, such as regular PC or device health information.\n\nDisabled:\nLocal users will see all types of notifications from Windows Security.\n\nNot configured:\nSame as Disabled.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows Defender Security Center\\Notifications" ], "ValueName": "DisableEnhancedNotifications", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefenderSecurityCenter.admx", "CategoryName": "EnterpriseCustomization", "PolicyName": "EnterpriseCustomization_EnableCustomizedToasts", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefenderSecurityCenter", "Supported": "Windows_10_0_RS3 - At least Windows Server 2016, Windows 10 Version 1709", "DisplayName": "Configure customized notifications", "ExplainText": "Display specified contact information to local users in Windows Security notifications.\n\nEnabled:\nYour company contact information will be displayed in notifications that come from Windows Security.\n\nAfter setting this to Enabled, you must configure the Specify contact company name GP setting and at least one of the following GP settings:\n-Specify contact phone number or Skype ID\n-Specify contact email number or email ID\n-Specify contact website\nPlease note that in some cases we will be limiting the contact options that are displayed based on the notification space available.\n\nDisabled:\nNo contact information will be shown on notifications.\n\nNot configured:\nSame as Disabled.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows Defender Security Center\\Enterprise Customization" ], "ValueName": "EnableForToasts", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefenderSecurityCenter.admx", "CategoryName": "EnterpriseCustomization", "PolicyName": "EnterpriseCustomization_EnableInAppCustomization", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefenderSecurityCenter", "Supported": "Windows_10_0_RS3 - At least Windows Server 2016, Windows 10 Version 1709", "DisplayName": "Configure customized contact information", "ExplainText": "Display specified contact information to local users in a contact card flyout menu in Windows Security\n\nEnabled:\nYour company contact information will be displayed in a flyout menu in Windows Security.\n\nAfter setting this to Enabled, you must configure the Specify contact company name GP setting and at least one of the following GP settings:\n-Specify contact phone number or Skype ID\n-Specify contact email number or email ID\n-Specify contact website\n\nDisabled:\nNo contact information will be shown in Windows Security.\n\nNot configured:\nSame as Disabled.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows Defender Security Center\\Enterprise Customization" ], "ValueName": "EnableInApp", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefenderSecurityCenter.admx", "CategoryName": "EnterpriseCustomization", "PolicyName": "EnterpriseCustomization_CompanyName", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefenderSecurityCenter", "Supported": "Windows_10_0_RS3 - At least Windows Server 2016, Windows 10 Version 1709", "DisplayName": "Specify contact company name", "ExplainText": "Specify the company name that will be displayed in Windows Security and associated notifications. This setting must be enabled for any contact information to appear.\n\nEnabled:\nEnter the company name in the Options section.\n\nDisabled:\nCompany information will not be shown at all in either Windows Security or any notifications that it creates.\n\nNot configured:\nSame as Disabled.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows Defender Security Center\\Enterprise Customization" ], "Elements": [ { "Type": "Text", "ValueName": "CompanyName", "Required": true } ] }, { "File": "WindowsDefenderSecurityCenter.admx", "CategoryName": "EnterpriseCustomization", "PolicyName": "EnterpriseCustomization_Phone", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefenderSecurityCenter", "Supported": "Windows_10_0_RS3 - At least Windows Server 2016, Windows 10 Version 1709", "DisplayName": "Specify contact phone number or Skype ID", "ExplainText": "Specify the phone number or Skype ID that will be displayed in Windows Security and associated notifications.\n\nUsers can click on the contact information to automatically call the supplied number. Skype will be used to initiate the call.\n\nEnabled:\nEnter the phone number or Skype ID in the Options section.\n\nDisabled:\nA contact phone number or Skype ID will not be shown in either Windows Security or any notifications it creates.\n\nNot configured:\nSame as Disabled.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows Defender Security Center\\Enterprise Customization" ], "Elements": [ { "Type": "Text", "ValueName": "Phone", "Required": true } ] }, { "File": "WindowsDefenderSecurityCenter.admx", "CategoryName": "EnterpriseCustomization", "PolicyName": "EnterpriseCustomization_Email", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefenderSecurityCenter", "Supported": "Windows_10_0_RS3 - At least Windows Server 2016, Windows 10 Version 1709", "DisplayName": "Specify contact email address or Email ID", "ExplainText": "Specify the email address or email ID that will be displayed in Windows Security and associated notifications.\n\nUsers can click on the contact information to create an email that will be sent to the specified address. The default email application will be used.\n\nEnabled:\nEnter the email address or email ID in the Options section.\n\nDisabled:\nA contact email address or email ID will not be shown in either Windows Security or any notifications it creates.\n\nNot configured:\nSame as Disabled.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows Defender Security Center\\Enterprise Customization" ], "Elements": [ { "Type": "Text", "ValueName": "Email", "Required": true } ] }, { "File": "WindowsDefenderSecurityCenter.admx", "CategoryName": "EnterpriseCustomization", "PolicyName": "EnterpriseCustomization_URL", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefenderSecurityCenter", "Supported": "Windows_10_0_RS3 - At least Windows Server 2016, Windows 10 Version 1709", "DisplayName": "Specify contact website", "ExplainText": "Specify the URL that will be displayed in Windows Security and associated notifications.\n\nUsers can click on the contact information to visit the specified website. The default web browser will be used.\n\nEnabled:\nEnter the URL in the Options section.\n\nDisabled:\nA contact website URL will not be shown in either Windows Security or any notifications it creates.\n\nNot configured:\nSame as Disabled.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows Defender Security Center\\Enterprise Customization" ], "Elements": [ { "Type": "Text", "ValueName": "Url", "Required": true } ] }, { "File": "WindowsDefenderSecurityCenter.admx", "CategoryName": "AccountProtection", "PolicyName": "AccountProtection_UILockdown", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefenderSecurityCenter", "Supported": "Windows_10_0_RS4 - At least Windows Server 2016, Windows 10 Version 1803", "DisplayName": "Hide the Account protection area", "ExplainText": "Hide the Account protection area in Windows Security.\n\nEnabled:\nThe Account protection area will be hidden.\n\nDisabled:\nThe Account protection area will be shown.\n\nNot configured:\nSame as Disabled.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows Defender Security Center\\Account protection" ], "ValueName": "UILockdown", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefenderSecurityCenter.admx", "CategoryName": "DeviceSecurity", "PolicyName": "DeviceSecurity_UILockdown", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefenderSecurityCenter", "Supported": "Windows_10_0_RS4 - At least Windows Server 2016, Windows 10 Version 1803", "DisplayName": "Hide the Device security area", "ExplainText": "Hide the Device security area in Windows Security.\n\nEnabled:\nThe Device security area will be hidden.\n\nDisabled:\nThe Device security area will be shown.\n\nNot configured:\nSame as Disabled.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows Defender Security Center\\Device security" ], "ValueName": "UILockdown", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefenderSecurityCenter.admx", "CategoryName": "DeviceSecurity", "PolicyName": "DeviceSecurity_HideTPMTroubleshooting", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefenderSecurityCenter", "Supported": "Windows_10_0_RS4 - At least Windows Server 2016, Windows 10 Version 1803", "DisplayName": "Hide the Security processor (TPM) troubleshooter page", "ExplainText": "Hide the Security processor (TPM) troubleshooting area in Windows Security.\n\nEnabled:\nThe Security processor (TPM) troubleshooting area will be hidden.\n\nDisabled:\nThe Security processor (TPM) troubleshooting area will be shown.\n\nNot configured:\nSame as Disabled.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows Defender Security Center\\Device security" ], "ValueName": "HideTPMTroubleshooting", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefenderSecurityCenter.admx", "CategoryName": "DeviceSecurity", "PolicyName": "DeviceSecurity_HideSecureBoot", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefenderSecurityCenter", "Supported": "Windows_10_0_RS4 - At least Windows Server 2016, Windows 10 Version 1803", "DisplayName": "Hide the Secure boot area", "ExplainText": "Hide the Secure boot area in Windows Security.\n\nEnabled:\nThe Secure boot area will be hidden.\n\nDisabled:\nThe Secure boot area will be shown.\n\nNot configured:\nSame as Disabled.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows Defender Security Center\\Device security" ], "ValueName": "HideSecureBoot", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefenderSecurityCenter.admx", "CategoryName": "DeviceSecurity", "PolicyName": "DeviceSecurity_DisableClearTpmButton", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefenderSecurityCenter", "Supported": "Windows_10_0_RS5 - At least Windows Server 2016, Windows 10 Version 1809", "DisplayName": "Disable the Clear TPM button", "ExplainText": "Disable the Clear TPM button in Windows Security.\n\nEnabled:\nThe Clear TPM button will be unavailable for use.\n\nDisabled:\nThe Clear TPM button will be available for use.\n\nNot configured:\nSame as Disabled.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows Defender Security Center\\Device security" ], "ValueName": "DisableClearTpmButton", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefenderSecurityCenter.admx", "CategoryName": "DeviceSecurity", "PolicyName": "DeviceSecurity_DisableTpmFirmwareUpdateWarning", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefenderSecurityCenter", "Supported": "Windows_10_0_RS5 - At least Windows Server 2016, Windows 10 Version 1809", "DisplayName": "Hide the TPM Firmware Update recommendation.", "ExplainText": "Hide the recommendation to update TPM Firmware when a vulnerable firmware is detected.\n\nEnabled:\nUsers will not be shown a recommendation to update their TPM Firmware.\n\nDisabled:\nUsers will see a recommendation to update their TPM Firmware if Windows Security detects the system contains a TPM with vulnerable firmware.\n\nNot configured:\nSame as Disabled.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows Defender Security Center\\Device security" ], "ValueName": "DisableTpmFirmwareUpdateWarning", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsDefenderSecurityCenter.admx", "CategoryName": "Systray", "PolicyName": "Systray_HideSystray", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsDefenderSecurityCenter", "Supported": "Windows_10_0_RS5 - At least Windows Server 2016, Windows 10 Version 1809", "DisplayName": "Hide Windows Security Systray", "ExplainText": "This policy setting hides the Windows Security notification area control.\n\nThe user needs to either sign out and sign in or reboot the computer for this setting to take effect.\n\nEnabled:\nWindows Security notification area control will be hidden.\n\nDisabled:\nWindows Security notification area control will be shown.\n\nNot configured:\nSame as Disabled.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows Defender Security Center\\Systray" ], "ValueName": "HideSystray", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsExplorer.admx", "CategoryName": "Comdlg", "PolicyName": "NoBackButton", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Hide the common dialog back button", "ExplainText": "Hide the Back button in the Open dialog box.\n\nThis policy setting lets you remove new features added in Microsoft Windows 2000 Professional, so the Open dialog box appears as it did in Windows NT 4.0 and earlier. This policy setting affects only programs that use the standard Open dialog box provided to developers of Windows programs.\n\nIf you enable this policy setting, the Back button is removed from the standard Open dialog box.\n\nIf you disable or do not configure this policy setting, the Back button is displayed for any standard Open dialog box.\n\nTo see an example of the standard Open dialog box, start Notepad and, on the File menu, click Open.\n\nNote: In Windows Vista, this policy setting applies only to applications that are using the Windows XP common dialog box style. This policy setting does not apply to the new Windows Vista common dialog box style. Also, third-party applications with Windows 2000 or later certification to are required to adhere to this policy setting.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Comdlg32" ], "ValueName": "NoBackButton", "Elements": [] }, { "File": "WindowsExplorer.admx", "CategoryName": "Comdlg", "PolicyName": "NoFileMRU", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Hide the dropdown list of recent files", "ExplainText": "Removes the list of most recently used files from the Open dialog box.\n\nIf you disable this setting or do not configure it, the \"File name\" field includes a drop-down list of recently used files. If you enable this setting, the \"File name\" field is a simple text box. Users must browse directories to find a file or type a file name in the text box.\n\nThis setting, and others in this folder, lets you remove new features added in Windows 2000 Professional, so that the Open dialog box looks like it did in Windows NT 4.0 and earlier. These policies only affect programs that use the standard Open dialog box provided to developers of Windows programs.\n\nTo see an example of the standard Open dialog box, start Wordpad and, on the File menu, click Open.\n\nNote: In Windows Vista, this policy setting applies only to applications that are using the Windows XP common dialog box style. This policy setting does not apply to the new Windows Vista common dialog box style. It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Comdlg32" ], "ValueName": "NoFileMru", "Elements": [] }, { "File": "WindowsExplorer.admx", "CategoryName": "Comdlg", "PolicyName": "NoPlacesBar", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Hide the common dialog places bar", "ExplainText": "Removes the shortcut bar from the Open dialog box.\n\nThis setting, and others in this folder, lets you remove new features added in Windows 2000 Professional, so that the Open dialog box looks like it did in Windows NT 4.0 and earlier. These policies only affect programs that use the standard Open dialog box provided to developers of Windows programs.\n\nTo see an example of the standard Open dialog box, start Wordpad and, on the File menu, click Open.\n\nNote: In Windows Vista, this policy setting applies only to applications that are using the Windows XP common dialog box style. This policy setting does not apply to the new Windows Vista common dialog box style. It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Comdlg32" ], "ValueName": "NoPlacesBar", "Elements": [] }, { "File": "WindowsExplorer.admx", "CategoryName": "Comdlg", "PolicyName": "PlacesBar", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Items displayed in Places Bar", "ExplainText": "Configures the list of items displayed in the Places Bar in the Windows File/Open dialog. If enable this setting you can specify from 1 to 5 items to be displayed in the Places Bar.\n\nThe valid items you may display in the Places Bar are:\n\n1) Shortcuts to a local folders -- (ex. C:\\Windows)\n\n2) Shortcuts to remote folders -- (\\\\server\\share)\n\n3) FTP folders\n\n4) web folders\n\n5) Common Shell folders.\n\nThe list of Common Shell Folders that may be specified:\n\nDesktop, Recent Places, Documents, Pictures, Music, Recently Changed, Attachments and Saved Searches.\n\nIf you disable or do not configure this setting the default list of items will be displayed in the Places Bar.\n\nNote: In Windows Vista, this policy setting applies only to applications that are using the Windows XP common dialog box style. This policy setting does not apply to the new Windows Vista common dialog box style.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\comdlg32\\Placesbar" ], "Elements": [ { "Type": "Text", "ValueName": "Place0" }, { "Type": "Text", "ValueName": "Place1" }, { "Type": "Text", "ValueName": "Place2" }, { "Type": "Text", "ValueName": "Place3" }, { "Type": "Text", "ValueName": "Place4" } ] }, { "File": "WindowsExplorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "ClassicShell", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "WindowsVistaTo2k - Windows Server 2008, Windows Server 2003, Windows Vista, Windows XP, and Windows 2000", "DisplayName": "Turn on Classic Shell", "ExplainText": "This setting allows an administrator to revert specific Windows Shell behavior to classic Shell behavior.\n\nIf you enable this setting, users cannot configure their system to open items by single-clicking (such as in Mouse in Control Panel). As a result, the user interface looks and operates like the interface for Windows NT 4.0, and users cannot restore the new features.\nEnabling this policy will also turn off the preview pane and set the folder options for File Explorer to Use classic folders view and disable the users ability to change these options.\n\nIf you disable or not configure this policy, the default File Explorer behavior is applied to the user.\n\nNote: In operating systems earlier than Windows Vista, enabling this policy will also disable the Active Desktop and Web view. This setting will also take precedence over the \"Enable Active Desktop\" setting. If both policies are enabled, Active Desktop is disabled.\n\nAlso, see the \"Disable Active Desktop\" setting in User Configuration\\Administrative Templates\\Desktop\\Active Desktop and the \"Do not allow Folder Options to be opened from the Options button on the View tab of the ribbon\" setting in User Configuration\\Administrative Templates\\Windows Components\\File Explorer.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "ClassicShell", "Elements": [] }, { "File": "WindowsExplorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "ConfirmFileDelete", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Display confirmation dialog when deleting files", "ExplainText": "Allows you to have File Explorer display a confirmation dialog whenever a file is deleted or moved to the Recycle Bin.\n\nIf you enable this setting, a confirmation dialog is displayed when a file is deleted or moved to the Recycle Bin by the user.\n\nIf you disable or do not configure this setting, the default behavior of not displaying a confirmation dialog occurs.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "ConfirmFileDelete", "Elements": [] }, { "File": "WindowsExplorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "EnforceShellExtensionSecurity", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Allow only per user or approved shell extensions", "ExplainText": "This setting is designed to ensure that shell extensions can operate on a per-user basis. If you enable this setting, Windows is directed to only run those shell extensions that have either been approved by an administrator or that will not impact other users of the machine.\n\nA shell extension only runs if there is an entry in at least one of the following locations in registry.\n\nFor shell extensions that have been approved by the administrator and are available to all users of the computer, there must be an entry at HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved.\n\nFor shell extensions to run on a per-user basis, there must be an entry at HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "EnforceShellExtensionSecurity", "Elements": [] }, { "File": "WindowsExplorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "LinkResolveIgnoreLinkInfo", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Do not track Shell shortcuts during roaming", "ExplainText": "This policy setting determines whether Windows traces shortcuts back to their sources when it cannot find the target on the user's system.\n\nShortcut files typically include an absolute path to the original target file as well as the relative path to the current target file. When the system cannot find the file in the current target path, then, by default, it searches for the target in the original path. If the shortcut has been copied to a different computer, the original path might lead to a network computer, including external resources, such as an Internet server.\n\nIf you enable this policy setting, Windows only searches the current target path. It does not search for the original path even when it cannot find the target file in the current target path.\n\nIf you disable or do not configure this policy setting, Windows searches for the original path when it cannot find the target file in the current target path.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "LinkResolveIgnoreLinkInfo", "Elements": [] }, { "File": "WindowsExplorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "MaxRecentDocs", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Windows7To2k - Windows Server 2008, Windows Server 2003, Windows 7, Windows Vista, Windows XP, and Windows 2000", "DisplayName": "Maximum number of recent documents", "ExplainText": "\"This policy setting allows you to set the maximum number of shortcuts the system can display in the Recent Items menu on the Start menu.\n\nThe Recent Items menu contains shortcuts to the nonprogram files the user has most recently opened.\n\nIf you enable this policy setting, the system displays the number of shortcuts specified by the policy setting.\n\nIf you disable or do not configure this policy setting, by default, the system displays shortcuts to the 10 most recently opened documents.\"", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "Elements": [ { "Type": "Decimal", "ValueName": "MaxRecentDocs", "MinValue": "0", "MaxValue": null, "Required": true } ] }, { "File": "WindowsExplorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "NoCacheThumbNailPictures", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Turn off caching of thumbnail pictures", "ExplainText": "This policy setting allows you to turn off caching of thumbnail pictures.\n\nIf you enable this policy setting, thumbnail views are not cached.\n\nIf you disable or do not configure this policy setting, thumbnail views are cached.\n\nNote: For shared corporate workstations or computers where security is a top concern, you should enable this policy setting to turn off the thumbnail view cache, because the thumbnail cache can be read by everyone.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoThumbnailCache", "Elements": [] }, { "File": "WindowsExplorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "NoCDBurning", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Remove CD Burning features", "ExplainText": "This policy setting allows you to remove CD Burning features. File Explorer allows you to create and modify re-writable CDs if you have a CD writer connected to your PC.\n\nIf you enable this policy setting, all features in the File Explorer that allow you to use your CD writer are removed.\n\nIf you disable or do not configure this policy setting, users are able to use the File Explorer CD burning features.\n\nNote: This policy setting does not prevent users from using third-party applications to create or modify CDs using a CD writer.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoCDBurning", "Elements": [] }, { "File": "WindowsExplorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "NoChangeAnimation", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Remove UI to change menu animation setting", "ExplainText": "This policy setting allows you to prevent users from enabling or disabling minor animations in the operating system for the movement of windows, menus, and lists.\n\nIf you enable this policy setting, the \"Use transition effects for menus and tooltips\" option in Display in Control Panel is disabled, and cannot be toggled by users.\n\nEffects, such as animation, are designed to enhance the user's experience but might be confusing or distracting to some users.\n\nIf you disable or do not configure this policy setting, users are allowed to turn on or off these minor system animations using the \"Use transition effects for menus and tooltips\" option in Display in Control Panel.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoChangeAnimation", "Elements": [] }, { "File": "WindowsExplorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "NoChangeKeyboardNavigationIndicators", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Remove UI to change keyboard navigation indicator setting", "ExplainText": "Disables the \"Hide keyboard navigation indicators until I use the ALT key\" option in Display in Control Panel.\n\nWhen this Display Properties option is selected, the underlining that indicates a keyboard shortcut character (hot key) does not appear on menus until you press ALT.\n\nEffects, such as transitory underlines, are designed to enhance the user's experience but might be confusing or distracting to some users.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoChangeKeyboardNavigationIndicators", "Elements": [] }, { "File": "WindowsExplorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "NoDFSTab", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Remove DFS tab", "ExplainText": "This policy setting allows you to remove the DFS tab from File Explorer.\n\nIf you enable this policy setting, the DFS (Distributed File System) tab is removed from File Explorer and from other programs that use the File Explorer browser, such as My Computer. As a result, users cannot use this tab to view or change the properties of the DFS shares available from their computer.\n\nThis policy setting does not prevent users from using other methods to configure DFS.\n\nIf you disable or do not configure this policy setting, the DFS tab is available.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoDFSTab", "Elements": [] }, { "File": "WindowsExplorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "NoDrives", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Hide these specified drives in My Computer", "ExplainText": "This policy setting allows you to hide these specified drives in My Computer.\n\nThis policy setting allows you to remove the icons representing selected hard drives from My Computer and File Explorer. Also, the drive letters representing the selected drives do not appear in the standard Open dialog box.\n\nIf you enable this policy setting, select a drive or combination of drives in the drop-down list.\n\nNote: This policy setting removes the drive icons. Users can still gain access to drive contents by using other methods, such as by typing the path to a directory on the drive in the Map Network Drive dialog box, in the Run dialog box, or in a command window.\n\nAlso, this policy setting does not prevent users from using programs to access these drives or their contents. And, it does not prevent users from using the Disk Management snap-in to view and change drive characteristics.\n\nIf you disable or do not configure this policy setting, all drives are displayed, or select the \"Do not restrict drives\" option in the drop-down list.\n\nAlso, see the \"Prevent access to drives from My Computer\" policy setting.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "Elements": [ { "Type": "Enum", "ValueName": "NoDrives", "Items": [ { "DisplayName": "Restrict A and B drives only", "Data": "3" }, { "DisplayName": "Restrict C drive only", "Data": "4" }, { "DisplayName": "Restrict D drive only", "Data": "8" }, { "DisplayName": "Restrict A, B and C drives only", "Data": "7" }, { "DisplayName": "Restrict A, B, C and D drives only", "Data": "15" }, { "DisplayName": "Restrict all drives", "Data": "67108863" }, { "DisplayName": "Do not restrict drives", "Data": "0" } ], "Required": true } ] }, { "File": "WindowsExplorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "NoEntireNetwork", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "No Entire Network in Network Locations", "ExplainText": "Removes all computers outside of the user's workgroup or local domain from lists of network resources in File Explorer and Network Locations.\n\nIf you enable this setting, the system removes the Entire Network option and the icons representing networked computers from Network Locations and from the browser associated with the Map Network Drive option.\n\nThis setting does not prevent users from viewing or connecting to computers in their workgroup or domain. It also does not prevent users from connecting to remote computers by other commonly used methods, such as by typing the share name in the Run dialog box or the Map Network Drive dialog box.\n\nTo remove computers in the user's workgroup or domain from lists of network resources, use the \"No Computers Near Me in Network Locations\" setting.\n\nNote: It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Network" ], "ValueName": "NoEntireNetwork", "Elements": [] }, { "File": "WindowsExplorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "NoFileMenu", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Remove File menu from File Explorer", "ExplainText": "Removes the File menu from My Computer and File Explorer.\n\nThis setting does not prevent users from using other methods to perform tasks available on the File menu.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoFileMenu", "Elements": [] }, { "File": "WindowsExplorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "NoFolderOptions", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Do not allow Folder Options to be opened from the Options button on the View tab of the ribbon", "ExplainText": "This policy setting allows you to prevent users from accessing Folder Options through the View tab on the ribbon in File Explorer.\n\nFolder Options allows users to change the way files and folders open, what appears in the navigation pane, and other advanced view settings.\n\nIf you enable this policy setting, users will receive an error message if they tap or click the Options button or choose the Change folder and search options command, and they will not be able to open Folder Options.\n\nIf you disable or do not configure this policy setting, users can open Folder Options from the View tab on the ribbon.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoFolderOptions", "Elements": [] }, { "File": "WindowsExplorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "NoHardwareTab", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Remove Hardware tab", "ExplainText": "Removes the Hardware tab.\n\nThis setting removes the Hardware tab from Mouse, Keyboard, and Sounds and Audio Devices in Control Panel. It also removes the Hardware tab from the Properties dialog box for all local drives, including hard drives, floppy disk drives, and CD-ROM drives. As a result, users cannot use the Hardware tab to view or change the device list or device properties, or use the Troubleshoot button to resolve problems with the device.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoHardwareTab", "Elements": [] }, { "File": "WindowsExplorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "NoManageMyComputerVerb", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Hides the Manage item on the File Explorer context menu", "ExplainText": "Removes the Manage item from the File Explorer context menu. This context menu appears when you right-click File Explorer or My Computer.\n\nThe Manage item opens Computer Management (Compmgmt.msc), a console tool that includes many of the primary Windows 2000 administrative tools, such as Event Viewer, Device Manager, and Disk Management. You must be an administrator to use many of the features of these tools.\n\nThis setting does not remove the Computer Management item from the Start menu (Start, Programs, Administrative Tools, Computer Management), nor does it prevent users from using other methods to start Computer Management.\n\nTip: To hide all context menus, use the \"Remove File Explorer's default context menu\" setting.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoManageMyComputerVerb", "Elements": [] }, { "File": "WindowsExplorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "NoMyComputerSharedDocuments", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "WindowsXPOnly - Windows XP Professional only", "DisplayName": "Remove Shared Documents from My Computer", "ExplainText": "This policy setting allows you to remove the Shared Documents folder from My Computer.\n\nWhen a Windows client is in a workgroup, a Shared Documents icon appears in the File Explorer Web view under \"Other Places\" and also under \"Files Stored on This Computer\" in My Computer. Using this policy setting, you can choose not to have these items displayed.\n\nIf you enable this policy setting, the Shared Documents folder is not displayed in the Web view or in My Computer.\n\nIf you disable or do not configure this policy setting, the Shared Documents folder is displayed in Web view and also in My Computer when the client is part of a workgroup.\n\nNote: The ability to remove the Shared Documents folder via Group Policy is only available on Windows XP Professional.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoSharedDocuments", "Elements": [] }, { "File": "WindowsExplorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "NoNetConnectDisconnect", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Remove \"Map Network Drive\" and \"Disconnect Network Drive\"", "ExplainText": "Prevents users from using File Explorer or Network Locations to map or disconnect network drives.\n\nIf you enable this setting, the system removes the Map Network Drive and Disconnect Network Drive commands from the toolbar and Tools menus in File Explorer and Network Locations and from menus that appear when you right-click the File Explorer or Network Locations icons.\n\nThis setting does not prevent users from connecting to another computer by typing the name of a shared folder in the Run dialog box.\n\nNote:\n\nThis setting was documented incorrectly on the Explain tab in Group Policy for Windows 2000. The Explain tab states incorrectly that this setting prevents users from connecting and disconnecting drives.\n\nNote: It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoNetConnectDisconnect", "Elements": [] }, { "File": "WindowsExplorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "NoRecycleFiles", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Do not move deleted files to the Recycle Bin", "ExplainText": "When a file or folder is deleted in File Explorer, a copy of the file or folder is placed in the Recycle Bin. Using this setting, you can change this behavior.\n\nIf you enable this setting, files and folders that are deleted using File Explorer will not be placed in the Recycle Bin and will therefore be permanently deleted.\n\nIf you disable or do not configure this setting, files and folders deleted using File Explorer will be placed in the Recycle Bin.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoRecycleFiles", "Elements": [] }, { "File": "WindowsExplorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "NoRunAsInstallPrompt", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Do not request alternate credentials", "ExplainText": "Prevents users from submitting alternate logon credentials to install a program.\n\nThis setting suppresses the \"Install Program As Other User\" dialog box for local and network installations. This dialog box, which prompts the current user for the user name and password of an administrator, appears when users who are not administrators try to install programs locally on their computers. This setting allows administrators who have logged on as regular users to install programs without logging off and logging on again using their administrator credentials.\n\nMany programs can be installed only by an administrator. If you enable this setting and a user does not have sufficient permissions to install a program, the installation continues with the current user's logon credentials. As a result, the installation might fail, or it might complete but not include all features. Or, it might appear to complete successfully, but the installed program might not operate correctly.\n\nIf you disable this setting or do not configure it, the \"Install Program As Other User\" dialog box appears whenever users install programs locally on the computer.\n\nBy default, users are not prompted for alternate logon credentials when installing programs from a network share. If enabled, this setting overrides the \"Request credentials for network installations\" setting.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoRunasInstallPrompt", "Elements": [] }, { "File": "WindowsExplorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "NoSecurityTab", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Remove Security tab", "ExplainText": "Removes the Security tab from File Explorer.\n\nIf you enable this setting, users opening the Properties dialog box for all file system objects, including folders, files, shortcuts, and drives, will not be able to access the Security tab. As a result, users will be able to neither change the security settings nor view a list of all users that have access to the resource in question.\n\nIf you disable or do not configure this setting, users will be able to access the security tab.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoSecurityTab", "Elements": [] }, { "File": "WindowsExplorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "NoShellSearchButton", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Remove Search button from File Explorer", "ExplainText": "This policy setting allows you to remove the Search button from the File Explorer toolbar.\n\nIf you enable this policy setting, the Search button is removed from the Standard Buttons toolbar that appears in File Explorer and other programs that use the File Explorer window, such as My Computer and Network Locations.\n\nEnabling this policy setting does not remove the Search button or affect any search features of Internet browser windows, such as the Internet Explorer window.\n\nIf you disable or do not configure this policy setting, the Search button is available from the File Explorer toolbar.\n\nThis policy setting does not affect the Search items on the File Explorer context menu or on the Start menu. To remove Search from the Start menu, use the \"Remove Search menu from Start menu\" policy setting (in User Configuration\\Administrative Templates\\Start Menu and Taskbar). To hide all context menus, use the \"Remove File Explorer's default context menu\" policy setting.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoShellSearchButton", "Elements": [] }, { "File": "WindowsExplorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "NoViewContextMenu", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Remove File Explorer's default context menu", "ExplainText": "Removes shortcut menus from the desktop and File Explorer. Shortcut menus appear when you right-click an item.\n\nIf you enable this setting, menus do not appear when you right-click the desktop or when you right-click the items in File Explorer. This setting does not prevent users from using other methods to issue commands available on the shortcut menus.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoViewContextMenu", "Elements": [] }, { "File": "WindowsExplorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "NoViewOnDrive", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Prevent access to drives from My Computer", "ExplainText": "Prevents users from using My Computer to gain access to the content of selected drives.\n\nIf you enable this setting, users can browse the directory structure of the selected drives in My Computer or File Explorer, but they cannot open folders and access the contents. Also, they cannot use the Run dialog box or the Map Network Drive dialog box to view the directories on these drives.\n\nTo use this setting, select a drive or combination of drives from the drop-down list. To allow access to all drive directories, disable this setting or select the \"Do not restrict drives\" option from the drop-down list.\n\nNote: The icons representing the specified drives still appear in My Computer, but if users double-click the icons, a message appears explaining that a setting prevents the action.\n\nAlso, this setting does not prevent users from using programs to access local and network drives. And, it does not prevent them from using the Disk Management snap-in to view and change drive characteristics.\n\nAlso, see the \"Hide these specified drives in My Computer\" setting.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "Elements": [ { "Type": "Enum", "ValueName": "NoViewOnDrive", "Items": [ { "DisplayName": "Restrict A and B drives only", "Data": "3" }, { "DisplayName": "Restrict C drive only", "Data": "4" }, { "DisplayName": "Restrict D drive only", "Data": "8" }, { "DisplayName": "Restrict A, B and C drives only", "Data": "7" }, { "DisplayName": "Restrict A, B, C and D drives only", "Data": "15" }, { "DisplayName": "Restrict all drives", "Data": "67108863" }, { "DisplayName": "Do not restrict drives", "Data": "0" } ], "Required": true } ] }, { "File": "WindowsExplorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "NoWindowsHotKeys", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "WindowsNET - At least Windows Server 2003", "DisplayName": "Turn off Windows Key hotkeys", "ExplainText": "Turn off Windows Key hotkeys.\n\nKeyboards with a Windows key provide users with shortcuts to common shell features. For example, pressing the keyboard sequence Windows+R opens the Run dialog box; pressing Windows+E starts File Explorer. By using this setting, you can disable these Windows Key hotkeys.\n\nIf you enable this setting, the Windows Key hotkeys are unavailable.\n\nIf you disable or do not configure this setting, the Windows Key hotkeys are available.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoWinKeys", "Elements": [] }, { "File": "WindowsExplorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "NoWorkgroupContents", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "No Computers Near Me in Network Locations", "ExplainText": "This policy setting allows you to remove computers in the user's workgroup and domain from lists of network resources in File Explorer and Network Locations.\n\nIf you enable this policy setting, the system removes the \"Computers Near Me\" option and the icons representing nearby computers from Network Locations. This policy setting also removes these icons from the Map Network Drive browser.\n\nIf you disable or do not configure this policy setting, computers in the user's workgroup and domain appear in lists of network resources in File Explorer and Network Locations.\n\nThis policy setting does not prevent users from connecting to computers in their workgroup or domain by other commonly used methods, such as typing the share name in the Run dialog box or the Map Network Drive dialog box.\n\nTo remove network computers from lists of network resources, use the \"No Entire Network in Network Locations\" policy setting.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoComputersNearMe", "Elements": [] }, { "File": "WindowsExplorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "PromptRunasInstallNetPath", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Request credentials for network installations", "ExplainText": "Prompts users for alternate logon credentials during network-based installations.\n\nThis setting displays the \"Install Program As Other User\" dialog box even when a program is being installed from files on a network computer across a local area network connection.\n\nIf you disable this setting or do not configure it, this dialog box appears only when users are installing programs from local media.\n\nThe \"Install Program as Other User\" dialog box prompts the current user for the user name and password of an administrator. This setting allows administrators who have logged on as regular users to install programs without logging off and logging on again using their administrator credentials.\n\nIf the dialog box does not appear, the installation proceeds with the current user's permissions. If these permissions are not sufficient, the installation might fail, or it might complete but not include all features. Or, it might appear to complete successfully, but the installed program might not operate correctly.\n\nNote: If it is enabled, the \"Do not request alternate credentials\" setting takes precedence over this setting. When that setting is enabled, users are not prompted for alternate logon credentials on any installation.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "PromptRunasInstallNetPath", "Elements": [] }, { "File": "WindowsExplorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "RecycleBinSize", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Maximum allowed Recycle Bin size", "ExplainText": "Limits the percentage of a volume's disk space that can be used to store deleted files.\n\nIf you enable this setting, the user has a maximum amount of disk space that may be used for the Recycle Bin on their workstation.\n\nIf you disable or do not configure this setting, users can change the total amount of disk space used by the Recycle Bin.\n\nNote: This setting is applied to all volumes.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "Elements": [ { "Type": "Decimal", "ValueName": "RecycleBinSize", "MinValue": "0", "MaxValue": "100" } ] }, { "File": "WindowsExplorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "ShellProtocolProtectedModeTitle_1", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "WindowsXPSP2 - At least Windows XP Professional with SP2", "DisplayName": "Turn off shell protocol protected mode", "ExplainText": "This policy setting allows you to configure the amount of functionality that the shell protocol can have. When using the full functionality of this protocol, applications can open folders and launch files. The protected mode reduces the functionality of this protocol allowing applications to only open a limited set of folders. Applications are not able to open files with this protocol when it is in the protected mode. It is recommended to leave this protocol in the protected mode to increase the security of Windows.\n\nIf you enable this policy setting the protocol is fully enabled, allowing the opening of folders and files.\n\nIf you disable this policy setting the protocol is in the protected mode, allowing applications to only open a limited set of folders.\n\nIf you do not configure this policy setting the protocol is in the protected mode, allowing applications to only open a limited set of folders.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "PreXPSP2ShellProtocolBehavior", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsExplorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "ShellProtocolProtectedModeTitle_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "WindowsXPSP2 - At least Windows XP Professional with SP2", "DisplayName": "Turn off shell protocol protected mode", "ExplainText": "This policy setting allows you to configure the amount of functionality that the shell protocol can have. When using the full functionality of this protocol, applications can open folders and launch files. The protected mode reduces the functionality of this protocol allowing applications to only open a limited set of folders. Applications are not able to open files with this protocol when it is in the protected mode. It is recommended to leave this protocol in the protected mode to increase the security of Windows.\n\nIf you enable this policy setting the protocol is fully enabled, allowing the opening of folders and files.\n\nIf you disable this policy setting the protocol is in the protected mode, allowing applications to only open a limited set of folders.\n\nIf you do not configure this policy setting the protocol is in the protected mode, allowing applications to only open a limited set of folders.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "PreXPSP2ShellProtocolBehavior", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsExplorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "NoSearchInternetTryHarderButton", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Remove the Search the Internet \"Search again\" link", "ExplainText": "If you enable this policy, the \"Internet\" \"Search again\" link will not be shown when the user performs a search in the Explorer window.\n\nIf you disable this policy, there will be an \"Internet\" \"Search again\" link when the user performs a search in the Explorer window. This button launches a search in the default browser with the search terms.\n\nIf you do not configure this policy (default), there will be an \"Internet\" link when the user performs a search in the Explorer window.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "NoSearchInternetTryHarderButton", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsExplorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "TryHarderPinnedOpenSearch", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Pin Internet search sites to the \"Search again\" links and the Start menu", "ExplainText": "This policy setting allows you to add Internet or intranet sites to the \"Search again\" links located at the bottom of search results in File Explorer and the Start menu links. The \"Search again\" links at the bottom of the Search Results view allow the user to reconduct a search but in a different location. The Internet search site will be searched with the text in the search box. To add an Internet search site, specify the URL of the search site in OpenSearch format with {searchTerms} for the query string (for example, http://www.example.com/results.aspx?q={searchTerms}).\n\nYou can add up to five additional links to the \"Search again\" links at the bottom of results returned in File Explorer after a search is executed. These links will be shared between Internet search sites and Search Connectors/Libraries. Search Connector/Library links take precedence over Internet search links.\n\nThe first several links will also be pinned to the Start menu. A total of four links can be pinned on the Start menu. The \"See more results\" link will be pinned first by default, unless it is disabled via Group Policy. The \"Search the Internet\" link is pinned second, if it is pinned via Group Policy (though this link is disabled by default). If a custom Internet search link is pinned using the \"Custom Internet search provider\" Group Policy, this link will be pinned third on the Start menu. The remaining link(s) will be shared between pinned Internet/intranet links and pinned Search Connectors/Libraries. Search Connector/Library links take precedence over Internet/intranet search links.\n\nIf you enable this policy setting, the specified Internet sites will appear in the \"Search again\" links and the Start menu links.\n\nIf you disable or do not configure this policy setting, no custom Internet search sites will be added to the \"Search again\" links or the Start menu links.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "TryHarderPinnedOpenSearch", "Elements": [ { "Type": "Text", "ValueName": "OpenSearch0" }, { "Type": "Text", "ValueName": "OpenSearchLabel0" }, { "Type": "Text", "ValueName": "OpenSearch1" }, { "Type": "Text", "ValueName": "OpenSearchLabel1" }, { "Type": "Text", "ValueName": "OpenSearch2" }, { "Type": "Text", "ValueName": "OpenSearchLabel2" }, { "Type": "Text", "ValueName": "OpenSearch3" }, { "Type": "Text", "ValueName": "OpenSearchLabel3" }, { "Type": "Text", "ValueName": "OpenSearch4" }, { "Type": "Text", "ValueName": "OpenSearchLabel4" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsExplorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "TryHarderPinnedLibrary", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Pin Libraries or Search Connectors to the \"Search again\" links and the Start menu", "ExplainText": "This policy setting allows up to five Libraries or Search Connectors to be pinned to the \"Search again\" links and the Start menu links. The \"Search again\" links at the bottom of the Search Results view allow the user to reconduct a search but in a different location. To add a Library or Search Connector link, specify the path of the .Library-ms or .searchConnector-ms file in the \"Location\" text box (for example, \"C:\\sampleLibrary.Library-ms\" for the Documents library, or \"C:\\sampleSearchConnector.searchConnector-ms\" for a Search Connector). The pinned link will only work if this path is valid and the location contains the specified .Library-ms or .searchConnector-ms file.\n\nYou can add up to five additional links to the \"Search again\" links at the bottom of results returned in File Explorer after a search is executed. These links will be shared between Internet search sites and Search Connectors/Libraries. Search Connector/Library links take precedence over Internet search links.\n\nThe first several links will also be pinned to the Start menu. A total of four links can be included on the Start menu. The \"See more results\" link will be pinned first by default, unless it is disabled via Group Policy. The \"Search the Internet\" link is pinned second, if it is pinned via Group Policy (though this link is disabled by default). If a custom Internet search link is pinned using the \"Custom Internet search provider\" Group Policy, this link will be pinned third on the Start menu. The remaining link(s) will be shared between pinned Search Connectors/Libraries and pinned Internet/intranet search links. Search Connector/Library links take precedence over Internet/intranet search links.\n\nIf you enable this policy setting, the specified Libraries or Search Connectors will appear in the \"Search again\" links and the Start menu links.\n\nIf you disable or do not configure this policy setting, no Libraries or Search Connectors will appear in the \"Search again\" links or the Start menu links.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "TryHarderPinnedLibrary", "Elements": [ { "Type": "Text", "ValueName": "Library0" }, { "Type": "Text", "ValueName": "Library1" }, { "Type": "Text", "ValueName": "Library2" }, { "Type": "Text", "ValueName": "Library3" }, { "Type": "Text", "ValueName": "Library4" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsExplorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "CheckSameSourceAndTargetForFRAndDFS", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Verify old and new Folder Redirection targets point to the same share before redirecting", "ExplainText": "This policy setting allows you to prevent data loss when you change the target location for Folder Redirection, and the new and old targets point to the same network share, but have different network paths.\n\nIf you enable this policy setting, Folder Redirection creates a temporary file in the old location in order to verify that new and old locations point to the same network share. If both new and old locations point to the same share, the target path is updated and files are not copied or deleted. The temporary file is deleted.\n\nIf you disable or do not configure this policy setting, Folder Redirection does not create a temporary file and functions as if both new and old locations point to different shares when their network paths are different.\n\nNote: If the paths point to different network shares, this policy setting is not required. If the paths point to the same network share, any data contained in the redirected folders is deleted if this policy setting is not enabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "CheckSameSourceAndTargetForFRAndDFS", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsExplorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "DisableKnownFolders", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Disable Known Folders", "ExplainText": "This policy setting allows you to specify a list of known folders that should be disabled. Disabling a known folder will prevent the underlying file or directory from being created via the known folder API. If the folder exists before the policy is applied, the folder must be manually deleted since the policy only blocks the creation of the folder.\n\nYou can specify a known folder using its known folder id or using its canonical name. For example, the Sample Videos known folder can be disabled by specifying {440fcffd-a92b-4739-ae1a-d4a54907c53f} or SampleVideos.\n\nNote: Disabling a known folder can introduce application compatibility issues in applications that depend on the existence of the known folder.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "DisableKnownFolders", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer\\DisableKnownFolders" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsExplorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "HideContentViewModeSnippets", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Turn off the display of snippets in Content view mode", "ExplainText": "This policy setting allows you to turn off the display of snippets in Content view mode.\n\nIf you enable this policy setting, File Explorer will not display snippets in Content view mode.\n\nIf you disable or do not configure this policy setting, File Explorer shows snippets in Content view mode by default.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "HideContentViewModeSnippets", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsExplorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "DisableIndexedLibraryExperience", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Turn off Windows Libraries features that rely on indexed file data", "ExplainText": "This policy setting allows you to turn off Windows Libraries features that need indexed file metadata to function properly. If you enable this policy, some Windows Libraries features will be turned off to better handle included folders that have been redirected to non-indexed network locations.\nSetting this policy will:\n* Disable all Arrangement views except for \"By Folder\"\n* Disable all Search filter suggestions other than \"Date Modified\" and \"Size\"\n* Disable view of file content snippets in Content mode when search results are returned\n* Disable ability to stack in the Context menu and Column headers\n* Exclude Libraries from the scope of Start search\nThis policy will not enable users to add unsupported locations to Libraries.\n\nIf you enable this policy, Windows Libraries features that rely on indexed file data will be disabled.\nIf you disable or do not configure this policy, all default Windows Libraries features will be enabled.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "DisableIndexedLibraryExperience", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsExplorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "DisableSearchBoxSuggestions", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Turn off display of recent search entries in the File Explorer search box", "ExplainText": "Disables suggesting recent queries for the Search Box and prevents entries into the Search Box from being stored in the registry for future references.\n\nFile Explorer shows suggestion pop-ups as users type into the Search Box. These suggestions are based on their past entries into the Search Box.\n\nNote: If you enable this policy, File Explorer will not show suggestion pop-ups as users type into the Search Box, and it will not store Search Box entries into the registry for future references. If the user types a property, values that match this property will be shown but no data will be saved in the registry or re-shown on subsequent uses of the search box.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "DisableSearchBoxSuggestions", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsExplorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "DisableBindDirectlyToPropertySetStorage", "Class": "Both", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Disable binding directly to IPropertySetStorage without intermediate layers.", "ExplainText": "Changes the behavior of IShellFolder::BindToObject for IID_IPropertySetStorage to not bind directly to the IPropertySetStorage implementation, and to include the intermediate layers provided by the Property System. This behavior is consistent with Windows Vista's behavior in this scenario.\n\nThis disables access to user-defined properties, and properties stored in NTFS secondary streams.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "DisableBindDirectlyToPropertySetStorage", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsExplorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "NoStrCmpLogical", "Class": "Both", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Turn off numerical sorting in File Explorer", "ExplainText": "This policy setting allows you to have file names sorted literally (as in Windows 2000 and earlier) rather than in numerical order.\nIf you enable this policy setting, File Explorer will sort file names by each digit in a file name (for example, 111 < 22 < 3).\nIf you disable or do not configure this policy setting, File Explorer will sort file names by increasing number value (for example, 3 < 22 < 111).", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoStrCmpLogical", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsExplorer.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_Policy_OpenSearchQuery_LocalMachine", "Class": "Both", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Allow OpenSearch queries in File Explorer", "ExplainText": "This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.\n\nIf you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.\n\nIf you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors.\n\nIf you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "ValueName": "180E", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "3" } ] }, { "File": "WindowsExplorer.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_Policy_OpenSearchQuery_Intranet", "Class": "Both", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Allow OpenSearch queries in File Explorer", "ExplainText": "This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.\n\nIf you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.\n\nIf you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors.\n\nIf you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "ValueName": "180E", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "3" } ] }, { "File": "WindowsExplorer.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_Policy_OpenSearchQuery_Trusted", "Class": "Both", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Allow OpenSearch queries in File Explorer", "ExplainText": "This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.\n\nIf you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.\n\nIf you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors.\n\nIf you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "ValueName": "180E", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "3" } ] }, { "File": "WindowsExplorer.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_Policy_OpenSearchQuery_Internet", "Class": "Both", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Allow OpenSearch queries in File Explorer", "ExplainText": "This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.\n\nIf you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.\n\nIf you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors.\n\nIf you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "ValueName": "180E", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "3" } ] }, { "File": "WindowsExplorer.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_Policy_OpenSearchQuery_Restricted", "Class": "Both", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Allow OpenSearch queries in File Explorer", "ExplainText": "This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.\n\nIf you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.\n\nIf you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors.\n\nIf you do not configure this policy setting, users cannot perform OpenSearch queries in this zone using Search Connectors.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "ValueName": "180E", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "3" } ] }, { "File": "WindowsExplorer.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_Policy_OpenSearchQuery_LocalMachineLockdown", "Class": "Both", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Allow OpenSearch queries in File Explorer", "ExplainText": "This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.\n\nIf you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.\n\nIf you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors.\n\nIf you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "ValueName": "180E", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "3" } ] }, { "File": "WindowsExplorer.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_Policy_OpenSearchQuery_IntranetLockdown", "Class": "Both", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Allow OpenSearch queries in File Explorer", "ExplainText": "This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.\n\nIf you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.\n\nIf you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors.\n\nIf you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "ValueName": "180E", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "3" } ] }, { "File": "WindowsExplorer.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_Policy_OpenSearchQuery_TrustedLockdown", "Class": "Both", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Allow OpenSearch queries in File Explorer", "ExplainText": "This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.\n\nIf you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.\n\nIf you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors.\n\nIf you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "ValueName": "180E", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "3" } ] }, { "File": "WindowsExplorer.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_Policy_OpenSearchQuery_InternetLockdown", "Class": "Both", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Allow OpenSearch queries in File Explorer", "ExplainText": "This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.\n\nIf you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.\n\nIf you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors.\n\nIf you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "ValueName": "180E", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "3" } ] }, { "File": "WindowsExplorer.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_Policy_OpenSearchQuery_RestrictedLockdown", "Class": "Both", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Allow OpenSearch queries in File Explorer", "ExplainText": "This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.\n\nIf you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.\n\nIf you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors.\n\nIf you do not configure this policy setting, users cannot perform OpenSearch queries in this zone using Search Connectors.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "ValueName": "180E", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "3" } ] }, { "File": "WindowsExplorer.admx", "CategoryName": "IZ_LocalMachineZone", "PolicyName": "IZ_Policy_OpenSearchPreview_LocalMachine", "Class": "Both", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Allow previewing and custom thumbnails of OpenSearch query results in File Explorer", "ExplainText": "This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.\n\nIf you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.\n\nIf you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.\n\nIf you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.\n\nChanges to this setting may not be applied until the user logs off from Windows.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0" ], "ValueName": "180F", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "3" } ] }, { "File": "WindowsExplorer.admx", "CategoryName": "IZ_IntranetZone", "PolicyName": "IZ_Policy_OpenSearchPreview_Intranet", "Class": "Both", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Allow previewing and custom thumbnails of OpenSearch query results in File Explorer", "ExplainText": "This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.\n\nIf you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.\n\nIf you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.\n\nIf you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.\n\nChanges to this setting may not be applied until the user logs off from Windows.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1" ], "ValueName": "180F", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "3" } ] }, { "File": "WindowsExplorer.admx", "CategoryName": "IZ_TrustedSitesZone", "PolicyName": "IZ_Policy_OpenSearchPreview_Trusted", "Class": "Both", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Allow previewing and custom thumbnails of OpenSearch query results in File Explorer", "ExplainText": "This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.\n\nIf you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.\n\nIf you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.\n\nIf you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.\n\nChanges to this setting may not be applied until the user logs off from Windows.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2" ], "ValueName": "180F", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "3" } ] }, { "File": "WindowsExplorer.admx", "CategoryName": "IZ_InternetZone", "PolicyName": "IZ_Policy_OpenSearchPreview_Internet", "Class": "Both", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Allow previewing and custom thumbnails of OpenSearch query results in File Explorer", "ExplainText": "This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.\n\nIf you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.\n\nIf you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.\n\nIf you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.\n\nChanges to this setting may not be applied until the user logs off from Windows.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3" ], "ValueName": "180F", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "3" } ] }, { "File": "WindowsExplorer.admx", "CategoryName": "IZ_RestrictedSitesZone", "PolicyName": "IZ_Policy_OpenSearchPreview_Restricted", "Class": "Both", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Allow previewing and custom thumbnails of OpenSearch query results in File Explorer", "ExplainText": "This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.\n\nIf you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.\n\nIf you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.\n\nIf you do not configure this policy setting, users cannot preview items or get custom thumbnails from OpenSearch query results in this zone using File Explorer.\n\nChanges to this setting may not be applied until the user logs off from Windows.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4" ], "ValueName": "180F", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "3" } ] }, { "File": "WindowsExplorer.admx", "CategoryName": "IZ_LocalMachineZoneLockdown", "PolicyName": "IZ_Policy_OpenSearchPreview_LocalMachineLockdown", "Class": "Both", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Allow previewing and custom thumbnails of OpenSearch query results in File Explorer", "ExplainText": "This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.\n\nIf you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.\n\nIf you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.\n\nIf you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.\n\nChanges to this setting may not be applied until the user logs off from Windows.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0" ], "ValueName": "180F", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "3" } ] }, { "File": "WindowsExplorer.admx", "CategoryName": "IZ_IntranetZoneLockdown", "PolicyName": "IZ_Policy_OpenSearchPreview_IntranetLockdown", "Class": "Both", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Allow previewing and custom thumbnails of OpenSearch query results in File Explorer", "ExplainText": "This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.\n\nIf you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.\n\nIf you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.\n\nIf you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.\n\nChanges to this setting may not be applied until the user logs off from Windows.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1" ], "ValueName": "180F", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "3" } ] }, { "File": "WindowsExplorer.admx", "CategoryName": "IZ_TrustedSitesZoneLockdown", "PolicyName": "IZ_Policy_OpenSearchPreview_TrustedLockdown", "Class": "Both", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Allow previewing and custom thumbnails of OpenSearch query results in File Explorer", "ExplainText": "This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.\n\nIf you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.\n\nIf you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.\n\nIf you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.\n\nChanges to this setting may not be applied until the user logs off from Windows.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2" ], "ValueName": "180F", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "3" } ] }, { "File": "WindowsExplorer.admx", "CategoryName": "IZ_InternetZoneLockdown", "PolicyName": "IZ_Policy_OpenSearchPreview_InternetLockdown", "Class": "Both", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Allow previewing and custom thumbnails of OpenSearch query results in File Explorer", "ExplainText": "This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.\n\nIf you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.\n\nIf you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.\n\nIf you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.\n\nChanges to this setting may not be applied until the user logs off from Windows.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3" ], "ValueName": "180F", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "3" } ] }, { "File": "WindowsExplorer.admx", "CategoryName": "IZ_RestrictedSitesZoneLockdown", "PolicyName": "IZ_Policy_OpenSearchPreview_RestrictedLockdown", "Class": "Both", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Allow previewing and custom thumbnails of OpenSearch query results in File Explorer", "ExplainText": "This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.\n\nIf you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.\n\nIf you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.\n\nIf you do not configure this policy setting, users cannot preview items or get custom thumbnails from OpenSearch query results in this zone using File Explorer.\n\nChanges to this setting may not be applied until the user logs off from Windows.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4", "HKCU\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4" ], "ValueName": "180F", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "3" } ] }, { "File": "WindowsExplorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "DefaultLibrariesLocation", "Class": "Both", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Location where all default Library definition files for users/machines reside.", "ExplainText": "This policy setting allows you to specify a location where all default Library definition files for users/machines reside.\n\nIf you enable this policy setting, administrators can specify a path where all default Library definition files for users reside. The user will not be allowed to make changes to these Libraries from the UI. On every logon, the policy settings are verified and Libraries for the user are updated or changed according to the path defined.\n\nIf you disable or do not configure this policy setting, no changes are made to the location of the default Library definition files.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Explorer", "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\Explorer" ], "Elements": [ { "Type": "Text", "ValueName": "DefaultLibrariesLocation", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Explorer", "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ] } ] }, { "File": "WindowsExplorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "EnableSmartScreen", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Configure Windows Defender SmartScreen", "ExplainText": "This policy allows you to turn Windows Defender SmartScreen on or off. SmartScreen helps protect PCs by warning users before running potentially malicious programs downloaded from the Internet. This warning is presented as an interstitial dialog shown before running an app that has been downloaded from the Internet and is unrecognized or known to be malicious. No dialog is shown for apps that do not appear to be suspicious.\n\nSome information is sent to Microsoft about files and programs run on PCs with this feature enabled.\n\nIf you enable this policy, SmartScreen will be turned on for all users. Its behavior can be controlled by the following options:\n\n\u2022 Warn and prevent bypass\n\u2022 Warn\n\nIf you enable this policy with the \"Warn and prevent bypass\" option, SmartScreen's dialogs will not present the user with the option to disregard the warning and run the app. SmartScreen will continue to show the warning on subsequent attempts to run the app.\n\nIf you enable this policy with the \"Warn\" option, SmartScreen's dialogs will warn the user that the app appears suspicious, but will permit the user to disregard the warning and run the app anyway. SmartScreen will not warn the user again for that app if the user tells SmartScreen to run the app.\n\nIf you disable this policy, SmartScreen will be turned off for all users. Users will not be warned if they try to run suspicious apps from the Internet.\n\nIf you do not configure this policy, SmartScreen will be enabled by default, but users may change their settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "EnableSmartScreen", "Elements": [ { "Type": "Enum", "ValueName": "ShellSmartScreenLevel", "Items": [ { "DisplayName": "Warn and prevent bypass", "Data": "Block" }, { "DisplayName": "Warn", "Data": "Warn" } ], "Required": true, "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsExplorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "ShowLockOption", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Show lock in the user tile menu", "ExplainText": "Shows or hides lock from the user tile menu.\nIf you enable this policy setting, the lock option will be shown in the User Tile menu.\n\nIf you disable this policy setting, the lock option will never be shown in the User Tile menu.\n\nIf you do not configure this policy setting, users will be able to choose whether they want lock to show through the Power Options Control Panel.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "ShowLockOption", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsExplorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "ShowSleepOption", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Show sleep in the power options menu", "ExplainText": "Shows or hides sleep from the power options menu.\n\nIf you enable this policy setting, the sleep option will be shown in the Power Options menu (as long as it is supported by the machine's hardware).\n\nIf you disable this policy setting, the sleep option will never be shown in the Power Options menu.\n\nIf you do not configure this policy setting, users will be able to choose whether they want sleep to show through the Power Options Control Panel.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "ShowSleepOption", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsExplorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "ShowHibernateOption", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Show hibernate in the power options menu", "ExplainText": "Shows or hides hibernate from the power options menu.\n\nIf you enable this policy setting, the hibernate option will be shown in the Power Options menu (as long as it is supported by the machine's hardware).\n\nIf you disable this policy setting, the hibernate option will never be shown in the Power Options menu.\n\nIf you do not configure this policy setting, users will be able to choose whether they want hibernate to show through the Power Options Control Panel.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "ShowHibernateOption", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsExplorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "NoNewAppAlert", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Do not show the 'new application installed' notification", "ExplainText": "This policy removes the end-user notification for new application associations. These associations are based on file types (e.g. *.txt) or protocols (e.g. http:)\n\nIf this group policy is enabled, no notifications will be shown. If the group policy is not configured or disabled, notifications will be shown to the end user if a new application has been installed that can handle the file type or protocol association that was invoked.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "NoNewAppAlert", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsExplorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "ExplorerRibbonStartsMinimized", "Class": "Both", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Start File Explorer with ribbon minimized", "ExplainText": "This policy setting allows you to specify whether the ribbon appears minimized or in full when new File Explorer windows are opened. If you enable this policy setting, you can set how the ribbon appears the first time users open File Explorer and whenever they open new windows. If you disable or do not configure this policy setting, users can choose how the ribbon appears when they open new windows.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Explorer", "HKCU\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "Elements": [ { "Type": "Enum", "ValueName": "ExplorerRibbonStartsMinimized", "Items": [ { "DisplayName": "Always open new File Explorer windows with the ribbon minimized.", "Data": "1" }, { "DisplayName": "Never open new File Explorer windows with the ribbon minimized.", "Data": "2" }, { "DisplayName": "Minimize the ribbon when File Explorer is opened the first time.", "Data": "3" }, { "DisplayName": "Display the full ribbon when File Explorer is opened the first time.", "Data": "4" } ], "Required": true } ] }, { "File": "WindowsExplorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "DefaultAssociationsConfiguration", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Set a default associations configuration file", "ExplainText": "This policy specifies the path to a file (stored locally or on a network location) that contains file type and protocol default application associations. This file can be created using the DISM tool.\n\nFor example:\nDism.exe /Online /Export-DefaultAppAssociations:C:\\AppAssoc.txt\n\nFor more information, refer to the DISM documentation.\n\nThe file can be further edited after it is created to change how often the policy associations are applied. A \"Version\" attribute can be added to the \"DefaultAssociations\" element. The value should be an integer. A \"Suggested\" attribute can be added to any \"Association\" element. The value should be a bool and the default value is \"false\". When the policy is applied to a user, any Association that has Suggested=\"true\" will only get applied once. If the Version value is ever incremented, Associations with Suggested=\"true\" will get reapplied.\n\nIf this group policy is enabled and the client machine is domain-joined, the file will be processed and default associations will be applied at logon time.\n\nIf the policy is enabled, users will still be able to override default file type and protocol associations, but on next logon the file will be reapplied.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "Elements": [ { "Type": "Text", "ValueName": "DefaultAssociationsConfiguration" } ] }, { "File": "WindowsExplorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "EnableShellShortcutIconRemotePath", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Allow the use of remote paths in file shortcut icons", "ExplainText": "This policy setting determines whether remote paths can be used for file shortcut (.lnk file) icons.\n\nIf you enable this policy setting, file shortcut icons are allowed to be obtained from remote paths.\n\nIf you disable or do not configure this policy setting, file shortcut icons that use remote paths are prevented from being displayed.\n\nNote: Allowing the use of remote paths in file shortcut icons can expose users\u2019 computers to security risks.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "EnableShellShortcutIconRemotePath", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsExplorer.admx", "CategoryName": "WindowsExplorer", "PolicyName": "DisableMotWOnInsecurePathCopy", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsExplorer", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Do not apply the Mark of the Web tag to files copied from insecure sources", "ExplainText": "This policy setting determines the application of the Mark of the Web tag to files sourced from insecure locations.\n\nIf you enable this policy setting, files copied from unsecure sources will not be tagged with the Mark of the Web.\n\nIf you disable or do not configure this policy setting, files copied from unsecure sources will be tagged with the appropriate Mark of the Web.\n\nNote: Failure to tag files from unsecure sources with the Mark of the Web can expose users\u2019 computers to security risks.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Explorer" ], "ValueName": "DisableMotWOnInsecurePathCopy", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsFileProtection.admx", "CategoryName": "WFP", "PolicyName": "WFPDllCacheDir", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsFileProtection", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Specify Windows File Protection cache location", "ExplainText": "This policy setting specifies an alternate location for the Windows File Protection cache.\n\nIf you enable this policy setting, enter the fully qualified local path to the new location in the \"Cache file path\" box.\n\nIf you disable this setting or do not configure it, the Windows File Protection cache is located in the %Systemroot%\\System32\\Dllcache directory.\n\nNote: Do not put the cache on a network shared directory.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Windows File Protection" ], "Elements": [ { "Type": "Text", "ValueName": "SFCDllCacheDir", "Required": true } ] }, { "File": "WindowsFileProtection.admx", "CategoryName": "WFP", "PolicyName": "WFPQuota", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsFileProtection", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Limit Windows File Protection cache size", "ExplainText": "This policy setting specifies the maximum amount of disk space that can be used for the Windows File Protection file cache.\n\nWindows File Protection adds protected files to the cache until the cache content reaches the quota. If the quota is greater than 50 MB, Windows File Protection adds other important Windows XP files to the cache until the cache size reaches the quota.\n\nIf you enable this policy setting, enter the maximum amount of disk space to be used (in MB). To indicate that the cache size is unlimited, select \"4294967295\" as the maximum amount of disk space.\n\nIf you disable this policy setting or do not configure it, the default value is set to 50 MB on Windows XP Professional and is unlimited (4294967295 MB) on Windows Server 2003.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Windows File Protection" ], "Elements": [ { "Type": "Decimal", "ValueName": "SfcQuota", "MinValue": "0", "MaxValue": "4294967295" } ] }, { "File": "WindowsFileProtection.admx", "CategoryName": "WFP", "PolicyName": "WFPScan", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsFileProtection", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Set Windows File Protection scanning", "ExplainText": "This policy setting allows you to set when Windows File Protection scans protected files. This policy setting directs Windows File Protection to enumerate and scan all system files for changes.\n\nIf you enable this policy setting, select a rate from the \"Scanning Frequency\" box. You can use this setting to direct Windows File Protection to scan files more often.\n\n-- \"Do not scan during startup,\" the default, scans files only during setup.\n\n-- \"Scan during startup\" also scans files each time you start Windows XP. This setting delays each startup.\n\nIf you disable or do not configure this policy setting, by default, files are scanned only during setup.\n\nNote: This policy setting affects file scanning only. It does not affect the standard background file change detection that Windows File Protection provides.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Windows File Protection" ], "Elements": [ { "Type": "Enum", "ValueName": "SfcScan", "Items": [ { "DisplayName": "Do not scan during startup", "Data": "0" }, { "DisplayName": "Scan during startup", "Data": "1" } ], "Required": true } ] }, { "File": "WindowsFileProtection.admx", "CategoryName": "WFP", "PolicyName": "WFPShowProgress", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsFileProtection", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Hide the file scan progress window", "ExplainText": "This policy setting hides the file scan progress window. This window provides status information to sophisticated users, but it might confuse novices.\n\nIf you enable this policy setting, the file scan window does not appear during file scanning.\n\nIf you disable or do not configure this policy setting, the file scan progress window appears.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\Windows File Protection" ], "ValueName": "SfcShowProgress", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "WindowsFirewall.admx", "CategoryName": "WF_Category", "PolicyName": "WF_AuthenticatedBypass_Name", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsFirewall", "Supported": "WindowsXPSP2 - At least Windows XP Professional with SP2", "DisplayName": "Windows Defender Firewall: Allow authenticated IPsec bypass", "ExplainText": "Allows unsolicited incoming messages from specified systems that authenticate using the IPsec transport.\n\nIf you enable this policy setting, you must type a security descriptor containing a list of computers or groups of computers. If a computer on that list authenticates using IPsec, Windows Defender Firewall does not block its unsolicited messages. This policy setting overrides other policy settings that would block those messages.\n\nIf you disable or do not configure this policy setting, Windows Defender Firewall makes no exception for messages sent by computers that authenticate using IPsec. If you enable this policy setting and add systems to the list, upon disabling this policy, Windows Defender Firewall deletes the list.\n\nNote: You define entries in this list by using Security Descriptor Definition Language (SDDL) strings. For more information about the SDDL format, see the Windows Defender Firewall deployment information at the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkId=25131).", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\IPSec\\ICFv4" ], "Elements": [ { "Type": "Text", "ValueName": "BypassFirewall", "Required": true } ] }, { "File": "WindowsFirewall.admx", "CategoryName": "WF_Profile_Domain", "PolicyName": "WF_AllowedPrograms_Name_1", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsFirewall", "Supported": "WindowsXPSP2 - At least Windows XP Professional with SP2", "DisplayName": "Windows Defender Firewall: Define inbound program exceptions", "ExplainText": "Allows you to view and change the program exceptions list defined by Group Policy. Windows Defender Firewall uses two program exception lists: one is defined by Group Policy settings and the other is defined by the Windows Defender Firewall component in Control Panel.\n\nIf you enable this policy setting, you can view and change the program exceptions list defined by Group Policy. If you add a program to this list and set its status to Enabled, that program can receive unsolicited incoming messages on any port that it asks Windows Defender Firewall to open, even if that port is blocked by another policy setting, such as the \"Windows Defender Firewall: Define inbound port exceptions\" policy setting. To view the program list, enable the policy setting and then click the Show button. To add a program, enable the policy setting, note the syntax, click the Show button. In the Show Contents dialog box type a definition string that uses the syntax format. To remove a program, click its definition, and then press the DELETE key. To edit a definition, remove the current definition from the list and add a new one with different parameters. To allow administrators to add programs to the local program exceptions list that is defined by the Windows Defender Firewall component in Control Panel, also enable the \"Windows Defender Firewall: Allow local program exceptions\" policy setting.\n\nIf you disable this policy setting, the program exceptions list defined by Group Policy is deleted. If a local program exceptions list exists, it is ignored unless you enable the \"Windows Defender Firewall: Allow local program exceptions\" policy setting.\n\nIf you do not configure this policy setting, Windows Defender Firewall uses only the local program exceptions list that administrators define by using the Windows Defender Firewall component in Control Panel.\n\nNote: If you type an invalid definition string, Windows Defender Firewall adds it to the list without checking for errors. This allows you to add programs that you have not installed yet, but be aware that you can accidentally create multiple entries for the same program with conflicting Scope or Status values. Scope parameters are combined for multiple entries.\n\nNote: If you set the Status parameter of a definition string to \"disabled,\" Windows Defender Firewall ignores port requests made by that program and ignores other definitions that set the Status of that program to \"enabled.\" Therefore, if you set the Status to \"disabled,\" you prevent administrators from allowing the program to ask Windows Defender Firewall to open additional ports. However, even if the Status is \"disabled,\" the program can still receive unsolicited incoming messages through a port if another policy setting opens that port.\n\nNote: Windows Defender Firewall opens ports for the program only when the program is running and \"listening\" for incoming messages. If the program is not running, or is running but not listening for those messages, Windows Defender Firewall does not open its ports.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\DomainProfile\\AuthorizedApplications" ], "ValueName": "Enabled", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\DomainProfile\\AuthorizedApplications\\List" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsFirewall.admx", "CategoryName": "WF_Profile_Domain", "PolicyName": "WF_AllowedProgramsLocal_Name_1", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsFirewall", "Supported": "WindowsXPSP2 - At least Windows XP Professional with SP2", "DisplayName": "Windows Defender Firewall: Allow local program exceptions", "ExplainText": "Allows administrators to use the Windows Defender Firewall component in Control Panel to define a local program exceptions list. Windows Defender Firewall uses two program exceptions lists; the other is defined by the \"Windows Defender Firewall: Define inbound program exceptions\" policy setting.\n\nIf you enable this policy setting, the Windows Defender Firewall component in Control Panel allows administrators to define a local program exceptions list.\n\nIf you disable this policy setting, the Windows Defender Firewall component in Control Panel does not allow administrators to define a local program exceptions list. However, local administrators will still be allowed to create firewall rules in the Windows Defender Firewall with Advanced Security snap-in. If you wish to prevent all locally created rules from applying, use the Group Policy Object Editor snap-in and configure Computer Configuration\\Windows Settings\\Security Settings\\Windows Defender Firewall with Advanced Security to specify that local firewall rules should not apply.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\DomainProfile\\AuthorizedApplications" ], "ValueName": "AllowUserPrefMerge", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsFirewall.admx", "CategoryName": "WF_Profile_Domain", "PolicyName": "WF_EnableFirewall_Name_1", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsFirewall", "Supported": "WindowsXPSP2 - At least Windows XP Professional with SP2", "DisplayName": "Windows Defender Firewall: Protect all network connections", "ExplainText": "Turns on Windows Defender Firewall.\n\nIf you enable this policy setting, Windows Defender Firewall runs and ignores the \"Computer Configuration\\Administrative Templates\\Network\\Network Connections\\Prohibit use of Internet Connection Firewall on your DNS domain network\" policy setting.\n\nIf you disable this policy setting, Windows Defender Firewall does not run. This is the only way to ensure that Windows Defender Firewall does not run and administrators who log on locally cannot start it.\n\nIf you do not configure this policy setting, administrators can use the Windows Defender Firewall component in Control Panel to turn Windows Defender Firewall on or off, unless the \"Prohibit use of Internet Connection Firewall on your DNS domain network\" policy setting overrides.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\DomainProfile" ], "ValueName": "EnableFirewall", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsFirewall.admx", "CategoryName": "WF_Profile_Domain", "PolicyName": "WF_EnableShield_Name_1", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsFirewall", "Supported": "WindowsXPSP2 - At least Windows XP Professional with SP2", "DisplayName": "Windows Defender Firewall: Do not allow exceptions", "ExplainText": "Specifies that Windows Defender Firewall blocks all unsolicited incoming messages. This policy setting overrides all other Windows Defender Firewall policy settings that allow such messages.\n\nIf you enable this policy setting, in the Windows Defender Firewall component of Control Panel, the \"Block all incoming connections\" check box is selected and administrators cannot clear it. You should also enable the \"Windows Defender Firewall: Protect all network connections\" policy setting; otherwise, administrators who log on locally can work around the \"Windows Defender Firewall: Do not allow exceptions\" policy setting by turning off the firewall.\n\nIf you disable this policy setting, Windows Defender Firewall applies other policy settings that allow unsolicited incoming messages. In the Windows Defender Firewall component of Control Panel, the \"Block all incoming connections\" check box is cleared and administrators cannot select it.\n\nIf you do not configure this policy setting, Windows Defender Firewall applies other policy settings that allow unsolicited incoming messages. In the Windows Defender Firewall component of Control Panel, the \"Block all incoming connections\" check box is cleared by default, but administrators can change it.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\DomainProfile" ], "ValueName": "DoNotAllowExceptions", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsFirewall.admx", "CategoryName": "WF_Profile_Domain", "PolicyName": "WF_FileAndPrint_Name_1", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsFirewall", "Supported": "WindowsXPSP2 - At least Windows XP Professional with SP2", "DisplayName": "Windows Defender Firewall: Allow inbound file and printer sharing exception", "ExplainText": "Allows inbound file and printer sharing. To do this, Windows Defender Firewall opens UDP ports 137 and 138, and TCP ports 139 and 445.\n\nIf you enable this policy setting, Windows Defender Firewall opens these ports so that this computer can receive print jobs and requests for access to shared files. You must specify the IP addresses or subnets from which these incoming messages are allowed. In the Windows Defender Firewall component of Control Panel, the \"File and Printer Sharing\" check box is selected and administrators cannot clear it.\n\nIf you disable this policy setting, Windows Defender Firewall blocks these ports, which prevents this computer from sharing files and printers. If an administrator attempts to open any of these ports by adding them to a local port exceptions list, Windows Defender Firewall does not open the port. In the Windows Defender Firewall component of Control Panel, the \"File and Printer Sharing\" check box is cleared and administrators cannot select it.\n\nIf you do not configure this policy setting, Windows Defender Firewall does not open these ports. Therefore, the computer cannot share files or printers unless an administrator uses other policy settings to open the required ports. In the Windows Defender Firewall component of Control Panel, the \"File and Printer Sharing\" check box is cleared. Administrators can change this check box.\n\nNote: If any policy setting opens TCP port 445, Windows Defender Firewall allows inbound ICMP echo requests (the message sent by the Ping utility), even if the \"Windows Defender Firewall: Allow ICMP exceptions\" policy setting would block them. Policy settings that can open TCP port 445 include \"Windows Defender Firewall: Allow inbound file and printer sharing exception,\" \"Windows Defender Firewall: Allow inbound remote administration exception,\" and \"Windows Defender Firewall: Define inbound port exceptions.\"", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\DomainProfile\\Services\\FileAndPrint" ], "ValueName": "Enabled", "Elements": [ { "Type": "Text", "ValueName": "RemoteAddresses" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsFirewall.admx", "CategoryName": "WF_Profile_Domain", "PolicyName": "WF_IcmpSettings_Name_1", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsFirewall", "Supported": "WindowsXPSP2 - At least Windows XP Professional with SP2", "DisplayName": "Windows Defender Firewall: Allow ICMP exceptions", "ExplainText": "Defines the set of Internet Control Message Protocol (ICMP) message types that Windows Defender Firewall allows. Utilities can use ICMP messages to determine the status of other computers. For example, Ping uses the echo request message. If you do not enable the \"Allow inbound echo request\" message type, Windows Defender Firewall blocks echo request messages sent by Ping running on other computers, but it does not block outbound echo request messages sent by Ping running on this computer.\n\nIf you enable this policy setting, you must specify which ICMP message types Windows Defender Firewall allows this computer to send or receive.\n\nIf you disable this policy setting, Windows Defender Firewall blocks all the listed incoming and outgoing ICMP message types. As a result, utilities that use the blocked ICMP messages will not be able to send those messages to or from this computer. If you enable this policy setting and allow certain message types, then later disable this policy setting, Windows Defender Firewall deletes the list of message types that you had enabled.\n\nIf you do not configure this policy setting, Windows Defender Firewall behaves as if you had disabled it.\n\nNote: If any policy setting opens TCP port 445, Windows Defender Firewall allows inbound echo requests, even if the \"Windows Defender Firewall: Allow ICMP exceptions\" policy setting would block them. Policy settings that can open TCP port 445 include \"Windows Defender Firewall: Allow file and printer sharing exception,\" \"Windows Defender Firewall: Allow remote administration exception,\" and \"Windows Defender Firewall: Define inbound port exceptions.\"\n\nNote: Other Windows Defender Firewall policy settings affect only incoming messages, but several of the options of the \"Windows Defender Firewall: Allow ICMP exceptions\" policy setting affect outgoing communication.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\DomainProfile\\IcmpSettings" ], "Elements": [ { "Type": "Boolean", "ValueName": "AllowOutboundDestinationUnreachable", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "AllowOutboundSourceQuench", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "AllowRedirect", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "AllowInboundEchoRequest", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "AllowInboundRouterRequest", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "AllowOutboundTimeExceeded", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "AllowOutboundParameterProblem", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "AllowInboundTimestampRequest", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "AllowInboundMaskRequest", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "AllowOutboundPacketTooBig", "TrueValue": "1", "FalseValue": "0" } ] }, { "File": "WindowsFirewall.admx", "CategoryName": "WF_Profile_Domain", "PolicyName": "WF_Logging_Name_1", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsFirewall", "Supported": "WindowsXPSP2 - At least Windows XP Professional with SP2", "DisplayName": "Windows Defender Firewall: Allow logging", "ExplainText": "Allows Windows Defender Firewall to record information about the unsolicited incoming messages that it receives.\n\nIf you enable this policy setting, Windows Defender Firewall writes the information to a log file. You must provide the name, location, and maximum size of the log file. The location can contain environment variables. You must also specify whether to record information about incoming messages that the firewall blocks (drops) and information about successful incoming and outgoing connections. Windows Defender Firewall does not provide an option to log successful incoming messages.\n\nIf you are configuring the log file name, ensure that the Windows Defender Firewall service account has write permissions to the folder containing the log file. Default path for the log file is %systemroot%\\system32\\LogFiles\\Firewall\\pfirewall.log.\n\nIf you disable this policy setting, Windows Defender Firewall does not record information in the log file. If you enable this policy setting, and Windows Defender Firewall creates the log file and adds information, then upon disabling this policy setting, Windows Defender Firewall leaves the log file intact.\n\nIf you do not configure this policy setting, Windows Defender Firewall behaves as if the policy setting were disabled.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\DomainProfile\\Logging" ], "Elements": [ { "Type": "Boolean", "ValueName": "LogDroppedPackets", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "LogSuccessfulConnections", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Text", "ValueName": "LogFilePath", "Required": true }, { "Type": "Decimal", "ValueName": "LogFileSize", "MinValue": "128", "MaxValue": "32767", "Required": true }, { "Type": "DisabledList", "ValueName": "LogDroppedPackets", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\DomainProfile\\Logging" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "LogSuccessfulConnections", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\DomainProfile\\Logging" ], "Data": "0" } ] }, { "File": "WindowsFirewall.admx", "CategoryName": "WF_Profile_Domain", "PolicyName": "WF_Notifications_Name_1", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsFirewall", "Supported": "WindowsXPSP2 - At least Windows XP Professional with SP2", "DisplayName": "Windows Defender Firewall: Prohibit notifications", "ExplainText": "Prevents Windows Defender Firewall from displaying notifications to the user when a program requests that Windows Defender Firewall add the program to the program exceptions list.\n\nIf you enable this policy setting, Windows Defender Firewall prevents the display of these notifications.\n\nIf you disable this policy setting, Windows Defender Firewall allows the display of these notifications. In the Windows Defender Firewall component of Control Panel, the \"Notify me when Windows Defender Firewall blocks a new program\" check box is selected and administrators cannot clear it.\n\nIf you do not configure this policy setting, Windows Defender Firewall behaves as if the policy setting were disabled, except that in the Windows Defender Firewall component of Control Panel, the \"Notify me when Windows Defender Firewall blocks a new program\" check box is selected by default, and administrators can change it.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\DomainProfile" ], "ValueName": "DisableNotifications", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsFirewall.admx", "CategoryName": "WF_Profile_Domain", "PolicyName": "WF_OpenPorts_Name_1", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsFirewall", "Supported": "WindowsXPSP2 - At least Windows XP Professional with SP2", "DisplayName": "Windows Defender Firewall: Define inbound port exceptions", "ExplainText": "Allows you to view and change the inbound port exceptions list defined by Group Policy. Windows Defender Firewall uses two port exception lists: one is defined by Group Policy settings and the other is defined by the Windows Defender Firewall component in Control Panel.\n\nIf you enable this policy setting, you can view and change the inbound port exceptions list defined by Group Policy. To view this port exceptions list, enable the policy setting and then click the Show button. To add a port, enable the policy setting, note the syntax, click the Show button. In the Show Contents dialog box type a definition string that uses the syntax format. To remove a port, click its definition, and then press the DELETE key. To edit a definition, remove the current definition from the list and add a new one with different parameters. To allow administrators to add ports to the local port exceptions list that is defined by the Windows Defender Firewall component in Control Panel, also enable the \"Windows Defender Firewall: Allow local port exceptions\" policy setting.\n\nIf you disable this policy setting, the port exceptions list defined by Group Policy is deleted, but other policy settings can continue to open or block ports. Also, if a local port exceptions list exists, it is ignored unless you enable the \"Windows Defender Firewall: Allow local port exceptions\" policy setting.\n\nIf you do not configure this policy setting, Windows Defender Firewall uses only the local port exceptions list that administrators define by using the Windows Defender Firewall component in Control Panel. Other policy settings can continue to open or block ports.\n\nNote: If you type an invalid definition string, Windows Defender Firewall adds it to the list without checking for errors, and therefore you can accidentally create multiple entries for the same port with conflicting Scope or Status values. Scope parameters are combined for multiple entries. If entries have different Status values, any definition with the Status set to \"disabled\" overrides all definitions with the Status set to \"enabled,\" and the port does not receive messages. Therefore, if you set the Status of a port to \"disabled,\" you can prevent administrators from using the Windows Defender Firewall component in Control Panel to enable the port.\n\nNote: The only effect of setting the Status value to \"disabled\" is that Windows Defender Firewall ignores other definitions for that port that set the Status to \"enabled.\" If another policy setting opens a port, or if a program in the program exceptions list asks Windows Defender Firewall to open a port, Windows Defender Firewall opens the port.\n\nNote: If any policy setting opens TCP port 445, Windows Defender Firewall allows inbound ICMP echo request messages (the message sent by the Ping utility), even if the \"Windows Defender Firewall: Allow ICMP exceptions\" policy setting would block them. Policy settings that can open TCP port 445 include \"Windows Defender Firewall: Allow inbound file and printer sharing exception,\" \"Windows Defender Firewall: Allow inbound remote administration exception,\" and \"Windows Defender Firewall: Define inbound port exceptions.\"", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\DomainProfile\\GloballyOpenPorts" ], "ValueName": "Enabled", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\DomainProfile\\GloballyOpenPorts\\List" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsFirewall.admx", "CategoryName": "WF_Profile_Domain", "PolicyName": "WF_OpenPortsLocal_Name_1", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsFirewall", "Supported": "WindowsXPSP2 - At least Windows XP Professional with SP2", "DisplayName": "Windows Defender Firewall: Allow local port exceptions", "ExplainText": "Allows administrators to use the Windows Defender Firewall component in Control Panel to define a local port exceptions list. Windows Defender Firewall uses two port exceptions lists; the other is defined by the \"Windows Defender Firewall: Define inbound port exceptions\" policy setting.\n\nIf you enable this policy setting, the Windows Defender Firewall component in Control Panel allows administrators to define a local port exceptions list.\n\nIf you disable this policy setting, the Windows Defender Firewall component in Control Panel does not allow administrators to define a local port exceptions list. However, local administrators will still be allowed to create firewall rules in the Windows Defender Firewall with Advanced Security snap-in. If you wish to prevent all locally created rules from applying, use the Group Policy Object Editor snap-in and configure Computer Configuration\\Windows Settings\\Security Settings\\Windows Defender Firewall with Advanced Security to specify that local firewall rules should not apply.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\DomainProfile\\GloballyOpenPorts" ], "ValueName": "AllowUserPrefMerge", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsFirewall.admx", "CategoryName": "WF_Profile_Domain", "PolicyName": "WF_RemoteAdmin_Name_1", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsFirewall", "Supported": "WindowsXPSP2 - At least Windows XP Professional with SP2", "DisplayName": "Windows Defender Firewall: Allow inbound remote administration exception", "ExplainText": "Allows remote administration of this computer using administrative tools such as the Microsoft Management Console (MMC) and Windows Management Instrumentation (WMI). To do this, Windows Defender Firewall opens TCP ports 135 and 445. Services typically use these ports to communicate using remote procedure calls (RPC) and Distributed Component Object Model (DCOM). Additionally, on Windows XP Professional with at least SP2 and Windows Server 2003 with at least SP1, this policy setting also allows SVCHOST.EXE and LSASS.EXE to receive unsolicited incoming messages and allows hosted services to open additional dynamically-assigned ports, typically in the range of 1024 to 1034. On Windows Vista, this policy setting does not control connections to SVCHOST.EXE and LSASS.EXE.\n\nIf you enable this policy setting, Windows Defender Firewall allows the computer to receive the unsolicited incoming messages associated with remote administration. You must specify the IP addresses or subnets from which these incoming messages are allowed.\n\nIf you disable or do not configure this policy setting, Windows Defender Firewall does not open TCP port 135 or 445. Also, on Windows XP Professional with at least SP2 and Windows Server 2003 with at least SP1, Windows Defender Firewall prevents SVCHOST.EXE and LSASS.EXE from receiving unsolicited incoming messages, and prevents hosted services from opening additional dynamically-assigned ports. Because disabling this policy setting does not block TCP port 445, it does not conflict with the \"Windows Defender Firewall: Allow file and printer sharing exception\" policy setting.\n\nNote: Malicious users often attempt to attack networks and computers using RPC and DCOM. We recommend that you contact the manufacturers of your critical programs to determine if they are hosted by SVCHOST.exe or LSASS.exe or if they require RPC and DCOM communication. If they do not, then do not enable this policy setting.\n\nNote: If any policy setting opens TCP port 445, Windows Defender Firewall allows inbound ICMP echo request messages (the message sent by the Ping utility), even if the \"Windows Defender Firewall: Allow ICMP exceptions\" policy setting would block them. Policy settings that can open TCP port 445 include \"Windows Defender Firewall: Allow inbound file and printer sharing exception,\" \"Windows Defender Firewall: Allow inbound remote administration exception,\" and \"Windows Defender Firewall: Define inbound port exceptions.\"", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\DomainProfile\\RemoteAdminSettings" ], "ValueName": "Enabled", "Elements": [ { "Type": "Text", "ValueName": "RemoteAddresses" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsFirewall.admx", "CategoryName": "WF_Profile_Domain", "PolicyName": "WF_RemoteDesktop_Name_1", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsFirewall", "Supported": "WindowsXPSP2 - At least Windows XP Professional with SP2", "DisplayName": "Windows Defender Firewall: Allow inbound Remote Desktop exceptions", "ExplainText": "Allows this computer to receive inbound Remote Desktop requests. To do this, Windows Defender Firewall opens TCP port 3389.\n\nIf you enable this policy setting, Windows Defender Firewall opens this port so that this computer can receive Remote Desktop requests. You must specify the IP addresses or subnets from which these incoming messages are allowed. In the Windows Defender Firewall component of Control Panel, the \"Remote Desktop\" check box is selected and administrators cannot clear it.\n\nIf you disable this policy setting, Windows Defender Firewall blocks this port, which prevents this computer from receiving Remote Desktop requests. If an administrator attempts to open this port by adding it to a local port exceptions list, Windows Defender Firewall does not open the port. In the Windows Defender Firewall component of Control Panel, the \"Remote Desktop\" check box is cleared and administrators cannot select it.\n\nIf you do not configure this policy setting, Windows Defender Firewall does not open this port. Therefore, the computer cannot receive Remote Desktop requests unless an administrator uses other policy settings to open the port. In the Windows Defender Firewall component of Control Panel, the \"Remote Desktop\" check box is cleared. Administrators can change this check box.\"", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\DomainProfile\\Services\\RemoteDesktop" ], "ValueName": "Enabled", "Elements": [ { "Type": "Text", "ValueName": "RemoteAddresses" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsFirewall.admx", "CategoryName": "WF_Profile_Domain", "PolicyName": "WF_UnicastResponseToMulticast_Name_1", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsFirewall", "Supported": "WindowsXPSP2 - At least Windows XP Professional with SP2", "DisplayName": "Windows Defender Firewall: Prohibit unicast response to multicast or broadcast requests", "ExplainText": "Prevents this computer from receiving unicast responses to its outgoing multicast or broadcast messages.\n\nIf you enable this policy setting, and this computer sends multicast or broadcast messages to other computers, Windows Defender Firewall blocks the unicast responses sent by those other computers.\n\nIf you disable or do not configure this policy setting, and this computer sends a multicast or broadcast message to other computers, Windows Defender Firewall waits as long as three seconds for unicast responses from the other computers and then blocks all later responses.\n\nNote: This policy setting has no effect if the unicast message is a response to a Dynamic Host Configuration Protocol (DHCP) broadcast message sent by this computer. Windows Defender Firewall always permits those DHCP unicast responses. However, this policy setting can interfere with the NetBIOS messages that detect name conflicts.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\DomainProfile" ], "ValueName": "DisableUnicastResponsesToMulticastBroadcast", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsFirewall.admx", "CategoryName": "WF_Profile_Domain", "PolicyName": "WF_UniversalPlugAndPlay_Name_1", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsFirewall", "Supported": "WindowsXPSP2 - At least Windows XP Professional with SP2", "DisplayName": "Windows Defender Firewall: Allow inbound UPnP framework exceptions", "ExplainText": "Allows this computer to receive unsolicited inbound Plug and Play messages sent by network devices, such as routers with built-in firewalls. To do this, Windows Defender Firewall opens TCP port 2869 and UDP port 1900.\n\nIf you enable this policy setting, Windows Defender Firewall opens these ports so that this computer can receive Plug and Play messages. You must specify the IP addresses or subnets from which these incoming messages are allowed. In the Windows Defender Firewall component of Control Panel, the \"UPnP framework\" check box is selected and administrators cannot clear it.\n\nIf you disable this policy setting, Windows Defender Firewall blocks these ports, which prevents this computer from receiving Plug and Play messages. If an administrator attempts to open these ports by adding them to a local port exceptions list, Windows Defender Firewall does not open the ports. In the Windows Defender Firewall component of Control Panel, the \"UPnP framework\" check box is cleared and administrators cannot select it.\n\nIf you do not configure this policy setting, Windows Defender Firewall does not open these ports. Therefore, the computer cannot receive Plug and Play messages unless an administrator uses other policy settings to open the required ports or enable the required programs. In the Windows Defender Firewall component of Control Panel, the \"UPnP framework\" check box is cleared. Administrators can change this check box.\"", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\DomainProfile\\Services\\UPnPFramework" ], "ValueName": "Enabled", "Elements": [ { "Type": "Text", "ValueName": "RemoteAddresses" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsFirewall.admx", "CategoryName": "WF_Profile_Standard", "PolicyName": "WF_AllowedPrograms_Name_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsFirewall", "Supported": "WindowsXPSP2 - At least Windows XP Professional with SP2", "DisplayName": "Windows Defender Firewall: Define inbound program exceptions", "ExplainText": "Allows you to view and change the program exceptions list defined by Group Policy. Windows Defender Firewall uses two program exception lists: one is defined by Group Policy settings and the other is defined by the Windows Defender Firewall component in Control Panel.\n\nIf you enable this policy setting, you can view and change the program exceptions list defined by Group Policy. If you add a program to this list and set its status to Enabled, that program can receive unsolicited incoming messages on any port that it asks Windows Defender Firewall to open, even if that port is blocked by another policy setting, such as the \"Windows Defender Firewall: Define inbound port exceptions\" policy setting. To view the program list, enable the policy setting and then click the Show button. To add a program, enable the policy setting, note the syntax, click the Show button. In the Show Contents dialog box type a definition string that uses the syntax format. To remove a program, click its definition, and then press the DELETE key. To edit a definition, remove the current definition from the list and add a new one with different parameters. To allow administrators to add programs to the local program exceptions list that is defined by the Windows Defender Firewall component in Control Panel, also enable the \"Windows Defender Firewall: Allow local program exceptions\" policy setting.\n\nIf you disable this policy setting, the program exceptions list defined by Group Policy is deleted. If a local program exceptions list exists, it is ignored unless you enable the \"Windows Defender Firewall: Allow local program exceptions\" policy setting.\n\nIf you do not configure this policy setting, Windows Defender Firewall uses only the local program exceptions list that administrators define by using the Windows Defender Firewall component in Control Panel.\n\nNote: If you type an invalid definition string, Windows Defender Firewall adds it to the list without checking for errors. This allows you to add programs that you have not installed yet, but be aware that you can accidentally create multiple entries for the same program with conflicting Scope or Status values. Scope parameters are combined for multiple entries.\n\nNote: If you set the Status parameter of a definition string to \"disabled,\" Windows Defender Firewall ignores port requests made by that program and ignores other definitions that set the Status of that program to \"enabled.\" Therefore, if you set the Status to \"disabled,\" you prevent administrators from allowing the program to ask Windows Defender Firewall to open additional ports. However, even if the Status is \"disabled,\" the program can still receive unsolicited incoming messages through a port if another policy setting opens that port.\n\nNote: Windows Defender Firewall opens ports for the program only when the program is running and \"listening\" for incoming messages. If the program is not running, or is running but not listening for those messages, Windows Defender Firewall does not open its ports.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\StandardProfile\\AuthorizedApplications" ], "ValueName": "Enabled", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\StandardProfile\\AuthorizedApplications\\List" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsFirewall.admx", "CategoryName": "WF_Profile_Standard", "PolicyName": "WF_AllowedProgramsLocal_Name_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsFirewall", "Supported": "WindowsXPSP2 - At least Windows XP Professional with SP2", "DisplayName": "Windows Defender Firewall: Allow local program exceptions", "ExplainText": "Allows administrators to use the Windows Defender Firewall component in Control Panel to define a local program exceptions list. Windows Defender Firewall uses two program exceptions lists; the other is defined by the \"Windows Defender Firewall: Define inbound program exceptions\" policy setting.\n\nIf you enable this policy setting, the Windows Defender Firewall component in Control Panel allows administrators to define a local program exceptions list.\n\nIf you disable this policy setting, the Windows Defender Firewall component in Control Panel does not allow administrators to define a local program exceptions list. However, local administrators will still be allowed to create firewall rules in the Windows Defender Firewall with Advanced Security snap-in. If you wish to prevent all locally created rules from applying, use the Group Policy Object Editor snap-in and configure Computer Configuration\\Windows Settings\\Security Settings\\Windows Defender Firewall with Advanced Security to specify that local firewall rules should not apply.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\StandardProfile\\AuthorizedApplications" ], "ValueName": "AllowUserPrefMerge", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsFirewall.admx", "CategoryName": "WF_Profile_Standard", "PolicyName": "WF_EnableFirewall_Name_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsFirewall", "Supported": "WindowsXPSP2 - At least Windows XP Professional with SP2", "DisplayName": "Windows Defender Firewall: Protect all network connections", "ExplainText": "Turns on Windows Defender Firewall.\n\nIf you enable this policy setting, Windows Defender Firewall runs and ignores the \"Computer Configuration\\Administrative Templates\\Network\\Network Connections\\Prohibit use of Internet Connection Firewall on your DNS domain network\" policy setting.\n\nIf you disable this policy setting, Windows Defender Firewall does not run. This is the only way to ensure that Windows Defender Firewall does not run and administrators who log on locally cannot start it.\n\nIf you do not configure this policy setting, administrators can use the Windows Defender Firewall component in Control Panel to turn Windows Defender Firewall on or off, unless the \"Prohibit use of Internet Connection Firewall on your DNS domain network\" policy setting overrides.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\StandardProfile" ], "ValueName": "EnableFirewall", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsFirewall.admx", "CategoryName": "WF_Profile_Standard", "PolicyName": "WF_EnableShield_Name_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsFirewall", "Supported": "WindowsXPSP2 - At least Windows XP Professional with SP2", "DisplayName": "Windows Defender Firewall: Do not allow exceptions", "ExplainText": "Specifies that Windows Defender Firewall blocks all unsolicited incoming messages. This policy setting overrides all other Windows Defender Firewall policy settings that allow such messages.\n\nIf you enable this policy setting, in the Windows Defender Firewall component of Control Panel, the \"Block all incoming connections\" check box is selected and administrators cannot clear it. You should also enable the \"Windows Defender Firewall: Protect all network connections\" policy setting; otherwise, administrators who log on locally can work around the \"Windows Defender Firewall: Do not allow exceptions\" policy setting by turning off the firewall.\n\nIf you disable this policy setting, Windows Defender Firewall applies other policy settings that allow unsolicited incoming messages. In the Windows Defender Firewall component of Control Panel, the \"Block all incoming connections\" check box is cleared and administrators cannot select it.\n\nIf you do not configure this policy setting, Windows Defender Firewall applies other policy settings that allow unsolicited incoming messages. In the Windows Defender Firewall component of Control Panel, the \"Block all incoming connections\" check box is cleared by default, but administrators can change it.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\StandardProfile" ], "ValueName": "DoNotAllowExceptions", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsFirewall.admx", "CategoryName": "WF_Profile_Standard", "PolicyName": "WF_FileAndPrint_Name_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsFirewall", "Supported": "WindowsXPSP2 - At least Windows XP Professional with SP2", "DisplayName": "Windows Defender Firewall: Allow inbound file and printer sharing exception", "ExplainText": "Allows inbound file and printer sharing. To do this, Windows Defender Firewall opens UDP ports 137 and 138, and TCP ports 139 and 445.\n\nIf you enable this policy setting, Windows Defender Firewall opens these ports so that this computer can receive print jobs and requests for access to shared files. You must specify the IP addresses or subnets from which these incoming messages are allowed. In the Windows Defender Firewall component of Control Panel, the \"File and Printer Sharing\" check box is selected and administrators cannot clear it.\n\nIf you disable this policy setting, Windows Defender Firewall blocks these ports, which prevents this computer from sharing files and printers. If an administrator attempts to open any of these ports by adding them to a local port exceptions list, Windows Defender Firewall does not open the port. In the Windows Defender Firewall component of Control Panel, the \"File and Printer Sharing\" check box is cleared and administrators cannot select it.\n\nIf you do not configure this policy setting, Windows Defender Firewall does not open these ports. Therefore, the computer cannot share files or printers unless an administrator uses other policy settings to open the required ports. In the Windows Defender Firewall component of Control Panel, the \"File and Printer Sharing\" check box is cleared. Administrators can change this check box.\n\nNote: If any policy setting opens TCP port 445, Windows Defender Firewall allows inbound ICMP echo requests (the message sent by the Ping utility), even if the \"Windows Defender Firewall: Allow ICMP exceptions\" policy setting would block them. Policy settings that can open TCP port 445 include \"Windows Defender Firewall: Allow inbound file and printer sharing exception,\" \"Windows Defender Firewall: Allow inbound remote administration exception,\" and \"Windows Defender Firewall: Define inbound port exceptions.\"", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\StandardProfile\\Services\\FileAndPrint" ], "ValueName": "Enabled", "Elements": [ { "Type": "Text", "ValueName": "RemoteAddresses" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsFirewall.admx", "CategoryName": "WF_Profile_Standard", "PolicyName": "WF_IcmpSettings_Name_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsFirewall", "Supported": "WindowsXPSP2 - At least Windows XP Professional with SP2", "DisplayName": "Windows Defender Firewall: Allow ICMP exceptions", "ExplainText": "Defines the set of Internet Control Message Protocol (ICMP) message types that Windows Defender Firewall allows. Utilities can use ICMP messages to determine the status of other computers. For example, Ping uses the echo request message. If you do not enable the \"Allow inbound echo request\" message type, Windows Defender Firewall blocks echo request messages sent by Ping running on other computers, but it does not block outbound echo request messages sent by Ping running on this computer.\n\nIf you enable this policy setting, you must specify which ICMP message types Windows Defender Firewall allows this computer to send or receive.\n\nIf you disable this policy setting, Windows Defender Firewall blocks all the listed incoming and outgoing ICMP message types. As a result, utilities that use the blocked ICMP messages will not be able to send those messages to or from this computer. If you enable this policy setting and allow certain message types, then later disable this policy setting, Windows Defender Firewall deletes the list of message types that you had enabled.\n\nIf you do not configure this policy setting, Windows Defender Firewall behaves as if you had disabled it.\n\nNote: If any policy setting opens TCP port 445, Windows Defender Firewall allows inbound echo requests, even if the \"Windows Defender Firewall: Allow ICMP exceptions\" policy setting would block them. Policy settings that can open TCP port 445 include \"Windows Defender Firewall: Allow file and printer sharing exception,\" \"Windows Defender Firewall: Allow remote administration exception,\" and \"Windows Defender Firewall: Define inbound port exceptions.\"\n\nNote: Other Windows Defender Firewall policy settings affect only incoming messages, but several of the options of the \"Windows Defender Firewall: Allow ICMP exceptions\" policy setting affect outgoing communication.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\StandardProfile\\IcmpSettings" ], "Elements": [ { "Type": "Boolean", "ValueName": "AllowOutboundDestinationUnreachable", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "AllowOutboundSourceQuench", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "AllowRedirect", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "AllowInboundEchoRequest", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "AllowInboundRouterRequest", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "AllowOutboundTimeExceeded", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "AllowOutboundParameterProblem", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "AllowInboundTimestampRequest", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "AllowInboundMaskRequest", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "AllowOutboundPacketTooBig", "TrueValue": "1", "FalseValue": "0" } ] }, { "File": "WindowsFirewall.admx", "CategoryName": "WF_Profile_Standard", "PolicyName": "WF_Logging_Name_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsFirewall", "Supported": "WindowsXPSP2 - At least Windows XP Professional with SP2", "DisplayName": "Windows Defender Firewall: Allow logging", "ExplainText": "Allows Windows Defender Firewall to record information about the unsolicited incoming messages that it receives.\n\nIf you enable this policy setting, Windows Defender Firewall writes the information to a log file. You must provide the name, location, and maximum size of the log file. The location can contain environment variables. You must also specify whether to record information about incoming messages that the firewall blocks (drops) and information about successful incoming and outgoing connections. Windows Defender Firewall does not provide an option to log successful incoming messages.\n\nIf you are configuring the log file name, ensure that the Windows Defender Firewall service account has write permissions to the folder containing the log file. Default path for the log file is %systemroot%\\system32\\LogFiles\\Firewall\\pfirewall.log.\n\nIf you disable this policy setting, Windows Defender Firewall does not record information in the log file. If you enable this policy setting, and Windows Defender Firewall creates the log file and adds information, then upon disabling this policy setting, Windows Defender Firewall leaves the log file intact.\n\nIf you do not configure this policy setting, Windows Defender Firewall behaves as if the policy setting were disabled.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\StandardProfile\\Logging" ], "Elements": [ { "Type": "Boolean", "ValueName": "LogDroppedPackets", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "LogSuccessfulConnections", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Text", "ValueName": "LogFilePath", "Required": true }, { "Type": "Decimal", "ValueName": "LogFileSize", "MinValue": "128", "MaxValue": "32767", "Required": true }, { "Type": "DisabledList", "ValueName": "LogDroppedPackets", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\StandardProfile\\Logging" ], "Data": "0" }, { "Type": "DisabledList", "ValueName": "LogSuccessfulConnections", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\StandardProfile\\Logging" ], "Data": "0" } ] }, { "File": "WindowsFirewall.admx", "CategoryName": "WF_Profile_Standard", "PolicyName": "WF_Notifications_Name_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsFirewall", "Supported": "WindowsXPSP2 - At least Windows XP Professional with SP2", "DisplayName": "Windows Defender Firewall: Prohibit notifications", "ExplainText": "Prevents Windows Defender Firewall from displaying notifications to the user when a program requests that Windows Defender Firewall add the program to the program exceptions list.\n\nIf you enable this policy setting, Windows Defender Firewall prevents the display of these notifications.\n\nIf you disable this policy setting, Windows Defender Firewall allows the display of these notifications. In the Windows Defender Firewall component of Control Panel, the \"Notify me when Windows Defender Firewall blocks a new program\" check box is selected and administrators cannot clear it.\n\nIf you do not configure this policy setting, Windows Defender Firewall behaves as if the policy setting were disabled, except that in the Windows Defender Firewall component of Control Panel, the \"Notify me when Windows Defender Firewall blocks a new program\" check box is selected by default, and administrators can change it.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\StandardProfile" ], "ValueName": "DisableNotifications", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsFirewall.admx", "CategoryName": "WF_Profile_Standard", "PolicyName": "WF_OpenPorts_Name_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsFirewall", "Supported": "WindowsXPSP2 - At least Windows XP Professional with SP2", "DisplayName": "Windows Defender Firewall: Define inbound port exceptions", "ExplainText": "Allows you to view and change the inbound port exceptions list defined by Group Policy. Windows Defender Firewall uses two port exception lists: one is defined by Group Policy settings and the other is defined by the Windows Defender Firewall component in Control Panel.\n\nIf you enable this policy setting, you can view and change the inbound port exceptions list defined by Group Policy. To view this port exceptions list, enable the policy setting and then click the Show button. To add a port, enable the policy setting, note the syntax, click the Show button. In the Show Contents dialog box type a definition string that uses the syntax format. To remove a port, click its definition, and then press the DELETE key. To edit a definition, remove the current definition from the list and add a new one with different parameters. To allow administrators to add ports to the local port exceptions list that is defined by the Windows Defender Firewall component in Control Panel, also enable the \"Windows Defender Firewall: Allow local port exceptions\" policy setting.\n\nIf you disable this policy setting, the port exceptions list defined by Group Policy is deleted, but other policy settings can continue to open or block ports. Also, if a local port exceptions list exists, it is ignored unless you enable the \"Windows Defender Firewall: Allow local port exceptions\" policy setting.\n\nIf you do not configure this policy setting, Windows Defender Firewall uses only the local port exceptions list that administrators define by using the Windows Defender Firewall component in Control Panel. Other policy settings can continue to open or block ports.\n\nNote: If you type an invalid definition string, Windows Defender Firewall adds it to the list without checking for errors, and therefore you can accidentally create multiple entries for the same port with conflicting Scope or Status values. Scope parameters are combined for multiple entries. If entries have different Status values, any definition with the Status set to \"disabled\" overrides all definitions with the Status set to \"enabled,\" and the port does not receive messages. Therefore, if you set the Status of a port to \"disabled,\" you can prevent administrators from using the Windows Defender Firewall component in Control Panel to enable the port.\n\nNote: The only effect of setting the Status value to \"disabled\" is that Windows Defender Firewall ignores other definitions for that port that set the Status to \"enabled.\" If another policy setting opens a port, or if a program in the program exceptions list asks Windows Defender Firewall to open a port, Windows Defender Firewall opens the port.\n\nNote: If any policy setting opens TCP port 445, Windows Defender Firewall allows inbound ICMP echo request messages (the message sent by the Ping utility), even if the \"Windows Defender Firewall: Allow ICMP exceptions\" policy setting would block them. Policy settings that can open TCP port 445 include \"Windows Defender Firewall: Allow inbound file and printer sharing exception,\" \"Windows Defender Firewall: Allow inbound remote administration exception,\" and \"Windows Defender Firewall: Define inbound port exceptions.\"", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\StandardProfile\\GloballyOpenPorts" ], "ValueName": "Enabled", "Elements": [ { "Type": "List", "ValueName": null, "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\StandardProfile\\GloballyOpenPorts\\List" ] }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsFirewall.admx", "CategoryName": "WF_Profile_Standard", "PolicyName": "WF_OpenPortsLocal_Name_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsFirewall", "Supported": "WindowsXPSP2 - At least Windows XP Professional with SP2", "DisplayName": "Windows Defender Firewall: Allow local port exceptions", "ExplainText": "Allows administrators to use the Windows Defender Firewall component in Control Panel to define a local port exceptions list. Windows Defender Firewall uses two port exceptions lists; the other is defined by the \"Windows Defender Firewall: Define inbound port exceptions\" policy setting.\n\nIf you enable this policy setting, the Windows Defender Firewall component in Control Panel allows administrators to define a local port exceptions list.\n\nIf you disable this policy setting, the Windows Defender Firewall component in Control Panel does not allow administrators to define a local port exceptions list. However, local administrators will still be allowed to create firewall rules in the Windows Defender Firewall with Advanced Security snap-in. If you wish to prevent all locally created rules from applying, use the Group Policy Object Editor snap-in and configure Computer Configuration\\Windows Settings\\Security Settings\\Windows Defender Firewall with Advanced Security to specify that local firewall rules should not apply.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\StandardProfile\\GloballyOpenPorts" ], "ValueName": "AllowUserPrefMerge", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsFirewall.admx", "CategoryName": "WF_Profile_Standard", "PolicyName": "WF_RemoteAdmin_Name_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsFirewall", "Supported": "WindowsXPSP2 - At least Windows XP Professional with SP2", "DisplayName": "Windows Defender Firewall: Allow inbound remote administration exception", "ExplainText": "Allows remote administration of this computer using administrative tools such as the Microsoft Management Console (MMC) and Windows Management Instrumentation (WMI). To do this, Windows Defender Firewall opens TCP ports 135 and 445. Services typically use these ports to communicate using remote procedure calls (RPC) and Distributed Component Object Model (DCOM). Additionally, on Windows XP Professional with at least SP2 and Windows Server 2003 with at least SP1, this policy setting also allows SVCHOST.EXE and LSASS.EXE to receive unsolicited incoming messages and allows hosted services to open additional dynamically-assigned ports, typically in the range of 1024 to 1034. On Windows Vista, this policy setting does not control connections to SVCHOST.EXE and LSASS.EXE.\n\nIf you enable this policy setting, Windows Defender Firewall allows the computer to receive the unsolicited incoming messages associated with remote administration. You must specify the IP addresses or subnets from which these incoming messages are allowed.\n\nIf you disable or do not configure this policy setting, Windows Defender Firewall does not open TCP port 135 or 445. Also, on Windows XP Professional with at least SP2 and Windows Server 2003 with at least SP1, Windows Defender Firewall prevents SVCHOST.EXE and LSASS.EXE from receiving unsolicited incoming messages, and prevents hosted services from opening additional dynamically-assigned ports. Because disabling this policy setting does not block TCP port 445, it does not conflict with the \"Windows Defender Firewall: Allow file and printer sharing exception\" policy setting.\n\nNote: Malicious users often attempt to attack networks and computers using RPC and DCOM. We recommend that you contact the manufacturers of your critical programs to determine if they are hosted by SVCHOST.exe or LSASS.exe or if they require RPC and DCOM communication. If they do not, then do not enable this policy setting.\n\nNote: If any policy setting opens TCP port 445, Windows Defender Firewall allows inbound ICMP echo request messages (the message sent by the Ping utility), even if the \"Windows Defender Firewall: Allow ICMP exceptions\" policy setting would block them. Policy settings that can open TCP port 445 include \"Windows Defender Firewall: Allow inbound file and printer sharing exception,\" \"Windows Defender Firewall: Allow inbound remote administration exception,\" and \"Windows Defender Firewall: Define inbound port exceptions.\"", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\StandardProfile\\RemoteAdminSettings" ], "ValueName": "Enabled", "Elements": [ { "Type": "Text", "ValueName": "RemoteAddresses" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsFirewall.admx", "CategoryName": "WF_Profile_Standard", "PolicyName": "WF_RemoteDesktop_Name_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsFirewall", "Supported": "WindowsXPSP2 - At least Windows XP Professional with SP2", "DisplayName": "Windows Defender Firewall: Allow inbound Remote Desktop exceptions", "ExplainText": "Allows this computer to receive inbound Remote Desktop requests. To do this, Windows Defender Firewall opens TCP port 3389.\n\nIf you enable this policy setting, Windows Defender Firewall opens this port so that this computer can receive Remote Desktop requests. You must specify the IP addresses or subnets from which these incoming messages are allowed. In the Windows Defender Firewall component of Control Panel, the \"Remote Desktop\" check box is selected and administrators cannot clear it.\n\nIf you disable this policy setting, Windows Defender Firewall blocks this port, which prevents this computer from receiving Remote Desktop requests. If an administrator attempts to open this port by adding it to a local port exceptions list, Windows Defender Firewall does not open the port. In the Windows Defender Firewall component of Control Panel, the \"Remote Desktop\" check box is cleared and administrators cannot select it.\n\nIf you do not configure this policy setting, Windows Defender Firewall does not open this port. Therefore, the computer cannot receive Remote Desktop requests unless an administrator uses other policy settings to open the port. In the Windows Defender Firewall component of Control Panel, the \"Remote Desktop\" check box is cleared. Administrators can change this check box.\"", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\StandardProfile\\Services\\RemoteDesktop" ], "ValueName": "Enabled", "Elements": [ { "Type": "Text", "ValueName": "RemoteAddresses" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsFirewall.admx", "CategoryName": "WF_Profile_Standard", "PolicyName": "WF_UnicastResponseToMulticast_Name_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsFirewall", "Supported": "WindowsXPSP2 - At least Windows XP Professional with SP2", "DisplayName": "Windows Defender Firewall: Prohibit unicast response to multicast or broadcast requests", "ExplainText": "Prevents this computer from receiving unicast responses to its outgoing multicast or broadcast messages.\n\nIf you enable this policy setting, and this computer sends multicast or broadcast messages to other computers, Windows Defender Firewall blocks the unicast responses sent by those other computers.\n\nIf you disable or do not configure this policy setting, and this computer sends a multicast or broadcast message to other computers, Windows Defender Firewall waits as long as three seconds for unicast responses from the other computers and then blocks all later responses.\n\nNote: This policy setting has no effect if the unicast message is a response to a Dynamic Host Configuration Protocol (DHCP) broadcast message sent by this computer. Windows Defender Firewall always permits those DHCP unicast responses. However, this policy setting can interfere with the NetBIOS messages that detect name conflicts.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\StandardProfile" ], "ValueName": "DisableUnicastResponsesToMulticastBroadcast", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsFirewall.admx", "CategoryName": "WF_Profile_Standard", "PolicyName": "WF_UniversalPlugAndPlay_Name_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsFirewall", "Supported": "WindowsXPSP2 - At least Windows XP Professional with SP2", "DisplayName": "Windows Defender Firewall: Allow inbound UPnP framework exceptions", "ExplainText": "Allows this computer to receive unsolicited inbound Plug and Play messages sent by network devices, such as routers with built-in firewalls. To do this, Windows Defender Firewall opens TCP port 2869 and UDP port 1900.\n\nIf you enable this policy setting, Windows Defender Firewall opens these ports so that this computer can receive Plug and Play messages. You must specify the IP addresses or subnets from which these incoming messages are allowed. In the Windows Defender Firewall component of Control Panel, the \"UPnP framework\" check box is selected and administrators cannot clear it.\n\nIf you disable this policy setting, Windows Defender Firewall blocks these ports, which prevents this computer from receiving Plug and Play messages. If an administrator attempts to open these ports by adding them to a local port exceptions list, Windows Defender Firewall does not open the ports. In the Windows Defender Firewall component of Control Panel, the \"UPnP framework\" check box is cleared and administrators cannot select it.\n\nIf you do not configure this policy setting, Windows Defender Firewall does not open these ports. Therefore, the computer cannot receive Plug and Play messages unless an administrator uses other policy settings to open the required ports or enable the required programs. In the Windows Defender Firewall component of Control Panel, the \"UPnP framework\" check box is cleared. Administrators can change this check box.\"", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\StandardProfile\\Services\\UPnPFramework" ], "ValueName": "Enabled", "Elements": [ { "Type": "Text", "ValueName": "RemoteAddresses" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsInkWorkspace.admx", "CategoryName": "WindowsInkWorkspace", "PolicyName": "AllowWindowsInkWorkspace", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsInkWorkspace", "Supported": "WIN10_RS1 - At least Windows 10 Redstone", "DisplayName": "Allow Windows Ink Workspace", "ExplainText": "Allow Windows Ink Workspace", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\WindowsInkWorkspace" ], "Elements": [ { "Type": "Enum", "ValueName": "AllowWindowsInkWorkspace", "Items": [ { "DisplayName": "Disabled", "Data": "0" }, { "DisplayName": "On, but disallow access above lock", "Data": "1" }, { "DisplayName": "On", "Data": "2" } ], "Required": true } ] }, { "File": "WindowsInkWorkspace.admx", "CategoryName": "WindowsInkWorkspace", "PolicyName": "AllowSuggestedAppsInWindowsInkWorkspace", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsInkWorkspace", "Supported": "WIN10_RS1 - At least Windows 10 Redstone", "DisplayName": "Allow suggested apps in Windows Ink Workspace", "ExplainText": "Allow suggested apps in Windows Ink Workspace", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\WindowsInkWorkspace" ], "ValueName": "AllowSuggestedAppsInWindowsInkWorkspace", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsMediaDRM.admx", "CategoryName": "WMDRMCat", "PolicyName": "DisableOnline", "Class": "Machine", "NameSpace": "Microsoft.Policies.DigitalRights2", "Supported": "WindowsNET - At least Windows Server 2003", "DisplayName": "Prevent Windows Media DRM Internet Access", "ExplainText": "Prevents Windows Media Digital Rights Management (DRM) from accessing the Internet (or intranet).\n\nWhen enabled, Windows Media DRM is prevented from accessing the Internet (or intranet) for license acquisition and security upgrades.\n\nWhen this policy is enabled, programs are not able to acquire licenses for secure content, upgrade Windows Media DRM security components, or restore backed up content licenses. Secure content that is already licensed to the local computer will continue to play. Users are also able to protect music that they copy from a CD and play this protected content on their computer, since the license is generated locally in this scenario.\n\nWhen this policy is either disabled or not configured, Windows Media DRM functions normally and will connect to the Internet (or intranet) to acquire licenses, download security upgrades, and perform license restoration.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\WMDRM" ], "ValueName": "DisableOnline", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsMediaPlayer.admx", "CategoryName": "WMPCat", "PolicyName": "DisableAutoUpdate", "Class": "Machine", "NameSpace": "Microsoft.Policies.MediaPlayer", "Supported": "WMP9 - Windows Media Player 9 Series and later.", "DisplayName": "Prevent Automatic Updates", "ExplainText": "This policy setting allows you to turn off do not show first use dialog boxes.\n\nIf you enable this policy setting, the Privacy Options and Installation Options dialog boxes are prevented from being displayed the first time a user starts Windows Media Player.\n\nThis policy setting prevents the dialog boxes which allow users to select privacy, file types, and other desktop options from being displayed when the Player is first started. Some of the options can be configured by using other Windows Media Player group policies.\n\nIf you disable or do not configure this policy setting, the dialog boxes are displayed when the user starts the Player for the first time.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\WindowsMediaPlayer" ], "ValueName": "DisableAutoUpdate", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsMediaPlayer.admx", "CategoryName": "WMPCat", "PolicyName": "DisableSetupFirstUseConfiguration", "Class": "Machine", "NameSpace": "Microsoft.Policies.MediaPlayer", "Supported": "WMP9 - Windows Media Player 9 Series and later.", "DisplayName": "Do Not Show First Use Dialog Boxes", "ExplainText": "This policy setting allows you to prevent the anchor window from being displayed when Windows Media Player is in skin mode.\n\nIf you enable this policy setting, the anchor window is hidden when the Player is in skin mode. In addition, the option on the Player tab in the Player that enables users to choose whether the anchor window displays is not available.\n\nIf you disable or do not configure this policy setting, users can show or hide the anchor window when the Player is in skin mode by using the Player tab in the Player.\n\nIf you do not configure this policy setting, and the \"Set and lock skin\" policy setting is enabled, some options in the anchor window are not available.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\WindowsMediaPlayer" ], "ValueName": "GroupPrivacyAcceptance", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsMediaPlayer.admx", "CategoryName": "WMPCat", "PolicyName": "DontUseFrameInterpolation", "Class": "Machine", "NameSpace": "Microsoft.Policies.MediaPlayer", "Supported": "WMP9 - Windows Media Player 9 Series and later.", "DisplayName": "Prevent Video Smoothing", "ExplainText": "This policy setting allows you to prevent video smoothing from occurring.\n\nIf you enable this policy setting, video smoothing is prevented, which can improve video playback on computers with limited resources. In addition, the Use Video Smoothing check box in the Video Acceleration Settings dialog box in the Player is cleared and is not available.\n\nIf you disable this policy setting, video smoothing occurs if necessary, and the Use Video Smoothing check box is selected and is not available.\n\nIf you do not configure this policy setting, video smoothing occurs if necessary. Users can change the setting for the Use Video Smoothing check box.\n\nVideo smoothing is available only on the Windows XP Home Edition and Windows XP Professional operating systems.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\WindowsMediaPlayer" ], "ValueName": "DontUseFrameInterpolation", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsMediaPlayer.admx", "CategoryName": "WMPCat", "PolicyName": "PreventCDDVDMetadataRetrieval", "Class": "User", "NameSpace": "Microsoft.Policies.MediaPlayer", "Supported": "WMP9 - Windows Media Player 9 Series and later.", "DisplayName": "Prevent CD and DVD Media Information Retrieval", "ExplainText": "This policy setting allows you to prevent media information for CDs and DVDs from being retrieved from the Internet.\n\nIf you enable this policy setting, the Player is prevented from automatically obtaining media information from the Internet for CDs and DVDs played by users. In addition, the Retrieve media information for CDs and DVDs from the Internet check box on the Privacy Options tab in the first use dialog box and on the Privacy tab in the Player are not selected and are not available.\n\nIf you disable or do not configure this policy setting, users can change the setting of the Retrieve media information for CDs and DVDs from the Internet check box.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\WindowsMediaPlayer" ], "ValueName": "PreventCDDVDMetadataRetrieval", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsMediaPlayer.admx", "CategoryName": "WMPCat", "PolicyName": "PreventLibrarySharing", "Class": "Machine", "NameSpace": "Microsoft.Policies.MediaPlayer", "Supported": "WMP11 - Windows Media Player 11 for Windows XP or Windows Media Player 11 for Windows Vista or later.", "DisplayName": "Prevent Media Sharing", "ExplainText": "This policy setting allows you to prevent media sharing from Windows Media Player.\n\nIf you enable this policy setting, any user on this computer is prevented from sharing digital media content from Windows Media Player with other computers and devices that are on the same network. Media sharing is disabled from Windows Media Player or from programs that depend on the Player's media sharing feature.\n\nIf you disable or do not configure this policy setting, anyone using Windows Media Player can turn media sharing on or off.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\WindowsMediaPlayer" ], "ValueName": "PreventLibrarySharing", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsMediaPlayer.admx", "CategoryName": "WMPCat", "PolicyName": "PreventMusicFileMetadataRetrieval", "Class": "User", "NameSpace": "Microsoft.Policies.MediaPlayer", "Supported": "WMP9 - Windows Media Player 9 Series and later.", "DisplayName": "Prevent Music File Media Information Retrieval", "ExplainText": "This policy setting allows you to prevent media information for music files from being retrieved from the Internet.\n\nIf you enable this policy setting, the Player is prevented from automatically obtaining media information for music files such as Windows Media Audio (WMA) and MP3 files from the Internet. In addition, the Update my music files (WMA and MP3 files) by retrieving missing media information from the Internet check box in the first use dialog box and on the Privacy and Media Library tabs in the Player are not selected and are not available.\n\nIf you disable or do not configure this policy setting, users can change the setting of the Update my music files (WMA and MP3 files) by retrieving missing media information from the Internet check box.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\WindowsMediaPlayer" ], "ValueName": "PreventMusicFileMetadataRetrieval", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsMediaPlayer.admx", "CategoryName": "WMPCat", "PolicyName": "PreventQuickLaunchShortcut", "Class": "Machine", "NameSpace": "Microsoft.Policies.MediaPlayer", "Supported": "WMP9 - Windows Media Player 9 Series and later.", "DisplayName": "Prevent Quick Launch Toolbar Shortcut Creation", "ExplainText": "This policy setting allows you to prevent a shortcut for the Player from being added to the Quick Launch bar.\n\nIf you enable this policy setting, the user cannot add the shortcut for the Player to the Quick Launch bar.\n\nIf you disable or do not configure this policy setting, the user can choose whether to add the shortcut for the Player to the Quick Launch bar.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\WindowsMediaPlayer" ], "ValueName": "QuickLaunchShortcut", "Elements": [ { "Type": "EnabledValue", "Data": "no" }, { "Type": "DisabledValue", "Data": "yes" } ] }, { "File": "WindowsMediaPlayer.admx", "CategoryName": "WMPCat", "PolicyName": "PreventRadioPresetsRetrieval", "Class": "User", "NameSpace": "Microsoft.Policies.MediaPlayer", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Prevent Radio Station Preset Retrieval", "ExplainText": "This policy setting allows you to prevent radio station presets from being retrieved from the Internet.\n\nIf you enable this policy setting, the Player is prevented from automatically retrieving radio station presets from the Internet and displaying them in Media Library. In addition, presets that exist before the policy is configured are not be updated, and presets a user adds are not be displayed.\n\nIf you disable or do not configure this policy setting, the Player automatically retrieves radio station presets from the Internet.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\WindowsMediaPlayer" ], "ValueName": "PreventRadioPresetsRetrieval", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsMediaPlayer.admx", "CategoryName": "WMPCat", "PolicyName": "PreventWMPDeskTopShortcut", "Class": "Machine", "NameSpace": "Microsoft.Policies.MediaPlayer", "Supported": "WMP9 - Windows Media Player 9 Series and later.", "DisplayName": "Prevent Desktop Shortcut Creation", "ExplainText": "This policy setting allows you to prevent a shortcut icon for the Player from being added to the user's desktop.\n\nIf you enable this policy setting, users cannot add the Player shortcut icon to their desktops.\n\nIf you disable or do not configure this policy setting, users can choose whether to add the Player shortcut icon to their desktops.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\WindowsMediaPlayer" ], "ValueName": "DesktopShortcut", "Elements": [ { "Type": "EnabledValue", "Data": "no" }, { "Type": "DisabledValue", "Data": "yes" } ] }, { "File": "WindowsMediaPlayer.admx", "CategoryName": "WMPCatContent", "PolicyName": "EnableScreenSaver", "Class": "User", "NameSpace": "Microsoft.Policies.MediaPlayer", "Supported": "WMP9 - Windows Media Player 9 Series and later.", "DisplayName": "Allow Screen Saver", "ExplainText": "This policy setting allows a screen saver to interrupt playback.\n\nIf you enable this policy setting, a screen saver is displayed during playback of digital media according to the options selected on the Screen Saver tab in the Display Properties dialog box in Control Panel. The Allow screen saver during playback check box on the Player tab in the Player is selected and is not available.\n\nIf you disable this policy setting, a screen saver does not interrupt playback even if users have selected a screen saver. The Allow screen saver during playback check box is cleared and is not available.\n\nIf you do not configure this policy setting, users can change the setting for the Allow screen saver during playback check box.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\WindowsMediaPlayer" ], "ValueName": "EnableScreenSaver", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsMediaPlayer.admx", "CategoryName": "WMPCatContent", "PolicyName": "PolicyCodecUpdate", "Class": "User", "NameSpace": "Microsoft.Policies.MediaPlayer", "Supported": "WMP8 - Windows Media Player for Windows XP and later.", "DisplayName": "Prevent Codec Download", "ExplainText": "This policy setting allows you to prevent Windows Media Player from downloading codecs.\n\nIf you enable this policy setting, the Player is prevented from automatically downloading codecs to your computer. In addition, the Download codecs automatically check box on the Player tab in the Player is not available.\n\nIf you disable this policy setting, codecs are automatically downloaded and the Download codecs automatically check box is not available.\n\nIf you do not configure this policy setting, users can change the setting for the Download codecs automatically check box.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\WindowsMediaPlayer" ], "ValueName": "PreventCodecDownload", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsMediaPlayer.admx", "CategoryName": "WMPCatUI", "PolicyName": "DoNotShowAnchor", "Class": "User", "NameSpace": "Microsoft.Policies.MediaPlayer", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Do Not Show Anchor", "ExplainText": "Prevents the anchor window from being displayed when Windows Media Player is in skin mode.\n\nThis policy hides the anchor window when the Player is in skin mode. In addition, the option on the Player tab in the Player that enables users to choose whether the anchor window displays is not available.\n\nWhen this policy is not configured or disabled, users can show or hide the anchor window when the Player is in skin mode by using the Player tab in the Player.\n\nWhen this policy is not configured and the Set and Lock Skin policy is enabled, some options in the anchor window are not available.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\WindowsMediaPlayer" ], "ValueName": "DoNotShowAnchor", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsMediaPlayer.admx", "CategoryName": "WMPCatUI", "PolicyName": "HidePrivacyTab", "Class": "User", "NameSpace": "Microsoft.Policies.MediaPlayer", "Supported": "WMP9 - Windows Media Player 9 Series and later.", "DisplayName": "Hide Privacy Tab", "ExplainText": "This policy setting allows you to hide the Privacy tab in Windows Media Player.\n\nIf you enable this policy setting, the \"Update my music files (WMA and MP3 files) by retrieving missing media information from the Internet\" check box on the Media Library tab is available, even though the Privacy tab is hidden, unless the \"Prevent music file media information retrieval\" policy setting is enabled.\n\nThe default privacy settings are used for the options on the Privacy tab unless the user changed the settings previously.\n\nIf you disable or do not configure this policy setting, the Privacy tab is not hidden, and users can configure any privacy settings not configured by other polices.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\WindowsMediaPlayer" ], "ValueName": "HidePrivacyTab", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsMediaPlayer.admx", "CategoryName": "WMPCatUI", "PolicyName": "HideSecurityTab", "Class": "User", "NameSpace": "Microsoft.Policies.MediaPlayer", "Supported": "WMP9 - Windows Media Player 9 Series and later.", "DisplayName": "Hide Security Tab", "ExplainText": "This policy setting allows you to hide the Security tab in Windows Media Player.\n\nIf you enable this policy setting, the default security settings for the options on the Security tab are used unless the user changed the settings previously. Users can still change security and zone settings by using Internet Explorer unless these settings have been hidden or disabled by Internet Explorer policies.\n\nIf you disable or do not configure this policy setting, users can configure the security settings on the Security tab.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\WindowsMediaPlayer" ], "ValueName": "HideSecurityTab", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsMediaPlayer.admx", "CategoryName": "WMPCatUI", "PolicyName": "SkinLockDown", "Class": "User", "NameSpace": "Microsoft.Policies.MediaPlayer", "Supported": "WMP8 - Windows Media Player for Windows XP and later.", "DisplayName": "Set and Lock Skin", "ExplainText": "This policy setting allows you to set and lock Windows Media Player in skin mode, using a specified skin.\n\nIf you enable this policy setting, the Player displays only in skin mode using the skin specified in the Skin box on the Setting tab.\n\nYou must use the complete file name for the skin (for example, skin_name.wmz), and the skin must be installed in the %programfiles%\\Windows Media Player\\Skins Folder on a user's computer. If the skin is not installed on a user's computer, or if the Skin box is blank, the Player opens by using the Corporate skin. The only way to specify the Corporate skin is to leave the Skin box blank.\n\nA user has access only to the Player features that are available with the specified skin. Users cannot switch the Player to full mode and cannot choose a different skin.\n\nIf you disable or do not configure this policy setting, users can display the Player in full or skin mode and have access to all available features of the Player.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\WindowsMediaPlayer" ], "ValueName": "SetAndLockSkin", "Elements": [ { "Type": "Text", "ValueName": "DefaultSkin" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsMediaPlayer.admx", "CategoryName": "WMPNETWORK", "PolicyName": "ConfigureHTTPProxySettings", "Class": "User", "NameSpace": "Microsoft.Policies.MediaPlayer", "Supported": "WMP8 - Windows Media Player for Windows XP and later.", "DisplayName": "Configure HTTP Proxy", "ExplainText": "This policy setting allows you to specify the HTTP proxy settings for Windows Media Player.\n\nIf you enable this policy setting, select one of the following proxy types:\n\n- Autodetect: the proxy settings are automatically detected.\n- Custom: unique proxy settings are used.\n- Use browser proxy settings: browser's proxy settings are used.\n\nIf the Custom proxy type is selected, the rest of the options on the Setting tab must be specified because no default settings are used for the proxy. The options are ignored if Autodetect or Browser is selected.\n\nThe Configure button on the Network tab in the Player is not available for the HTTP protocol and the proxy cannot be configured. If the \"Hide network tab\" policy setting is also enabled, the entire Network tab is hidden.\n\nThis policy is ignored if the \"Streaming media protocols\" policy setting is enabled and HTTP is not selected.\n\nIf you disable this policy setting, the HTTP proxy server cannot be used and the user cannot configure the HTTP proxy.\n\nIf you do not configure this policy setting, users can configure the HTTP proxy settings.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\WindowsMediaPlayer\\Protocols\\HTTP" ], "ValueName": "ProxyPolicy", "Elements": [ { "Type": "Enum", "ValueName": "ProxyType", "Items": [ { "DisplayName": "Autodetect", "Data": "3", "ValueList": [{"ValueName": "AutodetectProxy", "KeyPath": ["HKCU\\Software\\Policies\\Microsoft\\WindowsMediaPlayer\\Protocols\\HTTP"], "Data": "1"}, {"ValueName": "UseProxy", "KeyPath": ["HKCU\\Software\\Policies\\Microsoft\\WindowsMediaPlayer\\Protocols\\HTTP"], "Action": "Delete"}, {"ValueName": "UseBrowserProxy", "KeyPath": ["HKCU\\Software\\Policies\\Microsoft\\WindowsMediaPlayer\\Protocols\\HTTP"], "Action": "Delete"}] }, { "DisplayName": "Custom", "Data": "2", "ValueList": [{"ValueName": "UseProxy", "KeyPath": ["HKCU\\Software\\Policies\\Microsoft\\WindowsMediaPlayer\\Protocols\\HTTP"], "Data": "1"}, {"ValueName": "AutodetectProxy", "KeyPath": ["HKCU\\Software\\Policies\\Microsoft\\WindowsMediaPlayer\\Protocols\\HTTP"], "Action": "Delete"}, {"ValueName": "UseBrowserProxy", "KeyPath": ["HKCU\\Software\\Policies\\Microsoft\\WindowsMediaPlayer\\Protocols\\HTTP"], "Action": "Delete"}] }, { "DisplayName": "Use browser proxy settings", "Data": "1", "ValueList": [{"ValueName": "UseBrowserProxy", "KeyPath": ["HKCU\\Software\\Policies\\Microsoft\\WindowsMediaPlayer\\Protocols\\HTTP"], "Data": "1"}, {"ValueName": "AutodetectProxy", "KeyPath": ["HKCU\\Software\\Policies\\Microsoft\\WindowsMediaPlayer\\Protocols\\HTTP"], "Action": "Delete"}, {"ValueName": "UseProxy", "KeyPath": ["HKCU\\Software\\Policies\\Microsoft\\WindowsMediaPlayer\\Protocols\\HTTP"], "Action": "Delete"}] } ], "Required": true }, { "Type": "Text", "ValueName": "ProxyAddress" }, { "Type": "Decimal", "ValueName": "ProxyPort", "MinValue": "1", "MaxValue": "65535" }, { "Type": "Boolean", "ValueName": "BypassProxyLocal", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Text", "ValueName": "ExludeFromProxy" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsMediaPlayer.admx", "CategoryName": "WMPNETWORK", "PolicyName": "ConfigureMMSProxySettings", "Class": "User", "NameSpace": "Microsoft.Policies.MediaPlayer", "Supported": "WindowsPreVista - Windows Server 2003, Windows XP, and Windows 2000 only", "DisplayName": "Configure MMS Proxy", "ExplainText": "This policy setting allows you to specify the MMS proxy settings for Windows Media Player.\n\nIf you enable this policy setting, select one of the following proxy types:\n\n- Autodetect: the proxy settings are automatically detected.\n- Custom: unique proxy settings are used.\n\nIf the Custom proxy type is selected, the rest of the options on the Setting tab must be specified; otherwise, the default settings are used. The options are ignored if Autodetect is selected.\n\nThe Configure button on the Network tab in the Player is not available and the protocol cannot be configured. If the \"Hide network tab\" policy setting is also enabled, the entire Network tab is hidden.\n\nThis policy setting is ignored if the \"Streaming media protocols\" policy setting is enabled and Multicast is not selected.\n\nIf you disable this policy setting, the MMS proxy server cannot be used and users cannot configure the MMS proxy settings.\n\nIf you do not configure this policy setting, users can configure the MMS proxy settings.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\WindowsMediaPlayer\\Protocols\\MMS" ], "ValueName": "ProxyPolicy", "Elements": [ { "Type": "Enum", "ValueName": "ProxyType", "Items": [ { "DisplayName": "Autodetect", "Data": "3", "ValueList": [{"ValueName": "AutodetectProxy", "KeyPath": ["HKCU\\Software\\Policies\\Microsoft\\WindowsMediaPlayer\\Protocols\\MMS"], "Data": "1"}, {"ValueName": "UseProxy", "KeyPath": ["HKCU\\Software\\Policies\\Microsoft\\WindowsMediaPlayer\\Protocols\\MMS"], "Action": "Delete"}] }, { "DisplayName": "Custom", "Data": "2", "ValueList": [{"ValueName": "UseProxy", "KeyPath": ["HKCU\\Software\\Policies\\Microsoft\\WindowsMediaPlayer\\Protocols\\MMS"], "Data": "1"}, {"ValueName": "AutodetectProxy", "KeyPath": ["HKCU\\Software\\Policies\\Microsoft\\WindowsMediaPlayer\\Protocols\\MMS"], "Action": "Delete"}] } ], "Required": true }, { "Type": "Text", "ValueName": "ProxyAddress" }, { "Type": "Decimal", "ValueName": "ProxyPort", "MinValue": "1", "MaxValue": "65535" }, { "Type": "Boolean", "ValueName": "BypassProxyLocal", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Text", "ValueName": "ExludeFromProxy" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsMediaPlayer.admx", "CategoryName": "WMPNETWORK", "PolicyName": "ConfigureRTSPProxySettings", "Class": "User", "NameSpace": "Microsoft.Policies.MediaPlayer", "Supported": "WMP9 - Windows Media Player 9 Series and later.", "DisplayName": "Configure RTSP Proxy", "ExplainText": "This policy setting allows you to specify the RTSP proxy settings for Windows Media Player.\n\nIf you enable this policy setting, select one of the following proxy types:\n\n- Autodetect: the proxy settings are automatically detected.\n- Custom: unique proxy settings are used.\n\nIf the Custom proxy type is selected, the rest of the options on the Setting tab must be specified; otherwise, the default settings are used. The options are ignored if Autodetect is selected.\n\nThe Configure button on the Network tab in the Player is not available and the protocol cannot be configured. If the \"Hide network tab\" policy setting is also enabled, the entire Network tab is hidden.\n\nIf you disable this policy setting, the RTSP proxy server cannot be used and users cannot change the RTSP proxy settings.\n\nIf you do not configure this policy setting, users can configure the RTSP proxy settings.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\WindowsMediaPlayer\\Protocols\\RTSP" ], "ValueName": "ProxyPolicy", "Elements": [ { "Type": "Enum", "ValueName": "ProxyType", "Items": [ { "DisplayName": "Autodetect", "Data": "3", "ValueList": [{"ValueName": "AutodetectProxy", "KeyPath": ["HKCU\\Software\\Policies\\Microsoft\\WindowsMediaPlayer\\Protocols\\RTSP"], "Data": "1"}, {"ValueName": "UseProxy", "KeyPath": ["HKCU\\Software\\Policies\\Microsoft\\WindowsMediaPlayer\\Protocols\\RTSP"], "Action": "Delete"}] }, { "DisplayName": "Custom", "Data": "2", "ValueList": [{"ValueName": "UseProxy", "KeyPath": ["HKCU\\Software\\Policies\\Microsoft\\WindowsMediaPlayer\\Protocols\\RTSP"], "Data": "1"}, {"ValueName": "AutodetectProxy", "KeyPath": ["HKCU\\Software\\Policies\\Microsoft\\WindowsMediaPlayer\\Protocols\\RTSP"], "Action": "Delete"}] } ], "Required": true }, { "Type": "Text", "ValueName": "ProxyAddress" }, { "Type": "Decimal", "ValueName": "ProxyPort", "MinValue": "1", "MaxValue": "65535" }, { "Type": "Boolean", "ValueName": "BypassProxyLocal", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Text", "ValueName": "ExludeFromProxy" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsMediaPlayer.admx", "CategoryName": "WMPNETWORK", "PolicyName": "DisableNetworkSettings", "Class": "User", "NameSpace": "Microsoft.Policies.MediaPlayer", "Supported": "WMP8 - Windows Media Player for Windows XP and later.", "DisplayName": "Hide Network Tab", "ExplainText": "This policy setting allows you to hide the Network tab.\n\nIf you enable this policy setting, the Network tab in Windows Media Player is hidden. The default network settings are used unless the user has previously defined network settings for the Player.\n\nIf you disable or do not configure this policy setting, the Network tab appears and users can use it to configure network settings.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\WindowsMediaPlayer" ], "ValueName": "HideNetworkTab", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsMediaPlayer.admx", "CategoryName": "WMPNETWORK", "PolicyName": "NetworkBuffering", "Class": "User", "NameSpace": "Microsoft.Policies.MediaPlayer", "Supported": "WMP8 - Windows Media Player for Windows XP and later.", "DisplayName": "Configure Network Buffering", "ExplainText": "This policy setting allows you to specify whether network buffering uses the default or a specified number of seconds.\n\nIf you enable this policy setting, select one of the following options to specify the number of seconds streaming media is buffered before it is played.\n\n- Custom: the number of seconds, up to 60, that streaming media is buffered.\n- Default: default network buffering is used and the number of seconds that is specified is ignored.\n\nThe \"Use default buffering\" and \"Buffer\" options on the Performance tab in the Player are not available.\n\nIf you disable or do not configure this policy setting, users can change the buffering options on the Performance tab.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\WindowsMediaPlayer" ], "ValueName": "NetworkBufferingPolicy", "Elements": [ { "Type": "Enum", "ValueName": "BufferingType", "Items": [ { "DisplayName": "Default", "Data": "1", "ValueList": [{"ValueName": "UseDefaultBuffering", "KeyPath": ["HKCU\\Software\\Policies\\Microsoft\\WindowsMediaPlayer"], "Data": "1"}] }, { "DisplayName": "Custom", "Data": "2", "ValueList": [{"ValueName": "UseDefaultBuffering", "KeyPath": ["HKCU\\Software\\Policies\\Microsoft\\WindowsMediaPlayer"], "Data": "0"}] } ] }, { "Type": "Decimal", "ValueName": "NetworkBuffering", "MinValue": "0", "MaxValue": "60" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsMediaPlayer.admx", "CategoryName": "WMPNETWORK", "PolicyName": "WindowsStreamingMediaProtocols", "Class": "User", "NameSpace": "Microsoft.Policies.MediaPlayer", "Supported": "WMP8 - Windows Media Player for Windows XP and later.", "DisplayName": "Streaming Media Protocols", "ExplainText": "This policy setting allows you to specify that Windows Media Player can attempt to use selected protocols when receiving streaming media from a server running Windows Media Services.\n\nIf you enable this policy setting, the protocols that are selected on the Network tab of the Player are used to receive a stream initiated through an MMS or RTSP URL from a Windows Media server. If the RSTP/UDP check box is selected, a user can specify UDP ports in the Use ports check box. If the user does not specify UDP ports, the Player uses default ports when using the UDP protocol. This policy setting also specifies that multicast streams can be received if the \"Allow the Player to receive multicast streams\" check box on the Network tab is selected.\n\nIf you enable this policy setting, the administrator must also specify the protocols that are available to users on the Network tab. If the administrator does not specify any protocols, the Player cannot access an MMS or RTSP URL from a Windows Media server. If the \"Hide network tab\" policy setting is enabled, the entire Network tab is hidden.\n\nIf you do not configure this policy setting, users can select the protocols to use on the Network tab.\n\nIf you disable this policy setting, the Protocols for MMS URLs and Multicast streams areas of the Network tab are not available and the Player cannot receive an MMS or RTSP stream from a Windows Media server.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\WindowsMediaPlayer\\Protocols" ], "ValueName": "WindowsMediaStreamingProtocols", "Elements": [ { "Type": "Boolean", "ValueName": "Multicast", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "UDP", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Text", "ValueName": "UDPPorts" }, { "Type": "Boolean", "ValueName": "TCP", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "HTTP", "TrueValue": "1", "FalseValue": "0" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsMessenger.admx", "CategoryName": "WinMSG_WindowsMsg", "PolicyName": "WinMSG_NoAutoStartWindowsMsg_Comp", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsMessenger", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Do not automatically start Windows Messenger initially", "ExplainText": "This policy setting prevents Windows Messenger from automatically running at logon.\n\nIf you enable this policy setting, Windows Messenger is not loaded automatically when a user logs on.\n\nIf you disable or do not configure this policy setting, Windows Messenger will be loaded automatically at logon.\n\nNote: This policy setting simply prevents Windows Messenger from running initially. If the user invokes and uses Windows Messenger from that point on, Windows Messenger will be loaded.\n\nThe user can also configure this behavior on the Preferences tab on the Tools menu in the Windows Messenger user interface.\n\nNote: If you do not want users to use Windows Messenger, enable the \"Do not allow Windows Messenger to run\" policy setting.\n\nNote: This policy setting is available under both Computer Configuration and User Configuration. If both are present, the Computer Configuration version of this policy setting takes precedence.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Messenger\\Client" ], "ValueName": "PreventAutoRun", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsMessenger.admx", "CategoryName": "WinMSG_WindowsMsg", "PolicyName": "WinMSG_NoAutoStartWindowsMsg_User", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsMessenger", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Do not automatically start Windows Messenger initially", "ExplainText": "This policy setting prevents Windows Messenger from automatically running at logon.\n\nIf you enable this policy setting, Windows Messenger is not loaded automatically when a user logs on.\n\nIf you disable or do not configure this policy setting, Windows Messenger will be loaded automatically at logon.\n\nNote: This policy setting simply prevents Windows Messenger from running initially. If the user invokes and uses Windows Messenger from that point on, Windows Messenger will be loaded.\n\nThe user can also configure this behavior on the Preferences tab on the Tools menu in the Windows Messenger user interface.\n\nNote: If you do not want users to use Windows Messenger, enable the \"Do not allow Windows Messenger to run\" policy setting.\n\nNote: This policy setting is available under both Computer Configuration and User Configuration. If both are present, the Computer Configuration version of this policy setting takes precedence.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Messenger\\Client" ], "ValueName": "PreventAutoRun", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsMessenger.admx", "CategoryName": "WinMSG_WindowsMsg", "PolicyName": "WinMSG_NoWindowsMsg_Comp", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsMessenger", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Do not allow Windows Messenger to be run", "ExplainText": "This policy setting allows you to prevent Windows Messenger from running.\n\nIf you enable this policy setting, Windows Messenger does not run.\n\nIf you disable or do not configure this policy setting, Windows Messenger can be used.\n\nNote: If you enable this policy setting, Remote Assistance also cannot use Windows Messenger.\n\nNote: This policy setting is available under both Computer Configuration and User Configuration. If both are present, the Computer Configuration version of this policy setting takes precedence.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Messenger\\Client" ], "ValueName": "PreventRun", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsMessenger.admx", "CategoryName": "WinMSG_WindowsMsg", "PolicyName": "WinMSG_NoWindowsMsg_User", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsMessenger", "Supported": "WindowsXP - At least Windows Server 2003 operating systems or Windows XP Professional", "DisplayName": "Do not allow Windows Messenger to be run", "ExplainText": "This policy setting allows you to prevent Windows Messenger from running.\n\nIf you enable this policy setting, Windows Messenger does not run.\n\nIf you disable or do not configure this policy setting, Windows Messenger can be used.\n\nNote: If you enable this policy setting, Remote Assistance also cannot use Windows Messenger.\n\nNote: This policy setting is available under both Computer Configuration and User Configuration. If both are present, the Computer Configuration version of this policy setting takes precedence.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Messenger\\Client" ], "ValueName": "PreventRun", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsRemoteManagement.admx", "CategoryName": "WinRMClient", "PolicyName": "AllowBasic_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsRemoteManagement", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Allow Basic authentication", "ExplainText": "This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Basic authentication.\n\nIf you enable this policy setting, the WinRM client uses Basic authentication. If WinRM is configured to use HTTP transport, the user name and password are sent over the network as clear text.\n\nIf you disable or do not configure this policy setting, the WinRM client does not use Basic authentication.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WinRM\\Client" ], "ValueName": "AllowBasic", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsRemoteManagement.admx", "CategoryName": "WinRMClient", "PolicyName": "AllowUnencrypted_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsRemoteManagement", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Allow unencrypted traffic", "ExplainText": "This policy setting allows you to manage whether the Windows Remote Management (WinRM) client sends and receives unencrypted messages over the network.\n\nIf you enable this policy setting, the WinRM client sends and receives unencrypted messages over the network.\n\nIf you disable or do not configure this policy setting, the WinRM client sends or receives only encrypted messages over the network.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WinRM\\Client" ], "ValueName": "AllowUnencryptedTraffic", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsRemoteManagement.admx", "CategoryName": "WinRMClient", "PolicyName": "DisallowDigest", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsRemoteManagement", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Disallow Digest authentication", "ExplainText": "This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Digest authentication.\n\nIf you enable this policy setting, the WinRM client does not use Digest authentication.\n\nIf you disable or do not configure this policy setting, the WinRM client uses Digest authentication.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WinRM\\Client" ], "ValueName": "AllowDigest", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "WindowsRemoteManagement.admx", "CategoryName": "WinRMClient", "PolicyName": "DisallowNegotiate_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsRemoteManagement", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Disallow Negotiate authentication", "ExplainText": "This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Negotiate authentication.\n\nIf you enable this policy setting, the WinRM client does not use Negotiate authentication.\n\nIf you disable or do not configure this policy setting, the WinRM client uses Negotiate authentication.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WinRM\\Client" ], "ValueName": "AllowNegotiate", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "WindowsRemoteManagement.admx", "CategoryName": "WinRMClient", "PolicyName": "DisallowKerberos_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsRemoteManagement", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Disallow Kerberos authentication", "ExplainText": "This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Kerberos authentication directly.\n\nIf you enable this policy setting, the Windows Remote Management (WinRM) client does not use Kerberos authentication directly. Kerberos can still be used if the WinRM client is using the Negotiate authentication and Kerberos is selected.\n\nIf you disable or do not configure this policy setting, the WinRM client uses the Kerberos authentication directly.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WinRM\\Client" ], "ValueName": "AllowKerberos", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "WindowsRemoteManagement.admx", "CategoryName": "WinRMClient", "PolicyName": "AllowCredSSP_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsRemoteManagement", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Allow CredSSP authentication", "ExplainText": "This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses CredSSP authentication.\n\nIf you enable this policy setting, the WinRM client uses CredSSP authentication.\n\nIf you disable or do not configure this policy setting, the WinRM client does not use CredSSP authentication.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WinRM\\Client" ], "ValueName": "AllowCredSSP", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsRemoteManagement.admx", "CategoryName": "WinRMClient", "PolicyName": "TrustedHosts", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsRemoteManagement", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Trusted Hosts", "ExplainText": "This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses the list specified in TrustedHostsList to determine if the destination host is a trusted entity.\n\nIf you enable this policy setting, the WinRM client uses the list specified in TrustedHostsList to determine if the destination host is a trusted entity. The WinRM client uses this list when neither HTTPS nor Kerberos are used to authenticate the identity of the host.\n\nIf you disable or do not configure this policy setting and the WinRM client needs to use the list of trusted hosts, you must configure the list of trusted hosts locally on each computer.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WinRM\\Client\\TrustedHosts" ], "Elements": [ { "Type": "Text", "ValueName": "TrustedHostsList", "MaxLength": "1024" } ] }, { "File": "WindowsRemoteManagement.admx", "CategoryName": "WinRMService", "PolicyName": "AllowAutoConfig", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsRemoteManagement", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Allow remote server management through WinRM", "ExplainText": "This policy setting allows you to manage whether the Windows Remote Management (WinRM) service automatically listens on the network for requests on the HTTP transport over the default HTTP port.\n\nIf you enable this policy setting, the WinRM service automatically listens on the network for requests on the HTTP transport over the default HTTP port.\n\nTo allow WinRM service to receive requests over the network, configure the Windows Firewall policy setting with exceptions for Port 5985 (default port for HTTP).\n\nIf you disable or do not configure this policy setting, the WinRM service will not respond to requests from a remote computer, regardless of whether or not any WinRM listeners are configured.\n\nThe service listens on the addresses specified by the IPv4 and IPv6 filters. The IPv4 filter specifies one or more ranges of IPv4 addresses, and the IPv6 filter specifies one or more ranges of IPv6addresses. If specified, the service enumerates the available IP addresses on the computer and uses only addresses that fall within one of the filter ranges.\n\nYou should use an asterisk (*) to indicate that the service listens on all available IP addresses on the computer. When * is used, other ranges in the filter are ignored. If the filter is left blank, the service does not listen on any addresses.\n\nFor example, if you want the service to listen only on IPv4 addresses, leave the IPv6 filter empty.\n\nRanges are specified using the syntax IP1-IP2. Multiple ranges are separated using \",\" (comma) as the delimiter.\n\nExample IPv4 filters:\\n2.0.0.1-2.0.0.20, 24.0.0.1-24.0.0.22\nExample IPv6 filters:\\n3FFE:FFFF:7654:FEDA:1245:BA98:0000:0000-3FFE:FFFF:7654:FEDA:1245:BA98:3210:4562", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WinRM\\Service" ], "ValueName": "AllowAutoConfig", "Elements": [ { "Type": "Text", "ValueName": "IPv4Filter", "MaxLength": "1024" }, { "Type": "Text", "ValueName": "IPv6Filter", "MaxLength": "1024" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsRemoteManagement.admx", "CategoryName": "WinRMService", "PolicyName": "HttpCompatibilityListener", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsRemoteManagement", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn On Compatibility HTTP Listener", "ExplainText": "This policy setting turns on or turns off an HTTP listener created for backward compatibility purposes in the Windows Remote Management (WinRM) service.\n\nIf you enable this policy setting, the HTTP listener always appears.\n\nIf you disable or do not configure this policy setting, the HTTP listener never appears.\n\nWhen certain port 80 listeners are migrated to WinRM 2.0, the listener port number changes to 5985.\n\nA listener might be automatically created on port 80 to ensure backward compatibility.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WinRM\\Service" ], "ValueName": "HttpCompatibilityListener", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsRemoteManagement.admx", "CategoryName": "WinRMService", "PolicyName": "HttpsCompatibilityListener", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsRemoteManagement", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn On Compatibility HTTPS Listener", "ExplainText": "This policy setting turns on or turns off an HTTPS listener created for backward compatibility purposes in the Windows Remote Management (WinRM) service.\n\nIf you enable this policy setting, the HTTPS listener always appears.\n\nIf you disable or do not configure this policy setting, the HTTPS listener never appears.\n\nWhen certain port 443 listeners are migrated to WinRM 2.0, the listener port number changes to 5986.\n\nA listener might be automatically created on port 443 to ensure backward compatibility.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WinRM\\Service" ], "ValueName": "HttpsCompatibilityListener", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsRemoteManagement.admx", "CategoryName": "WinRMService", "PolicyName": "AllowBasic_1", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsRemoteManagement", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Allow Basic authentication", "ExplainText": "This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Basic authentication from a remote client.\n\nIf you enable this policy setting, the WinRM service accepts Basic authentication from a remote client.\n\nIf you disable or do not configure this policy setting, the WinRM service does not accept Basic authentication from a remote client.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WinRM\\Service" ], "ValueName": "AllowBasic", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsRemoteManagement.admx", "CategoryName": "WinRMService", "PolicyName": "AllowUnencrypted_1", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsRemoteManagement", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Allow unencrypted traffic", "ExplainText": "This policy setting allows you to manage whether the Windows Remote Management (WinRM) service sends and receives unencrypted messages over the network.\n\nIf you enable this policy setting, the WinRM client sends and receives unencrypted messages over the network.\n\nIf you disable or do not configure this policy setting, the WinRM client sends or receives only encrypted messages over the network.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WinRM\\Service" ], "ValueName": "AllowUnencryptedTraffic", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsRemoteManagement.admx", "CategoryName": "WinRMService", "PolicyName": "DisableRunAs", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsRemoteManagement", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Disallow WinRM from storing RunAs credentials", "ExplainText": "This policy setting allows you to manage whether the Windows Remote Management (WinRM) service will not allow RunAs credentials to be stored for any plug-ins.\n\nIf you enable this policy setting, the WinRM service will not allow the RunAsUser or RunAsPassword configuration values to be set for any plug-ins. If a plug-in has already set the RunAsUser and RunAsPassword configuration values, the RunAsPassword configuration value will be erased from the credential store on this computer.\n\nIf you disable or do not configure this policy setting, the WinRM service will allow the RunAsUser and RunAsPassword configuration values to be set for plug-ins and the RunAsPassword value will be stored securely.\n\nIf you enable and then disable this policy setting,any values that were previously configured for RunAsPassword will need to be reset.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WinRM\\Service" ], "ValueName": "DisableRunAs", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsRemoteManagement.admx", "CategoryName": "WinRMService", "PolicyName": "DisallowNegotiate_1", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsRemoteManagement", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Disallow Negotiate authentication", "ExplainText": "This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Negotiate authentication from a remote client.\n\nIf you enable this policy setting, the WinRM service does not accept Negotiate authentication from a remote client.\n\nIf you disable or do not configure this policy setting, the WinRM service accepts Negotiate authentication from a remote client.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WinRM\\Service" ], "ValueName": "AllowNegotiate", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "WindowsRemoteManagement.admx", "CategoryName": "WinRMService", "PolicyName": "DisallowKerberos_1", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsRemoteManagement", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Disallow Kerberos authentication", "ExplainText": "This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Kerberos credentials over the network.\n\nIf you enable this policy setting, the WinRM service does not accept Kerberos credentials over the network.\n\nIf you disable or do not configure this policy setting, the WinRM service accepts Kerberos authentication from a remote client.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WinRM\\Service" ], "ValueName": "AllowKerberos", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "WindowsRemoteManagement.admx", "CategoryName": "WinRMService", "PolicyName": "AllowCredSSP_1", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsRemoteManagement", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Allow CredSSP authentication", "ExplainText": "This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts CredSSP authentication from a remote client.\n\nIf you enable this policy setting, the WinRM service accepts CredSSP authentication from a remote client.\n\nIf you disable or do not configure this policy setting, the WinRM service does not accept CredSSP authentication from a remote client.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WinRM\\Service" ], "ValueName": "AllowCredSSP", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsRemoteManagement.admx", "CategoryName": "WinRMService", "PolicyName": "CBTHardeningLevel_1", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsRemoteManagement", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Specify channel binding token hardening level", "ExplainText": "This policy setting allows you to set the hardening level of the Windows Remote Management (WinRM) service with regard to channel binding tokens.\n\nIf you enable this policy setting, the WinRM service uses the level specified in HardeningLevel to determine whether or not to accept a received request, based on a supplied channel binding token.\n\nIf you disable or do not configure this policy setting, you can configure the hardening level locally on each computer.\n\nIf HardeningLevel is set to Strict, any request not containing a valid channel binding token is rejected.\n\nIf HardeningLevel is set to Relaxed (default value), any request containing an invalid channel binding token is rejected. However, a request that does not contain a channel binding token is accepted (though it is not protected from credential-forwarding attacks).\n\nIf HardeningLevel is set to None, all requests are accepted (though they are not protected from credential-forwarding attacks).", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WinRM\\Service\\CBTHardeningLevelStatus" ], "Elements": [ { "Type": "Enum", "ValueName": "CbtHardeningLevel", "Items": [ { "DisplayName": "None", "Data": "None" }, { "DisplayName": "Relaxed", "Data": "Relaxed" }, { "DisplayName": "Strict", "Data": "Strict" } ] } ] }, { "File": "WindowsRemoteShell.admx", "CategoryName": "WinRS", "PolicyName": "AllowRemoteShellAccess", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsRemoteShell", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Allow Remote Shell Access", "ExplainText": "This policy setting configures access to remote shells.\n\nIf you enable or do not configure this policy setting, new remote shell connections are accepted by the server.\n\nIf you set this policy to \u2018disabled\u2019, new remote shell connections are rejected by the server.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WinRM\\Service\\WinRS" ], "ValueName": "AllowRemoteShellAccess", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsRemoteShell.admx", "CategoryName": "WinRS", "PolicyName": "IdleTimeout", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsRemoteShell", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Specify idle Timeout", "ExplainText": "This policy setting configures the maximum time in milliseconds remote shell will stay open without any user activity until it is automatically deleted.\n\nAny value from 0 to 0x7FFFFFFF can be set. A minimum of 60000 milliseconds (1 minute) is used for smaller values.\n\nIf you enable this policy setting, the server will wait for the specified amount of time since the last received message from the client before terminating the open shell.\n\nIf you do not configure or disable this policy setting, the default value of 900000 or 15 min will be used.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WinRM\\Service\\WinRS" ], "Elements": [ { "Type": "Decimal", "ValueName": "IdleTimeout", "MinValue": "0", "MaxValue": "2147483647" } ] }, { "File": "WindowsRemoteShell.admx", "CategoryName": "WinRS", "PolicyName": "MaxConcurrentUsers", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsRemoteShell", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "MaxConcurrentUsers", "ExplainText": "This policy setting configures the maximum number of users able to concurrently perform remote shell operations on the system.\n\nThe value can be any number from 1 to 100.\n\nIf you enable this policy setting, the new shell connections are rejected if they exceed the specified limit.\n\nIf you disable or do not configure this policy setting, the default number is five users.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WinRM\\Service\\WinRS" ], "Elements": [ { "Type": "Decimal", "ValueName": "MaxConcurrentUsers", "MinValue": "1", "MaxValue": "100" } ] }, { "File": "WindowsRemoteShell.admx", "CategoryName": "WinRS", "PolicyName": "MaxMemoryPerShellMB", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsRemoteShell", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Specify maximum amount of memory in MB per Shell", "ExplainText": "This policy setting configures the maximum total amount of memory in megabytes that can be allocated by any active remote shell and all its child processes.\n\nAny value from 0 to 0x7FFFFFFF can be set, where 0 equals unlimited memory, which means the ability of remote operations to allocate memory is only limited by the available virtual memory.\n\nIf you enable this policy setting, the remote operation is terminated when a new allocation exceeds the specified quota.\n\nIf you disable or do not configure this policy setting, the value 150 is used by default.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WinRM\\Service\\WinRS" ], "Elements": [ { "Type": "Decimal", "ValueName": "MaxMemoryPerShellMB", "MinValue": "0", "MaxValue": "2147483647" } ] }, { "File": "WindowsRemoteShell.admx", "CategoryName": "WinRS", "PolicyName": "MaxProcessesPerShell", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsRemoteShell", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Specify maximum number of processes per Shell", "ExplainText": "This policy setting configures the maximum number of processes a remote shell is allowed to launch.\n\nIf you enable this policy setting, you can specify any number from 0 to 0x7FFFFFFF to set the maximum number of process per shell. Zero (0) means unlimited number of processes.\n\nIf you disable or do not configure this policy setting, the limit is five processes per shell.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WinRM\\Service\\WinRS" ], "Elements": [ { "Type": "Decimal", "ValueName": "MaxProcessesPerShell", "MinValue": "0", "MaxValue": "2147483647" } ] }, { "File": "WindowsRemoteShell.admx", "CategoryName": "WinRS", "PolicyName": "ShellTimeOut", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsRemoteShell", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Specify Shell Timeout", "ExplainText": "This policy setting is deprecated and has no effect when set to any state: Enabled, Disabled, or Not Configured.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WinRM\\Service\\WinRS" ], "Elements": [ { "Type": "Decimal", "ValueName": "ShellTimeOut", "MinValue": "0", "MaxValue": "2147483647" } ] }, { "File": "WindowsRemoteShell.admx", "CategoryName": "WinRS", "PolicyName": "MaxShellsPerUser", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsRemoteShell", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Specify maximum number of remote shells per user", "ExplainText": "This policy setting configures the maximum number of concurrent shells any user can remotely open on the same system.\n\nAny number from 0 to 0x7FFFFFFF cand be set, where 0 means unlimited number of shells.\n\nIf you enable this policy setting, the user cannot open new remote shells if the count exceeds the specified limit.\n\nIf you disable or do not configure this policy setting, by default the limit is set to two remote shells per user.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WinRM\\Service\\WinRS" ], "Elements": [ { "Type": "Decimal", "ValueName": "MaxShellsPerUser", "MinValue": "0", "MaxValue": "2147483647" } ] }, { "File": "WindowsSandbox.admx", "CategoryName": "WindowsSandbox", "PolicyName": "AllowVGPU", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsSandbox", "Supported": "Windows_11_0_NOSERVER_ENTERPRISE_EDUCATION_PRO_SANDBOX - At least Windows 11 Pro, Enterprise, or Education with Windows Sandbox", "DisplayName": "Allow vGPU sharing for Windows Sandbox", "ExplainText": "This policy setting is to enable or disable the virtualized GPU.\n\nIf you enable this policy setting, vGPU will be supported in the Windows Sandbox.\n\nIf you disable this policy setting, Windows Sandbox will use software rendering, which can be slower than virtualized GPU.\n\nIf you do not configure this policy setting, vGPU will be enabled.\n\nNote that enabling virtualized GPU can potentially increase the attack surface of the sandbox.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Sandbox" ], "ValueName": "AllowVGPU", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsSandbox.admx", "CategoryName": "WindowsSandbox", "PolicyName": "AllowNetworking", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsSandbox", "Supported": "Windows_11_0_NOSERVER_ENTERPRISE_EDUCATION_PRO_SANDBOX - At least Windows 11 Pro, Enterprise, or Education with Windows Sandbox", "DisplayName": "Allow networking in Windows Sandbox", "ExplainText": "This policy setting enables or disables networking in the sandbox. You can disable network access to decrease the attack surface exposed by the sandbox.\n\nIf you enable this policy setting, networking is done by creating a virtual switch on the host, and connects the Windows Sandbox to it via a virtual NIC.\n\nIf you disable this policy setting, networking is disabled in Windows Sandbox.\n\nIf you do not configure this policy setting, networking will be enabled.\n\nNote that enabling networking can expose untrusted applications to the internal network.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Sandbox" ], "ValueName": "AllowNetworking", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsSandbox.admx", "CategoryName": "WindowsSandbox", "PolicyName": "AllowAudioInput", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsSandbox", "Supported": "Windows_11_0_NOSERVER_ENTERPRISE_EDUCATION_PRO_SANDBOX - At least Windows 11 Pro, Enterprise, or Education with Windows Sandbox", "DisplayName": "Allow audio input in Windows Sandbox", "ExplainText": "This policy setting enables or disables audio input to the Sandbox.\n\nIf you enable this policy setting, Windows Sandbox will be able to receive audio input from the user. Applications using a microphone may require this setting.\n\nIf you disable this policy setting, Windows Sandbox will not be able to receive audio input from the user. Applications using a microphone may not function properly with this setting.\n\nIf you do not configure this policy setting, audio input will be enabled.\n\nNote that there may be security implications of exposing host audio input to the container.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Sandbox" ], "ValueName": "AllowAudioInput", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsSandbox.admx", "CategoryName": "WindowsSandbox", "PolicyName": "AllowVideoInput", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsSandbox", "Supported": "Windows_11_0_NOSERVER_ENTERPRISE_EDUCATION_PRO_SANDBOX - At least Windows 11 Pro, Enterprise, or Education with Windows Sandbox", "DisplayName": "Allow video input in Windows Sandbox", "ExplainText": "This policy setting enables or disables video input to the Sandbox.\n\nIf you enable this policy setting, video input is enabled in Windows Sandbox.\n\nIf you disable this policy setting, video input is disabled in Windows Sandbox. Applications using video input may not function properly in Windows Sandbox.\n\nIf you do not configure this policy setting, video input will be disabled. Applications that use video input may not function properly in Windows Sandbox.\n\nNote that there may be security implications of exposing host video input to the container.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Sandbox" ], "ValueName": "AllowVideoInput", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsSandbox.admx", "CategoryName": "WindowsSandbox", "PolicyName": "AllowPrinterRedirection", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsSandbox", "Supported": "Windows_11_0_NOSERVER_ENTERPRISE_EDUCATION_PRO_SANDBOX - At least Windows 11 Pro, Enterprise, or Education with Windows Sandbox", "DisplayName": "Allow printer sharing with Windows Sandbox", "ExplainText": "This policy setting enables or disables printer sharing from the host into the Sandbox.\n\nIf you enable this policy setting, host printers will be shared into Windows Sandbox.\n\nIf you disable this policy setting, Windows Sandbox will not be able to view printers from the host.\n\nIf you do not configure this policy setting, printer redirection will be disabled.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Sandbox" ], "ValueName": "AllowPrinterRedirection", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsSandbox.admx", "CategoryName": "WindowsSandbox", "PolicyName": "AllowClipboardRedirection", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsSandbox", "Supported": "Windows_11_0_NOSERVER_ENTERPRISE_EDUCATION_PRO_SANDBOX - At least Windows 11 Pro, Enterprise, or Education with Windows Sandbox", "DisplayName": "Allow clipboard sharing with Windows Sandbox", "ExplainText": "This policy setting enables or disables clipboard sharing with the sandbox.\n\nIf you enable this policy setting, copy and paste between the host and Windows Sandbox are permitted.\n\nIf you disable this policy setting, copy and paste in and out of Sandbox will be restricted.\n\nIf you do not configure this policy setting, clipboard sharing will be enabled.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Sandbox" ], "ValueName": "AllowClipboardRedirection", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsSandbox.admx", "CategoryName": "WindowsSandbox", "PolicyName": "AllowMappedFolders", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsSandbox", "Supported": "Windows_11_0_NOSERVER_ENTERPRISE_EDUCATION_PRO_SANDBOX - At least Windows 11 Pro, Enterprise, or Education with Windows Sandbox", "DisplayName": "Allow mapping folders into Windows Sandbox", "ExplainText": "This policy setting enables or disables mapping folders into sandbox.\n\nIf you enable this policy setting, mapping folders from the host into Sandbox will be permitted.\n\nIf you enable this policy setting and disable write to mapped folders, mapping folders from the host into Sandbox will be permitted, but Sandbox will only have permission to read the files.\n\nIf you disable this policy setting, mapping folders from the host into Sandbox will not be permitted.\n\nIf you do not configure this policy setting, mapped folders will be enabled.\n\nNote that there may be security implications of exposing folders from the host into the container.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Sandbox" ], "ValueName": "AllowMappedFolders", "Elements": [ { "Type": "Boolean", "ValueName": "AllowWriteToMappedFolders", "TrueValue": "1", "FalseValue": "0" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsStore.admx", "CategoryName": "WindowsStore", "PolicyName": "RemoveWindowsStore_1", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsStore", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Turn off the Store application", "ExplainText": "Denies or allows access to the Store application.\n\nIf you enable this setting, access to the Store application is denied. Access to the Store is required for installing app updates.\n\nIf you disable or don't configure this setting, access to the Store application is allowed.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\WindowsStore" ], "ValueName": "RemoveWindowsStore", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsStore.admx", "CategoryName": "WindowsStore", "PolicyName": "RemoveWindowsStore_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsStore", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Turn off the Store application", "ExplainText": "Denies or allows access to the Store application.\n\nIf you enable this setting, access to the Store application is denied. Access to the Store is required for installing app updates.\n\nIf you disable or don't configure this setting, access to the Store application is allowed.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\WindowsStore" ], "ValueName": "RemoveWindowsStore", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsStore.admx", "CategoryName": "WindowsStore", "PolicyName": "DisableAutoInstall", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsStore", "Supported": "Windows_6_3 - At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1", "DisplayName": "Turn off Automatic Download and Install of updates", "ExplainText": "Enables or disables the automatic download and installation of app updates.\n\nIf you enable this setting, the automatic download and installation of app updates is turned off.\n\nIf you disable this setting, the automatic download and installation of app updates is turned on.\n\nIf you don't configure this setting, the automatic download and installation of app updates is determined by a registry setting that the user can change using Settings in the Microsoft Store.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\WindowsStore" ], "ValueName": "AutoDownload", "Elements": [ { "Type": "EnabledValue", "Data": "2" }, { "Type": "DisabledValue", "Data": "4" } ] }, { "File": "WindowsStore.admx", "CategoryName": "WindowsStore", "PolicyName": "DisableAutoDownloadWin8", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsStore", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Turn off Automatic Download of updates on Win8 machines", "ExplainText": "Enables or disables the automatic download of app updates on PCs running Windows 8.\n\nIf you enable this setting, the automatic download of app updates is turned off.\n\nIf you disable this setting, the automatic download of app updates is turned on.\n\nIf you don't configure this setting, the automatic download of app updates is determined by a registry setting that the user can change using Settings in the Microsoft Store.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\WindowsStore" ], "ValueName": "AutoDownload", "Elements": [ { "Type": "EnabledValue", "Data": "2" }, { "Type": "DisabledValue", "Data": "3" } ] }, { "File": "WindowsStore.admx", "CategoryName": "WindowsStore", "PolicyName": "DisableOSUpgrade_1", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsStore", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Turn off the offer to update to the latest version of Windows", "ExplainText": "Enables or disables the Store offer to update to the latest version of Windows.\n\nIf you enable this setting, the Store application will not offer updates to the latest version of Windows.\n\nIf you disable or do not configure this setting the Store application will offer updates to the latest version of Windows.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\WindowsStore" ], "ValueName": "DisableOSUpgrade", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsStore.admx", "CategoryName": "WindowsStore", "PolicyName": "DisableOSUpgrade_2", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsStore", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Turn off the offer to update to the latest version of Windows", "ExplainText": "Enables or disables the Store offer to update to the latest version of Windows.\n\nIf you enable this setting, the Store application will not offer updates to the latest version of Windows.\n\nIf you disable or do not configure this setting the Store application will offer updates to the latest version of Windows.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\WindowsStore" ], "ValueName": "DisableOSUpgrade", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsStore.admx", "CategoryName": "WindowsStore", "PolicyName": "DisableStoreApps", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsStore", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Disable all apps from Microsoft Store", "ExplainText": "Disable\u00a0turns off the launch of all apps from the Microsoft Store that came pre-installed or were downloaded. Apps will not be updated. Your Store will also be disabled.\u00a0Enable\u00a0turns all of it back on. This setting applies only to Enterprise and Education editions of Windows.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\WindowsStore" ], "ValueName": "DisableStoreApps", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "WindowsStore.admx", "CategoryName": "WindowsStore", "PolicyName": "RequirePrivateStoreOnly", "Class": "Both", "NameSpace": "Microsoft.Policies.WindowsStore", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Only display the private store within the Microsoft Store", "ExplainText": "Denies access to the retail catalog in the Microsoft Store, but displays the private store.\n\nIf you enable this setting, users will not be able to view the retail catalog in the Microsoft Store, but they will be able to view apps in the private store.\n\nIf you disable or don't configure this setting, users can access the retail catalog in the Microsoft Store.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\WindowsStore", "HKCU\\Software\\Policies\\Microsoft\\WindowsStore" ], "ValueName": "RequirePrivateStoreOnly", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsUpdate.admx", "CategoryName": "System", "PolicyName": "NoAutoUpdate", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsUpdate", "Supported": "WindowsXPOnly - Windows XP Professional only", "DisplayName": "Windows Automatic Updates", "ExplainText": "This setting controls automatic updates to a user's computer.\n\nWhenever a user connects to the Internet, Windows searches for updates available for the software and hardware on their computer and automatically downloads them. This happens in the background, and the user is prompted when downloaded components are ready to be installed, or prior to downloading, depending on their configuration.\n\nIf you enable this setting, it prohibits Windows from searching for updates.\n\nIf you disable or do not configure it, Windows searches for updates and automatically downloads them.\n\nNote: Windows Update is an online catalog customized for your computer that consists of items such as drivers, critical updates, Help files, and Internet products that you can download to keep your computer up to date.\n\nAlso, see the \"Remove links and access to Windows Update\" setting. If the \"Remove links and access to Windows Update\" setting is enabled, the links to Windows Update on the Start menu are also removed.\n\nNote: If you have installed Windows XP Service Pack 1 or the update to Automatic Updates that was released after Windows XP was originally shipped, then you should use the new Automatic Updates settings located at: 'Computer Configuration / Administrative Templates / Windows Update'", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" ], "ValueName": "NoAutoUpdate", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsUpdate.admx", "CategoryName": "PreSV", "PolicyName": "AUDontShowUasPolicy", "Class": "Both", "NameSpace": "Microsoft.Policies.WindowsUpdate", "Supported": "WU_SUPPORTED_Windows7ToXPSP2 - Windows 7, Windows Server 2008 R2, Windows Vista, Windows XP SP2", "DisplayName": "Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box", "ExplainText": "This policy setting allows you to manage whether the 'Install Updates and Shut Down' option is displayed in the Shut Down Windows dialog box.\n\nIf you enable this policy setting, 'Install Updates and Shut Down' will not appear as a choice in the Shut Down Windows dialog box, even if updates are available for installation when the user selects the Shut Down option in the Start menu.\n\nIf you disable or do not configure this policy setting, the 'Install Updates and Shut Down' option will be available in the Shut Down Windows dialog box if updates are available when the user selects the Shut Down option in the Start menu.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU", "HKCU\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU" ], "ValueName": "NoAUShutdownOption", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsUpdate.admx", "CategoryName": "PreSV", "PolicyName": "AUNoUasDefaultPolicy_User", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsUpdate", "Supported": "WU_SUPPORTED_Windows7ToXPSP2 - Windows 7, Windows Server 2008 R2, Windows Vista, Windows XP SP2", "DisplayName": "Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box", "ExplainText": "This policy setting allows you to manage whether the 'Install Updates and Shut Down' option is allowed to be the default choice in the Shut Down Windows dialog.\n\nIf you enable this policy setting, the user's last shut down choice (Hibernate, Restart, etc.) is the default option in the Shut Down Windows dialog box, regardless of whether the 'Install Updates and Shut Down' option is available in the 'What do you want the computer to do?' list.\n\nIf you disable or do not configure this policy setting, the 'Install Updates and Shut Down' option will be the default option in the Shut Down Windows dialog box if updates are available for installation at the time the user selects the Shut Down option in the Start menu.\n\nNote that this policy setting has no impact if the User Configuration\\Administrative Templates\\Windows Components\\Windows Update\\Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box policy setting is enabled.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU" ], "ValueName": "NoAUAsDefaultShutdownOption", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsUpdate.admx", "CategoryName": "PreSV", "PolicyName": "AUNoUasDefaultPolicy_Mach", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsUpdate", "Supported": "WU_SUPPORTED_Windows7ToXPSP2 - Windows 7, Windows Server 2008 R2, Windows Vista, Windows XP SP2", "DisplayName": "Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box", "ExplainText": "This policy setting allows you to manage whether the 'Install Updates and Shut Down' option is allowed to be the default choice in the Shut Down Windows dialog.\n\nIf you enable this policy setting, the user's last shut down choice (Hibernate, Restart, etc.) is the default option in the Shut Down Windows dialog box, regardless of whether the 'Install Updates and Shut Down' option is available in the 'What do you want the computer to do?' list.\n\nIf you disable or do not configure this policy setting, the 'Install Updates and Shut Down' option will be the default option in the Shut Down Windows dialog box if updates are available for installation at the time the user selects the Shut Down option in the Start menu.\n\nNote that this policy setting has no impact if the Computer Configuration\\Administrative Templates\\Windows Components\\Windows Update\\Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box policy setting is enabled.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU" ], "ValueName": "NoAUAsDefaultShutdownOption", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsUpdate.admx", "CategoryName": "WSUSOffering", "PolicyName": "RemoveWindowsUpdate", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsUpdate", "Supported": "WU_SUPPORTED_Win2kSP3_Or_XPSP1_Through_Win81_or_Server2012R2 - At least Windows XP Professional Service Pack 1 or At least Windows 2000 Service Pack 3 through Windows 8.1 or Windows Server 2012 R2 with most current service pack. Not supported on Windows 10 and above.", "DisplayName": "Remove access to use all Windows Update features", "ExplainText": "This setting allows you to remove access to Windows Update.\n\nIf you enable this setting, all Windows Update features are removed. This includes blocking access to the Windows Update Web site at http://windowsupdate.microsoft.com, from the Windows Update hyperlink on the Start menu, and also on the Tools menu in Internet Explorer. Windows automatic updating is also disabled; you will neither be notified about nor will you receive critical updates from Windows Update. This setting also prevents Device Manager from automatically installing driver updates from the Windows Update Web site.\n\nIf enabled you can configure one of the following notification options:\n\n0 = Do not show any notifications\n\nThis setting will remove all access to Windows Update features and no notifications will be shown.\n\n1 = Show restart required notifications\n\nThis setting will show notifications about restarts that are required to complete an installation.\n\nOn Windows 8 and Windows RT, if this policy is Enabled, then only notifications related to restarts and the inability to detect updates will be shown. The notification options are not supported. Notifications on the login screen will always show up.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\WindowsUpdate" ], "ValueName": "DisableWindowsUpdateAccess", "Elements": [ { "Type": "Enum", "ValueName": "DisableWindowsUpdateAccessMode", "Items": [ { "DisplayName": "0 - Do not show any notifications", "Data": "0" }, { "DisplayName": "1 - Show restart required notifications", "Data": "1" } ], "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsUpdate.admx", "CategoryName": "WindowsUpdateExperience", "PolicyName": "AutoUpdateCfg", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsUpdate", "Supported": "WU_SUPPORTED_XPSP1_or_Win2kSP3_AUOption7_SUPPORTED_Server2016 - Windows XP Professional Service Pack 1 or At least Windows 2000 Service Pack 3 Option 7 only supported on servers of at least Windows Server 2016 edition\u200b", "DisplayName": "Configure Automatic Updates", "ExplainText": "Specifies whether this computer will receive security updates and other important downloads through the Windows automatic updating service.\n\nNote: This policy does not apply to Windows RT.\n\nThis setting lets you specify whether automatic updates are enabled on this computer. If the service is enabled, you must select one of the four options in the Group Policy Setting:\n\n2 = Notify before downloading and installing any updates.\n\nWhen Windows finds updates that apply to this computer, users will be notified that updates are ready to be downloaded. After going to Windows Update, users can download and install any available updates.\n\n3 = (Default setting) Download the updates automatically and notify when they are ready to be installed\n\nWindows finds updates that apply to the computer and downloads them in the background (the user is not notified or interrupted during this process). When the downloads are complete, users will be notified that they are ready to install. After going to Windows Update, users can install them.\n\n4 = Automatically download updates and install them on the schedule specified below.\n\nWhen \"Automatic\" is selected as the scheduled install time, Windows will automatically check, download, and install updates. The device will reboot as per Windows default settings unless configured by group policy. (Applies to Windows 10, version 1809 and higher)\n\nSpecify the schedule using the options in the Group Policy Setting. For version 1709 and above, there is an additional choice of limiting updating to a weekly, bi-weekly, or monthly occurrence. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM. If any updates require a restart to complete the installation, Windows will restart the computer automatically. (If a user is signed in to the computer when Windows is ready to restart, the user will be notified and given the option to delay the restart.)\n\nOn Windows 8 and later, you can set updates to install during automatic maintenance instead of a specific schedule. Automatic maintenance will install updates when the computer is not in use and avoid doing so when the computer is running on battery power. If automatic maintenance is unable to install updates for 2 days, Windows Update will install updates right away. Users will then be notified about an upcoming restart, and that restart will only take place if there is no potential for accidental data loss.\n\n5 = Allow local administrators to select the configuration mode that Automatic Updates should notify and install updates. (This option has not been carried over to any Win 10 Versions)\n\nWith this option, local administrators will be allowed to use the Windows Update control panel to select a configuration option of their choice. Local administrators will not be allowed to disable the configuration for Automatic Updates.\n\n7 = Notify for install and notify for restart. (Windows Server only)\n\nWith this option from Windows Server 2016, applicable only to Server SKU devices, local administrators will be allowed to use Windows Update to proceed with installations or reboots manually.\n\nIf the status for this policy is set to Disabled, any updates that are available on Windows Update must be downloaded and installed manually. To do this, search for Windows Update using Start.\n\nIf the status is set to Not Configured, use of Automatic Updates is not specified at the Group Policy level. However, an administrator can still configure Automatic Updates through Control Panel.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU" ], "ValueName": "NoAutoUpdate", "Elements": [ { "Type": "Enum", "ValueName": "AUOptions", "Items": [ { "DisplayName": "2 - Notify for download and auto install", "Data": "2" }, { "DisplayName": "3 - Auto download and notify for install", "Data": "3" }, { "DisplayName": "4 - Auto download and schedule the install", "Data": "4" }, { "DisplayName": "5 - Allow local admin to choose setting", "Data": "5" }, { "DisplayName": "7 - Auto Download, Notify to install, Notify to Restart", "Data": "7" } ], "Required": true }, { "Type": "Boolean", "ValueName": "AutomaticMaintenanceEnabled", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Enum", "ValueName": "ScheduledInstallDay", "Items": [ { "DisplayName": "0 - Every day", "Data": "0" }, { "DisplayName": "1 - Every Sunday", "Data": "1" }, { "DisplayName": "2 - Every Monday", "Data": "2" }, { "DisplayName": "3 - Every Tuesday", "Data": "3" }, { "DisplayName": "4 - Every Wednesday", "Data": "4" }, { "DisplayName": "5 - Every Thursday", "Data": "5" }, { "DisplayName": "6 - Every Friday", "Data": "6" }, { "DisplayName": "7 - Every Saturday", "Data": "7" } ], "Required": true }, { "Type": "Enum", "ValueName": "ScheduledInstallTime", "Items": [ { "DisplayName": "Automatic", "Data": "24" }, { "DisplayName": "00:00", "Data": "0" }, { "DisplayName": "01:00", "Data": "1" }, { "DisplayName": "02:00", "Data": "2" }, { "DisplayName": "03:00", "Data": "3" }, { "DisplayName": "04:00", "Data": "4" }, { "DisplayName": "05:00", "Data": "5" }, { "DisplayName": "06:00", "Data": "6" }, { "DisplayName": "07:00", "Data": "7" }, { "DisplayName": "08:00", "Data": "8" }, { "DisplayName": "09:00", "Data": "9" }, { "DisplayName": "10:00", "Data": "10" }, { "DisplayName": "11:00", "Data": "11" }, { "DisplayName": "12:00", "Data": "12" }, { "DisplayName": "13:00", "Data": "13" }, { "DisplayName": "14:00", "Data": "14" }, { "DisplayName": "15:00", "Data": "15" }, { "DisplayName": "16:00", "Data": "16" }, { "DisplayName": "17:00", "Data": "17" }, { "DisplayName": "18:00", "Data": "18" }, { "DisplayName": "19:00", "Data": "19" }, { "DisplayName": "20:00", "Data": "20" }, { "DisplayName": "21:00", "Data": "21" }, { "DisplayName": "22:00", "Data": "22" }, { "DisplayName": "23:00", "Data": "23" } ], "Required": true }, { "Type": "Boolean", "ValueName": "AllowMUUpdateService", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "ScheduledInstallEveryWeek", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "ScheduledInstallFirstWeek", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "ScheduledInstallSecondWeek", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "ScheduledInstallThirdWeek", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "ScheduledInstallFourthWeek", "TrueValue": "1", "FalseValue": "0" }, { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "WindowsUpdate.admx", "CategoryName": "WSUSOffering", "PolicyName": "CorpWuURL", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsUpdate", "Supported": "WU_SUPPORTED_Win2kSP3_Or_XPSP1_NoWinRT - At least Windows XP Professional Service Pack 1 or Windows 2000 Service Pack 3, excluding Windows RT", "DisplayName": "Specify intranet Microsoft update service location", "ExplainText": "Specifies an intranet server to host updates from Microsoft Update. You can then use this update service to automatically update computers on your network.\n\nThis setting lets you specify a server on your network to function as an internal update service. The Automatic Updates client will search this service for updates that apply to the computers on your network.\n\nTo use this setting, you must set two server name values: the server from which the Automatic Updates client detects and downloads updates, and the server to which updated workstations upload statistics. You can set both values to be the same server. An optional server name value can be specified to configure Windows Update Agent to download updates from an alternate download server instead of the intranet update service.\n\nIf the status is set to Enabled, the Automatic Updates client connects to the specified intranet Microsoft update service (or alternate download server), instead of Windows Update, to search for and download updates. Enabling this setting means that end users in your organization don't have to go through a firewall to get updates, and it gives you the opportunity to test updates before deploying them.\n\nIf the status is set to Disabled or Not Configured, and if Automatic Updates is not disabled by policy or user preference, the Automatic Updates client connects directly to the Windows Update site on the Internet.\n\nThe alternate download server configures the Windows Update Agent to download files from an alternative download server instead of the intranet update service.\n\nThe option to download files with missing Urls allows content to be downloaded from the Alternate Download Server when there are no download Urls for files in the update metadata. This option should only be used when the intranet update service does not provide download Urls in the update metadata for files which are present on the alternate download server.\n\nNote: If the \"Configure Automatic Updates\" policy is disabled, then this policy has no effect.\n\nNote: If the \"Alternate Download Server\" is not set, it will use the intranet update service by default to download updates.\n\nNote: The option to \"Download files with no Url...\" is only used if the \"Alternate Download Server\" is set.\n\nNote: This policy is not supported on Windows RT. Setting this policy will not have any effect on Windows RT PCs.\n\nTo ensure the highest level of security, Microsoft recommends securing WSUS with TLS/SSL protocol, thereby using HTTPS based intranet servers to keep systems secure. If a proxy is required, we recommend configuring system proxy. To ensure highest levels of security, additionally leverage WSUS TLS certificate pinning on all devices.\n\nIn order to keep clients inherently secure, we are no longer allowing intranet servers to leverage user proxy by default for detecting updates. If you need to leverage user proxy for detecting updates while using an intranet server despite the vulnerabilities it presents, you must configure the proxy behavior to \"Allow user proxy to be used as a fallback if detection using system proxy fails\".\n\nDetection for updates against intranet servers will fail when user proxy is needed as a fallback and the alternate proxy behavior is not configured.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate" ], "Elements": [ { "Type": "Text", "ValueName": "WUServer", "Required": true }, { "Type": "Text", "ValueName": "WUStatusServer", "Required": true }, { "Type": "Text", "ValueName": "UpdateServiceUrlAlternate", "Required": false }, { "Type": "Boolean", "ValueName": "FillEmptyContentUrls", "TrueValue": "1", "FalseValue": "0", "Required": false }, { "Type": "Boolean", "ValueName": "DoNotEnforceEnterpriseTLSCertPinningForUpdateDetection", "TrueValue": "1", "FalseValue": "0", "Required": false }, { "Type": "Enum", "ValueName": "SetProxyBehaviorForUpdateDetection", "Items": [ { "DisplayName": "Only use system proxy for detecting updates (default)", "Data": "0" }, { "DisplayName": "Allow user proxy to be used as a fallback if detection using system proxy fails", "Data": "1" } ], "Required": true }, { "Type": "EnabledList", "ValueName": "UseWUServer", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "UseWUServer", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU" ], "Data": "0" } ] }, { "File": "WindowsUpdate.admx", "CategoryName": "WSUSOffering", "PolicyName": "UpdateClassPolicySource_Title", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsUpdate", "Supported": "WU_SUPPORTED_Windows_Server_2022_Windows_10_0_2004 - At least Windows Server 2022, or Windows 10 Version 2004\u200b", "DisplayName": "Specify source service for specific classes of Windows Updates", "ExplainText": "When this policy is enabled, devices will receive Windows updates for the classes listed from the specified update source: either Windows Update or Windows Server Update Service.\n\nNote: To receive any updates from the Windows Server Update Service you must have properly configured an intranet Microsoft update service location via the \"Specify intranet Microsoft update service location\" policy.\n\nIf this policy is not configured or is disabled, the device will continue to detect updates per your other policy configurations.\n\nNote: If you are using \"Do not allow deferral policies to cause scans against Windows Update\" currently to ensure devices only scan against your specified server, we recommend configuring this policy instead or in addition to such.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate" ], "Elements": [ { "Type": "Enum", "ValueName": "SetPolicyDrivenUpdateSourceForFeatureUpdates", "Items": [ { "DisplayName": "Windows Server Update Services", "Data": "1" }, { "DisplayName": "Windows Update", "Data": "0" } ], "Required": true }, { "Type": "Enum", "ValueName": "SetPolicyDrivenUpdateSourceForQualityUpdates", "Items": [ { "DisplayName": "Windows Server Update Services", "Data": "1" }, { "DisplayName": "Windows Update", "Data": "0" } ], "Required": true }, { "Type": "Enum", "ValueName": "SetPolicyDrivenUpdateSourceForDriverUpdates", "Items": [ { "DisplayName": "Windows Server Update Services", "Data": "1" }, { "DisplayName": "Windows Update", "Data": "0" } ], "Required": true }, { "Type": "Enum", "ValueName": "SetPolicyDrivenUpdateSourceForOtherUpdates", "Items": [ { "DisplayName": "Windows Server Update Services", "Data": "1" }, { "DisplayName": "Windows Update", "Data": "0" } ], "Required": true }, { "Type": "EnabledList", "ValueName": "UseUpdateClassPolicySource", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU" ], "Data": "1" }, { "Type": "DisabledList", "ValueName": "UseUpdateClassPolicySource", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU" ], "Data": "0" } ] }, { "File": "WindowsUpdate.admx", "CategoryName": "WSUSOffering", "PolicyName": "DetectionFrequency_Title", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsUpdate", "Supported": "WU_SUPPORTED_Win2kSP3_Or_XPSP1_NoWinRT - At least Windows XP Professional Service Pack 1 or Windows 2000 Service Pack 3, excluding Windows RT", "DisplayName": "Automatic Updates detection frequency", "ExplainText": "Specifies the hours that Windows will use to determine how long to wait before checking for available updates. The exact wait time is a sum of the specific value and a random variant of 0-4 hours.\n\nIf the status is set to Enabled, Windows will check for available updates at the specified interval.\n\nIf the status is set to Disabled or Not Configured, Windows will check for available updates at the default interval of 22 hours.\n\nNote: The \"Specify intranet Microsoft update service location\" setting must be enabled for this policy to have effect.\n\nNote: If the \"Configure Automatic Updates\" policy is disabled, this policy has no effect.\n\nNote: This policy is not supported on Windows RT. Setting this policy will not have any effect on Windows RT PCs.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU" ], "ValueName": "DetectionFrequencyEnabled", "Elements": [ { "Type": "Decimal", "ValueName": "DetectionFrequency", "MinValue": "1", "MaxValue": "22", "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsUpdate.admx", "CategoryName": "PreSV", "PolicyName": "ElevateNonAdmins_Title", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsUpdate", "Supported": "WU_SUPPORTED_Win2kSP3_Or_XPSP1_Through_Win81_or_Server2012R2 - At least Windows XP Professional Service Pack 1 or At least Windows 2000 Service Pack 3 through Windows 8.1 or Windows Server 2012 R2 with most current service pack. Not supported on Windows 10 and above.", "DisplayName": "Allow non-administrators to receive update notifications", "ExplainText": "This policy setting allows you to control whether non-administrative users will receive update notifications based on the \"Configure Automatic Updates\" policy setting.\n\nIf you enable this policy setting, Windows Automatic Update and Microsoft Update will include non-administrators when determining which logged-on user should receive update notifications. Non-administrative users will be able to install all optional, recommended, and important content for which they received a notification. Users will not see a User Account Control window and do not need elevated permissions to install these updates, except in the case of updates that contain User Interface , End User License Agreement , or Windows Update setting changes.\n\nThere are two situations where the effect of this setting depends on the operating system: Hide/Restore updates, and Cancel an install.\n\nOn XP: If you enable this policy setting, users will not see a User Account Control window and do not need elevated permissions to do either of these update-related tasks.\n\nOn Vista: If you enable this policy setting, users will not see a User Account Control window and do not need elevated permissions to do either of these tasks. If you do not enable this policy setting, then users will always see an Account Control window and require elevated permissions to do either of these tasks.\n\nOn Windows 7 : This policy setting has no effect. Users will always see an Account Control window and require elevated permissions to do either of these tasks.\n\nOn Windows 8 and Windows RT: This policy setting has no effect. Users will always see an Account Control window and require elevated permissions to do either of these tasks.\n\nIf you disable this policy setting, then only administrative users will receive update notifications.\n\nNote: On Windows 8 and Windows RT this policy setting is enabled by default. In all prior versions of windows, it is disabled by default.\n\nIf the \"Configure Automatic Updates\" policy setting is disabled or is not configured, then the Elevate Non-Admin policy setting has no effect.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate" ], "ValueName": "ElevateNonAdmins", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsUpdate.admx", "CategoryName": "PreSV", "PolicyName": "ImmediateInstall_Title", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsUpdate", "Supported": "WU_SUPPORTED_Win2kSP3_Or_XPSP1_Through_Win81_or_Server2012R2 - At least Windows XP Professional Service Pack 1 or At least Windows 2000 Service Pack 3 through Windows 8.1 or Windows Server 2012 R2 with most current service pack. Not supported on Windows 10 and above.", "DisplayName": "Allow Automatic Updates immediate installation", "ExplainText": "Specifies whether Automatic Updates should automatically install certain updates that neither interrupt Windows services nor restart Windows.\n\nIf the status is set to Enabled, Automatic Updates will immediately install these updates once they are downloaded and ready to install.\n\nIf the status is set to Disabled, such updates will not be installed immediately.\n\nNote: If the \"Configure Automatic Updates\" policy is disabled, this policy has no effect.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU" ], "ValueName": "AutoInstallMinorUpdates", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsUpdate.admx", "CategoryName": "PreSV", "PolicyName": "IncludeRecommendedUpdates_Title", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsUpdate", "Supported": "WU_SUPPORTED_WindowsVista_Through_Win81_or_Server2012R2 - At least Windows Vista through Windows 8.1 or Windows Server 2012 R2 with most current service pack. Not supported on Windows 10 and above.", "DisplayName": "Turn on recommended updates via Automatic Updates", "ExplainText": "Specifies whether Automatic Updates will deliver both important as well as recommended updates from the Windows Update update service.\n\nWhen this policy is enabled, Automatic Updates will install recommended updates as well as important updates from Windows Update update service.\n\nWhen disabled or not configured Automatic Updates will continue to deliver important updates if it is already configured to do so.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU" ], "ValueName": "IncludeRecommendedUpdates", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsUpdate.admx", "CategoryName": "PreSV", "PolicyName": "FeaturedSoftwareNotification_Title", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsUpdate", "Supported": "Windows7ToVista - Windows Server 2008, Windows 7, and Windows Vista", "DisplayName": "Turn on Software Notifications", "ExplainText": "This policy setting allows you to control whether users see detailed enhanced notification messages about featured software from the Microsoft Update service. Enhanced notification messages convey the value and promote the installation and use of optional software. This policy setting is intended for use in loosely managed environments in which you allow the end user access to the Microsoft Update service.\n\nIf you enable this policy setting, a notification message will appear on the user's computer when featured software is available. The user can click the notification to open the Windows Update Application and get more information about the software or install it. The user can also click \"Close this message\" or \"Show me later\" to defer the notification as appropriate.\n\nIn Windows 7, this policy setting will only control detailed notifications for optional applications. In Windows Vista, this policy setting controls detailed notifications for optional applications and updates.\n\nIf you disable or do not configure this policy setting, Windows 7 users will not be offered detailed notification messages for optional applications, and Windows Vista users will not be offered detailed notification messages for optional applications or updates.\n\nBy default, this policy setting is disabled.\n\nIf you are not using the Microsoft Update service, then the Software Notifications policy setting has no effect.\n\nIf the \"Configure Automatic Updates\" policy setting is disabled or is not configured, then the Software Notifications policy setting has no effect.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU" ], "ValueName": "EnableFeaturedSoftware", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsUpdate.admx", "CategoryName": "PreSV", "PolicyName": "AUPowerManagement_Title", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsUpdate", "Supported": "Windows7ToVistaAndWindows10 - Windows Server 2008, Windows 7, Windows Vista, and Windows 10", "DisplayName": "Enabling Windows Update Power Management to automatically wake up the system to install scheduled updates", "ExplainText": "Specifies whether the Windows Update will use the Windows Power Management features to automatically wake up the system from sleep, if there are updates scheduled for installation.\n\nWindows Update will only automatically wake up the system if Windows Update is configured to install updates automatically. If the system is in sleep when the scheduled install time occurs and there are updates to be applied, then Windows Update will use the Windows Power management features to automatically wake the system up to install the updates.\n\nWindows update will also wake the system up and install an update if an install deadline occurs.\n\nThe system will not wake unless there are updates to be installed. If the system is on battery power, when Windows Update wakes it up, it will not install updates and the system will automatically return to sleep in 2 minutes.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate" ], "ValueName": "AUPowerManagement", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsUpdate.admx", "CategoryName": "PreSV", "PolicyName": "NoAutoRebootWithLoggedOnUsers_Title", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsUpdate", "Supported": "Win2kSP3_Or_XPSP1 - Windows XP Professional Service Pack 1 or At least Windows 2000 Service Pack 3", "DisplayName": "No auto-restart with logged on users for scheduled automatic updates installations", "ExplainText": "Specifies that to complete a scheduled installation, Automatic Updates will wait for the computer to be restarted by any user who is logged on, instead of causing the computer to restart automatically.\n\nIf the status is set to Enabled, Automatic Updates will not restart a computer automatically during a scheduled installation if a user is logged in to the computer. Instead, Automatic Updates will notify the user to restart the computer.\n\nBe aware that the computer needs to be restarted for the updates to take effect.\n\nIf the status is set to Disabled or Not Configured, Automatic Updates will notify the user that the computer will automatically restart in 5 minutes to complete the installation.\n\nNote: This policy applies only when Automatic Updates is configured to perform scheduled installations of updates. If the \"Configure Automatic Updates\" policy is disabled, this policy has no effect.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU" ], "ValueName": "NoAutoRebootWithLoggedOnUsers", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsUpdate.admx", "CategoryName": "PreSV", "PolicyName": "AlwaysAutoRebootAtScheduledTime", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsUpdate", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Always automatically restart at the scheduled time", "ExplainText": "If you enable this policy, a restart timer will always begin immediately after Windows Update installs important updates, instead of first notifying users on the login screen for at least two days.\n\nThe restart timer can be configured to start with any value from 15 to 180 minutes. When the timer runs out, the restart will proceed even if the PC has signed-in users.\n\nIf you disable or do not configure this policy, Windows Update will not alter its restart behavior.\n\nIf the \"No auto-restart with logged on users for scheduled automatic updates installations\" policy is enabled, then this policy has no effect.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU" ], "ValueName": "AlwaysAutoRebootAtScheduledTime", "Elements": [ { "Type": "Decimal", "ValueName": "AlwaysAutoRebootAtScheduledTimeMinutes", "MinValue": "15", "MaxValue": "180", "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsUpdate.admx", "CategoryName": "PreSV", "PolicyName": "RebootRelaunchTimeout_Title", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsUpdate", "Supported": "WU_SUPPORTED_Windows7_To_Win2kSP3_Or_XPSP1 - Windows 7, Windows Server 2008 R2, Windows Vista, Windows Server 2003, Windows XP SP2, Windows XP SP1 , Windows 2000 SP4, Windows 2000 SP3", "DisplayName": "Re-prompt for restart with scheduled installations", "ExplainText": "Specifies the amount of time for Automatic Updates to wait before prompting again with a scheduled restart.\n\nIf the status is set to Enabled, a scheduled restart will occur the specified number of minutes after the previous prompt for restart was postponed.\n\nIf the status is set to Disabled or Not Configured, the default interval is 10 minutes.\n\nNote: This policy applies only when Automatic Updates is configured to perform scheduled installations of updates. If the \"Configure Automatic Updates\" policy is disabled, this policy has no effect. This policy has no effect on Windows RT", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU" ], "ValueName": "RebootRelaunchTimeoutEnabled", "Elements": [ { "Type": "Decimal", "ValueName": "RebootRelaunchTimeout", "MinValue": "1", "MaxValue": "1440", "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsUpdate.admx", "CategoryName": "PreSV", "PolicyName": "RebootWarningTimeout_Title", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsUpdate", "Supported": "WU_SUPPORTED_Windows7_To_Win2kSP3_Or_XPSP1 - Windows 7, Windows Server 2008 R2, Windows Vista, Windows Server 2003, Windows XP SP2, Windows XP SP1 , Windows 2000 SP4, Windows 2000 SP3", "DisplayName": "Delay Restart for scheduled installations", "ExplainText": "Specifies the amount of time for Automatic Updates to wait before proceeding with a scheduled restart.\n\nIf the status is set to Enabled, a scheduled restart will occur the specified number of minutes after the installation is finished.\n\nIf the status is set to Disabled or Not Configured, the default wait time is 15 minutes.\n\nNote: This policy applies only when Automatic Updates is configured to perform scheduled installations of updates. If the \"Configure Automatic Updates\" policy is disabled, this policy has no effect.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU" ], "ValueName": "RebootWarningTimeoutEnabled", "Elements": [ { "Type": "Decimal", "ValueName": "RebootWarningTimeout", "MinValue": "1", "MaxValue": "30", "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsUpdate.admx", "CategoryName": "PreSV", "PolicyName": "RescheduleWaitTime_Title", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsUpdate", "Supported": "WU_SUPPORTED_Windows7_To_Win2kSP3_Or_XPSP1 - Windows 7, Windows Server 2008 R2, Windows Vista, Windows Server 2003, Windows XP SP2, Windows XP SP1 , Windows 2000 SP4, Windows 2000 SP3", "DisplayName": "Reschedule Automatic Updates scheduled installations", "ExplainText": "Specifies the amount of time for Automatic Updates to wait, following system startup, before proceeding with a scheduled installation that was missed previously.\n\nIf the status is set to Enabled, a scheduled installation that did not take place earlier will occur the specified number of minutes after the computer is next started.\n\nIf the status is set to Disabled, a missed scheduled installation will occur with the next scheduled installation.\n\nIf the status is set to Not Configured, a missed scheduled installation will occur one minute after the computer is next started.\n\nNote: This policy applies only when Automatic Updates is configured to perform scheduled installations of updates. If the \"Configure Automatic Updates\" policy is disabled, this policy has no effect.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU" ], "ValueName": "RescheduleWaitTimeEnabled", "Elements": [ { "Type": "Decimal", "ValueName": "RescheduleWaitTime", "MinValue": "1", "MaxValue": "60", "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsUpdate.admx", "CategoryName": "WSUSOffering", "PolicyName": "TargetGroup_Title", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsUpdate", "Supported": "WU_SUPPORTED_Win2kSP3_Or_XPSP1_NoWinRT - At least Windows XP Professional Service Pack 1 or Windows 2000 Service Pack 3, excluding Windows RT", "DisplayName": "Enable client-side targeting", "ExplainText": "Specifies the target group name or names that should be used to receive updates from an intranet Microsoft update service.\n\nIf the status is set to Enabled, the specified target group information is sent to the intranet Microsoft update service which uses it to determine which updates should be deployed to this computer.\n\nIf the intranet Microsoft update service supports multiple target groups this policy can specify multiple group names separated by semicolons. Otherwise, a single group must be specified.\n\nIf the status is set to Disabled or Not Configured, no target group information will be sent to the intranet Microsoft update service.\n\nNote: This policy applies only when the intranet Microsoft update service this computer is directed to is configured to support client-side targeting. If the \"Specify intranet Microsoft update service location\" policy is disabled or not configured, this policy has no effect.\nNote: This policy is not supported on Windows RT. Setting this policy will not have any effect on Windows RT PCs.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate" ], "ValueName": "TargetGroupEnabled", "Elements": [ { "Type": "Text", "ValueName": "TargetGroup", "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsUpdate.admx", "CategoryName": "WSUSOffering", "PolicyName": "TrustedPublisher_Title", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsUpdate", "Supported": "WU_SUPPORTED_WindowsXPSP1_NoWinRT - At least Windows Server 2003 operating systems or Windows XP Professional with SP1, excluding Windows RT", "DisplayName": "Allow signed updates from an intranet Microsoft update service location", "ExplainText": "This policy setting allows you to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found on an intranet Microsoft update service location.\n\nIf you enable this policy setting, Automatic Updates accepts updates received through an intranet Microsoft update service location, if they are signed by a certificate found in the \"Trusted Publishers\" certificate store of the local computer.\n\nIf you disable or do not configure this policy setting, updates from an intranet Microsoft update service location must be signed by Microsoft.\n\nNote: Updates from a service other than an intranet Microsoft update service must always be signed by Microsoft and are not affected by this policy setting.\nNote: This policy is not supported on Windows RT. Setting this policy will not have any effect on Windows RT PCs.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate" ], "ValueName": "AcceptTrustedPublisherCerts", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsUpdate.admx", "CategoryName": "WSUSOffering", "PolicyName": "DoNotConnectToWindowsUpdateInternetLocations", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsUpdate", "Supported": "Windows_6_3 - At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1", "DisplayName": "Do not connect to any Windows Update Internet locations", "ExplainText": "Even when Windows Update is configured to receive updates from an intranet update service, it will periodically retrieve information from the public Windows Update service to enable future connections to Windows Update, and other services like Microsoft Update or the Windows Store.\n\nEnabling this policy will disable that functionality, and may cause connection to public services such as the Windows Store to stop working.\n\nNote: This policy applies only when this PC is configured to connect to an intranet update service using the \"Specify intranet Microsoft update service location\" policy.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate" ], "ValueName": "DoNotConnectToWindowsUpdateInternetLocations", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsUpdate.admx", "CategoryName": "WindowsUpdateOffering", "PolicyName": "TargetReleaseVersion", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsUpdate", "Supported": "Windows_10_0_NOARM - At least Windows Server 2016 or Windows 10", "DisplayName": "Select the target Feature Update version", "ExplainText": "Enter the product and version as listed on the Windows Update target version page:\n\naka.ms/WindowsTargetVersioninfo\n\nThe device will request that Windows Update product and version in subsequent scans.\n\nEntering a target product and clicking OK or Apply means I accept the Microsoft Software License Terms for it found at aka.ms/WindowsTargetVersioninfo. If an organization is licensing the software, I am authorized to bind the organization.\n\nIf you enter an invalid value, you will remain on your current version until you correct the values to a supported product and version.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate" ], "ValueName": "TargetReleaseVersion", "Elements": [ { "Type": "Text", "ValueName": "ProductVersion", "MaxLength": "25" }, { "Type": "Text", "ValueName": "TargetReleaseVersionInfo", "MaxLength": "4" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsUpdate.admx", "CategoryName": "WindowsUpdateOffering", "PolicyName": "DisableWUfBSafeguards", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsUpdate", "Supported": "Windows_10_0_RS7 - At least Windows Server 2016, Windows 10 Version 1909", "DisplayName": "Disable safeguards for Feature Updates", "ExplainText": "Enable this setting when Feature Updates should be deployed to devices without blocking on any safeguard holds.\u202fSafeguard holds are known compatibility issues that block the upgrade from being deployed to affected devices until the issue is resolved.\u202fEnabling this policy can allow an organization to deploy the Feature Update to devices for testing, or to deploy the Feature Update without blocking on safeguard holds.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate" ], "ValueName": "DisableWUfBSafeguards", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsUpdate.admx", "CategoryName": "WindowsUpdateOffering", "PolicyName": "ManagePreviewBuilds", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsUpdate", "Supported": "Windows_10_0_RS3 - At least Windows Server 2016, Windows 10 Version 1709", "DisplayName": "Manage preview builds", "ExplainText": "Enable this policy to manage which updates you receive prior to the update being released to the world.\n\nDev Channel\nIdeal for highly technical users. Insiders in the Dev Channel will receive builds from our active development branch that is earliest in a development cycle. These builds are not matched to a specific Windows 10 release.\n\nBeta Channel\nIdeal for feature explorers who want to see upcoming Windows 10 features. Your feedback will be especially important here as it will help our engineers ensure key issues are fixed before a major release.\n\nRelease Preview Channel (default)\nInsiders in the Release Preview Channel will have access to the upcoming release of Windows 10 prior to it being released to the world. These builds are supported by Microsoft. The Release Preview Channel is where we recommend companies preview and validate upcoming Windows 10 releases before broad deployment within their organization.\n\nRelease Preview Channel, Quality Updates Only\nIdeal for those who want to validate the features and fixes coming soon to their current version. Note, released feature updates will continue to be offered in accordance with configured policies when this option is selected.\n\nNote: Preview Build enrollment requires a telemetry level setting of 2 or higher and your domain registered on insider.windows.com. For additional information on Preview Builds, see: https://aka.ms/wipforbiz\n\nIf you disable or do not configure this policy, Windows Update will not offer you any pre-release updates and you will receive such content once released to the world. Disabling this policy will cause any devices currently on a pre-release build to opt out and stay on the latest Feature Update once released.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate" ], "ValueName": "ManagePreviewBuildsPolicyValue", "Elements": [ { "Type": "Enum", "ValueName": "BranchReadinessLevel", "Items": [ { "DisplayName": "Dev Channel", "Data": "2" }, { "DisplayName": "Beta Channel", "Data": "4" }, { "DisplayName": "Release Preview Channel", "Data": "8" }, { "DisplayName": "Release Preview of Quality Updates Only", "Data": "64" } ], "Required": true }, { "Type": "EnabledValue", "Data": "2" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "WindowsUpdate.admx", "CategoryName": "WindowsUpdateOffering", "PolicyName": "DeferFeatureUpdates", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsUpdate", "Supported": "Windows_10_0_NOARM - At least Windows Server 2016 or Windows 10", "DisplayName": "Select when Preview Builds and Feature Updates are received", "ExplainText": "Enable this policy to specify when to receive Feature Updates.\n\nDefer Updates | This enables devices to defer taking the next Feature Update available for their current product (or a new product if specified in the Select the target Feature Update version policy). You can defer a Feature Update for up to 14 days for all pre-release channels and up to 365 days for the General Availability Channel. To learn more about the current releases, please see aka.ms/WindowsTargetVersioninfo\n\nPause Updates | To prevent Feature Updates from being offered to the device, you can temporarily pause Feature Updates. This pause will remain in effect for 35 days from the specified start date or until the field is cleared. Note, Quality Updates will still be offered even if Feature Updates are paused.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate" ], "ValueName": "DeferFeatureUpdates", "Elements": [ { "Type": "Decimal", "ValueName": "DeferFeatureUpdatesPeriodInDays", "MinValue": "0", "MaxValue": "365" }, { "Type": "Text", "ValueName": "PauseFeatureUpdatesStartTime", "MaxLength": "10" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsUpdate.admx", "CategoryName": "WindowsUpdateOffering", "PolicyName": "DeferQualityUpdates", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsUpdate", "Supported": "Windows_10_0_NOARM - At least Windows Server 2016 or Windows 10", "DisplayName": "Select when Quality Updates are received", "ExplainText": "Enable this policy to specify when to receive quality updates.\n\nYou can defer receiving quality updates for up to 30 days.\n\nTo prevent quality updates from being received on their scheduled time, you can temporarily pause quality updates. The pause will remain in effect for 35 days or until you clear the start date field.\n\nTo resume receiving Quality Updates which are paused, clear the start date field.\n\nIf you disable or do not configure this policy, Windows Update will not alter its behavior.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate" ], "ValueName": "DeferQualityUpdates", "Elements": [ { "Type": "Decimal", "ValueName": "DeferQualityUpdatesPeriodInDays", "MinValue": "0", "MaxValue": "30" }, { "Type": "Text", "ValueName": "PauseQualityUpdatesStartTime", "MaxLength": "10" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsUpdate.admx", "CategoryName": "WindowsUpdateOffering", "PolicyName": "ExcludeWUDriversInQualityUpdate", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsUpdate", "Supported": "Windows_10_0_NOARM - At least Windows Server 2016 or Windows 10", "DisplayName": "Do not include drivers with Windows Updates", "ExplainText": "Enable this policy to not include drivers with Windows quality updates.\n\nIf you disable or do not configure this policy, Windows Update will include updates that have a Driver classification.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate" ], "ValueName": "ExcludeWUDriversInQualityUpdate", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsUpdate.admx", "CategoryName": "WindowsUpdateExperience", "PolicyName": "ActiveHours", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsUpdate", "Supported": "Windows_10_0_NOARM - At least Windows Server 2016 or Windows 10", "DisplayName": "Turn off auto-restart for updates during active hours", "ExplainText": "If you enable this policy, the PC will not automatically restart after updates during active hours. The PC will attempt to restart outside of active hours.\n\nNote that the PC must restart for certain updates to take effect.\n\nIf you disable or do not configure this policy and have no other reboot group policies, the user selected active hours will be in effect.\n\nIf any of the following two policies are enabled, this policy has no effect:\n1. No auto-restart with logged on users for scheduled automatic updates installations.\n2. Always automatically restart at scheduled time.\n\nNote that the default max active hours range is 18 hours from the active hours start time unless otherwise configured via the Specify active hours range for auto-restarts policy.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate" ], "ValueName": "SetActiveHours", "Elements": [ { "Type": "Enum", "ValueName": "ActiveHoursStart", "Items": [ { "DisplayName": "12 AM", "Data": "0" }, { "DisplayName": "1 AM", "Data": "1" }, { "DisplayName": "2 AM", "Data": "2" }, { "DisplayName": "3 AM", "Data": "3" }, { "DisplayName": "4 AM", "Data": "4" }, { "DisplayName": "5 AM", "Data": "5" }, { "DisplayName": "6 AM", "Data": "6" }, { "DisplayName": "7 AM", "Data": "7" }, { "DisplayName": "8 AM", "Data": "8" }, { "DisplayName": "9 AM", "Data": "9" }, { "DisplayName": "10 AM", "Data": "10" }, { "DisplayName": "11 AM", "Data": "11" }, { "DisplayName": "12 PM", "Data": "12" }, { "DisplayName": "1 PM", "Data": "13" }, { "DisplayName": "2 PM", "Data": "14" }, { "DisplayName": "3 PM", "Data": "15" }, { "DisplayName": "4 PM", "Data": "16" }, { "DisplayName": "5 PM", "Data": "17" }, { "DisplayName": "6 PM", "Data": "18" }, { "DisplayName": "7 PM", "Data": "19" }, { "DisplayName": "8 PM", "Data": "20" }, { "DisplayName": "9 PM", "Data": "21" }, { "DisplayName": "10 PM", "Data": "22" }, { "DisplayName": "11 PM", "Data": "23" } ], "Required": true }, { "Type": "Enum", "ValueName": "ActiveHoursEnd", "Items": [ { "DisplayName": "12 AM", "Data": "0" }, { "DisplayName": "1 AM", "Data": "1" }, { "DisplayName": "2 AM", "Data": "2" }, { "DisplayName": "3 AM", "Data": "3" }, { "DisplayName": "4 AM", "Data": "4" }, { "DisplayName": "5 AM", "Data": "5" }, { "DisplayName": "6 AM", "Data": "6" }, { "DisplayName": "7 AM", "Data": "7" }, { "DisplayName": "8 AM", "Data": "8" }, { "DisplayName": "9 AM", "Data": "9" }, { "DisplayName": "10 AM", "Data": "10" }, { "DisplayName": "11 AM", "Data": "11" }, { "DisplayName": "12 PM", "Data": "12" }, { "DisplayName": "1 PM", "Data": "13" }, { "DisplayName": "2 PM", "Data": "14" }, { "DisplayName": "3 PM", "Data": "15" }, { "DisplayName": "4 PM", "Data": "16" }, { "DisplayName": "5 PM", "Data": "17" }, { "DisplayName": "6 PM", "Data": "18" }, { "DisplayName": "7 PM", "Data": "19" }, { "DisplayName": "8 PM", "Data": "20" }, { "DisplayName": "9 PM", "Data": "21" }, { "DisplayName": "10 PM", "Data": "22" }, { "DisplayName": "11 PM", "Data": "23" } ], "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsUpdate.admx", "CategoryName": "PreSV", "PolicyName": "AutoRestartDeadline", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsUpdate", "Supported": "WU_SUPPORTED_Server2016_Through_Server2022_Or_Windows10 - Windows Server 2016 through Windows Server 2022, or Windows 10\u200b", "DisplayName": "Specify deadline before auto-restart for update installation", "ExplainText": "Specify the deadline before the PC will automatically restart to apply updates. The deadline can be set 2 to 14 days past the default restart date.\n\nThe restart may happen inside active hours.\n\nIf you disable or do not configure this policy, the PC will restart according to the default schedule.\n\nEnabling either of the following two policies will override the above policy:\n1. No auto-restart with logged on users for scheduled automatic updates installations.\n2. Always automatically restart at scheduled time.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate" ], "ValueName": "SetAutoRestartDeadline", "Elements": [ { "Type": "Enum", "ValueName": "AutoRestartDeadlinePeriodInDays", "Items": [ { "DisplayName": "2", "Data": "2" }, { "DisplayName": "3", "Data": "3" }, { "DisplayName": "4", "Data": "4" }, { "DisplayName": "5", "Data": "5" }, { "DisplayName": "6", "Data": "6" }, { "DisplayName": "7", "Data": "7" }, { "DisplayName": "8", "Data": "8" }, { "DisplayName": "9", "Data": "9" }, { "DisplayName": "10", "Data": "10" }, { "DisplayName": "11", "Data": "11" }, { "DisplayName": "12", "Data": "12" }, { "DisplayName": "13", "Data": "13" }, { "DisplayName": "14", "Data": "14" }, { "DisplayName": "15", "Data": "15" }, { "DisplayName": "16", "Data": "16" }, { "DisplayName": "17", "Data": "17" }, { "DisplayName": "18", "Data": "18" }, { "DisplayName": "19", "Data": "19" }, { "DisplayName": "20", "Data": "20" }, { "DisplayName": "21", "Data": "21" }, { "DisplayName": "22", "Data": "22" }, { "DisplayName": "23", "Data": "23" }, { "DisplayName": "24", "Data": "24" }, { "DisplayName": "25", "Data": "25" }, { "DisplayName": "26", "Data": "26" }, { "DisplayName": "27", "Data": "27" }, { "DisplayName": "28", "Data": "28" }, { "DisplayName": "29", "Data": "29" }, { "DisplayName": "30", "Data": "30" } ], "Required": true }, { "Type": "Enum", "ValueName": "AutoRestartDeadlinePeriodInDaysForFeatureUpdates", "Items": [ { "DisplayName": "2", "Data": "2" }, { "DisplayName": "3", "Data": "3" }, { "DisplayName": "4", "Data": "4" }, { "DisplayName": "5", "Data": "5" }, { "DisplayName": "6", "Data": "6" }, { "DisplayName": "7", "Data": "7" }, { "DisplayName": "8", "Data": "8" }, { "DisplayName": "9", "Data": "9" }, { "DisplayName": "10", "Data": "10" }, { "DisplayName": "11", "Data": "11" }, { "DisplayName": "12", "Data": "12" }, { "DisplayName": "13", "Data": "13" }, { "DisplayName": "14", "Data": "14" }, { "DisplayName": "15", "Data": "15" }, { "DisplayName": "16", "Data": "16" }, { "DisplayName": "17", "Data": "17" }, { "DisplayName": "18", "Data": "18" }, { "DisplayName": "19", "Data": "19" }, { "DisplayName": "20", "Data": "20" }, { "DisplayName": "21", "Data": "21" }, { "DisplayName": "22", "Data": "22" }, { "DisplayName": "23", "Data": "23" }, { "DisplayName": "24", "Data": "24" }, { "DisplayName": "25", "Data": "25" }, { "DisplayName": "26", "Data": "26" }, { "DisplayName": "27", "Data": "27" }, { "DisplayName": "28", "Data": "28" }, { "DisplayName": "29", "Data": "29" }, { "DisplayName": "30", "Data": "30" } ], "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsUpdate.admx", "CategoryName": "WindowsUpdateExperience", "PolicyName": "DisableUXWUAccess", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsUpdate", "Supported": "Windows_10_0_NOARM - At least Windows Server 2016 or Windows 10", "DisplayName": "Remove access to use all Windows Update features", "ExplainText": "This setting allows you to remove access to scan Windows Update.\n\nIf you enable this setting user access to Windows Update scan, download and\u00a0install is removed.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate" ], "ValueName": "SetDisableUXWUAccess", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsUpdate.admx", "CategoryName": "WindowsUpdateExperience", "PolicyName": "DisablePauseUXAccess", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsUpdate", "Supported": "Windows_10_0_RS5 - At least Windows Server 2016, Windows 10 Version 1809", "DisplayName": "Remove access to \"Pause updates\" feature", "ExplainText": "This setting allows to remove access to \"Pause updates\" feature.\n\nOnce enabled user access to pause updates is removed.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate" ], "ValueName": "SetDisablePauseUXAccess", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsUpdate.admx", "CategoryName": "WindowsUpdateExperience", "PolicyName": "ActiveHoursMaxRange", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsUpdate", "Supported": "Windows_10_0_NOARM - At least Windows Server 2016 or Windows 10", "DisplayName": "Specify active hours range for auto-restarts", "ExplainText": "Enable this policy to specify the maximum number of hours from the start time that users can set their active hours.\n\nThe max active hours range can be set between 8 and 18 hours.\n\nIf you disable or do not configure this policy, the default max active hours range will be used.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate" ], "ValueName": "SetActiveHoursMaxRange", "Elements": [ { "Type": "Enum", "ValueName": "ActiveHoursMaxRange", "Items": [ { "DisplayName": "8", "Data": "8" }, { "DisplayName": "9", "Data": "9" }, { "DisplayName": "10", "Data": "10" }, { "DisplayName": "11", "Data": "11" }, { "DisplayName": "12", "Data": "12" }, { "DisplayName": "13", "Data": "13" }, { "DisplayName": "14", "Data": "14" }, { "DisplayName": "15", "Data": "15" }, { "DisplayName": "16", "Data": "16" }, { "DisplayName": "17", "Data": "17" }, { "DisplayName": "18", "Data": "18" } ], "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsUpdate.admx", "CategoryName": "PreSV", "PolicyName": "AutoRestartRequiredNotificationDismissal", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsUpdate", "Supported": "WU_SUPPORTED_Server2016_Through_Server2022_Or_Windows10 - Windows Server 2016 through Windows Server 2022, or Windows 10\u200b", "DisplayName": "Configure auto-restart required notification for updates", "ExplainText": "Enable this policy to specify the method by which the auto-restart required notification is dismissed. When a restart is required to install updates, the auto-restart required notification is displayed. By default, the notification is automatically dismissed after 25 seconds.\n\nThe method can be set to require user action to dismiss the notification.\n\nIf you disable or do not configure this policy, the default method will be used.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate" ], "ValueName": "SetAutoRestartRequiredNotificationDismissal", "Elements": [ { "Type": "Enum", "ValueName": "AutoRestartRequiredNotificationDismissal", "Items": [ { "DisplayName": "1 - Auto", "Data": "1" }, { "DisplayName": "2 - User Action", "Data": "2" } ], "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsUpdate.admx", "CategoryName": "PreSV", "PolicyName": "AutoRestartNotificationConfig", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsUpdate", "Supported": "WU_SUPPORTED_Server2016_Through_Server2022_Or_Windows10 - Windows Server 2016 through Windows Server 2022, or Windows 10\u200b", "DisplayName": "Configure auto-restart reminder notifications for updates", "ExplainText": "Enable this policy to specify when auto-restart reminders are displayed.\n\nYou can specify the amount of time prior to a scheduled restart to notify the user.\n\nIf you disable or do not configure this policy, the default period will be used.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate" ], "ValueName": "SetAutoRestartNotificationConfig", "Elements": [ { "Type": "Enum", "ValueName": "AutoRestartNotificationSchedule", "Items": [ { "DisplayName": "15", "Data": "15" }, { "DisplayName": "30", "Data": "30" }, { "DisplayName": "60", "Data": "60" }, { "DisplayName": "120", "Data": "120" }, { "DisplayName": "240", "Data": "240" } ], "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsUpdate.admx", "CategoryName": "PreSV", "PolicyName": "AutoRestartNotificationDisable", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsUpdate", "Supported": "WU_SUPPORTED_Server2016_Through_Server2022_Or_Windows10 - Windows Server 2016 through Windows Server 2022, or Windows 10\u200b", "DisplayName": "Turn off auto-restart notifications for update installations", "ExplainText": "This policy setting allows you to control whether users receive notifications for auto restarts for update installations including reminder and warning notifications.\n\nEnable this policy to turn off all auto restart notifications.\n\nIf you disable or do not configure this policy, the default notification behaviors will be unchanged.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate" ], "ValueName": "SetAutoRestartNotificationDisable", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsUpdate.admx", "CategoryName": "PreSV", "PolicyName": "RestartWarnRemind", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsUpdate", "Supported": "WU_SUPPORTED_Server2016_Through_Server2022_Or_Windows10 - Windows Server 2016 through Windows Server 2022, or Windows 10\u200b", "DisplayName": "Configure auto-restart warning notifications schedule for updates", "ExplainText": "Enable this policy to control when notifications are displayed to warn users about a scheduled restart for the update installation deadline. Users are not able to postpone the scheduled restart once the deadline has been reached and the restart is automatically executed.\n\nSpecifies the amount of time prior to a scheduled restart to display the warning reminder to the user.\n\nYou can specify the amount of time prior to a scheduled restart to notify the user that the auto restart is imminent to allow them time to save their work.\n\nIf you disable or do not configure this policy, the default notification behaviors will be used.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate" ], "ValueName": "SetRestartWarningSchd", "Elements": [ { "Type": "Enum", "ValueName": "ScheduleRestartWarning", "Items": [ { "DisplayName": "2", "Data": "2" }, { "DisplayName": "4", "Data": "4" }, { "DisplayName": "8", "Data": "8" }, { "DisplayName": "12", "Data": "12" }, { "DisplayName": "24", "Data": "24" } ], "Required": true }, { "Type": "Enum", "ValueName": "ScheduleImminentRestartWarning", "Items": [ { "DisplayName": "15", "Data": "15" }, { "DisplayName": "30", "Data": "30" }, { "DisplayName": "60", "Data": "60" } ], "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsUpdate.admx", "CategoryName": "PreSV", "PolicyName": "EngagedRestartTransitionSchedule", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsUpdate", "Supported": "WU_SUPPORTED_Server2016_Through_Server2022_Or_Windows10 - Windows Server 2016 through Windows Server 2022, or Windows 10\u200b", "DisplayName": "Specify Engaged restart transition and notification schedule for updates", "ExplainText": "Enable this policy to control the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. The period can be set between 0 and 30 days from the time the restart becomes pending.\n\nYou can specify the number of days a user can snooze Engaged restart reminder notifications. The snooze period can be set between 1 and 3 days.\n\nYou can specify the deadline in days before automatically scheduling and executing a pending restart regardless of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to automatically executed, within the specified period.\n\nIf you do not specify a deadline or if the deadline is set to 0, the PC won't automatically restart and will require the person to schedule it prior to restart.\n\nIf you disable or do not configure this policy, the PC will restart following the default schedule.\n\nEnabling any of the following policies will override the above policy:\n1. No auto-restart with logged on users for scheduled automatic updates installations\n2. Always automatically restart at scheduled time\n3. Specify deadline before auto-restart for update installation", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate" ], "ValueName": "SetEngagedRestartTransitionSchedule", "Elements": [ { "Type": "Enum", "ValueName": "EngagedRestartTransitionSchedule", "Items": [ { "DisplayName": "0", "Data": "0" }, { "DisplayName": "1", "Data": "1" }, { "DisplayName": "2", "Data": "2" }, { "DisplayName": "3", "Data": "3" }, { "DisplayName": "4", "Data": "4" }, { "DisplayName": "5", "Data": "5" }, { "DisplayName": "6", "Data": "6" }, { "DisplayName": "7", "Data": "7" }, { "DisplayName": "8", "Data": "8" }, { "DisplayName": "9", "Data": "9" }, { "DisplayName": "10", "Data": "10" }, { "DisplayName": "11", "Data": "11" }, { "DisplayName": "12", "Data": "12" }, { "DisplayName": "13", "Data": "13" }, { "DisplayName": "14", "Data": "14" }, { "DisplayName": "15", "Data": "15" }, { "DisplayName": "16", "Data": "16" }, { "DisplayName": "17", "Data": "17" }, { "DisplayName": "18", "Data": "18" }, { "DisplayName": "19", "Data": "19" }, { "DisplayName": "20", "Data": "20" }, { "DisplayName": "21", "Data": "21" }, { "DisplayName": "22", "Data": "22" }, { "DisplayName": "23", "Data": "23" }, { "DisplayName": "24", "Data": "24" }, { "DisplayName": "25", "Data": "25" }, { "DisplayName": "26", "Data": "26" }, { "DisplayName": "27", "Data": "27" }, { "DisplayName": "28", "Data": "28" }, { "DisplayName": "29", "Data": "29" }, { "DisplayName": "30", "Data": "30" } ], "Required": true }, { "Type": "Enum", "ValueName": "EngagedRestartSnoozeSchedule", "Items": [ { "DisplayName": "1", "Data": "1" }, { "DisplayName": "2", "Data": "2" }, { "DisplayName": "3", "Data": "3" } ], "Required": true }, { "Type": "Enum", "ValueName": "EngagedRestartDeadline", "Items": [ { "DisplayName": "0", "Data": "0" }, { "DisplayName": "2", "Data": "2" }, { "DisplayName": "3", "Data": "3" }, { "DisplayName": "4", "Data": "4" }, { "DisplayName": "5", "Data": "5" }, { "DisplayName": "6", "Data": "6" }, { "DisplayName": "7", "Data": "7" }, { "DisplayName": "8", "Data": "8" }, { "DisplayName": "9", "Data": "9" }, { "DisplayName": "10", "Data": "10" }, { "DisplayName": "11", "Data": "11" }, { "DisplayName": "12", "Data": "12" }, { "DisplayName": "13", "Data": "13" }, { "DisplayName": "14", "Data": "14" }, { "DisplayName": "15", "Data": "15" }, { "DisplayName": "16", "Data": "16" }, { "DisplayName": "17", "Data": "17" }, { "DisplayName": "18", "Data": "18" }, { "DisplayName": "19", "Data": "19" }, { "DisplayName": "20", "Data": "20" }, { "DisplayName": "21", "Data": "21" }, { "DisplayName": "22", "Data": "22" }, { "DisplayName": "23", "Data": "23" }, { "DisplayName": "24", "Data": "24" }, { "DisplayName": "25", "Data": "25" }, { "DisplayName": "26", "Data": "26" }, { "DisplayName": "27", "Data": "27" }, { "DisplayName": "28", "Data": "28" }, { "DisplayName": "29", "Data": "29" }, { "DisplayName": "30", "Data": "30" } ], "Required": true }, { "Type": "Enum", "ValueName": "EngagedRestartTransitionScheduleForFeatureUpdates", "Items": [ { "DisplayName": "0", "Data": "0" }, { "DisplayName": "1", "Data": "1" }, { "DisplayName": "2", "Data": "2" }, { "DisplayName": "3", "Data": "3" }, { "DisplayName": "4", "Data": "4" }, { "DisplayName": "5", "Data": "5" }, { "DisplayName": "6", "Data": "6" }, { "DisplayName": "7", "Data": "7" }, { "DisplayName": "8", "Data": "8" }, { "DisplayName": "9", "Data": "9" }, { "DisplayName": "10", "Data": "10" }, { "DisplayName": "11", "Data": "11" }, { "DisplayName": "12", "Data": "12" }, { "DisplayName": "13", "Data": "13" }, { "DisplayName": "14", "Data": "14" }, { "DisplayName": "15", "Data": "15" }, { "DisplayName": "16", "Data": "16" }, { "DisplayName": "17", "Data": "17" }, { "DisplayName": "18", "Data": "18" }, { "DisplayName": "19", "Data": "19" }, { "DisplayName": "20", "Data": "20" }, { "DisplayName": "21", "Data": "21" }, { "DisplayName": "22", "Data": "22" }, { "DisplayName": "23", "Data": "23" }, { "DisplayName": "24", "Data": "24" }, { "DisplayName": "25", "Data": "25" }, { "DisplayName": "26", "Data": "26" }, { "DisplayName": "27", "Data": "27" }, { "DisplayName": "28", "Data": "28" }, { "DisplayName": "29", "Data": "29" }, { "DisplayName": "30", "Data": "30" } ], "Required": true }, { "Type": "Enum", "ValueName": "EngagedRestartSnoozeScheduleForFeatureUpdates", "Items": [ { "DisplayName": "1", "Data": "1" }, { "DisplayName": "2", "Data": "2" }, { "DisplayName": "3", "Data": "3" } ], "Required": true }, { "Type": "Enum", "ValueName": "EngagedRestartDeadlineForFeatureUpdates", "Items": [ { "DisplayName": "0", "Data": "0" }, { "DisplayName": "2", "Data": "2" }, { "DisplayName": "3", "Data": "3" }, { "DisplayName": "4", "Data": "4" }, { "DisplayName": "5", "Data": "5" }, { "DisplayName": "6", "Data": "6" }, { "DisplayName": "7", "Data": "7" }, { "DisplayName": "8", "Data": "8" }, { "DisplayName": "9", "Data": "9" }, { "DisplayName": "10", "Data": "10" }, { "DisplayName": "11", "Data": "11" }, { "DisplayName": "12", "Data": "12" }, { "DisplayName": "13", "Data": "13" }, { "DisplayName": "14", "Data": "14" }, { "DisplayName": "15", "Data": "15" }, { "DisplayName": "16", "Data": "16" }, { "DisplayName": "17", "Data": "17" }, { "DisplayName": "18", "Data": "18" }, { "DisplayName": "19", "Data": "19" }, { "DisplayName": "20", "Data": "20" }, { "DisplayName": "21", "Data": "21" }, { "DisplayName": "22", "Data": "22" }, { "DisplayName": "23", "Data": "23" }, { "DisplayName": "24", "Data": "24" }, { "DisplayName": "25", "Data": "25" }, { "DisplayName": "26", "Data": "26" }, { "DisplayName": "27", "Data": "27" }, { "DisplayName": "28", "Data": "28" }, { "DisplayName": "29", "Data": "29" }, { "DisplayName": "30", "Data": "30" } ], "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsUpdate.admx", "CategoryName": "WindowsUpdateExperience", "PolicyName": "SetEDURestart", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsUpdate", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Update Power Policy for Cart Restarts", "ExplainText": "Enabling this policy for EDU devices that remain on Carts overnight will skip power checks to ensure update reboots will happen at the scheduled install time.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate" ], "ValueName": "SetEDURestart", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsUpdate.admx", "CategoryName": "WindowsUpdateExperience", "PolicyName": "AllowAutoWindowsUpdateDownloadOverMeteredNetwork", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsUpdate", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Allow updates to be downloaded automatically over metered connections", "ExplainText": "Enabling this policy will automatically download updates, even over metered data connections (charges may apply)", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate" ], "ValueName": "AllowAutoWindowsUpdateDownloadOverMeteredNetwork", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsUpdate.admx", "CategoryName": "WindowsUpdateExperience", "PolicyName": "AllowTemporaryEnterpriseFeatureControl", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsUpdate", "Supported": "Windows_11_0_22H2 - At least Windows 11 Version 22H2", "DisplayName": "Enable features introduced via servicing that are off by default", "ExplainText": "Features introduced via servicing (outside of the annual feature update) are off by default for devices that have their Windows updates managed*.\n\nIf this policy is configured to \"Enabled\", then all features available in the latest monthly quality update installed will be on.\n\nIf this policy is set to \"Not Configured\" or \"Disabled\" then features that are shipped via a monthly quality update (servicing) will remain off until the feature update that includes these features is installed.\n\n*Windows update managed devices are those that have their Windows updates managed via policy; whether via the cloud using Windows Update for Business or on-premises with Windows Server Update Services (WSUS).", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate" ], "ValueName": "AllowTemporaryEnterpriseFeatureControl", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsUpdate.admx", "CategoryName": "PreSV", "PolicyName": "DisableDualScan", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsUpdate", "Supported": "Windows_10_0_RS1 - At least Windows Server 2016, Windows 10 Version 1607", "DisplayName": "Do not allow update deferral policies to cause scans against Windows Update", "ExplainText": "Enable this policy to not allow update deferral policies to cause scans against Windows Update.\n\nIf this policy is disabled or not configured, then the Windows Update client may initiate automatic scans against Windows Update while update deferral policies are enabled.\nNote: This policy applies only when the intranet Microsoft update service this computer is directed to is configured to support client-side targeting. If the \"Specify intranet Microsoft update service location\" policy is disabled or not configured, this policy has no effect.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate" ], "ValueName": "DisableDualScan", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsUpdate.admx", "CategoryName": "WindowsUpdateExperience", "PolicyName": "UpdateNotificationLevel", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsUpdate", "Supported": "WU_SUPPORTED_Windows_Server_2019_Windows_10_0_1809 - At least Windows Server 2019, or Windows 10 Version 1809\u200b", "DisplayName": "Display options for update notifications", "ExplainText": "0 (default) \u2013 Use the default Windows Update notifications\n1 \u2013 Turn off all notifications, excluding restart warnings\n2 \u2013 Turn off all notifications, including restart warnings\n\nThis policy allows you to define what Windows Update notifications users see. This policy doesn\u2019t control how and when updates are downloaded and installed.\n\nImportant: if you choose not to get update notifications and also define other Group policy so that devices aren\u2019t automatically getting updates, neither you nor device users will be aware of critical security, quality, or feature updates, and your devices may be at risk.\n\nIf you select \"Apply only during active hours\" in conjunction with Option 1 or 2, then notifications will only be disabled during active hours. You can set active hours by setting \"Turn off auto-restart for updates during active hours\" or allow the device to set active hours based on user behavior. To ensure that the device stays secure, a notification will still be shown if this option is selected once \"Specify deadlines for automatic updates and restarts\" deadline has been reached if configured, regardless of active hours.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate" ], "ValueName": "SetUpdateNotificationLevel", "Elements": [ { "Type": "Enum", "ValueName": "UpdateNotificationLevel", "Items": [ { "DisplayName": "0 (default) \u2013 Default OS Windows Update notifications", "Data": "0" }, { "DisplayName": "1 \u2013 Disable all notifications, excluding restart warnings", "Data": "1" }, { "DisplayName": "2 \u2013 Disable all notifications, including restart warnings", "Data": "2" } ], "Required": true }, { "Type": "Boolean", "ValueName": "NoUpdateNotificationsDuringActiveHours", "TrueValue": "1", "FalseValue": "0" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsUpdate.admx", "CategoryName": "WindowsUpdateExperience", "PolicyName": "ComplianceDeadlineForFU", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsUpdate", "Supported": "Windows_10_0_RS3 - At least Windows Server 2016, Windows 10 Version 1709", "DisplayName": "Specify deadline for automatic updates and restarts for feature update", "ExplainText": "This policy lets you specify the number of days before feature updates are installed on devices automatically, and a grace period after which required restarts occur automatically.\n\nSet deadlines for feature updates and quality updates to meet your compliance goals. Updates will be downloaded and installed as soon as they are offered and automatic restarts will be attempted outside of active hours. Once the deadline has passed, restarts will occur regardless of active hours, and users will not be able to reschedule. If the deadline is set to 0 days, the update will be installed immediately upon offering, but might not finish within the day due to device availability and network connectivity.\n\nSet a grace period for feature updates to guarantee users a minimum time to manage their restarts once updates are installed. Users will be able to schedule restarts during the grace period and Windows can still automatically restart outside of active hours if users choose not to schedule restarts. The grace period might not take effect if users already have more than the number of days set as grace period to manage their restart, based on deadline configurations.\n\nYou can set the device to delay restarting until both the deadline and grace period have expired.\n\nIf you disable or do not configure this policy, devices will get updates and will restart according to the default schedule.\n\nThis policy will override the following policies:\n1. Specify deadline before auto restart for update installation\n2. Specify Engaged restart transition and notification schedule for updates\n3. Always automatically restart at the scheduled time\n4. Configure Automatic Updates", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate" ], "ValueName": "SetComplianceDeadlineForFU", "Elements": [ { "Type": "Enum", "ValueName": "ConfigureDeadlineForFeatureUpdates", "Items": [ { "DisplayName": "0", "Data": "0" }, { "DisplayName": "1", "Data": "1" }, { "DisplayName": "2", "Data": "2" }, { "DisplayName": "3", "Data": "3" }, { "DisplayName": "4", "Data": "4" }, { "DisplayName": "5", "Data": "5" }, { "DisplayName": "6", "Data": "6" }, { "DisplayName": "7", "Data": "7" }, { "DisplayName": "8", "Data": "8" }, { "DisplayName": "9", "Data": "9" }, { "DisplayName": "10", "Data": "10" }, { "DisplayName": "11", "Data": "11" }, { "DisplayName": "12", "Data": "12" }, { "DisplayName": "13", "Data": "13" }, { "DisplayName": "14", "Data": "14" }, { "DisplayName": "15", "Data": "15" }, { "DisplayName": "16", "Data": "16" }, { "DisplayName": "17", "Data": "17" }, { "DisplayName": "18", "Data": "18" }, { "DisplayName": "19", "Data": "19" }, { "DisplayName": "20", "Data": "20" }, { "DisplayName": "21", "Data": "21" }, { "DisplayName": "22", "Data": "22" }, { "DisplayName": "23", "Data": "23" }, { "DisplayName": "24", "Data": "24" }, { "DisplayName": "25", "Data": "25" }, { "DisplayName": "26", "Data": "26" }, { "DisplayName": "27", "Data": "27" }, { "DisplayName": "28", "Data": "28" }, { "DisplayName": "29", "Data": "29" }, { "DisplayName": "30", "Data": "30" } ], "Required": true }, { "Type": "Enum", "ValueName": "ConfigureDeadlineGracePeriodForFeatureUpdates", "Items": [ { "DisplayName": "0", "Data": "0" }, { "DisplayName": "1", "Data": "1" }, { "DisplayName": "2", "Data": "2" }, { "DisplayName": "3", "Data": "3" }, { "DisplayName": "4", "Data": "4" }, { "DisplayName": "5", "Data": "5" }, { "DisplayName": "6", "Data": "6" }, { "DisplayName": "7", "Data": "7" } ], "Required": true }, { "Type": "Boolean", "ValueName": "ConfigureDeadlineNoAutoRebootForFeatureUpdates", "TrueValue": "1", "FalseValue": "0" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsUpdate.admx", "CategoryName": "WindowsUpdateExperience", "PolicyName": "ComplianceDeadline", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsUpdate", "Supported": "Windows_10_0_RS3 - At least Windows Server 2016, Windows 10 Version 1709", "DisplayName": "Specify deadline for automatic updates and restarts for quality update", "ExplainText": "This policy lets you specify the number of days before quality updates are installed on devices automatically, and a grace period after which required restarts occur automatically.\n\nSet deadlines for quality updates to meet your compliance goals. Updates will be downloaded and installed as soon as they are offered and automatic restarts will be attempted outside of active hours. Once the deadline has passed, restarts will occur regardless of active hours, and users will not be able to reschedule. If the deadline is set to 0 days, the update will be installed immediately upon offering, but might not finish within the day due to device availability and network connectivity.\n\nSet a grace period for quality updates to guarantee users a minimum time to manage their restarts once updates are installed. Users will be able to schedule restarts during the grace period and Windows can still automatically restart outside of active hours if users choose not to schedule restarts. The grace period might not take effect if users already have more than the number of days set as grace period to manage their restart, based on deadline configurations.\n\nYou can set the device to delay restarting until both the deadline and grace period have expired.\n\nIf you disable or do not configure this policy, devices will get updates and will restart according to the default schedule.\n\nThis policy will override the following policies:\n1. Specify deadline before auto restart for update installation\n2. Specify Engaged restart transition and notification schedule for updates\n3. Always automatically restart at the scheduled time\n4. Configure Automatic Updates", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate" ], "ValueName": "SetComplianceDeadlineForQU", "Elements": [ { "Type": "Enum", "ValueName": "ConfigureDeadlineForQualityUpdates", "Items": [ { "DisplayName": "0", "Data": "0" }, { "DisplayName": "1", "Data": "1" }, { "DisplayName": "2", "Data": "2" }, { "DisplayName": "3", "Data": "3" }, { "DisplayName": "4", "Data": "4" }, { "DisplayName": "5", "Data": "5" }, { "DisplayName": "6", "Data": "6" }, { "DisplayName": "7", "Data": "7" }, { "DisplayName": "8", "Data": "8" }, { "DisplayName": "9", "Data": "9" }, { "DisplayName": "10", "Data": "10" }, { "DisplayName": "11", "Data": "11" }, { "DisplayName": "12", "Data": "12" }, { "DisplayName": "13", "Data": "13" }, { "DisplayName": "14", "Data": "14" }, { "DisplayName": "15", "Data": "15" }, { "DisplayName": "16", "Data": "16" }, { "DisplayName": "17", "Data": "17" }, { "DisplayName": "18", "Data": "18" }, { "DisplayName": "19", "Data": "19" }, { "DisplayName": "20", "Data": "20" }, { "DisplayName": "21", "Data": "21" }, { "DisplayName": "22", "Data": "22" }, { "DisplayName": "23", "Data": "23" }, { "DisplayName": "24", "Data": "24" }, { "DisplayName": "25", "Data": "25" }, { "DisplayName": "26", "Data": "26" }, { "DisplayName": "27", "Data": "27" }, { "DisplayName": "28", "Data": "28" }, { "DisplayName": "29", "Data": "29" }, { "DisplayName": "30", "Data": "30" } ], "Required": true }, { "Type": "Enum", "ValueName": "ConfigureDeadlineGracePeriod", "Items": [ { "DisplayName": "0", "Data": "0" }, { "DisplayName": "1", "Data": "1" }, { "DisplayName": "2", "Data": "2" }, { "DisplayName": "3", "Data": "3" }, { "DisplayName": "4", "Data": "4" }, { "DisplayName": "5", "Data": "5" }, { "DisplayName": "6", "Data": "6" }, { "DisplayName": "7", "Data": "7" } ], "Required": true }, { "Type": "Boolean", "ValueName": "ConfigureDeadlineNoAutoRebootForQualityUpdates", "TrueValue": "1", "FalseValue": "0" }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsUpdate.admx", "CategoryName": "WindowsUpdateOffering", "PolicyName": "AllowOptionalContent", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsUpdate", "Supported": "WU_SUPPORTED_WinServer2025_Win1021H2_Win1122H2 - At least Windows Server 2025, Windows 10 Version 21H2, or Windows 11 Version 22H2", "DisplayName": "Enable optional updates", "ExplainText": "This policy enables devices to get optional updates (including gradual feature rollouts (CFRs) - learn more by visiting aka.ms/AllowOptionalContent)\n\nWhen the policy is configured\n\n\u2022 If \"Automatically receive optional updates (including CFRs)\" is selected, the device will get the latest optional updates automatically in line with the configured quality update deferrals. This includes optional cumulative updates and gradual feature rollouts (CFRs).\n\n\u2022 If \"Automatically receive optional updates\" is selected, the device will only get optional cumulative updates automatically, in line with the quality update deferrals.\n\n\u2022 If \"Users can select which optional updates to receive\" is selected, users can select which optional updates to get by visiting Settings > Windows Update > Advanced options > Optional updates. Users can also enable the toggle \"Get the latest updates as soon as they're available\" to automatically receive optional updates and gradual feature rollouts.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate" ], "ValueName": "SetAllowOptionalContent", "Elements": [ { "Type": "Enum", "ValueName": "AllowOptionalContent", "Items": [ { "DisplayName": "Automatically receive optional updates (including CFRs)", "Data": "1" }, { "DisplayName": "Automatically receive optional updates", "Data": "2" }, { "DisplayName": "Users can select which optional updates to receive", "Data": "3" } ], "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WindowsUpdate.admx", "CategoryName": "WindowsUpdateExperience", "PolicyName": "MaintenanceWindow", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsUpdate", "Supported": "WU_SUPPORTED_Win11_24H2_Preview - At least Windows 11 24H2. Currently in public preview.", "DisplayName": "Configure maintenance windows for automatic updates", "ExplainText": "Enable this policy to specify repeatable maintenance windows for the device to perform specified update actions. This policy is currently in preview.\n\nWhen this policy is enabled, Windows Update will only perform the specified update action during the configured maintenance window. Specified update actions outside maintenance window will be deferred until the next maintenance window begins.\n\n\u2022 Update Actions: Select which update actions are only allowed during maintenance window. If an update action is not selected, that action can happen outside of maintenance window.\n- Download, install, and restart: Complete update cycle including download, installation, and system restart\n- Install and restart: Install already downloaded updates and restart the device\n- Restart only: Only perform a system restart for pending updates\n\n\u2022 Basic Schedule Configuration:\n- Start Date: Specify the initial date when the first maintenance window begins (format: yyyy-mm-dd, example: 2025-10-30)\n* During preview, Start Date field only takes effect if Recurring schedule is set to \"None\"\n- Start Time: Set the time when the maintenance window starts (format: hh:mm, example: 23:30 for 11:30 PM)\n- Duration: Define how long each maintenance window lasts in hours (example: 2 for a 2-hour window)\n\n\u2022 Recurring Schedule Options:\n- No repeat: One-time maintenance window on the specified start date only\n- Daily: Maintenance window will be repeated every day\n- Weekly: Maintenance window will be repeated weekly on selected days of the week\n- Monthly: Maintenance window will be repeated monthly on a specific day\n\n\u2022 Weekly Schedule Settings (when Weekly is selected):\n- Day of the week Selection: Choose which days of the week the maintenance window occurs:\n* Sunday through Saturday: Check boxes to select specific day(s) of the week for the maintenance window\n\n\u2022 Monthly Schedule Settings (when Monthly is selected):\n- Monthly Schedule Type:\n* Date-based: Maintenance window occurs on a specific day of the month (example: 15th day of each month)\n* Week-based: Maintenance window occurs on a specific weekday occurrence within the month (example: 2nd Tuesday of each month)\n* Last day of the month: Maintenance window occurs on the last day of the month\n- Day of Month: When using date-based scheduling, specify which day of the month (1-28)\n- Occurrence in Month: When using week-based scheduling, select which week of the month (First, Second, Third, Fourth, or Last)\n- Day of the Week: When using week-based scheduling, select which day of the week (Sunday through Saturday)\n\nExamples of Monthly Configurations:\n- Date-based: \"3rd day of every month\" = Day of Month: 3\n- Week-based: \"Second Tuesday of every month\" = Occurrence: Second, Day of Week: Tuesday\n- Week-based: \"Last Friday of every month\" = Occurrence: Last, Day of Week: Friday\n- Last day of the month: \"Last day of every month\"\n\nAfter a non-repeating maintenance window occurs, the next maintenance window must be scheduled in 3 months. If the start date of a non-repeating maintenance window is more than 3 months in the past, this policy will be disregarded, and updates will be scheduled according to default settings.\n\nIf you disable or do not configure this policy, Windows Update will follow its default scheduling behavior.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate" ], "ValueName": "MaintenanceWindowEnabled", "Elements": [ { "Type": "Enum", "ValueName": "MaintenanceWindowUpdateActions", "Items": [ { "DisplayName": "Download, install, and restart", "Data": "1" }, { "DisplayName": "Install and restart", "Data": "2" }, { "DisplayName": "Restart only", "Data": "3" } ], "Required": true }, { "Type": "Text", "ValueName": "MaintenanceWindowStartDate" }, { "Type": "Text", "ValueName": "MaintenanceWindowStartTime" }, { "Type": "Decimal", "ValueName": "MaintenanceWindowDurationHours", "MinValue": "2", "MaxValue": "24", "Required": true }, { "Type": "Enum", "ValueName": "MaintenanceWindowRepeatScheduleOption", "Items": [ { "DisplayName": "No repeat", "Data": "1" }, { "DisplayName": "Daily", "Data": "2" }, { "DisplayName": "Weekly", "Data": "3" }, { "DisplayName": "Monthly", "Data": "4" } ], "Required": true }, { "Type": "Boolean", "ValueName": "MaintenanceWindowWeeklySunday", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "MaintenanceWindowWeeklyMonday", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "MaintenanceWindowWeeklyTuesday", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "MaintenanceWindowWeeklyWednesday", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "MaintenanceWindowWeeklyThursday", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "MaintenanceWindowWeeklyFriday", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Boolean", "ValueName": "MaintenanceWindowWeeklySaturday", "TrueValue": "1", "FalseValue": "0" }, { "Type": "Enum", "ValueName": "MaintenanceWindowMonthlySchedule", "Items": [ { "DisplayName": "Date-based", "Data": "1" }, { "DisplayName": "Week-based", "Data": "2" }, { "DisplayName": "Last day of the month", "Data": "3" } ], "Required": true }, { "Type": "Decimal", "ValueName": "MaintenanceWindowMonthlyMonthBasedDayOfMonth", "MinValue": "1", "MaxValue": "28", "Required": true }, { "Type": "Enum", "ValueName": "MaintenanceWindowMonthlyWeekBasedOccurrenceInMonth", "Items": [ { "DisplayName": "First", "Data": "1" }, { "DisplayName": "Second", "Data": "2" }, { "DisplayName": "Third", "Data": "3" }, { "DisplayName": "Fourth", "Data": "4" }, { "DisplayName": "Last", "Data": "5" } ], "Required": true }, { "Type": "Enum", "ValueName": "MaintenanceWindowMonthlyWeekBasedDayOfTheWeek", "Items": [ { "DisplayName": "Sunday", "Data": "1" }, { "DisplayName": "Monday", "Data": "2" }, { "DisplayName": "Tuesday", "Data": "3" }, { "DisplayName": "Wednesday", "Data": "4" }, { "DisplayName": "Thursday", "Data": "5" }, { "DisplayName": "Friday", "Data": "6" }, { "DisplayName": "Saturday", "Data": "7" } ], "Required": true }, { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WinInit.admx", "CategoryName": "Shutdown", "PolicyName": "DisableNamedPipeShutdownPolicyDescription", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsInitialization", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn off legacy remote shutdown interface", "ExplainText": "This policy setting controls the legacy remote shutdown interface (named pipe). The named pipe remote shutdown interface is needed in order to shutdown this system from a remote Windows XP or Windows Server 2003 system.\n\nIf you enable this policy setting, the system does not create the named pipe remote shutdown interface.\n\nIf you disable or do not configure this policy setting, the system creates the named pipe remote shutdown interface.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "ValueName": "DisableShutdownNamedPipe", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WinInit.admx", "CategoryName": "Shutdown", "PolicyName": "ShutdownTimeoutHungSessionsDescription", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsInitialization", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Timeout for hung logon sessions during shutdown", "ExplainText": "This policy setting configures the number of minutes the system waits for the hung logon sessions before proceeding with the system shutdown.\n\nIf you enable this policy setting, the system waits for the hung logon sessions for the number of minutes specified.\n\nIf you disable or do not configure this policy setting, the default timeout value is 3 minutes for workstations and 15 minutes for servers.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "Elements": [ { "Type": "Decimal", "ValueName": "ShutdownSessionTimeout", "MinValue": "0", "MaxValue": null } ] }, { "File": "WinInit.admx", "CategoryName": "ShutdownOptions", "PolicyName": "Hiberboot", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsInitialization", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Require use of fast startup", "ExplainText": "This policy setting controls the use of fast startup.\n\nIf you enable this policy setting, the system requires hibernate to be enabled.\n\nIf you disable or do not configure this policy setting, the local setting is used.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "HiberbootEnabled", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WinLogon.admx", "CategoryName": "Logon", "PolicyName": "DisplayLastLogonInfoDescription", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsLogon2", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Display information about previous logons during user logon", "ExplainText": "This policy setting controls whether or not the system displays information about previous logons and logon failures to the user.\n\nFor local user accounts and domain user accounts in domains of at least a Windows Server 2008 functional level, if you enable this setting, a message appears after the user logs on that displays the date and time of the last successful logon by that user, the date and time of the last unsuccessful logon attempted with that user name, and the number of unsuccessful logons since the last successful logon by that user. This message must be acknowledged by the user before the user is presented with the Microsoft Windows desktop.\n\nFor domain user accounts in Windows Server 2003, Windows 2000 native, or Windows 2000 mixed functional level domains, if you enable this setting, a warning message will appear that Windows could not retrieve the information and the user will not be able to log on. Therefore, you should not enable this policy setting if the domain is not at the Windows Server 2008 domain functional level.\n\nIf you disable or do not configure this setting, messages about the previous logon or logon failures are not displayed.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "ValueName": "DisplayLastLogonInfo", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WinLogon.admx", "CategoryName": "Logon", "PolicyName": "LogonHoursNotificationPolicyDescription", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsLogon2", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Remove logon hours expiration warnings", "ExplainText": "This policy controls whether the logged on user should be notified when his logon hours are about to expire. By default, a user is notified before logon hours expire, if actions have been set to occur when the logon hours expire.\n\nIf you enable this setting, warnings are not displayed to the user before the logon hours expire.\n\nIf you disable or do not configure this setting, users receive warnings before the logon hours expire, if actions have been set to occur when the logon hours expire.\n\nNote: If you configure this setting, you might want to examine and appropriately configure the \"Set action to take when logon hours expire\" setting. If \"Set action to take when logon hours expire\" is disabled or not configured, the \"Remove logon hours expiration warnings\" setting will have no effect, and users receive no warnings about logon hour expiration", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "ValueName": "DontDisplayLogonHoursWarnings", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WinLogon.admx", "CategoryName": "Logon", "PolicyName": "LogonHoursPolicyDescription", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsLogon2", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Set action to take when logon hours expire", "ExplainText": "This policy controls which action will be taken when the logon hours expire for the logged on user. The actions include lock the workstation, disconnect the user, or log the user off completely.\n\nIf you choose to lock or disconnect a session, the user cannot unlock the session or reconnect except during permitted logon hours.\n\nIf you choose to log off a user, the user cannot log on again except during permitted logon hours. If you choose to log off a user, the user might lose unsaved data.\n\nIf you enable this setting, the system will perform the action you specify when the user\u2019s logon hours expire.\n\nIf you disable or do not configure this setting, the system takes no action when the user\u2019s logon hours expire. The user can continue the existing session, but cannot log on to a new session.\n\nNote: If you configure this setting, you might want to examine and appropriately configure the \"Remove logon hours expiration warnings\" setting", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "Elements": [ { "Type": "Enum", "ValueName": "LogonHoursAction", "Items": [ { "DisplayName": "Lock", "Data": "1" }, { "DisplayName": "Disconnect", "Data": "2" }, { "DisplayName": "Logoff", "Data": "3" } ] } ] }, { "File": "WinLogon.admx", "CategoryName": "Logon", "PolicyName": "SoftwareSASGeneration", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsLogon2", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Disable or enable software Secure Attention Sequence", "ExplainText": "This policy setting controls whether or not software can simulate the Secure Attention Sequence (SAS).\n\nIf you enable this policy setting, you have one of four options:\n\nIf you set this policy setting to \"None,\" user mode software cannot simulate the SAS.\nIf you set this policy setting to \"Services,\" services can simulate the SAS.\nIf you set this policy setting to \"Ease of Access applications,\" Ease of Access applications can simulate the SAS.\nIf you set this policy setting to \"Services and Ease of Access applications,\" both services and Ease of Access applications can simulate the SAS.\n\nIf you disable or do not configure this setting, only Ease of Access applications running on the secure desktop can simulate the SAS.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "Elements": [ { "Type": "Enum", "ValueName": "SoftwareSASGeneration", "Items": [ { "DisplayName": "None", "Data": "0" }, { "DisplayName": "Services", "Data": "1" }, { "DisplayName": "Ease of Access applications", "Data": "2" }, { "DisplayName": "Services and Ease of Access applications", "Data": "3" } ] } ] }, { "File": "WinLogon.admx", "CategoryName": "Logon", "PolicyName": "ReportCachedLogonPolicyDescription", "Class": "Both", "NameSpace": "Microsoft.Policies.WindowsLogon2", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Report when logon server was not available during user logon", "ExplainText": "This policy controls whether the logged on user should be notified if the logon server could not be contacted during logon and he has been logged on using previously stored account information.\n\nIf enabled, a notification popup will be displayed to the user when the user logs on with cached credentials.\n\nIf disabled or not configured, no popup will be displayed to the user.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "ValueName": "ReportControllerMissing", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WinLogon.admx", "CategoryName": "System", "PolicyName": "CustomShell", "Class": "User", "NameSpace": "Microsoft.Policies.WindowsLogon2", "Supported": "Win2k - At least Windows 2000", "DisplayName": "Custom User Interface", "ExplainText": "Specifies an alternate user interface.\n\nThe Explorer program (%windir%\\explorer.exe) creates the familiar Windows interface, but you can use this setting to specify an alternate interface. If you enable this setting, the system starts the interface you specify instead of Explorer.exe.\n\nTo use this setting, copy your interface program to a network share or to your system drive. Then, enable this setting, and type the name of the interface program, including the file name extension, in the Shell name text box. If the interface program file is not located in a folder specified in the Path environment variable for your system, enter the fully qualified path to the file.\n\nIf you disable this setting or do not configure it, the setting is ignored and the system displays the Explorer interface.\n\nTip: To find the folders indicated by the Path environment variable, click System Properties in Control Panel, click the Advanced tab, click the Environment Variables button, and then, in the System variables box, click Path.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "Elements": [ { "Type": "Text", "ValueName": "Shell", "Required": true } ] }, { "File": "WinLogon.admx", "CategoryName": "Logon", "PolicyName": "AutomaticRestartSignOn", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsLogon2", "Supported": "Windows_10_0_RS6_NOSERVER - At least Windows 10 Version 1903", "DisplayName": "Sign-in and lock last interactive user automatically after a restart", "ExplainText": "This policy setting controls whether a device will automatically sign in and lock the last interactive user after the system restarts or after a shutdown and cold boot.\n\nThis only occurs if the last interactive user didn\u2019t sign out before the restart or shutdown.\u200b\n\nIf the device is joined to Active Directory or Azure Active Directory, this policy only applies to Windows Update restarts. Otherwise, this will apply to both Windows Update restarts and user-initiated restarts and shutdowns.\u200b\n\nIf you don\u2019t configure this policy setting, it is enabled by default. When the policy is enabled, the user is automatically signed in and the session is automatically locked with all lock screen apps configured for that user after the device boots.\u200b\n\nAfter enabling this policy, you can configure its settings through the ConfigAutomaticRestartSignOn policy, which configures the mode of automatically signing in and locking the last interactive user after a restart or cold boot\u200b.\n\nIf you disable this policy setting, the device does not configure automatic sign in. The user\u2019s lock screen apps are not restarted after the system restarts.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "ValueName": "DisableAutomaticRestartSignOn", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "WinLogon.admx", "CategoryName": "Logon", "PolicyName": "ConfigAutomaticRestartSignOn", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsLogon2", "Supported": "Windows_10_0_RS6_NOSERVER - At least Windows 10 Version 1903", "DisplayName": "Configure the mode of automatically signing in and locking last interactive user after a restart or cold boot", "ExplainText": "This policy setting controls the configuration under which an automatic restart and sign on and lock occurs after a restart or cold boot. If you chose \"Disabled\" in the \"Sign-in and lock last interactive user automatically after a restart\" policy, then automatic sign on will not occur and this policy does not need to be configured.\n\nIf you enable this policy setting, you can choose one of the following two options:\n\n1. \"Enabled if BitLocker is on and not suspended\" specifies that automatic sign on and lock will only occur if BitLocker is active and not suspended during the reboot or shutdown. Personal data can be accessed on the device\u2019s hard drive at this time if BitLocker is not on or suspended during an update. BitLocker suspension temporarily removes protection for system components and data but may be needed in certain circumstances to successfully update boot-critical components.\nBitLocker is suspended during updates if:\n- The device doesn\u2019t have TPM 2.0 and PCR7, or\n- The device doesn\u2019t use a TPM-only protector\n2. \"Always Enabled\" specifies that automatic sign on will happen even if BitLocker is off or suspended during reboot or shutdown. When BitLocker is not enabled, personal data is accessible on the hard drive. Automatic restart and sign on should only be run under this condition if you are confident that the configured device is in a secure physical location.\n\nIf you disable or don\u2019t configure this setting, automatic sign on will default to the \"Enabled if BitLocker is on and not suspended\" behavior.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "Elements": [ { "Type": "Enum", "ValueName": "AutomaticRestartSignOnConfig", "Items": [ { "DisplayName": "Enabled if BitLocker is on and not suspended", "Data": "0" }, { "DisplayName": "Always Enabled", "Data": "1" } ] } ] }, { "File": "WinLogon.admx", "CategoryName": "Logon", "PolicyName": "EnableMPRNotifications", "Class": "Machine", "NameSpace": "Microsoft.Policies.WindowsLogon2", "Supported": "Windows_10_0_RS6_NOSERVER - At least Windows 10 Version 1903", "DisplayName": "Configure the transmission of the user's password in the content of MPR notifications sent by winlogon.", "ExplainText": "This policy controls whether the user's password is included in the content of MPR notifications sent by winlogon in the system.\n\nIf you disable this setting or do not configure it, winlogon sends MPR notifications with empty password fields of the user's authentication info.\n\nIf you enable this setting, winlogon sends MPR notifications containing the user's password in the authentication info.", "KeyPath": [ "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" ], "ValueName": "EnableMPR", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WinMaps.admx", "CategoryName": "Maps", "PolicyName": "TurnOffAutoUpdate", "Class": "Machine", "NameSpace": "Microsoft.Policies.WinMaps", "Supported": "Windows_10_0_NOSERVER - At least Windows 10", "DisplayName": "Turn off Automatic Download and Update of Map Data", "ExplainText": "Enables or disables the automatic download and update of map data.\n\nIf you enable this setting the automatic download and update of map data is turned off.\n\nIf you disable this setting the automatic download and update of map data is turned on.\n\nIf you don't configure this setting the automatic download and update of map data is determined by a registry setting that the user can change using Windows Settings.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Maps" ], "ValueName": "AutoDownloadAndUpdateMapData", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "WinMaps.admx", "CategoryName": "Maps", "PolicyName": "DisallowUntriggeredNetworkOnSettingsPage", "Class": "Machine", "NameSpace": "Microsoft.Policies.WinMaps", "Supported": "Windows_10_0_NOSERVER - At least Windows 10", "DisplayName": "Turn off unsolicited network traffic on the Offline Maps settings page", "ExplainText": "This policy setting allows you to turn on or turn off unsolicited network traffic on the Offline Maps page in Settings > System > Offline Maps.\n\nIf you enable this policy setting, features that generate network traffic on the Offline Maps settings page are turned off. Note: This may turn off the entire settings page.\n\nIf you disable or do not configure this policy setting, the Offline Maps setting page may generate network traffic.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Maps" ], "ValueName": "AllowUntriggeredNetworkTrafficOnSettingsPage", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "Winsrv.admx", "CategoryName": "ShutdownOptions", "PolicyName": "AllowBlockingAppsAtShutdown", "Class": "Machine", "NameSpace": "Microsoft.Policies.ShutdownResolver", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Turn off automatic termination of applications that block or cancel shutdown", "ExplainText": "This policy setting specifies whether Windows will allow console applications and GUI applications without visible top-level windows to block or cancel shutdown. By default, such applications are automatically terminated if they attempt to cancel shutdown or block it indefinitely.\n\nIf you enable this setting, console applications or GUI applications without visible top-level windows that block or cancel shutdown will not be automatically terminated during shutdown.\n\nIf you disable or do not configure this setting, these applications will be automatically terminated during shutdown, helping to ensure that Windows can shut down faster and more smoothly.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\System" ], "ValueName": "AllowBlockingAppsAtShutdown", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WirelessDisplay.admx", "CategoryName": "Connect", "PolicyName": "AllowProjectionToPC", "Class": "Machine", "NameSpace": "Microsoft.Policies.Connect", "Supported": "Windows_10_0_NOSERVER - At least Windows 10", "DisplayName": "Don't allow this PC to be projected to", "ExplainText": "This policy setting allows you to turn off projection to a PC.\n\nIf you turn it on, your PC isn't discoverable and can't be projected to except if the user manually launches the Wireless Display app.\n\nIf you turn it off or don't configure it, your PC is discoverable and can be projected to above lock screen only. The user has an option to turn it always on or off except for manual launch, too.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Connect" ], "ValueName": "AllowProjectionToPC", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WirelessDisplay.admx", "CategoryName": "Connect", "PolicyName": "RequirePinForPairing", "Class": "Machine", "NameSpace": "Microsoft.Policies.Connect", "Supported": "Windows_10_0_NOSERVER - At least Windows 10", "DisplayName": "Require pin for pairing", "ExplainText": "This policy setting allows you to require a pin for pairing.\n\nIf you set this to 'Never', a pin isn't required for pairing.\n\nIf you set this to 'First Time', the pairing ceremony for new devices will always require a PIN.\n\nIf you set this to 'Always', all pairings will require PIN.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Connect" ], "Elements": [ { "Type": "Enum", "ValueName": "RequirePinForPairing", "Items": [ { "DisplayName": "Never", "Data": "0" }, { "DisplayName": "First Time", "Data": "1" }, { "DisplayName": "Always", "Data": "2" } ], "Required": true } ] }, { "File": "wlansvc.admx", "CategoryName": "NetworkCost_Category", "PolicyName": "SetCost", "Class": "Machine", "NameSpace": "Microsoft.Policies.WlanSvc", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Set Cost", "ExplainText": "This policy setting configures the cost of Wireless LAN (WLAN) connections on the local machine.\n\nIf this policy setting is enabled, a drop-down list box presenting possible cost values will be active. Selecting one of the following values from the list will set the cost of all WLAN connections on the local machine:\n\n- Unrestricted: Use of this connection is unlimited and not restricted by usage charges and capacity constraints.\n\n- Fixed: Use of this connection is not restricted by usage charges and capacity constraints up to a certain data limit.\n\n- Variable: This connection is costed on a per byte basis.\n\nIf this policy setting is disabled or is not configured, the cost of Wireless LAN connections is Unrestricted by default.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\Wireless\\NetCost" ], "Elements": [ { "Type": "Enum", "ValueName": "Cost", "Items": [ { "DisplayName": "Unrestricted", "Data": "1" }, { "DisplayName": "Fixed", "Data": "2" }, { "DisplayName": "Variable", "Data": "3" } ], "Required": true } ] }, { "File": "wlansvc.admx", "CategoryName": "Wireless_Display_Category", "PolicyName": "SetPINEnforced", "Class": "Machine", "NameSpace": "Microsoft.Policies.WlanSvc", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Require PIN pairing", "ExplainText": "This policy applies to Wireless Display connections. This policy means that the use of a PIN for pairing to Wireless Display devices is required rather than optional.\n\nConversely it means that Push Button is NOT allowed.\n\nIf this policy setting is disabled or is not configured, by default Push Button pairing is allowed (but not necessarily preferred).", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\WirelessDisplay" ], "ValueName": "EnforcePinBasedPairing", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "wlansvc.admx", "CategoryName": "Wireless_Display_Category", "PolicyName": "SetPINPreferred", "Class": "Machine", "NameSpace": "Microsoft.Policies.WlanSvc", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Prefer PIN pairing", "ExplainText": "This policy applies to Wireless Display connections. This policy changes the preference order of the pairing methods.\n\nWhen enabled, it makes the connections to prefer a PIN for pairing to Wireless Display devices over the Push Button pairing method.\n\nIf this policy setting is disabled or is not configured, by default Push Button pairing is preferred (if allowed by other policies).", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\WirelessDisplay" ], "ValueName": "PreferPinBasedPairing", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "wlansvc.admx", "CategoryName": "WlanSettings_Category", "PolicyName": "WiFiSense", "Class": "Machine", "NameSpace": "Microsoft.Policies.WlanSvc", "Supported": "Windows_10_0_NOSERVER - At least Windows 10", "DisplayName": "Allow Windows to automatically connect to suggested open hotspots, to networks shared by contacts, and to hotspots offering paid services", "ExplainText": "This policy setting determines whether users can enable the following WLAN settings: \"Connect to suggested open hotspots,\" \"Connect to networks shared by my contacts,\" and \"Enable paid services\".\n\n\"Connect to suggested open hotspots\" enables Windows to automatically connect users to open hotspots it knows about by crowdsourcing networks that other people using Windows have connected to.\n\n\"Connect to networks shared by my contacts\" enables Windows to automatically connect to networks that the user's contacts have shared with them, and enables users on this device to share networks with their contacts.\n\n\"Enable paid services\" enables Windows to temporarily connect to open hotspots to determine if paid services are available.\n\nIf this policy setting is disabled, both \"Connect to suggested open hotspots,\" \"Connect to networks shared by my contacts,\" and \"Enable paid services\" will be turned off and users on this device will be prevented from enabling them.\n\nIf this policy setting is not configured or is enabled, users can choose to enable or disable either \"Connect to suggested open hotspots\" or \"Connect to networks shared by my contacts\".", "KeyPath": [ "HKLM\\Software\\Microsoft\\wcmsvc\\wifinetworkmanager\\config" ], "ValueName": "AutoConnectAllowedOEM", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WordWheel.admx", "CategoryName": "WordwheelPolicies", "PolicyName": "CustomSearch", "Class": "User", "NameSpace": "Microsoft.Policies.WordWheel", "Supported": "WindowsVista - At least Windows Vista", "DisplayName": "Custom Instant Search Internet search provider", "ExplainText": "Set up the menu name and URL for the custom Internet search provider.\n\nIf you enable this setting, the specified menu name and URL will be used for Internet searches.\n\nIf you disable or not configure this setting, the default Internet search provider will be used.", "KeyPath": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\SearchExtensions" ], "Elements": [ { "Type": "Text", "ValueName": "InternetExtensionName", "Required": true }, { "Type": "Text", "ValueName": "InternetExtensionAction", "Required": true } ] }, { "File": "WorkFolders-Client.admx", "CategoryName": "Cat_WorkFolders", "PolicyName": "Pol_MachineEnableWorkFolders", "Class": "Machine", "NameSpace": "Microsoft.Policies.WorkFolders", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Force automatic setup for all users", "ExplainText": "This policy setting specifies whether Work Folders should be set up automatically for all users of the affected computer.\n\nIf you enable this policy setting, Work Folders will be set up automatically for all users of the affected computer. This prevents users from choosing not to use Work Folders on the computer; it also prevents them from manually specifying the local folder in which Work Folders stores files. Work Folders will use the settings specified in the \"Specify Work Folders settings\" policy setting in User Configuration\\Administrative Templates\\Windows Components\\WorkFolders. If the \"Specify Work Folders settings\" policy setting does not apply to a user, Work Folders is not automatically set up.\n\nIf you disable or do not configure this policy setting, Work Folders uses the \"Force automatic setup\" option of the \"Specify Work Folders settings\" policy setting to determine whether to automatically set up Work Folders for a given user.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WorkFolders" ], "ClientExtension": "{4d968b55-cac2-4ff5-983f-0a54603781a3}", "ValueName": "AutoProvision", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WorkFolders-Client.admx", "CategoryName": "Cat_WorkFolders", "PolicyName": "Pol_UserEnableWorkFolders", "Class": "User", "NameSpace": "Microsoft.Policies.WorkFolders", "Supported": "Windows7 - At least Windows Server 2008 R2 or Windows 7", "DisplayName": "Specify Work Folders settings", "ExplainText": "This policy setting specifies the Work Folders server for affected users, as well as whether or not users are allowed to change settings when setting up Work Folders on a domain-joined computer.\n\nIf you enable this policy setting, affected users receive Work Folders settings when they sign in to a domain-joined PC. If this policy setting is disabled or not configured, no Work Folders settings are specified for the affected users, though users can manually set up Work Folders by using the Work Folders Control Panel item.\n\nThe \"Work Folders URL\" can specify either the URL used by the organization for Work Folders discovery, or the specific URL of the file server that stores the affected users' data.\n\nThe \"Work Folders Local Path\" specifies the local folder used on the client machine to sync files. This path may contain environment variables. Note: In order for this configuration to take effect, a valid 'Work Folders URL' must also be specified.\n\nThe \"On-demand file access preference\" option controls whether to enable on-demand file access. When enabled, the user controls which files in Work Folders are available offline on a given PC. The rest of the files in Work Folders are always visible and don\u2019t take up any space on the PC, but the user must be connected to the Internet to access them.\n\nIf you enable this policy setting, on-demand file access is enabled.\nIf you disable this policy setting, on-demand file access is disabled, and enough storage space to store all the user\u2019s files is required on each of their PCs.\nIf you specify User choice or do not configure this policy setting, the user decides whether to enable on-demand file access. However, if the Force automatic setup policy setting is enabled, Work Folders is set up automatically with on-demand file access enabled.\n\nThe \"Force automatic setup\" option specifies that Work Folders should be set up automatically without prompting users. This prevents users from choosing not to use Work Folders on the computer; it also prevents them from manually specifying the local folder in which Work Folders stores files. By default, Work Folders is stored in the \"%USERPROFILE%\\Work Folders\" folder. If this option is not specified, users must use the Work Folders Control Panel item on their computers to set up Work Folders.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\WorkFolders" ], "ClientExtension": "{4d968b55-cac2-4ff5-983f-0a54603781a3}", "Elements": [ { "Type": "Text", "ValueName": "SyncUrl" }, { "Type": "Text", "ValueName": "LocalFolderPath" }, { "Type": "Enum", "ValueName": "GhostingPreference", "Items": [ { "DisplayName": "Enable (recommended)", "Data": "1" }, { "DisplayName": "Disable", "Data": "2" }, { "DisplayName": "User choice", "Data": "3" } ] }, { "Type": "Boolean", "ValueName": "AutoProvision", "TrueValue": "1", "FalseValue": "0" } ] }, { "File": "WorkFolders-Client.admx", "CategoryName": "Cat_WorkFolders", "PolicyName": "Pol_UserEnableTokenBroker", "Class": "User", "NameSpace": "Microsoft.Policies.WorkFolders", "Supported": "Windows_10_0_RS2 - At least Windows Server 2016, Windows 10 Version 1703", "DisplayName": "Enables the use of Token Broker for AD FS authentication", "ExplainText": "This policy specifies whether Work Folders should use Token Broker for interactive AD FS authentication instead of its own OAuth2 token flow used in previous versions.", "KeyPath": [ "HKCU\\Software\\Policies\\Microsoft\\Windows\\WorkFolders" ], "ClientExtension": "{4d968b55-cac2-4ff5-983f-0a54603781a3}", "ValueName": "EnableTokenBroker", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WorkplaceJoin.admx", "CategoryName": "WorkplaceJoin", "PolicyName": "WJ_AutoJoin", "Class": "Machine", "NameSpace": "Microsoft.Policies.WorkplaceJoin", "Supported": "Windows_6_3_NOARM - At least Windows Server 2012 R2 or Windows 8.1", "DisplayName": "Register domain joined computers as devices", "ExplainText": "This setting lets you configure how domain joined computers become registered as devices.\n\nWhen you enable this setting, domain joined computers automatically and silently get registered as devices with Azure Active Directory.\n\nNote: Additional requirements may apply on certain Windows SKUs. Refer to Azure Active Directory Device Registration Overview.\n\nhttp://go.microsoft.com/fwlink/?LinkId=307136", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WorkplaceJoin" ], "ValueName": "autoWorkplaceJoin", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WPN.admx", "CategoryName": "NotificationsCategory", "PolicyName": "WnsEndpoint_Policy", "Class": "Machine", "NameSpace": "Microsoft.Policies.Notifications", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Enables group policy for the WNS FQDN", "ExplainText": "This policy sets a special WNS FQDN for specific environments.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\PushNotifications" ], "Elements": [ { "Type": "Text", "ValueName": "WnsEndpoint" } ] }, { "File": "WPN.admx", "CategoryName": "NotificationsCategory", "PolicyName": "NoTileNotification", "Class": "User", "NameSpace": "Microsoft.Policies.Notifications", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Turn off tile notifications", "ExplainText": "This policy setting turns off tile notifications.\n\nIf you enable this policy setting, applications and system features will not be able to update their tiles and tile badges in the Start screen.\n\nIf you disable or do not configure this policy setting, tile and badge notifications are enabled and can be turned off by the administrator or user.\n\nNo reboots or service restarts are required for this policy setting to take effect.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\PushNotifications" ], "ValueName": "NoTileApplicationNotification", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WPN.admx", "CategoryName": "NotificationsCategory", "PolicyName": "NoToastNotification", "Class": "Both", "NameSpace": "Microsoft.Policies.Notifications", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Turn off toast notifications", "ExplainText": "This policy setting turns off toast notifications for applications.\n\nIf you enable this policy setting, applications will not be able to raise toast notifications.\n\nNote that this policy does not affect taskbar notification balloons.\n\nNote that Windows system features are not affected by this policy. You must enable/disable system features individually to stop their ability to raise toast notifications.\n\nIf you disable or do not configure this policy setting, toast notifications are enabled and can be turned off by the administrator or user.\n\nNo reboots or service restarts are required for this policy setting to take effect.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\PushNotifications", "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\PushNotifications" ], "ValueName": "NoToastApplicationNotification", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WPN.admx", "CategoryName": "NotificationsCategory", "PolicyName": "NoLockScreenToastNotification", "Class": "User", "NameSpace": "Microsoft.Policies.Notifications", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Turn off toast notifications on the lock screen", "ExplainText": "This policy setting turns off toast notifications on the lock screen.\n\nIf you enable this policy setting, applications will not be able to raise toast notifications on the lock screen.\n\nIf you disable or do not configure this policy setting, toast notifications on the lock screen are enabled and can be turned off by the administrator or user.\n\nNo reboots or service restarts are required for this policy setting to take effect.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\PushNotifications" ], "ValueName": "NoToastApplicationNotificationOnLockScreen", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WPN.admx", "CategoryName": "NotificationsCategory", "PolicyName": "NoCloudNotification", "Class": "Machine", "NameSpace": "Microsoft.Policies.Notifications", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Turn off notifications network usage", "ExplainText": "This policy setting blocks applications from using the network to send notifications to update tiles, tile badges, toast, or raw notifications. This policy setting turns off the connection between Windows and the Windows Push Notification Service (WNS). This policy setting also stops applications from being able to poll application services to update tiles.\n\nIf you enable this policy setting, applications and system features will not be able receive notifications from the network from WNS or via notification polling APIs.\n\nIf you enable this policy setting, notifications can still be raised by applications running on the machine via local API calls from within the application.\n\nIf you disable or do not configure this policy setting, the client computer will connect to WNS at user login and applications will be allowed to poll for tile notification updates in the background.\n\nNo reboots or service restarts are required for this policy setting to take effect.", "KeyPath": [ "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\PushNotifications" ], "ValueName": "NoCloudApplicationNotification", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WPN.admx", "CategoryName": "NotificationsCategory", "PolicyName": "NoQuietHours", "Class": "User", "NameSpace": "Microsoft.Policies.Notifications", "Supported": "Windows_6_3only - Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1 only", "DisplayName": "Turn off Quiet Hours", "ExplainText": "This policy setting turns off Quiet Hours functionality.\n\nIf you enable this policy setting, toast notifications will not be suppressed and some background tasks will not be deferred during the designated Quiet Hours time window each day.\n\nIf you disable this policy setting, toast notifications will be suppressed and some background task deferred during the designated Quiet Hours time window. Users will not be able to change this or any other Quiet Hours settings.\n\nIf you do not configure this policy setting, Quiet Hours are enabled by default but can be turned off or by the administrator or user.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\QuietHours" ], "ValueName": "Enable", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "WPN.admx", "CategoryName": "NotificationsCategory", "PolicyName": "QuietHoursDailyBeginMinute", "Class": "User", "NameSpace": "Microsoft.Policies.Notifications", "Supported": "Windows_6_3only - Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1 only", "DisplayName": "Set the time Quiet Hours begins each day", "ExplainText": "This policy setting specifies the number of minutes after midnight (local time) that Quiet Hours is to begin each day.\n\nIf you enable this policy setting, the specified time will be used, and users will not be able to customize any Quiet Hours settings.\n\nIf you disable this policy setting, a default value will be used, and users will not be able to change it or any other Quiet Hours setting.\n\nIf you do not configure this policy setting, a default value will be used, which administrators and users will be able to modify.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\QuietHours" ], "Elements": [ { "Type": "Decimal", "ValueName": "EntryTime", "MinValue": "0", "MaxValue": "1439" } ] }, { "File": "WPN.admx", "CategoryName": "NotificationsCategory", "PolicyName": "QuietHoursDailyEndMinute", "Class": "User", "NameSpace": "Microsoft.Policies.Notifications", "Supported": "Windows_6_3only - Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1 only", "DisplayName": "Set the time Quiet Hours ends each day", "ExplainText": "This policy setting specifies the number of minutes after midnight (local time) that Quiet Hours is to end each day.\n\nIf you enable this policy setting, the specified time will be used, and users will not be able to customize any Quiet Hours settings.\n\nIf you disable this policy setting, a default value will be used, and users will not be able to change it or any other Quiet Hours setting.\n\nIf you do not configure this policy setting, a default value will be used, which administrators and users will be able to modify.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\QuietHours" ], "Elements": [ { "Type": "Decimal", "ValueName": "ExitTime", "MinValue": "0", "MaxValue": "1439" } ] }, { "File": "WPN.admx", "CategoryName": "NotificationsCategory", "PolicyName": "NoCallsDuringQuietHours", "Class": "User", "NameSpace": "Microsoft.Policies.Notifications", "Supported": "Windows_6_3only - Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1 only", "DisplayName": "Turn off calls during Quiet Hours", "ExplainText": "This policy setting blocks voice and video calls during Quiet Hours.\n\nIf you enable this policy setting, voice and video calls will be blocked during the designated Quiet Hours time window each day, and users will not be able to customize any other Quiet Hours settings.\n\nIf you disable this policy setting, voice and video calls will be allowed during Quiet Hours, and users will not be able to customize this or any other Quiet Hours settings.\n\nIf you do not configure this policy setting, voice and video calls will be allowed during Quiet Hours by default. Adminstrators and users will be able to modify this setting.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\QuietHours" ], "ValueName": "AllowCalls", "Elements": [ { "Type": "EnabledValue", "Data": "0" }, { "Type": "DisabledValue", "Data": "1" } ] }, { "File": "WPN.admx", "CategoryName": "NotificationsCategory", "PolicyName": "NoNotificationMirroring", "Class": "User", "NameSpace": "Microsoft.Policies.Notifications", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Turn off notification mirroring", "ExplainText": "This policy setting turns off notification mirroring.\n\nIf you enable this policy setting, notifications from applications and system will not be mirrored to your other devices.\n\nIf you disable or do not configure this policy setting, notifications will be mirrored, and can be turned off by the administrator or user.\n\nNo reboots or service restarts are required for this policy setting to take effect.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\PushNotifications" ], "ValueName": "DisallowNotificationMirroring", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "WPN.admx", "CategoryName": "NotificationsCategory", "PolicyName": "ExpandedToastNotifications", "Class": "User", "NameSpace": "Microsoft.Policies.Notifications", "Supported": "Windows_10_0_VB_Only_NOSERVER - Windows 10 only with at least Windows 10 Version 2004", "DisplayName": "Turn on multiple expanded toast notifications in action center", "ExplainText": "This policy setting turns on multiple expanded toast notifications in action center.\n\nIf you enable this policy setting, the first three notifications of each application will be expanded by default in action center.\n\nIf you disable or do not configure this policy setting, only the first notification of each application will be expanded by default in action center.\n\nWindows 10 only. This will be immediately deprecated for Windows 11.\n\nNo reboots or service restarts are required for this policy setting to take effect.", "KeyPath": [ "HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\PushNotifications" ], "ValueName": "EnableExpandedToastNotifications", "Elements": [ { "Type": "EnabledValue", "Data": "1" }, { "Type": "DisabledValue", "Data": "0" } ] }, { "File": "wwansvc.admx", "CategoryName": "NetworkCost_Category", "PolicyName": "SetCost3G", "Class": "Machine", "NameSpace": "Microsoft.Policies.WwanSvc", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Set 3G Cost", "ExplainText": "This policy setting configures the cost of 3G connections on the local machine.\n\nIf this policy setting is enabled, a drop-down list box presenting possible cost values will be active. Selecting one of the following values from the list will set the cost of all 3G connections on the local machine:\n\n- Unrestricted: Use of this connection is unlimited and not restricted by usage charges and capacity constraints.\n\n- Fixed: Use of this connection is not restricted by usage charges and capacity constraints up to a certain data limit.\n\n- Variable: This connection is costed on a per byte basis.\n\nIf this policy setting is disabled or is not configured, the cost of 3G connections is Fixed by default.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WwanSvc\\NetCost" ], "Elements": [ { "Type": "Enum", "ValueName": "Cost3G", "Items": [ { "DisplayName": "Unrestricted", "Data": "1" }, { "DisplayName": "Fixed", "Data": "2" }, { "DisplayName": "Variable", "Data": "3" } ], "Required": true } ] }, { "File": "wwansvc.admx", "CategoryName": "NetworkCost_Category", "PolicyName": "SetCost4G", "Class": "Machine", "NameSpace": "Microsoft.Policies.WwanSvc", "Supported": "Windows8 - At least Windows Server 2012, Windows 8 or Windows RT", "DisplayName": "Set 4G Cost", "ExplainText": "This policy setting configures the cost of 4G connections on the local machine.\n\nIf this policy setting is enabled, a drop-down list box presenting possible cost values will be active. Selecting one of the following values from the list will set the cost of all 4G connections on the local machine:\n\n- Unrestricted: Use of this connection is unlimited and not restricted by usage charges and capacity constraints.\n\n- Fixed: Use of this connection is not restricted by usage charges and capacity constraints up to a certain data limit.\n\n- Variable: This connection is costed on a per byte basis.\n\nIf this policy setting is disabled or is not configured, the cost of 4G connections is Fixed by default.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WwanSvc\\NetCost" ], "Elements": [ { "Type": "Enum", "ValueName": "Cost4G", "Items": [ { "DisplayName": "Unrestricted", "Data": "1" }, { "DisplayName": "Fixed", "Data": "2" }, { "DisplayName": "Variable", "Data": "3" } ], "Required": true } ] }, { "File": "wwansvc.admx", "CategoryName": "UISettings_Category", "PolicyName": "ShowAppCellularAccessUI", "Class": "Machine", "NameSpace": "Microsoft.Policies.WwanSvc", "Supported": "Windows_10_0 - At least Windows Server 2016, Windows 10", "DisplayName": "Set Per-App Cellular Access UI Visibility", "ExplainText": "This policy setting configures the visibility of the link to the per-application cellular access control page in the cellular setting UX.\n\nIf this policy setting is enabled, a drop-down list box presenting possible values will be active. Select \"Hide\" or \"Show\" to hide or show the link to the per-application cellular access control page.\nIf this policy setting is disabled or is not configured, the link to the per-application cellular access control page is showed by default.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WwanSvc\\UISettings" ], "Elements": [ { "Type": "Enum", "ValueName": "AppCellularAccessUI", "Items": [ { "DisplayName": "Hide", "Data": "0" }, { "DisplayName": "Show", "Data": "1" } ], "Required": true } ] }, { "File": "wwansvc.admx", "CategoryName": "CellularDataAccess", "PolicyName": "LetAppsAccessCellularData", "Class": "Machine", "NameSpace": "Microsoft.Policies.WwanSvc", "Supported": "Windows_10_0_RS2 - At least Windows Server 2016, Windows 10 Version 1703", "DisplayName": "Let Windows apps access cellular data", "ExplainText": "This policy setting specifies whether Windows apps can access cellular data.\n\nYou can specify either a default setting for all apps or a per-app setting by specifying a Package Family Name. You can get the Package Family Name for an app by using the Get-AppPackage Windows PowerShell cmdlet. A per-app setting overrides the default setting.\n\nIf you choose the \"User is in control\" option, employees in your organization can decide whether Windows apps can access cellular data by using Settings > Network - Internet > Cellular on the device.\n\nIf you choose the \"Force Allow\" option, Windows apps are allowed to access cellular data and employees in your organization cannot change it.\n\nIf you choose the \"Force Deny\" option, Windows apps are not allowed to access cellular data and employees in your organization cannot change it.\n\nIf you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access cellular data by using Settings > Network - Internet > Cellular on the device.\n\nIf an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.", "KeyPath": [ "HKLM\\Software\\Policies\\Microsoft\\Windows\\WwanSvc\\CellularDataAccess" ], "Elements": [ { "Type": "Enum", "ValueName": "LetAppsAccessCellularData", "Items": [ { "DisplayName": "User is in control", "Data": "0" }, { "DisplayName": "Force Allow", "Data": "1" }, { "DisplayName": "Force Deny", "Data": "2" } ] }, { "Type": "MultiText", "ValueName": "LetAppsAccessCellularData_UserInControlOfTheseApps" }, { "Type": "MultiText", "ValueName": "LetAppsAccessCellularData_ForceAllowTheseApps" }, { "Type": "MultiText", "ValueName": "LetAppsAccessCellularData_ForceDenyTheseApps" } ] } ]