Configure use of smart cards on removable data drives
This policy setting allows you to specify whether smart cards can be used to authenticate user access to BitLocker-protected removable data drives on a computer.
If you enable this policy setting smart cards can be used to authenticate user access to the drive. You can require a smart card authentication by selecting the "Require use of smart cards on removable data drives" check box.
Note: These settings are enforced when turning on BitLocker, not when unlocking a drive. BitLocker will allow unlocking a drive with any of the protectors available on the drive.
If you disable this policy setting, users are not allowed to use smart cards to authenticate their access to BitLocker-protected removable data drives.
If you do not configure this policy setting, smart cards are available to authenticate user access to a BitLocker-protected removable data drive.
Supported on: At least Windows Server 2008 R2 or Windows 7
| Registry Hive | HKEY_LOCAL_MACHINE |
| Registry Path | Software\Policies\Microsoft\FVE |
| Value Name | RDVAllowUserCert |
| Value Type | REG_DWORD |
| Enabled Value | 1 |
| Disabled Value | 0 |
Require use of smart cards on removable data drives| Registry Hive | HKEY_LOCAL_MACHINE |
| Registry Path | Software\Policies\Microsoft\FVE |
| Value Name | RDVEnforceUserCert |
| Value Type | REG_DWORD |
| Default Value | 0 |
| True Value | 1 |
| False Value | 0 |
volumeencryption.admx
- Control Panel
- Personalization
- Do not display the lock screen
- Force a specific background and accent color
- Force a specific default lock screen and logon image
- Force a specific Start background
- Prevent changing lock screen and logon image
- Prevent changing start menu background
- Prevent enabling lock screen camera
- Prevent enabling lock screen slide show
- Regional and Language Options
- User Accounts
- Allow Online Tips
- Settings Page Visibility
- Personalization
- Network
- Background Intelligent Transfer Service (BITS)
- Allow BITS Peercaching
- Do not allow the BITS client to use Windows Branch Cache
- Do not allow the computer to act as a BITS Peercaching client
- Do not allow the computer to act as a BITS Peercaching server
- Limit the age of files in the BITS Peercache
- Limit the BITS Peercache size
- Limit the maximum BITS job download time
- Limit the maximum network bandwidth for BITS background transfers
- Limit the maximum network bandwidth used for Peercaching
- Limit the maximum number of BITS jobs for each user
- Limit the maximum number of BITS jobs for this computer
- Limit the maximum number of files allowed in a BITS job
- Limit the maximum number of ranges that can be added to the file in a BITS job
- Set default download behavior for BITS jobs on costed networks
- Set up a maintenance schedule to limit the maximum network bandwidth used for BITS background transfers
- Set up a work schedule to limit the maximum network bandwidth used for BITS background transfers
- Timeout for inactive BITS jobs
- BranchCache
- Configure BranchCache for network files
- Configure Client BranchCache Version Support
- Configure Hosted Cache Servers
- Enable Automatic Hosted Cache Discovery by Service Connection Point
- Set age for segments in the data cache
- Set BranchCache Distributed Cache mode
- Set BranchCache Hosted Cache mode
- Set percentage of disk space used for client computer cache
- Turn on BranchCache
- DirectAccess Client Experience Settings
- DNS Client
- Allow DNS suffix appending to unqualified multi-label name queries
- Allow NetBT queries for fully qualified domain names
- Connection-specific DNS suffix
- DNS servers
- DNS suffix search list
- Dynamic update
- IDN mapping
- Prefer link local responses over DNS when received over a network with higher precedence
- Primary DNS suffix devolution level
- Primary DNS suffix devolution
- Primary DNS suffix
- Register DNS records with connection-specific DNS suffix
- Register PTR records
- Registration refresh interval
- Replace addresses in conflicts
- TTL value for A and PTR records
- Turn off IDN encoding
- Turn off multicast name resolution
- Turn off smart multi-homed name resolution
- Turn off smart protocol reordering
- Update security level
- Update top level domain zones
- Fonts
- Hotspot Authentication
- Lanman Server
- Lanman Workstation
- Link-Layer Topology Discovery
- Microsoft Peer-to-Peer Networking Services
- Peer Name Resolution Protocol
- Global Clouds
- Link-Local Clouds
- Site-Local Clouds
- Disable password strength validation for Peer Grouping
- Turn off Microsoft Peer-to-Peer Networking Services
- Peer Name Resolution Protocol
- Network Connections
- Windows Defender Firewall
- Domain Profile
- Windows Defender Firewall: Allow ICMP exceptions
- Windows Defender Firewall: Allow inbound file and printer sharing exception
- Windows Defender Firewall: Allow inbound remote administration exception
- Windows Defender Firewall: Allow inbound Remote Desktop exceptions
- Windows Defender Firewall: Allow inbound UPnP framework exceptions
- Windows Defender Firewall: Allow local port exceptions
- Windows Defender Firewall: Allow local program exceptions
- Windows Defender Firewall: Allow logging
- Windows Defender Firewall: Define inbound port exceptions
- Windows Defender Firewall: Define inbound program exceptions
- Windows Defender Firewall: Do not allow exceptions
- Windows Defender Firewall: Prohibit notifications
- Windows Defender Firewall: Prohibit unicast response to multicast or broadcast requests
- Windows Defender Firewall: Protect all network connections
- Standard Profile
- Windows Defender Firewall: Allow ICMP exceptions
- Windows Defender Firewall: Allow inbound file and printer sharing exception
- Windows Defender Firewall: Allow inbound remote administration exception
- Windows Defender Firewall: Allow inbound Remote Desktop exceptions
- Windows Defender Firewall: Allow inbound UPnP framework exceptions
- Windows Defender Firewall: Allow local port exceptions
- Windows Defender Firewall: Allow local program exceptions
- Windows Defender Firewall: Allow logging
- Windows Defender Firewall: Define inbound port exceptions
- Windows Defender Firewall: Define inbound program exceptions
- Windows Defender Firewall: Do not allow exceptions
- Windows Defender Firewall: Prohibit notifications
- Windows Defender Firewall: Prohibit unicast response to multicast or broadcast requests
- Windows Defender Firewall: Protect all network connections
- Windows Defender Firewall: Allow authenticated IPsec bypass
- Domain Profile
- Do not show the "local access only" network icon
- Prohibit installation and configuration of Network Bridge on your DNS domain network
- Prohibit use of Internet Connection Firewall on your DNS domain network
- Require domain users to elevate when setting a network's location
- Route all traffic through the internal network
- Windows Defender Firewall
- Network Connectivity Status Indicator
- Network Isolation
- Network Provider
- Offline Files
- Action on server disconnect
- Allow or Disallow use of the Offline Files feature
- At logoff, delete local copy of user's offline files
- Configure Background Sync
- Configure slow-link mode
- Configure Slow link speed
- Default cache size
- Enable file screens
- Enable file synchronization on costed networks
- Enable Transparent Caching
- Encrypt the Offline Files cache
- Event logging level
- Files not cached
- Initial reminder balloon lifetime
- Limit disk space used by Offline Files
- Non-default server disconnect actions
- Prevent use of Offline Files folder
- Prohibit user configuration of Offline Files
- Reminder balloon frequency
- Reminder balloon lifetime
- Remove "Make Available Offline" command
- Remove "Make Available Offline" for these files and folders
- Remove "Work offline" command
- Specify administratively assigned Offline Files
- Subfolders always available offline
- Synchronize all offline files before logging off
- Synchronize all offline files when logging on
- Synchronize offline files before suspend
- Turn off reminder balloons
- Turn on economical application of administratively assigned Offline Files
- QoS Packet Scheduler
- DSCP value of conforming packets
- DSCP value of non-conforming packets
- Layer-2 priority value
- Limit outstanding packets
- Limit reservable bandwidth
- Set timer resolution
- SNMP
- SSL Configuration Settings
- TCPIP Settings
- IPv6 Transition Technologies
- Parameters
- Windows Connection Manager
- Disable power management in connected standby mode
- Enable Windows to soft-disconnect a computer from a network
- Minimize the number of simultaneous connections to the Internet or a Windows Domain
- Prohibit connection to non-domain networks when connected to domain authenticated network
- Prohibit connection to roaming Mobile Broadband networks
- Windows Connect Now
- Wireless Display
- WLAN Service
- WWAN Service
- Cellular Data Access
- WWAN Media Cost
- WWAN UI Settings
- Sets how often a DFS Client discovers DC's
- Background Intelligent Transfer Service (BITS)
- Printers
- Activate Internet printing
- Add Printer wizard - Network scan page (Managed network)
- Add Printer wizard - Network scan page (Unmanaged network)
- Allow job name in event logs
- Allow printers to be published
- Allow Print Spooler to accept client connections
- Allow pruning of published printers
- Always rasterize content to be printed using a software rasterizer
- Always render print jobs on the server
- Automatically publish new printers in Active Directory
- Change Microsoft XPS Document Writer (MXDW) default output format to the legacy Microsoft XPS format (*.xps)
- Check published state
- Computer location
- Custom support URL in the Printers folder's left pane
- Directory pruning interval
- Directory pruning priority
- Directory pruning retry
- Disallow installation of printers using kernel-mode drivers
- Do not allow v4 printer drivers to show printer extensions
- Enable Device Control Printing Restrictions
- Execute print drivers in isolated processes
- Extend Point and Print connection to search Windows Update
- Isolate print drivers from applications
- Limits print driver installation to Administrators
- List of Approved USB-connected print devices
- Log directory pruning retry events
- Only use Package Point and print
- Override print driver execution compatibility setting reported by print driver
- Package Point and print - Approved servers
- Point and Print Restrictions
- Pre-populate printer search location text
- Printer browsing
- Prune printers that are not automatically republished
- Start Menu and Taskbar
- System
- Access-Denied Assistance
- App-V
- CEIP
- Client Coexistence
- Integration
- PackageManagement
- PowerManagement
- Publishing
- Reporting
- Scripting
- Streaming
- Allow First Time Application Launches if on a High Cost Windows 8 Metered Connection
- Certificate Filter For Client SSL
- Enable Support for BranchCache
- Location Provider
- Package Installation Root
- Package Source Root
- Reestablishment Interval
- Reestablishment Retries
- Require Publish As Admin
- Specify what to load in background (aka AutoLoad)
- Verify certificate revocation list
- Virtualization
- Enable App-V Client
- Audit Process Creation
- Credentials Delegation
- Allow delegating default credentials
- Allow delegating default credentials with NTLM-only server authentication
- Allow delegating fresh credentials
- Allow delegating fresh credentials with NTLM-only server authentication
- Allow delegating saved credentials
- Allow delegating saved credentials with NTLM-only server authentication
- Deny delegating default credentials
- Deny delegating fresh credentials
- Deny delegating saved credentials
- Encryption Oracle Remediation
- Remote host allows delegation of non-exportable credentials
- Restrict delegation of credentials to remote servers
- Device Guard
- Device Health Attestation Service
- Device Installation
- Device Installation Restrictions
- Allow administrators to override Device Installation Restriction policies
- Allow installation of devices that match any of these device IDs
- Allow installation of devices that match any of these device instance IDs
- Allow installation of devices using drivers that match these device setup classes
- Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria
- Display a custom message title when device installation is prevented by a policy setting
- Display a custom message when installation is prevented by a policy setting
- Prevent installation of devices not described by other policy settings
- Prevent installation of devices that match any of these device IDs
- Prevent installation of devices that match any of these device instance IDs
- Prevent installation of devices using drivers that match these device setup classes
- Prevent installation of removable devices
- Time (in seconds) to force reboot when required for policy changes to take effect
- Allow remote access to the Plug and Play interface
- Configure device installation time-out
- Do not send a Windows error report when a generic driver is installed on a device
- Prevent creation of a system restore point during device activity that would normally prompt creation of a restore point
- Prevent device metadata retrieval from the Internet
- Prevent Windows from sending an error report when a device driver requests additional software during installation
- Prioritize all digitally signed drivers equally during the driver ranking and selection process
- Specify search order for device driver source locations
- Specify the search server for device driver updates
- Turn off "Found New Hardware" balloons during device installation
- Device Installation Restrictions
- Device Redirection
- Device Redirection Restrictions
- Disk NV Cache
- Disk Quotas
- Display
- Distributed COM
- Application Compatibility Settings
- Driver Installation
- Early Launch Antimalware
- Enhanced Storage Access
- Allow only USB root hub connected Enhanced Storage devices
- Configure list of Enhanced Storage devices usable on your computer
- Configure list of IEEE 1667 silos usable on your computer
- Do not allow non-Enhanced Storage removable devices
- Do not allow password authentication of Enhanced Storage devices
- Do not allow Windows to activate Enhanced Storage devices
- Lock Enhanced Storage when the computer is locked
- File Classification Infrastructure
- Filesystem
- Folder Redirection
- Group Policy
- Logging and tracing
- Configure Applications preference logging and tracing
- Configure Data Sources preference logging and tracing
- Configure Devices preference logging and tracing
- Configure Drive Maps preference logging and tracing
- Configure Environment preference logging and tracing
- Configure Files preference logging and tracing
- Configure Folder Options preference logging and tracing
- Configure Folders preference logging and tracing
- Configure Ini Files preference logging and tracing
- Configure Internet Settings preference logging and tracing
- Configure Local Users and Groups preference logging and tracing
- Configure Network Options preference logging and tracing
- Configure Power Options preference logging and tracing
- Configure Printers preference logging and tracing
- Configure Regional Options preference logging and tracing
- Configure Registry preference logging and tracing
- Configure Scheduled Tasks preference logging and tracing
- Configure Services preference logging and tracing
- Configure Shortcuts preference logging and tracing
- Configure Start Menu preference logging and tracing
- Allow asynchronous user Group Policy processing when logging on through Remote Desktop Services
- Allow cross-forest user policy and roaming user profiles
- Always use local ADM files for Group Policy Object Editor
- Change Group Policy processing to run asynchronously when a slow network connection is detected.
- Configure Applications preference extension policy processing
- Configure Data Sources preference extension policy processing
- Configure Devices preference extension policy processing
- Configure Direct Access connections as a fast network connection
- Configure disk quota policy processing
- Configure Drive Maps preference extension policy processing
- Configure EFS recovery policy processing
- Configure Environment preference extension policy processing
- Configure Files preference extension policy processing
- Configure Folder Options preference extension policy processing
- Configure folder redirection policy processing
- Configure Folders preference extension policy processing
- Configure Group Policy Caching
- Configure Group Policy slow link detection
- Configure Ini Files preference extension policy processing
- Configure Internet Explorer Maintenance policy processing
- Configure Internet Settings preference extension policy processing
- Configure IP security policy processing
- Configure Local Users and Groups preference extension policy processing
- Configure Logon Script Delay
- Configure Network Options preference extension policy processing
- Configure Power Options preference extension policy processing
- Configure Printers preference extension policy processing
- Configure Regional Options preference extension policy processing
- Configure registry policy processing
- Configure Registry preference extension policy processing
- Configure Scheduled Tasks preference extension policy processing
- Configure scripts policy processing
- Configure security policy processing
- Configure Services preference extension policy processing
- Configure Shortcuts preference extension policy processing
- Configure software Installation policy processing
- Configure Start Menu preference extension policy processing
- Configure user Group Policy loopback processing mode
- Configure web-to-app linking with app URI handlers
- Configure wired policy processing
- Configure wireless policy processing
- Continue experiences on this device
- Determine if interactive users can generate Resultant Set of Policy data
- Enable AD/DFS domain controller synchronization during policy refresh
- Enable Group Policy Caching for Servers
- Phone-PC linking on this device
- Remove users' ability to invoke machine policy refresh
- Set Group Policy refresh interval for computers
- Set Group Policy refresh interval for domain controllers
- Specify startup policy processing wait time
- Specify workplace connectivity wait time for policy processing
- Turn off background refresh of Group Policy
- Turn off Group Policy Client Service AOAC optimization
- Turn off Local Group Policy Objects processing
- Turn off Resultant Set of Policy logging
- Logging and tracing
- Internet Communication Management
- Internet Communication settings
- Turn off access to all Windows Update features
- Turn off access to the Store
- Turn off Automatic Root Certificates Update
- Turn off downloading of print drivers over HTTP
- Turn off Event Viewer "Events.asp" links
- Turn off handwriting personalization data sharing
- Turn off handwriting recognition error reporting
- Turn off Help and Support Center "Did you know?" content
- Turn off Help and Support Center Microsoft Knowledge Base search
- Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com
- Turn off Internet download for Web publishing and online ordering wizards
- Turn off Internet File Association service
- Turn off printing over HTTP
- Turn off Registration if URL connection is referring to Microsoft.com
- Turn off Search Companion content file updates
- Turn off the "Order Prints" picture task
- Turn off the "Publish to Web" task for files and folders
- Turn off the Windows Messenger Customer Experience Improvement Program
- Turn off Windows Customer Experience Improvement Program
- Turn off Windows Error Reporting
- Turn off Windows Network Connectivity Status Indicator active tests
- Turn off Windows Update device driver searching
- Restrict Internet communication
- Internet Communication settings
- iSCSI
- General iSCSI
- iSCSI Security
- iSCSI Target Discovery
- KDC
- Kerberos
- Allow retrieving the cloud kerberos ticket during the logon
- Always send compound authentication first
- Define host name-to-Kerberos realm mappings
- Define interoperable Kerberos V5 realm settings
- Disable revocation checking for the SSL certificate of KDC proxy servers
- Fail authentication requests when Kerberos armoring is not available
- Kerberos client support for claims, compound authentication and Kerberos armoring
- Require strict KDC validation
- Require strict target SPN match on remote procedure calls
- Set maximum Kerberos SSPI context token buffer size
- Specify KDC proxy servers for Kerberos clients
- Support compound authentication
- Support device authentication using certificate
- Use forest search order
- Kernel DMA Protection
- Locale Services
- Logon
- Allow users to select when a password is required when resuming from connected standby
- Always use classic logon
- Always use custom logon background
- Always wait for the network at computer startup and logon
- Assign a default credential provider
- Assign a default domain for logon
- Block user from showing account details on sign-in
- Configure Dynamic Lock
- Do not display network selection UI
- Do not display the Getting Started welcome screen at logon
- Do not enumerate connected users on domain-joined computers
- Do not process the legacy run list
- Do not process the run once list
- Enumerate local users on domain-joined computers
- Exclude credential providers
- Hide entry points for Fast User Switching
- Run these programs at user logon
- Show clear logon background
- Show first sign-in animation
- Turn off app notifications on the lock screen
- Turn off picture password sign-in
- Turn off Windows Startup sound
- Turn on convenience PIN sign-in
- Turn on security key sign-in
- Mitigation Options
- Net Logon
- DC Locator DNS Records
- Do not process incoming mailslot messages used for domain controller location based on NetBIOS domain names
- Do not use NetBIOS-based discovery for domain controller location when DNS-based discovery fails
- Force Rediscovery Interval
- Return domain controller address type
- Set Priority in the DC Locator DNS SRV records
- Set TTL in the DC Locator DNS Records
- Set Weight in the DC Locator DNS SRV records
- Specify address lookup behavior for DC locator ping
- Specify DC Locator DNS records not registered by the DCs
- Specify dynamic registration of the DC Locator DNS Records
- Specify Refresh Interval of the DC Locator DNS records
- Specify sites covered by the application directory partition DC Locator DNS SRV records
- Specify sites covered by the DC Locator DNS SRV records
- Specify sites covered by the GC Locator DNS SRV Records
- Try Next Closest Site
- Use automated site coverage by the DC Locator DNS SRV Records
- Use DNS name resolution when a single-label domain name is used, by appending different registered DNS suffixes, if the AllowSingleLabelDnsDomain setting is not enabled.
- Use DNS name resolution with a single-label domain name instead of NetBIOS name resolution to locate the DC
- Allow cryptography algorithms compatible with Windows NT 4.0
- Contact PDC on logon failure
- Set scavenge interval
- Specify expected dial-up delay on logon
- Specify log file debug output level
- Specify maximum log file size
- Specify negative DC Discovery cache setting
- Specify positive periodic DC Cache refresh for non-background callers
- Specify site name
- Use final DC discovery retry setting for background callers
- Use initial DC discovery retry setting for background callers
- Use maximum DC discovery retry interval setting for background callers
- Use positive periodic DC cache refresh for background callers
- Use urgent mode when pinging domain controllers
- DC Locator DNS Records
- OS Policies
- Power Management
- Button Settings
- Select the lid switch action (on battery)
- Select the lid switch action (plugged in)
- Select the Power button action (on battery)
- Select the Power button action (plugged in)
- Select the Sleep button action (on battery)
- Select the Sleep button action (plugged in)
- Select the Start menu Power button action (on battery)
- Select the Start menu Power button action (plugged in)
- Energy Saver Settings
- Hard Disk Settings
- Notification Settings
- Power Throttling Settings
- Sleep Settings
- Allow applications to prevent automatic sleep (on battery)
- Allow applications to prevent automatic sleep (plugged in)
- Allow automatic sleep with Open Network Files (on battery)
- Allow automatic sleep with Open Network Files (plugged in)
- Allow network connectivity during connected-standby (on battery)
- Allow network connectivity during connected-standby (plugged in)
- Allow standby states (S1-S3) when sleeping (on battery)
- Allow standby states (S1-S3) when sleeping (plugged in)
- Require a password when a computer wakes (on battery)
- Require a password when a computer wakes (plugged in)
- Specify the system hibernate timeout (on battery)
- Specify the system hibernate timeout (plugged in)
- Specify the system sleep timeout (on battery)
- Specify the system sleep timeout (plugged in)
- Specify the unattended sleep timeout (on battery)
- Specify the unattended sleep timeout (plugged in)
- Turn off hybrid sleep (on battery)
- Turn off hybrid sleep (plugged in)
- Turn on the ability for applications to prevent sleep transitions (on battery)
- Turn on the ability for applications to prevent sleep transitions (plugged in)
- Video and Display Settings
- Reduce display brightness (on battery)
- Reduce display brightness (plugged in)
- Specify the display dim brightness (on battery)
- Specify the display dim brightness (plugged in)
- Turn off adaptive display timeout (on battery)
- Turn off adaptive display timeout (plugged in)
- Turn off the display (on battery)
- Turn off the display (plugged in)
- Turn on desktop background slideshow (on battery)
- Turn on desktop background slideshow (plugged in)
- Select an active power plan
- Specify a custom active power plan
- Button Settings
- Recovery
- Remote Assistance
- Remote Procedure Call
- Removable Storage Access
- All Removable Storage: Allow direct access in remote sessions
- All Removable Storage classes: Deny all access
- CD and DVD: Deny execute access
- CD and DVD: Deny read access
- CD and DVD: Deny write access
- Custom Classes: Deny read access
- Custom Classes: Deny write access
- Floppy Drives: Deny execute access
- Floppy Drives: Deny read access
- Floppy Drives: Deny write access
- Removable Disks: Deny execute access
- Removable Disks: Deny read access
- Removable Disks: Deny write access
- Tape Drives: Deny execute access
- Tape Drives: Deny read access
- Tape Drives: Deny write access
- Time (in seconds) to force reboot
- WPD Devices: Deny read access
- WPD Devices: Deny write access
- Scripts
- Allow logon scripts when NetBIOS or WINS is disabled
- Maximum wait time for Group Policy scripts
- Run logon scripts synchronously
- Run shutdown scripts visible
- Run startup scripts asynchronously
- Run startup scripts visible
- Run Windows PowerShell scripts first at computer startup, shutdown
- Run Windows PowerShell scripts first at user logon, logoff
- Server Manager
- Service Control Manager Settings
- Security Settings
- Shutdown
- Shutdown Options
- Storage Health
- Storage Sense
- System Restore
- Troubleshooting and Diagnostics
- Application Compatibility Diagnostics
- Detect application failures caused by deprecated COM objects
- Detect application failures caused by deprecated Windows DLLs
- Detect application installers that need to be run as administrator
- Detect application install failures
- Detect applications unable to launch installers under UAC
- Detect compatibility issues for applications and drivers
- Notify blocked drivers
- Corrupted File Recovery
- Disk Diagnostic
- Fault Tolerant Heap
- Microsoft Support Diagnostic Tool
- Microsoft Support Diagnostic Tool: Configure execution level
- Microsoft Support Diagnostic Tool: Restrict tool download
- Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider
- Troubleshooting: Allow users to access recommended troubleshooting for known problems
- MSI Corrupted File Recovery
- Scheduled Maintenance
- Scripted Diagnostics
- Configure Security Policy for Scripted Diagnostics
- Troubleshooting: Allow users to access and run Troubleshooting Wizards
- Troubleshooting: Allow users to access online troubleshooting content on Microsoft servers from the Troubleshooting Control Panel (via the Windows Online Troubleshooting Service - WOTS)
- Windows Boot Performance Diagnostics
- Windows Memory Leak Diagnosis
- Windows Performance PerfTrack
- Windows Resource Exhaustion Detection and Resolution
- Windows Shutdown Performance Diagnostics
- Windows Standby/Resume Performance Diagnostics
- Windows System Responsiveness Performance Diagnostics
- Diagnostics: Configure scenario execution level
- Diagnostics: Configure scenario retention
- Application Compatibility Diagnostics
- Trusted Platform Module Services
- Configure the level of TPM owner authorization information available to the operating system
- Configure the list of blocked TPM commands
- Configure the system to clear the TPM if it is not in a ready state.
- Configure the system to use legacy Dictionary Attack Prevention Parameters setting for TPM 2.0.
- Ignore the default list of blocked TPM commands
- Ignore the local list of blocked TPM commands
- Standard User Individual Lockout Threshold
- Standard User Lockout Duration
- Standard User Total Lockout Threshold
- Turn on TPM backup to Active Directory Domain Services
- User Profiles
- Add the Administrators security group to roaming user profiles
- Control slow network connection timeout for user profiles
- Delete cached copies of roaming profiles
- Delete user profiles older than a specified number of days on system restart
- Disable detection of slow network connections
- Do not check for user ownership of Roaming Profile Folders
- Do not forcefully unload the users registry at user logoff
- Do not log users on with temporary profiles
- Download roaming profiles on primary computers only
- Establish timeout value for dialog boxes
- Leave Windows Installer and Group Policy Software Installation Data
- Maximum retries to unload and update user profile
- Only allow local user profiles
- Prevent Roaming Profile changes from propagating to the server
- Prompt user when a slow network connection is detected
- Set maximum wait time for the network if a user has a roaming user profile or remote home directory
- Set roaming profile path for all users logging onto this computer
- Set the schedule for background upload of a roaming user profile's registry file while user is logged on
- Set user home folder
- Turn off the advertising ID
- User management of sharing user name, account picture, and domain information with apps (not desktop apps)
- Wait for remote user profile
- Windows File Protection
- Windows Time Service
- Activate Shutdown Event Tracker System State Data feature
- Allow Distributed Link Tracking clients to use domain resources
- Display highly detailed status messages
- Display Shutdown Event Tracker
- Do not automatically encrypt files moved to encrypted folders
- Do not display Manage Your Server page at logon
- Do not turn off system power after a Windows system shutdown has occurred.
- Download missing COM components
- Enable Persistent Time Stamp
- Remove Boot / Shutdown / Logon / Logoff status messages
- Restrict potentially unsafe HTML Help functions to specified folders
- Restrict these programs from being launched from Help
- Specify settings for optional component installation and component repair
- Specify Windows installation file location
- Specify Windows Service Pack installation file location
- Turn off Data Execution Prevention for HTML Help Executible
- Windows Components
- ActiveX Installer Service
- Add features to Windows 8.1
- Application Compatibility
- App Package Deployment
- Allow all trusted apps to install
- Allow deployment operations in special profiles
- Allows development of Windows Store apps and installing them from an integrated development environment (IDE)
- Disable installing Windows apps on non-system volumes
- Prevent non-admin users from installing packaged Windows apps
- Prevent users' app data from being stored on non-system volumes
- App Privacy
- Let Windows apps access account information
- Let Windows apps access an eye tracker device
- Let Windows apps access call history
- Let Windows apps access contacts
- Let Windows apps access diagnostic information about other apps
- Let Windows apps access email
- Let Windows apps access location
- Let Windows apps access messaging
- Let Windows apps access motion
- Let Windows apps access notifications
- Let Windows apps access Tasks
- Let Windows apps access the calendar
- Let Windows apps access the camera
- Let Windows apps access the microphone
- Let Windows apps access trusted devices
- Let Windows apps access user movements while running in the background
- Let Windows apps activate with voice
- Let Windows apps activate with voice while the system is locked
- Let Windows apps control radios
- Let Windows apps make phone calls
- Let Windows apps run in the background
- Let Windows apps sync with devices
- App runtime
- AutoPlay Policies
- Backup
- Client
- Prevent backing up to local disks
- Prevent backing up to network location
- Prevent backing up to optical media (CD/DVD)
- Prevent the user from running the Backup Status and Configuration program
- Turn off restore functionality
- Turn off the ability to back up data files
- Turn off the ability to create a system image
- Server
- Client
- Biometrics
- BitLocker Drive Encryption
- Fixed Data Drives
- Allow access to BitLocker-protected fixed data drives from earlier versions of Windows
- Choose how BitLocker-protected fixed drives can be recovered
- Configure use of hardware-based encryption for fixed data drives
- Configure use of passwords for fixed data drives
- Configure use of smart cards on fixed data drives
- Deny write access to fixed drives not protected by BitLocker
- Enforce drive encryption type on fixed data drives
- Operating System Drives
- Allow devices compliant with InstantGo or HSTI to opt out of pre-boot PIN.
- Allow enhanced PINs for startup
- Allow network unlock at startup
- Allow Secure Boot for integrity validation
- Choose how BitLocker-protected operating system drives can be recovered
- Configure minimum PIN length for startup
- Configure pre-boot recovery message and URL
- Configure TPM platform validation profile (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2)
- Configure TPM platform validation profile for BIOS-based firmware configurations
- Configure TPM platform validation profile for native UEFI firmware configurations
- Configure use of hardware-based encryption for operating system drives
- Configure use of passwords for operating system drives
- Disallow standard users from changing the PIN or password
- Enable use of BitLocker authentication requiring preboot keyboard input on slates
- Enforce drive encryption type on operating system drives
- Require additional authentication at startup (Windows Server 2008 and Windows Vista)
- Require additional authentication at startup
- Reset platform validation data after BitLocker recovery
- Use enhanced Boot Configuration Data validation profile
- Removable Data Drives
- Allow access to BitLocker-protected removable data drives from earlier versions of Windows
- Choose how BitLocker-protected removable drives can be recovered
- Configure use of hardware-based encryption for removable data drives
- Configure use of passwords for removable data drives
- Configure use of smart cards on removable data drives
- Control use of BitLocker on removable drives
- Deny write access to removable drives not protected by BitLocker
- Enforce drive encryption type on removable data drives
- Choose default folder for recovery password
- Choose drive encryption method and cipher strength (Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10 [Version 1507])
- Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)
- Choose drive encryption method and cipher strength (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2)
- Choose how users can recover BitLocker-protected drives (Windows Server 2008 and Windows Vista)
- Disable new DMA devices when this computer is locked
- Prevent memory overwrite on restart
- Provide the unique identifiers for your organization
- Store BitLocker recovery information in Active Directory Domain Services (Windows Server 2008 and Windows Vista)
- Validate smart card certificate usage rule compliance
- Fixed Data Drives
- Camera
- Cloud Content
- Connect
- Credential User Interface
- Data Collection and Preview Builds
- Allow commercial data pipeline
- Allow Desktop Analytics Processing
- Allow device name to be sent in Windows diagnostic data
- Allow Telemetry
- Allow Update Compliance Processing
- Allow WUfB Cloud Processing
- Configure Authenticated Proxy usage for the Connected User Experience and Telemetry service
- Configure collection of browsing data for Desktop Analytics
- Configure Connected User Experiences and Telemetry
- Configure diagnostic data upload endpoint for Desktop Analytics
- Configure telemetry opt-in change notifications.
- Configure telemetry opt-in setting user interface.
- Configure the Commercial ID
- Disable deleting diagnostic data
- Disable diagnostic data viewer.
- Disable OneSettings Downloads
- Disable pre-release features or settings
- Do not show feedback notifications
- Enable OneSettings Auditing
- Limit Enhanced diagnostic data to the minimum required by Windows Analytics
- Toggle user control over Insider builds
- Delivery Optimization
- Absolute Max Cache Size (in GB)
- Allow uploads while the device is on battery while under set Battery level (percentage)
- Cache Server Hostname
- Cache Server Hostname Source
- Delay Background download Cache Server fallback (in seconds)
- Delay background download from http (in secs)
- Delay Foreground download Cache Server fallback (in seconds)
- Delay Foreground download from http (in secs)
- Download Mode
- Enable Peer Caching while the device connects via VPN
- Group ID
- Max Cache Age
- Max Cache Size
- Maximum Background Download Bandwidth (in KB/s)
- Maximum Background Download Bandwidth (percentage)
- Maximum Download Bandwidth (in KB/s)
- Maximum Download Bandwidth (percentage)
- Maximum Foreground Download Bandwidth (in KB/s)
- Maximum Foreground Download Bandwidth (percentage)
- Max Upload Bandwidth
- Minimum Background QoS (in KB/s)
- Minimum disk size allowed to use Peer Caching (in GB)
- Minimum Peer Caching Content File Size (in MB)
- Minimum RAM capacity (inclusive) required to enable use of Peer Caching (in GB)
- Modify Cache Drive
- Monthly Upload Data Cap (in GB)
- Select a method to restrict Peer Selection
- Select the source of Group IDs
- Set Business Hours to Limit Background Download Bandwidth
- Set Business Hours to Limit Foreground Download Bandwidth
- Desktop Gadgets
- Desktop Window Manager
- Device and Driver Compatibility
- Device Registration
- Digital Locker
- Edge UI
- Event Forwarding
- Event Logging
- Event Log Service
- Application
- Security
- Setup
- System
- Event Viewer
- File Explorer
- Previous Versions
- Allow the use of remote paths in file shortcut icons
- Configure Windows Defender SmartScreen
- Disable binding directly to IPropertySetStorage without intermediate layers.
- Do not reinitialize a pre-existing roamed user profile when it is loaded on a machine for the first time
- Do not show the 'new application installed' notification
- Location where all default Library definition files for users/machines reside.
- Set a default associations configuration file
- Set a support web page link
- Show hibernate in the power options menu
- Show lock in the user tile menu
- Show sleep in the power options menu
- Start File Explorer with ribbon minimized
- Turn off Data Execution Prevention for Explorer
- Turn off heap termination on corruption
- Turn off numerical sorting in File Explorer
- Turn off shell protocol protected mode
- Verify old and new Folder Redirection targets point to the same share before redirecting
- File History
- Find My Device
- Game Explorer
- Handwriting
- HomeGroup
- Internet Explorer
- Accelerators
- Application Compatibility
- Browser menus
- Compatibility View
- Corporate Settings
- Delete Browsing History
- Allow deleting browsing history on exit
- Disable "Configuring History"
- Prevent access to Delete Browsing History
- Prevent deleting ActiveX Filtering, Tracking Protection, and Do Not Track data
- Prevent deleting cookies
- Prevent deleting download history
- Prevent deleting favorites site data
- Prevent deleting form data
- Prevent deleting InPrivate Filtering data
- Prevent deleting passwords
- Prevent deleting temporary Internet files
- Prevent deleting websites that the user has visited
- Prevent the deletion of temporary Internet files and cookies
- Internet Control Panel
- Advanced Page
- Allow active content from CDs to run on user machines
- Allow Install On Demand (except Internet Explorer)
- Allow Install On Demand (Internet Explorer)
- Allow Internet Explorer to use the HTTP2 network protocol
- Allow Internet Explorer to use the SPDY/3 network protocol
- Allow software to run or install even if the signature is invalid
- Allow third-party browser extensions
- Always send Do Not Track header
- Automatically check for Internet Explorer updates
- Check for server certificate revocation
- Check for signatures on downloaded programs
- Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled
- Do not allow resetting Internet Explorer settings
- Do not save encrypted pages to disk
- Empty Temporary Internet Files folder when browser is closed
- Play animations in web pages
- Play sounds in web pages
- Play videos in web pages
- Turn off ClearType
- Turn off encryption support
- Turn off loading websites and content in the background to optimize performance
- Turn off Profile Assistant
- Turn off sending UTF-8 query strings for URLs
- Turn off the flip ahead with page prediction feature
- Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows
- Turn on Caret Browsing support
- Turn on Enhanced Protected Mode
- Use HTTP 1.1 through proxy connections
- Use HTTP 1.1
- Content Page
- General Page
- Browsing History
- Allow websites to store application caches on client computers
- Allow websites to store indexed databases on client computers
- Set application caches expiration time limit for individual domains
- Set application cache storage limits for individual domains
- Set default storage limits for websites
- Set indexed database storage limits for individual domains
- Set maximum application cache individual resource size
- Set maximum application cache resource list size
- Set maximum application caches storage limit for all domains
- Set maximum indexed database storage limit for all domains
- Start Internet Explorer with tabs from last browsing session
- Browsing History
- Security Page
- Internet Zone
- Access data sources across domains
- Allow active content over restricted protocols to access my computer
- Allow active scripting
- Allow binary and script behaviors
- Allow cut, copy or paste operations from the clipboard via script
- Allow drag and drop or copy and paste files
- Allow file downloads
- Allow font downloads
- Allow installation of desktop items
- Allow loading of XAML Browser Applications
- Allow loading of XAML files
- Allow loading of XPS files
- Allow META REFRESH
- Allow only approved domains to use ActiveX controls without prompt
- Allow only approved domains to use the TDC ActiveX control
- Allow OpenSearch queries in File Explorer
- Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
- Allow script-initiated windows without size or position constraints
- Allow scripting of Internet Explorer WebBrowser controls
- Allow scriptlets
- Allow updates to status bar via script
- Allow VBScript to run in Internet Explorer
- Allow video and animation on a webpage that uses an older media player
- Allow websites to open windows without status bar or Address bar
- Allow websites to prompt for information by using scripted windows
- Automatic prompting for ActiveX controls
- Automatic prompting for file downloads
- Display mixed content
- Don't run antimalware programs against ActiveX controls
- Do not prompt for client certificate selection when no certificates or only one certificate exists.
- Download signed ActiveX controls
- Download unsigned ActiveX controls
- Enable dragging of content from different domains across windows
- Enable dragging of content from different domains within a window
- Enable MIME Sniffing
- Include local path when user is uploading files to a server
- Initialize and script ActiveX controls not marked as safe
- Java permissions
- Launching applications and files in an IFRAME
- Logon options
- Render legacy filters
- Run .NET Framework-reliant components not signed with Authenticode
- Run .NET Framework-reliant components signed with Authenticode
- Run ActiveX controls and plugins
- Script ActiveX controls marked safe for scripting
- Scripting of Java applets
- Show security warning for potentially unsafe files
- Software channel permissions
- Submit non-encrypted form data
- Turn off .NET Framework Setup
- Turn off first-run prompt
- Turn on Cross-Site Scripting Filter
- Turn on Protected Mode
- Turn on SmartScreen Filter scan
- Use Pop-up Blocker
- Userdata persistence
- Web sites in less privileged Web content zones can navigate into this zone
- Intranet Zone
- Access data sources across domains
- Allow active content over restricted protocols to access my computer
- Allow active scripting
- Allow binary and script behaviors
- Allow cut, copy or paste operations from the clipboard via script
- Allow drag and drop or copy and paste files
- Allow file downloads
- Allow font downloads
- Allow installation of desktop items
- Allow loading of XAML Browser Applications
- Allow loading of XAML files
- Allow loading of XPS files
- Allow META REFRESH
- Allow only approved domains to use ActiveX controls without prompt
- Allow only approved domains to use the TDC ActiveX control
- Allow OpenSearch queries in File Explorer
- Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
- Allow script-initiated windows without size or position constraints
- Allow scripting of Internet Explorer WebBrowser controls
- Allow scriptlets
- Allow updates to status bar via script
- Allow VBScript to run in Internet Explorer
- Allow video and animation on a webpage that uses an older media player
- Allow websites to open windows without status bar or Address bar
- Allow websites to prompt for information by using scripted windows
- Automatic prompting for ActiveX controls
- Automatic prompting for file downloads
- Display mixed content
- Don't run antimalware programs against ActiveX controls
- Do not prompt for client certificate selection when no certificates or only one certificate exists.
- Download signed ActiveX controls
- Download unsigned ActiveX controls
- Enable dragging of content from different domains across windows
- Enable dragging of content from different domains within a window
- Enable MIME Sniffing
- Include local path when user is uploading files to a server
- Initialize and script ActiveX controls not marked as safe
- Java permissions
- Launching applications and files in an IFRAME
- Logon options
- Render legacy filters
- Run .NET Framework-reliant components not signed with Authenticode
- Run .NET Framework-reliant components signed with Authenticode
- Run ActiveX controls and plugins
- Script ActiveX controls marked safe for scripting
- Scripting of Java applets
- Show security warning for potentially unsafe files
- Software channel permissions
- Submit non-encrypted form data
- Turn off .NET Framework Setup
- Turn off first-run prompt
- Turn on Cross-Site Scripting Filter
- Turn on Protected Mode
- Turn on SmartScreen Filter scan
- Use Pop-up Blocker
- Userdata persistence
- Web sites in less privileged Web content zones can navigate into this zone
- Local Machine Zone
- Access data sources across domains
- Allow active content over restricted protocols to access my computer
- Allow active scripting
- Allow binary and script behaviors
- Allow cut, copy or paste operations from the clipboard via script
- Allow drag and drop or copy and paste files
- Allow file downloads
- Allow font downloads
- Allow installation of desktop items
- Allow loading of XAML Browser Applications
- Allow loading of XAML files
- Allow loading of XPS files
- Allow META REFRESH
- Allow only approved domains to use ActiveX controls without prompt
- Allow only approved domains to use the TDC ActiveX control
- Allow OpenSearch queries in File Explorer
- Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
- Allow script-initiated windows without size or position constraints
- Allow scripting of Internet Explorer WebBrowser controls
- Allow scriptlets
- Allow updates to status bar via script
- Allow VBScript to run in Internet Explorer
- Allow video and animation on a webpage that uses an older media player
- Allow websites to open windows without status bar or Address bar
- Allow websites to prompt for information by using scripted windows
- Automatic prompting for ActiveX controls
- Automatic prompting for file downloads
- Display mixed content
- Don't run antimalware programs against ActiveX controls
- Do not prompt for client certificate selection when no certificates or only one certificate exists.
- Download signed ActiveX controls
- Download unsigned ActiveX controls
- Enable dragging of content from different domains across windows
- Enable dragging of content from different domains within a window
- Enable MIME Sniffing
- Include local path when user is uploading files to a server
- Initialize and script ActiveX controls not marked as safe
- Java permissions
- Launching applications and files in an IFRAME
- Logon options
- Render legacy filters
- Run .NET Framework-reliant components not signed with Authenticode
- Run .NET Framework-reliant components signed with Authenticode
- Run ActiveX controls and plugins
- Script ActiveX controls marked safe for scripting
- Scripting of Java applets
- Show security warning for potentially unsafe files
- Software channel permissions
- Submit non-encrypted form data
- Turn off .NET Framework Setup
- Turn off first-run prompt
- Turn on Cross-Site Scripting Filter
- Turn on Protected Mode
- Turn on SmartScreen Filter scan
- Use Pop-up Blocker
- Userdata persistence
- Web sites in less privileged Web content zones can navigate into this zone
- Locked-Down Internet Zone
- Access data sources across domains
- Allow active scripting
- Allow binary and script behaviors
- Allow cut, copy or paste operations from the clipboard via script
- Allow drag and drop or copy and paste files
- Allow file downloads
- Allow font downloads
- Allow installation of desktop items
- Allow loading of XAML Browser Applications
- Allow loading of XAML files
- Allow loading of XPS files
- Allow META REFRESH
- Allow only approved domains to use ActiveX controls without prompt
- Allow only approved domains to use the TDC ActiveX control
- Allow OpenSearch queries in File Explorer
- Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
- Allow script-initiated windows without size or position constraints
- Allow scripting of Internet Explorer WebBrowser controls
- Allow scriptlets
- Allow updates to status bar via script
- Allow VBScript to run in Internet Explorer
- Allow video and animation on a webpage that uses an older media player
- Allow websites to open windows without status bar or Address bar
- Allow websites to prompt for information by using scripted windows
- Automatic prompting for ActiveX controls
- Automatic prompting for file downloads
- Display mixed content
- Don't run antimalware programs against ActiveX controls
- Do not prompt for client certificate selection when no certificates or only one certificate exists.
- Download signed ActiveX controls
- Download unsigned ActiveX controls
- Enable dragging of content from different domains across windows
- Enable dragging of content from different domains within a window
- Enable MIME Sniffing
- Include local path when user is uploading files to a server
- Initialize and script ActiveX controls not marked as safe
- Java permissions
- Launching applications and files in an IFRAME
- Logon options
- Render legacy filters
- Run .NET Framework-reliant components not signed with Authenticode
- Run .NET Framework-reliant components signed with Authenticode
- Run ActiveX controls and plugins
- Script ActiveX controls marked safe for scripting
- Scripting of Java applets
- Show security warning for potentially unsafe files
- Software channel permissions
- Submit non-encrypted form data
- Turn off .NET Framework Setup
- Turn off first-run prompt
- Turn on Cross-Site Scripting Filter
- Turn on Protected Mode
- Turn on SmartScreen Filter scan
- Use Pop-up Blocker
- Userdata persistence
- Web sites in less privileged Web content zones can navigate into this zone
- Locked-Down Intranet Zone
- Access data sources across domains
- Allow active scripting
- Allow binary and script behaviors
- Allow cut, copy or paste operations from the clipboard via script
- Allow drag and drop or copy and paste files
- Allow file downloads
- Allow font downloads
- Allow installation of desktop items
- Allow loading of XAML Browser Applications
- Allow loading of XAML files
- Allow loading of XPS files
- Allow META REFRESH
- Allow only approved domains to use ActiveX controls without prompt
- Allow only approved domains to use the TDC ActiveX control
- Allow OpenSearch queries in File Explorer
- Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
- Allow script-initiated windows without size or position constraints
- Allow scripting of Internet Explorer WebBrowser controls
- Allow scriptlets
- Allow updates to status bar via script
- Allow VBScript to run in Internet Explorer
- Allow video and animation on a webpage that uses an older media player
- Allow websites to open windows without status bar or Address bar
- Allow websites to prompt for information by using scripted windows
- Automatic prompting for ActiveX controls
- Automatic prompting for file downloads
- Display mixed content
- Don't run antimalware programs against ActiveX controls
- Do not prompt for client certificate selection when no certificates or only one certificate exists.
- Download signed ActiveX controls
- Download unsigned ActiveX controls
- Enable dragging of content from different domains across windows
- Enable dragging of content from different domains within a window
- Enable MIME Sniffing
- Include local path when user is uploading files to a server
- Initialize and script ActiveX controls not marked as safe
- Java permissions
- Launching applications and files in an IFRAME
- Logon options
- Render legacy filters
- Run .NET Framework-reliant components not signed with Authenticode
- Run .NET Framework-reliant components signed with Authenticode
- Run ActiveX controls and plugins
- Script ActiveX controls marked safe for scripting
- Scripting of Java applets
- Show security warning for potentially unsafe files
- Software channel permissions
- Submit non-encrypted form data
- Turn off .NET Framework Setup
- Turn off first-run prompt
- Turn on Cross-Site Scripting Filter
- Turn on Protected Mode
- Turn on SmartScreen Filter scan
- Use Pop-up Blocker
- Userdata persistence
- Web sites in less privileged Web content zones can navigate into this zone
- Locked-Down Local Machine Zone
- Access data sources across domains
- Allow active scripting
- Allow binary and script behaviors
- Allow cut, copy or paste operations from the clipboard via script
- Allow drag and drop or copy and paste files
- Allow file downloads
- Allow font downloads
- Allow installation of desktop items
- Allow loading of XAML Browser Applications
- Allow loading of XAML files
- Allow loading of XPS files
- Allow META REFRESH
- Allow only approved domains to use ActiveX controls without prompt
- Allow only approved domains to use the TDC ActiveX control
- Allow OpenSearch queries in File Explorer
- Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
- Allow script-initiated windows without size or position constraints
- Allow scripting of Internet Explorer WebBrowser controls
- Allow scriptlets
- Allow updates to status bar via script
- Allow VBScript to run in Internet Explorer
- Allow video and animation on a webpage that uses an older media player
- Allow websites to open windows without status bar or Address bar
- Allow websites to prompt for information by using scripted windows
- Automatic prompting for ActiveX controls
- Automatic prompting for file downloads
- Display mixed content
- Don't run antimalware programs against ActiveX controls
- Do not prompt for client certificate selection when no certificates or only one certificate exists.
- Download signed ActiveX controls
- Download unsigned ActiveX controls
- Enable dragging of content from different domains across windows
- Enable dragging of content from different domains within a window
- Enable MIME Sniffing
- Include local path when user is uploading files to a server
- Initialize and script ActiveX controls not marked as safe
- Java permissions
- Launching applications and files in an IFRAME
- Logon options
- Render legacy filters
- Run .NET Framework-reliant components not signed with Authenticode
- Run .NET Framework-reliant components signed with Authenticode
- Run ActiveX controls and plugins
- Script ActiveX controls marked safe for scripting
- Scripting of Java applets
- Show security warning for potentially unsafe files
- Software channel permissions
- Submit non-encrypted form data
- Turn off .NET Framework Setup
- Turn off first-run prompt
- Turn on Cross-Site Scripting Filter
- Turn on Protected Mode
- Turn on SmartScreen Filter scan
- Use Pop-up Blocker
- Userdata persistence
- Web sites in less privileged Web content zones can navigate into this zone
- Locked-Down Restricted Sites Zone
- Access data sources across domains
- Allow active scripting
- Allow binary and script behaviors
- Allow cut, copy or paste operations from the clipboard via script
- Allow drag and drop or copy and paste files
- Allow file downloads
- Allow font downloads
- Allow installation of desktop items
- Allow loading of XAML Browser Applications
- Allow loading of XAML files
- Allow loading of XPS files
- Allow META REFRESH
- Allow only approved domains to use ActiveX controls without prompt
- Allow only approved domains to use the TDC ActiveX control
- Allow OpenSearch queries in File Explorer
- Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
- Allow script-initiated windows without size or position constraints
- Allow scripting of Internet Explorer WebBrowser controls
- Allow scriptlets
- Allow updates to status bar via script
- Allow VBScript to run in Internet Explorer
- Allow video and animation on a webpage that uses an older media player
- Allow websites to open windows without status bar or Address bar
- Allow websites to prompt for information by using scripted windows
- Automatic prompting for ActiveX controls
- Automatic prompting for file downloads
- Display mixed content
- Don't run antimalware programs against ActiveX controls
- Do not prompt for client certificate selection when no certificates or only one certificate exists.
- Download signed ActiveX controls
- Download unsigned ActiveX controls
- Enable dragging of content from different domains across windows
- Enable dragging of content from different domains within a window
- Enable MIME Sniffing
- Include local path when user is uploading files to a server
- Initialize and script ActiveX controls not marked as safe
- Java permissions
- Launching applications and files in an IFRAME
- Logon options
- Render legacy filters
- Run .NET Framework-reliant components not signed with Authenticode
- Run .NET Framework-reliant components signed with Authenticode
- Run ActiveX controls and plugins
- Script ActiveX controls marked safe for scripting
- Scripting of Java applets
- Show security warning for potentially unsafe files
- Software channel permissions
- Submit non-encrypted form data
- Turn off .NET Framework Setup
- Turn off first-run prompt
- Turn on Cross-Site Scripting Filter
- Turn on Protected Mode
- Turn on SmartScreen Filter scan
- Use Pop-up Blocker
- Userdata persistence
- Web sites in less privileged Web content zones can navigate into this zone
- Locked-Down Trusted Sites Zone
- Access data sources across domains
- Allow active scripting
- Allow binary and script behaviors
- Allow cut, copy or paste operations from the clipboard via script
- Allow drag and drop or copy and paste files
- Allow file downloads
- Allow font downloads
- Allow installation of desktop items
- Allow loading of XAML Browser Applications
- Allow loading of XAML files
- Allow loading of XPS files
- Allow META REFRESH
- Allow only approved domains to use ActiveX controls without prompt
- Allow only approved domains to use the TDC ActiveX control
- Allow OpenSearch queries in File Explorer
- Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
- Allow script-initiated windows without size or position constraints
- Allow scripting of Internet Explorer WebBrowser controls
- Allow scriptlets
- Allow updates to status bar via script
- Allow VBScript to run in Internet Explorer
- Allow video and animation on a webpage that uses an older media player
- Allow websites to open windows without status bar or Address bar
- Allow websites to prompt for information by using scripted windows
- Automatic prompting for ActiveX controls
- Automatic prompting for file downloads
- Display mixed content
- Don't run antimalware programs against ActiveX controls
- Do not prompt for client certificate selection when no certificates or only one certificate exists.
- Download signed ActiveX controls
- Download unsigned ActiveX controls
- Enable dragging of content from different domains across windows
- Enable dragging of content from different domains within a window
- Enable MIME Sniffing
- Include local path when user is uploading files to a server
- Initialize and script ActiveX controls not marked as safe
- Java permissions
- Launching applications and files in an IFRAME
- Logon options
- Render legacy filters
- Run .NET Framework-reliant components not signed with Authenticode
- Run .NET Framework-reliant components signed with Authenticode
- Run ActiveX controls and plugins
- Script ActiveX controls marked safe for scripting
- Scripting of Java applets
- Show security warning for potentially unsafe files
- Software channel permissions
- Submit non-encrypted form data
- Turn off .NET Framework Setup
- Turn off first-run prompt
- Turn on Cross-Site Scripting Filter
- Turn on Protected Mode
- Turn on SmartScreen Filter scan
- Use Pop-up Blocker
- Userdata persistence
- Web sites in less privileged Web content zones can navigate into this zone
- Restricted Sites Zone
- Access data sources across domains
- Allow active content over restricted protocols to access my computer
- Allow active scripting
- Allow binary and script behaviors
- Allow cut, copy or paste operations from the clipboard via script
- Allow drag and drop or copy and paste files
- Allow file downloads
- Allow font downloads
- Allow installation of desktop items
- Allow loading of XAML Browser Applications
- Allow loading of XAML files
- Allow loading of XPS files
- Allow META REFRESH
- Allow only approved domains to use ActiveX controls without prompt
- Allow only approved domains to use the TDC ActiveX control
- Allow OpenSearch queries in File Explorer
- Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
- Allow script-initiated windows without size or position constraints
- Allow scripting of Internet Explorer WebBrowser controls
- Allow scriptlets
- Allow updates to status bar via script
- Allow VBScript to run in Internet Explorer
- Allow video and animation on a webpage that uses an older media player
- Allow websites to open windows without status bar or Address bar
- Allow websites to prompt for information by using scripted windows
- Automatic prompting for ActiveX controls
- Automatic prompting for file downloads
- Display mixed content
- Don't run antimalware programs against ActiveX controls
- Do not prompt for client certificate selection when no certificates or only one certificate exists.
- Download signed ActiveX controls
- Download unsigned ActiveX controls
- Enable dragging of content from different domains across windows
- Enable dragging of content from different domains within a window
- Enable MIME Sniffing
- Include local path when user is uploading files to a server
- Initialize and script ActiveX controls not marked as safe
- Java permissions
- Launching applications and files in an IFRAME
- Logon options
- Render legacy filters
- Run .NET Framework-reliant components not signed with Authenticode
- Run .NET Framework-reliant components signed with Authenticode
- Run ActiveX controls and plugins
- Script ActiveX controls marked safe for scripting
- Scripting of Java applets
- Show security warning for potentially unsafe files
- Software channel permissions
- Submit non-encrypted form data
- Turn off .NET Framework Setup
- Turn off first-run prompt
- Turn on Cross-Site Scripting Filter
- Turn on Protected Mode
- Turn on SmartScreen Filter scan
- Use Pop-up Blocker
- Userdata persistence
- Web sites in less privileged Web content zones can navigate into this zone
- Trusted Sites Zone
- Access data sources across domains
- Allow active content over restricted protocols to access my computer
- Allow active scripting
- Allow binary and script behaviors
- Allow cut, copy or paste operations from the clipboard via script
- Allow drag and drop or copy and paste files
- Allow file downloads
- Allow font downloads
- Allow installation of desktop items
- Allow loading of XAML Browser Applications
- Allow loading of XAML files
- Allow loading of XPS files
- Allow META REFRESH
- Allow only approved domains to use ActiveX controls without prompt
- Allow only approved domains to use the TDC ActiveX control
- Allow OpenSearch queries in File Explorer
- Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
- Allow script-initiated windows without size or position constraints
- Allow scripting of Internet Explorer WebBrowser controls
- Allow scriptlets
- Allow updates to status bar via script
- Allow VBScript to run in Internet Explorer
- Allow video and animation on a webpage that uses an older media player
- Allow websites to open windows without status bar or Address bar
- Allow websites to prompt for information by using scripted windows
- Automatic prompting for ActiveX controls
- Automatic prompting for file downloads
- Display mixed content
- Don't run antimalware programs against ActiveX controls
- Do not prompt for client certificate selection when no certificates or only one certificate exists.
- Download signed ActiveX controls
- Download unsigned ActiveX controls
- Enable dragging of content from different domains across windows
- Enable dragging of content from different domains within a window
- Enable MIME Sniffing
- Include local path when user is uploading files to a server
- Initialize and script ActiveX controls not marked as safe
- Java permissions
- Launching applications and files in an IFRAME
- Logon options
- Render legacy filters
- Run .NET Framework-reliant components not signed with Authenticode
- Run .NET Framework-reliant components signed with Authenticode
- Run ActiveX controls and plugins
- Script ActiveX controls marked safe for scripting
- Scripting of Java applets
- Show security warning for potentially unsafe files
- Software channel permissions
- Submit non-encrypted form data
- Turn off .NET Framework Setup
- Turn off first-run prompt
- Turn on Cross-Site Scripting Filter
- Turn on Protected Mode
- Turn on SmartScreen Filter scan
- Use Pop-up Blocker
- Userdata persistence
- Web sites in less privileged Web content zones can navigate into this zone
- Internet Zone Template
- Intranet Sites: Include all local (intranet) sites not listed in other zones
- Intranet Sites: Include all network paths (UNCs)
- Intranet Sites: Include all sites that bypass the proxy server
- Intranet Zone Template
- Local Machine Zone Template
- Locked-Down Internet Zone Template
- Locked-Down Intranet Zone Template
- Locked-Down Local Machine Zone Template
- Locked-Down Restricted Sites Zone Template
- Locked-Down Trusted Sites Zone Template
- Restricted Sites Zone Template
- Site to Zone Assignment List
- Trusted Sites Zone Template
- Turn on automatic detection of intranet
- Turn on certificate address mismatch warning
- Turn on Notification bar notification for intranet content
- Internet Zone
- Disable the Advanced page
- Disable the Connections page
- Disable the Content page
- Disable the General page
- Disable the Privacy page
- Disable the Programs page
- Disable the Security page
- Prevent ignoring certificate errors
- Send internationalized domain names
- Use UTF-8 for mailto links
- Advanced Page
- Internet Settings
- Advanced settings
- Browsing
- Multimedia
- Searching
- AutoComplete
- Component Updates
- Help Menu > About Internet Explorer
- Periodic check for updates to Internet Explorer and Internet Tools
- Open Internet Explorer tiles on the desktop
- Set how links are opened in Internet Explorer
- Advanced settings
- Privacy
- Establish InPrivate Filtering threshold
- Establish Tracking Protection threshold
- Prevent the computer from loading toolbars and Browser Helper Objects when InPrivate Browsing starts
- Turn off collection of InPrivate Filtering data
- Turn off InPrivate Browsing
- Turn off InPrivate Filtering
- Turn off Tracking Protection
- Security Features
- Add-on Management
- Add-on List
- All Processes
- Deny all add-ons unless specifically allowed in the Add-on List
- Process List
- Remove "Run this time" button for outdated ActiveX controls in Internet Explorer
- Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects
- Turn off blocking of outdated ActiveX controls for Internet Explorer
- Turn off blocking of outdated ActiveX controls for Internet Explorer on specific domains
- Turn on ActiveX control logging in Internet Explorer
- AJAX
- Binary Behavior Security Restriction
- Consistent Mime Handling
- Local Machine Zone Lockdown Security
- Mime Sniffing Safety Feature
- MK Protocol Security Restriction
- Network Protocol Lockdown
- Notification bar
- Object Caching Protection
- Protection From Zone Elevation
- Restrict ActiveX Install
- Restrict File Download
- Scripted Window Security Restrictions
- Allow fallback to SSL 3.0 (Internet Explorer)
- Do not display the reveal password button
- Turn off Data Execution Prevention
- Turn off Data URI support
- Add-on Management
- Toolbars
- Add a specific list of search providers to the user's list of search providers
- Allow "Save Target As" in Internet Explorer mode
- Allow Internet Explorer 8 shutdown behavior
- Allow Microsoft services to provide enhanced suggestions as the user types in the Address bar
- Automatically activate newly installed add-ons
- Configure which channel of Microsoft Edge to use for opening redirected sites
- Customize user agent string
- Disable Automatic Install of Internet Explorer components
- Disable changing Automatic Configuration settings
- Disable changing connection settings
- Disable changing secondary home page settings
- Disable Import/Export Settings wizard
- Disable Internet Explorer 11 as a standalone browser
- Disable Periodic Check for Internet Explorer software updates
- Disable showing the splash screen
- Disable software update shell notifications on program launch
- Do not allow users to enable or disable add-ons
- Enable extended hot keys in Internet Explorer mode
- Enable global window list in Internet Explorer mode
- Enforce full-screen mode
- Hide Internet Explorer 11 retirement notification
- Install new versions of Internet Explorer automatically
- Keep all intranet sites in Internet Explorer
- Let users turn on and use Enterprise Mode from the Tools menu
- Limit Site Discovery output by Domain
- Limit Site Discovery output by Zone
- Make proxy settings per-machine (rather than per-user)
- Pop-up allow list
- Prevent "Fix settings" functionality
- Prevent access to Internet Explorer Help
- Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet
- Prevent bypassing SmartScreen Filter warnings
- Prevent changing pop-up filter level
- Prevent changing proxy settings
- Prevent changing the default search provider
- Prevent configuration of how windows open
- Prevent configuration of new tab creation
- Prevent Internet Explorer Search box from appearing
- Prevent managing pop-up exception list
- Prevent managing SmartScreen Filter
- Prevent managing the phishing filter
- Prevent participation in the Customer Experience Improvement Program
- Prevent per-user installation of ActiveX controls
- Prevent running First Run wizard
- Reset zoom to default for HTML dialogs in Internet Explorer mode
- Restrict search providers to a specific list
- Security Zones: Do not allow users to add/delete sites
- Security Zones: Do not allow users to change policies
- Security Zones: Use only machine settings
- Send all sites not included in the Enterprise Mode Site List to Microsoft Edge.
- Set tab process growth
- Show message when opening sites in Microsoft Edge using Enterprise Mode
- Specify default behavior for a new tab
- Specify use of ActiveX Installer Service for installation of ActiveX controls
- Turn off ability to pin sites in Internet Explorer on the desktop
- Turn off ActiveX Opt-In prompt
- Turn off add-on performance notifications
- Turn off Automatic Crash Recovery
- Turn off browser geolocation
- Turn off configuration of pop-up windows in tabbed browsing
- Turn off Crash Detection
- Turn off Favorites bar
- Turn off Managing SmartScreen Filter for Internet Explorer 8
- Turn off page-zooming functionality
- Turn off pop-up management
- Turn off Quick Tabs functionality
- Turn off Reopen Last Browsing Session
- Turn off suggestions for all user-installed providers
- Turn off tabbed browsing
- Turn off the auto-complete feature for web addresses
- Turn off the quick pick menu
- Turn off the Security Settings Check feature
- Turn on ActiveX Filtering
- Turn on compatibility logging
- Turn on menu bar by default
- Turn on Site Discovery WMI output
- Turn on Site Discovery XML output
- Turn on Suggested Sites
- Use the Enterprise Mode IE website list
- Internet Information Services
- Location and Sensors
- Windows Location Provider
- Turn off location
- Turn off location scripting
- Turn off sensors
- Maintenance Scheduler
- Maps
- MDM
- Messaging
- Microsoft account
- Microsoft Defender Antivirus
- Client Interface
- Device Control
- Exclusions
- MAPS
- Microsoft Defender Exploit Guard
- Attack Surface Reduction
- Controlled Folder Access
- Network Protection
- MpEngine
- Network Inspection System
- Quarantine
- Real-time Protection
- Configure local setting override for monitoring file and program activity on your computer
- Configure local setting override for monitoring for incoming and outgoing file activity
- Configure local setting override for scanning all downloaded files and attachments
- Configure local setting override for turn on behavior monitoring
- Configure local setting override to turn off Intrusion Prevention System
- Configure local setting override to turn on real-time protection
- Configure monitoring for incoming and outgoing file and program activity
- Define the maximum size of downloaded files and attachments to be scanned
- Monitor file and program activity on your computer
- Scan all downloaded files and attachments
- Turn off real-time protection
- Turn on behavior monitoring
- Turn on Information Protection Control
- Turn on network protection against exploits of known vulnerabilities
- Turn on process scanning whenever real-time protection is enabled
- Turn on raw volume write notifications
- Remediation
- Reporting
- Configure time out for detections in critically failed state
- Configure time out for detections in non-critical failed state
- Configure time out for detections in recently remediated state
- Configure time out for detections requiring additional action
- Configure Watson events
- Configure Windows software trace preprocessor components
- Configure WPP tracing level
- Turn off enhanced notifications
- Scan
- Allow users to pause scan
- Check for the latest virus and spyware security intelligence before running a scheduled scan
- Configure local setting override for maximum percentage of CPU utilization
- Configure local setting override for scheduled quick scan time
- Configure local setting override for scheduled scan time
- Configure local setting override for schedule scan day
- Configure local setting override for the scan type to use for a scheduled scan
- Configure low CPU priority for scheduled scans
- Create a system restore point
- Define the number of days after which a catch-up scan is forced
- Run full scan on mapped network drives
- Scan archive files
- Scan network files
- Scan packed executables
- Scan removable drives
- Specify the day of the week to run a scheduled scan
- Specify the interval to run quick scans per day
- Specify the maximum depth to scan archive files
- Specify the maximum percentage of CPU utilization during a scan
- Specify the maximum size of archive files to be scanned
- Specify the scan type to use for a scheduled scan
- Specify the time for a daily quick scan
- Specify the time of day to run a scheduled scan
- Start the scheduled scan only when computer is on but not in use
- Turn on catch-up full scan
- Turn on catch-up quick scan
- Turn on e-mail scanning
- Turn on heuristics
- Turn on removal of items from scan history folder
- Turn on reparse point scanning
- Security Intelligence Updates
- Allow notifications to disable security intelligence based reports to Microsoft MAPS
- Allow real-time security intelligence updates based on reports to Microsoft MAPS
- Allow security intelligence updates from Microsoft Update
- Allow security intelligence updates when running on battery power
- Check for the latest virus and spyware security intelligence on startup
- Define the number of days after which a catch-up security intelligence update is required
- Define the number of days before spyware security intelligence is considered out of date
- Define the number of days before virus security intelligence is considered out of date
- Define the order of sources for downloading security intelligence updates
- Initiate security intelligence update on startup
- Specify the day of the week to check for security intelligence updates
- Specify the interval to check for security intelligence updates
- Specify the time to check for security intelligence updates
- Turn on scan after security intelligence update
- Threats
- Allow antimalware service to remain running always
- Allow antimalware service to startup with normal priority
- Configure detection for potentially unwanted applications
- Configure local administrator merge behavior for lists
- Define addresses to bypass proxy server
- Define proxy auto-config (.pac) for connecting to the network
- Define proxy server for connecting to the network
- Randomize scheduled task times
- Turn off Microsoft Defender Antivirus
- Turn off routine remediation
- Microsoft Defender Application Guard
- Allow auditing events in Microsoft Defender Application Guard
- Allow camera and microphone access in Microsoft Defender Application Guard
- Allow data persistence for Microsoft Defender Application Guard
- Allow files to download and save to the host operating system from Microsoft Defender Application Guard
- Allow hardware-accelerated rendering for Microsoft Defender Application Guard
- Allow Microsoft Defender Application Guard to use Root Certificate Authorities from the user's device
- Allow users to trust files that open in Windows Defender Application Guard
- Configure additional sources for untrusted files in Windows Defender Application Guard.
- Configure Microsoft Defender Application Guard clipboard settings
- Configure Microsoft Defender Application Guard print settings
- Prevent enterprise websites from loading non-enterprise content in Microsoft Edge and Internet Explorer
- Turn on Microsoft Defender Application Guard in Managed Mode
- Microsoft Defender Exploit Guard
- Exploit Protection
- Microsoft Edge
- Allow Address bar drop-down list suggestions
- Allow Adobe Flash
- Allow clearing browsing data on exit
- Allow configuration updates for the Books Library
- Allow employees to send Do Not Track headers
- Allow extended telemetry for the Books tab
- Allow Extensions
- Allow FullScreen Mode
- Allow Microsoft Compatibility List
- Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed
- Allow Microsoft Edge to start and load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed
- Allow printing
- Allow Saving History
- Allow search engine customization
- Allow Sideloading of extension
- Always show the Books Library in Microsoft Edge
- Configure additional search engines
- Configure Cookies
- Configure corporate Home pages
- Configure Favorites Bar
- Configure Favorites
- Configure Home Button
- Configure kiosk mode
- Configure kiosk reset after idle timeout
- Configure Open Microsoft Edge With
- Configure the Adobe Flash Click-to-Run setting
- Configure the Enterprise Mode Site List
- Disable lockdown of Start pages
- Don't allow SmartScreen Filter warning overrides for unverified files
- Don't allow SmartScreen Filter warning overrides
- Don't allow WebRTC to share the LocalHost IP address
- For PDF files that have both landscape and portrait pages, print each in its own orientation.
- Keep favorites in sync between Internet Explorer and Microsoft Edge
- Open a new tab with an empty tab
- Prevent access to the about:flags page in Microsoft Edge
- Prevent certificate error overrides
- Prevent changes to Favorites on Microsoft Edge
- Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start
- Prevent Microsoft Edge from starting and loading the Start and New Tab page at Windows startup and each time Microsoft Edge is closed
- Prevent the First Run webpage from opening on Microsoft Edge
- Prevent turning off required extensions
- Provision Favorites
- Send all intranet sites to Internet Explorer 11
- Set default search engine
- Set Home Button URL
- Set New Tab page URL
- Show message when opening sites in Internet Explorer
- Suppress the display of Edge Deprecation Notification
- Turn off address bar search suggestions
- Turn off Autofill
- Turn off Developer Tools
- Turn off InPrivate browsing
- Turn off Password Manager
- Turn off Pop-up Blocker
- Turn off the SmartScreen Filter
- Unlock Home Button
- Microsoft FIDO Authentication
- Microsoft Passport for Work
- PIN Complexity
- Remote Passport
- Allow enumeration of emulated smart card for all users
- Configure device unlock factors
- Configure dynamic lock factors
- Turn off smart card emulation
- Use a hardware security device
- Use biometrics
- Use certificate for on-premises authentication
- Use cloud trust for on-premises authentication
- Use Microsoft Passport for Work
- Use PIN Recovery
- Use Windows Hello for Business certificates as smart card certificates
- Microsoft Secondary Authentication Factor
- Microsoft User Experience Virtualization
- Applications
- Access 2013 backup only
- Access 2016 backup only
- Calculator
- Common 2013 backup only
- Common 2016 backup only
- Excel 2013 backup only
- Excel 2016 backup only
- InfoPath 2013 backup only
- Internet Explorer 8
- Internet Explorer 9
- Internet Explorer 10
- Internet Explorer 11
- Internet Explorer Common Settings
- Lync 2013 backup only
- Lync 2016 backup only
- Microsoft Access 2010
- Microsoft Access 2013
- Microsoft Access 2016
- Microsoft Excel 2010
- Microsoft Excel 2013
- Microsoft Excel 2016
- Microsoft InfoPath 2010
- Microsoft InfoPath 2013
- Microsoft Lync 2010
- Microsoft Lync 2013
- Microsoft Lync 2016
- Microsoft Office 365 Access 2013
- Microsoft Office 365 Access 2016
- Microsoft Office 365 Common 2013
- Microsoft Office 365 Common 2016
- Microsoft Office 365 Excel 2013
- Microsoft Office 365 Excel 2016
- Microsoft Office 365 InfoPath 2013
- Microsoft Office 365 Lync 2013
- Microsoft Office 365 Lync 2016
- Microsoft Office 365 OneNote 2013
- Microsoft Office 365 OneNote 2016
- Microsoft Office 365 Outlook 2013
- Microsoft Office 365 Outlook 2016
- Microsoft Office 365 PowerPoint 2013
- Microsoft Office 365 PowerPoint 2016
- Microsoft Office 365 Project 2013
- Microsoft Office 365 Project 2016
- Microsoft Office 365 Publisher 2013
- Microsoft Office 365 Publisher 2016
- Microsoft Office 365 Visio 2013
- Microsoft Office 365 Visio 2016
- Microsoft Office 365 Word 2013
- Microsoft Office 365 Word 2016
- Microsoft Office 2010 Common Settings
- Microsoft Office 2013 Common Settings
- Microsoft Office 2013 Upload Center
- Microsoft Office 2016 Common Settings
- Microsoft Office 2016 Upload Center
- Microsoft OneDrive for Business 2013
- Microsoft OneDrive for Business 2016
- Microsoft OneNote 2010
- Microsoft OneNote 2013
- Microsoft OneNote 2016
- Microsoft Outlook 2010
- Microsoft Outlook 2013
- Microsoft Outlook 2016
- Microsoft PowerPoint 2010
- Microsoft PowerPoint 2013
- Microsoft PowerPoint 2016
- Microsoft Project 2010
- Microsoft Project 2013
- Microsoft Project 2016
- Microsoft Publisher 2010
- Microsoft Publisher 2013
- Microsoft Publisher 2016
- Microsoft Visio 2010
- Microsoft Visio 2013
- Microsoft Visio 2016
- Microsoft Word 2010
- Microsoft Word 2013
- Microsoft Word 2016
- Notepad
- OneNote 2013 backup only
- OneNote 2016 backup only
- Outlook 2013 backup only
- Outlook 2016 backup only
- PowerPoint 2013 backup only
- PowerPoint 2016 backup only
- Project 2013 backup only
- Project 2016 backup only
- Publisher 2013 backup only
- Publisher 2016 backup only
- Visio 2013 backup only
- Visio 2016 backup only
- Word 2013 backup only
- Word 2016 backup only
- WordPad
- Windows Apps
- Configure Sync Method
- Contact IT Link Text
- Contact IT URL
- Do not synchronize Windows Apps
- Enable UEV
- First Use Notification
- Ping the settings storage location before sync
- Settings package size warning threshold
- Settings storage path
- Settings template catalog path
- Synchronization timeout
- Synchronize Windows settings
- Sync settings over metered connections even when roaming
- Sync settings over metered connections
- Sync Unlisted Windows Apps
- Tray Icon
- Use User Experience Virtualization (UE-V)
- VDI Configuration
- Applications
- NetMeeting
- News and interests
- OneDrive
- Online Assistance
- OOBE
- Parental Controls
- Portable Operating System
- Presentation Settings
- Push To Install
- Remote Desktop Services
- RD Licensing
- Remote Desktop Connection Client
- RemoteFX USB Device Redirection
- Allow .rdp files from unknown publishers
- Allow .rdp files from valid publishers and user's default .rdp settings
- Configure server authentication for client
- Do not allow hardware accelerated decoding
- Do not allow passwords to be saved
- Prompt for credentials on the client computer
- Specify SHA1 thumbprints of certificates representing trusted .rdp publishers
- Turn Off UDP On Client
- Remote Desktop Session Host
- Application Compatibility
- Connections
- Allow remote start of unlisted programs
- Allow users to connect remotely by using Remote Desktop Services
- Automatic reconnection
- Configure keep-alive connection interval
- Deny logoff of an administrator logged in to the console session
- Limit number of connections
- Restrict Remote Desktop Services users to a single Remote Desktop Services session
- Select network detection on the server
- Select RDP transport protocols
- Set rules for remote control of Remote Desktop Services user sessions
- Suspend user sign-in to complete app registration
- Turn off Fair Share CPU Scheduling
- Device and Resource Redirection
- Allow audio and video playback redirection
- Allow audio recording redirection
- Allow time zone redirection
- Do not allow Clipboard redirection
- Do not allow COM port redirection
- Do not allow drive redirection
- Do not allow LPT port redirection
- Do not allow smart card device redirection
- Do not allow supported Plug and Play device redirection
- Do not allow video capture redirection
- Limit audio playback quality
- Licensing
- Printer Redirection
- Profiles
- RD Connection Broker
- Remote Session Environment
- RemoteFX for Windows Server 2008 R2
- Allow desktop composition for remote desktop sessions
- Always show desktop on connection
- Configure compression for RemoteFX data
- Configure H.264/AVC hardware encoding for Remote Desktop Connections
- Configure image quality for RemoteFX Adaptive Graphics
- Configure RemoteFX Adaptive Graphics
- Do not allow font smoothing
- Enable RemoteFX encoding for RemoteFX clients designed for Windows Server 2008 R2 SP1
- Enforce Removal of Remote Desktop Wallpaper
- Limit maximum color depth
- Limit maximum display resolution
- Limit number of monitors
- Prioritize H.264/AVC 444 graphics mode for Remote Desktop Connections
- Remove "Disconnect" option from Shut Down dialog
- Remove Windows Security item from Start menu
- Start a program on connection
- Use advanced RemoteFX graphics for RemoteApp
- Use hardware graphics adapters for all Remote Desktop Services sessions
- Use the hardware default graphics adapter for all Remote Desktop Services sessions
- Use WDDM graphics display driver for Remote Desktop Connections
- Security
- Always prompt for password upon connection
- Do not allow local administrators to customize permissions
- Require secure RPC communication
- Require use of specific security layer for remote (RDP) connections
- Require user authentication for remote connections by using Network Level Authentication
- Server authentication certificate template
- Set client connection encryption level
- Session Time Limits
- Temporary folders
- RSS Feeds
- Search
- OCR
- Add primary intranet search location
- Add secondary intranet search locations
- Allow Cloud Search
- Allow Cortana above lock screen
- Allow Cortana
- Allow Cortana Page in OOBE on an AAD account
- Allow indexing of encrypted files
- Allow search and Cortana to use location
- Allow search highlights
- Allow use of diacritics
- Always use automatic language detection when indexing content and properties
- Control rich previews for attachments
- Default excluded paths
- Default indexed paths
- Disable indexer backoff
- Don't search the web or display web results in Search
- Don't search the web or display web results in Search over metered connections
- Do not allow locations on removable drives to be added to libraries
- Do not allow web search
- Enable indexing of online delegate mailboxes
- Enable indexing uncached Exchange folders
- Enable throttling for online mail indexing
- Indexer data location
- Prevent adding UNC locations to index from Control Panel
- Prevent adding user-specified locations to the All Locations menu
- Prevent clients from querying the index remotely
- Prevent customization of indexed locations in Control Panel
- Prevent indexing certain paths
- Prevent indexing e-mail attachments
- Prevent indexing files in offline files cache
- Prevent indexing Microsoft Office Outlook
- Prevent indexing of certain file types
- Prevent indexing public folders
- Prevent indexing when running on battery power to conserve energy
- Prevent the display of advanced indexing options for Windows Search in the Control Panel
- Prevent unwanted iFilters and protocol handlers
- Preview pane location
- Set large or small icon view in desktop search results
- Set the SafeSearch setting for Search
- Set what information is shared in Search
- Stop indexing in the event of limited hard drive space
- Security Center
- Shutdown Options
- Smart Card
- Allow certificates with no extended key usage certificate attribute
- Allow ECC certificates to be used for logon and authentication
- Allow Integrated Unblock screen to be displayed at the time of logon
- Allow signature keys valid for Logon
- Allow time invalid certificates
- Allow user name hint
- Configure root certificate clean up
- Display string when smart card is blocked
- Filter duplicate logon certificates
- Force the reading of all certificates from the smart card
- Notify user of successful smart card driver installation
- Prevent plaintext PINs from being returned by Credential Manager
- Reverse the subject name stored in a certificate when displaying
- Turn on certificate propagation from smart card
- Turn on root certificate propagation from smart card
- Turn on Smart Card Plug and Play service
- Software Protection Platform
- Sound Recorder
- Speech
- Store
- Disable all apps from Windows Store
- Only display the private store within the Microsoft Store
- Only display the private store within the Microsoft Store
- Turn off Automatic Download and Install of updates
- Turn off Automatic Download of updates on Win8 machines
- Turn off the offer to update to the latest version of Windows
- Turn off the Store application
- Sync your settings
- Tablet PC
- Accessories
- Cursors
- Hardware Buttons
- Input Panel
- Disable text prediction
- For tablet pen input, don't show the Input Panel icon
- For touch input, don't show the Input Panel icon
- Include rarely used Chinese, Kanji, or Hanja characters
- Prevent Input Panel tab from appearing
- Turn off AutoComplete integration with Input Panel
- Turn off password security in Input Panel
- Turn off tolerant and Z-shaped scratch-out gestures
- Pen Flicks Learning
- Pen UX Behaviors
- Tablet PC Pen Training
- Touch Input
- Task Scheduler
- Tenant Restrictions
- Text Input
- Windows Calendar
- Windows Color System
- Windows Customer Experience Improvement Program
- Windows Defender SmartScreen
- Windows Error Reporting
- Advanced Error Reporting Settings
- Configure Corporate Windows Error Reporting
- Configure Report Archive
- Configure Report Queue
- Default application reporting settings
- List of applications to always report errors for
- List of applications to be excluded
- List of applications to never report errors for
- Report operating system errors
- Report unplanned shutdown events
- Consent
- Automatically send memory dumps for OS-generated error reports
- Configure Error Reporting
- Disable logging
- Disable Windows Error Reporting
- Display Error Notification
- Do not send additional data
- Do not throttle additional data
- Prevent display of the user interface for critical errors
- Send additional data when on battery power
- Send data when on connected to a restricted/costed network
- Advanced Error Reporting Settings
- Windows Game Recording and Broadcasting
- Windows Ink Workspace
- Windows Installer
- Allow user control over installs
- Allow users to browse for source while elevated
- Allow users to patch elevated products
- Allow users to use media source while elevated
- Always install with elevated privileges
- Always install with elevated privileges
- Control maximum size of baseline file cache
- Enforce upgrade component rules
- Prevent embedded UI
- Prevent Internet Explorer security prompt for Windows Installer scripts
- Prevent users from using Windows Installer to install updates and upgrades
- Prohibit flyweight patching
- Prohibit non-administrators from applying vendor signed updates
- Prohibit removal of updates
- Prohibit rollback
- Prohibit use of Restart Manager
- Prohibit User Installs
- Remove browse dialog box for new source
- Save copies of transform files in a secure location on workstation
- Specify the types of events Windows Installer records in its transaction log
- Turn off creation of System Restore checkpoints
- Turn off logging via package settings
- Turn off Windows Installer
- Windows Logon Options
- Configure the mode of automatically signing in and locking last interactive user after a restart or cold boot
- Disable or enable software Secure Attention Sequence
- Display information about previous logons during user logon
- Report when logon server was not available during user logon
- Sign-in and lock last interactive user automatically after a restart
- Windows Mail
- Windows Media Center
- Windows Media Digital Rights Management
- Windows Media Player
- Windows Messenger
- Windows Mobility Center
- Windows PowerShell
- Windows Reliability Analysis
- Windows Remote Management (WinRM)
- WinRM Client
- WinRM Service
- Allow Basic authentication
- Allow CredSSP authentication
- Allow remote server management through WinRM
- Allow unencrypted traffic
- Disallow Kerberos authentication
- Disallow Negotiate authentication
- Disallow WinRM from storing RunAs credentials
- Specify channel binding token hardening level
- Turn On Compatibility HTTP Listener
- Turn On Compatibility HTTPS Listener
- Windows Remote Shell
- Windows Security
- Account protection
- App and browser protection
- Device performance and health
- Device security
- Enterprise Customization
- Family options
- Firewall and network protection
- Notifications
- Systray
- Virus and threat protection
- Windows Update
- Windows Update for Business
- Allow Automatic Updates immediate installation
- Allow non-administrators to receive update notifications
- Allow signed updates from an intranet Microsoft update service location
- Allow updates to be downloaded automatically over metered connections
- Always automatically restart at the scheduled time
- Automatic Updates detection frequency
- Configure auto-restart reminder notifications for updates
- Configure auto-restart required notification for updates
- Configure auto-restart warning notifications schedule for updates
- Configure Automatic Updates
- Defer Upgrades and Updates
- Delay Restart for scheduled installations
- Display options for update notifications
- Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box
- Do not allow update deferral policies to cause scans against Windows Update
- Do not connect to any Windows Update Internet locations
- Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box
- Do not include drivers with Windows Updates
- Enable client-side targeting
- Enabling Windows Update Power Management to automatically wake up the system to install scheduled updates
- No auto-restart with logged on users for scheduled automatic updates installations
- Re-prompt for restart with scheduled installations
- Remove access to "Pause updates" feature
- Remove access to use all Windows Update features
- Reschedule Automatic Updates scheduled installations
- Specify active hours range for auto-restarts
- Specify deadline before auto-restart for update installation
- Specify deadlines for automatic updates and restarts
- Specify Engaged restart transition and notification schedule for updates
- Specify intranet Microsoft update service location
- Specify source service for specific classes of Windows Updates
- Turn off auto-restart for updates during active hours
- Turn off auto-restart notifications for update installations
- Turn on recommended updates via Automatic Updates
- Turn on Software Notifications
- Update Power Policy for Cart Restarts
- Work Folders
- Configuration Manager
- Control Panel
- Add or Remove Programs
- Go directly to Components Wizard
- Hide Add/Remove Windows Components page
- Hide Add New Programs page
- Hide Change or Remove Programs page
- Hide the "Add a program from CD-ROM or floppy disk" option
- Hide the "Add programs from Microsoft" option
- Hide the "Add programs from your network" option
- Hide the Set Program Access and Defaults page
- Remove Add or Remove Programs
- Remove Support Information
- Specify default category for Add New Programs
- Display
- Personalization
- Enable screen saver
- Force a specific visual style file or force Windows Classic
- Force specific screen saver
- Load a specific theme
- Password protect the screen saver
- Prevent changing color and appearance
- Prevent changing color scheme
- Prevent changing desktop background
- Prevent changing desktop icons
- Prevent changing mouse pointers
- Prevent changing screen saver
- Prevent changing sounds
- Prevent changing theme
- Prevent changing visual style for windows and buttons
- Prohibit selection of visual style font size
- Screen saver timeout
- Printers
- Browse a common web site to find printers
- Browse the network to find printers
- Default Active Directory path when searching for printers
- Enable Device Control Printing Restrictions
- List of Approved USB-connected print devices
- Only use Package Point and print
- Package Point and print - Approved servers
- Point and Print Restrictions
- Prevent addition of printers
- Prevent deletion of printers
- Turn off Windows default printer management
- Programs
- Regional and Language Options
- Handwriting personalization
- Hide Regional and Language Options administrative options
- Hide the geographic location option
- Hide the select language group options
- Hide user locale selection and customization options
- Restrict selection of Windows menus and dialogs language
- Restricts the UI languages Windows should use for the selected user
- Turn off autocorrect misspelled words
- Turn off highlight misspelled words
- Turn off insert a space after selecting a text prediction
- Turn off offer text predictions as I type
- Always open All Control Panel Items when opening Control Panel
- Hide specified Control Panel items
- Prohibit access to Control Panel and PC settings
- Settings Page Visibility
- Show only specified Control Panel items
- Add or Remove Programs
- Desktop
- Active Directory
- Desktop
- Don't save settings at exit
- Do not add shares of recently opened documents to Network Locations
- Hide and disable all items on the desktop
- Hide Internet Explorer icon on desktop
- Hide Network Locations icon on desktop
- Prevent adding, dragging, dropping and closing the Taskbar's toolbars
- Prohibit adjusting desktop toolbars
- Prohibit User from manually redirecting Profile Folders
- Remove Computer icon on the desktop
- Remove My Documents icon on the desktop
- Remove Properties from the Computer icon context menu
- Remove Properties from the Documents icon context menu
- Remove Properties from the Recycle Bin context menu
- Remove Recycle Bin icon from desktop
- Remove the Desktop Cleanup Wizard
- Turn off Aero Shake window minimizing mouse gesture
- Network
- Network Connections
- Ability to change properties of an all user remote access connection
- Ability to delete all user remote access connections
- Ability to Enable/Disable a LAN connection
- Ability to rename all user remote access connections
- Ability to rename LAN connections
- Ability to rename LAN connections or remote access connections available to all users
- Enable Windows 2000 Network Connections settings for Administrators
- Prohibit access to properties of a LAN connection
- Prohibit access to properties of components of a LAN connection
- Prohibit access to properties of components of a remote access connection
- Prohibit access to the Advanced Settings item on the Advanced menu
- Prohibit access to the New Connection Wizard
- Prohibit access to the Remote Access Preferences item on the Advanced menu
- Prohibit adding and removing components for a LAN or remote access connection
- Prohibit changing properties of a private remote access connection
- Prohibit connecting and disconnecting a remote access connection
- Prohibit deletion of remote access connections
- Prohibit Enabling/Disabling components of a LAN connection
- Prohibit renaming private remote access connections
- Prohibit TCP/IP advanced configuration
- Prohibit viewing of status for an active connection
- Turn off notifications when a connection has only limited or no connectivity
- Offline Files
- Action on server disconnect
- Event logging level
- Initial reminder balloon lifetime
- Non-default server disconnect actions
- Prevent use of Offline Files folder
- Prohibit user configuration of Offline Files
- Reminder balloon frequency
- Reminder balloon lifetime
- Remove "Make Available Offline" command
- Remove "Make Available Offline" for these files and folders
- Remove "Work offline" command
- Specify administratively assigned Offline Files
- Synchronize all offline files before logging off
- Synchronize all offline files when logging on
- Synchronize offline files before suspend
- Turn off reminder balloons
- Windows Connect Now
- Network Connections
- Start Menu and Taskbar
- Notifications
- Set the time Quiet Hours begins each day
- Set the time Quiet Hours ends each day
- Turn off calls during Quiet Hours
- Turn off notification mirroring
- Turn off notifications network usage
- Turn off Quiet Hours
- Turn off tile notifications
- Turn off toast notifications
- Turn off toast notifications on the lock screen
- Turn on multiple expanded toast notifications in action center
- Add "Run in Separate Memory Space" check box to Run dialog box
- Add Logoff to the Start Menu
- Add Search Internet link to Start Menu
- Add the Run command to the Start Menu
- Change Start Menu power button
- Clear history of recently opened documents on exit
- Clear the recent programs list for new users
- Clear tile notifications during log on
- Disable context menus in the Start Menu
- Disable showing balloon notifications as toasts.
- Do not allow pinning items in Jump Lists
- Do not allow pinning programs to the Taskbar
- Do not allow pinning Store app to the Taskbar
- Do not allow taskbars on more than one display
- Do not display any custom toolbars in the taskbar
- Do not display or track items in Jump Lists from remote locations
- Do not keep history of recently opened documents
- Do not search communications
- Do not search for files
- Do not search Internet
- Do not search programs and Control Panel items
- Do not use the search-based method when resolving shell shortcuts
- Do not use the tracking-based method when resolving shell shortcuts
- Force classic Start Menu
- Force Start to be either full screen size or menu size
- Go to the desktop instead of Start when signing in
- Gray unavailable Windows Installer programs Start Menu shortcuts
- Hide the notification area
- List desktop apps first in the Apps view
- Lock all taskbar settings
- Lock the Taskbar
- Pin Apps to Start when installed
- Prevent changes to Taskbar and Start Menu Settings
- Prevent grouping of taskbar items
- Prevent users from adding or removing toolbars
- Prevent users from customizing their Start Screen
- Prevent users from moving taskbar to another screen dock location
- Prevent users from rearranging toolbars
- Prevent users from resizing the taskbar
- Prevent users from uninstalling applications from Start
- Remove access to the context menus for the taskbar
- Remove All Programs list from the Start menu
- Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands
- Remove Balloon Tips on Start Menu items
- Remove Clock from the system notification area
- Remove common program groups from Start Menu
- Remove Default Programs link from the Start menu.
- Remove Documents icon from Start Menu
- Remove Downloads link from Start Menu
- Remove Favorites menu from Start Menu
- Remove frequent programs list from the Start Menu
- Remove Games link from Start Menu
- Remove Help menu from Start Menu
- Remove Homegroup link from Start Menu
- Remove links and access to Windows Update
- Remove Logoff on the Start Menu
- Remove Music icon from Start Menu
- Remove Network Connections from Start Menu
- Remove Network icon from Start Menu
- Remove Notifications and Action Center
- Remove Pictures icon from Start Menu
- Remove pinned programs from the Taskbar
- Remove pinned programs list from the Start Menu
- Remove programs on Settings menu
- Remove Recent Items menu from Start Menu
- Remove Recorded TV link from Start Menu
- Remove Run menu from Start Menu
- Remove Search Computer link
- Remove Search link from Start Menu
- Remove See More Results / Search Everywhere link
- Remove the "Undock PC" button from the Start Menu
- Remove the battery meter
- Remove the Meet Now icon
- Remove the networking icon
- Remove the People Bar from the taskbar
- Remove the Security and Maintenance icon
- Remove the volume control icon
- Remove user's folders from the Start Menu
- Remove user folder link from Start Menu
- Remove user name from Start Menu
- Remove Videos link from Start Menu
- Search just apps from the Apps view
- Show "Run as different user" command on Start
- Show additional calendar
- Show or hide "Most used" list from Start menu
- Show QuickLaunch on Taskbar
- Show Start on the display the user is using when they press the Windows logo key
- Show the Apps view automatically when the user goes to Start
- Show Windows Store apps on the taskbar
- Start Layout
- Turn off all balloon notifications
- Turn off automatic promotion of notification icons to the taskbar
- Turn off feature advertisement balloon notifications
- Turn off notification area cleanup
- Turn off taskbar thumbnails
- Turn off user tracking
- Notifications
- System
- Ctrl+Alt+Del Options
- Display
- Driver Installation
- Folder Redirection
- Do not automatically make all redirected folders available offline
- Do not automatically make specific redirected folders available offline
- Enable optimized move of contents in Offline Files cache on Folder Redirection server path change
- Redirect folders on primary computers only
- Use localized subfolder names when redirecting Start Menu and My Documents
- Group Policy
- Configure Group Policy domain controller selection
- Configure Group Policy slow link detection
- Create new Group Policy Object links disabled by default
- Determine if interactive users can generate Resultant Set of Policy data
- Enforce Show Policies Only
- Set default name for new Group Policy objects
- Set Group Policy refresh interval for users
- Turn off automatic update of ADM files
- Internet Communication Management
- Internet Communication settings
- Turn off access to the Store
- Turn off downloading of print drivers over HTTP
- Turn off handwriting personalization data sharing
- Turn off handwriting recognition error reporting
- Turn off Help Experience Improvement Program
- Turn off Help Ratings
- Turn off Internet download for Web publishing and online ordering wizards
- Turn off Internet File Association service
- Turn off printing over HTTP
- Turn off the "Order Prints" picture task
- Turn off the "Publish to Web" task for files and folders
- Turn off the Windows Messenger Customer Experience Improvement Program
- Turn off Windows Online
- Restrict Internet communication
- Internet Communication settings
- Locale Services
- Logon
- Mitigation Options
- Power Management
- Removable Storage Access
- All Removable Storage classes: Deny all access
- CD and DVD: Deny read access
- CD and DVD: Deny write access
- Custom Classes: Deny read access
- Custom Classes: Deny write access
- Floppy Drives: Deny read access
- Floppy Drives: Deny write access
- Removable Disks: Deny read access
- Removable Disks: Deny write access
- Tape Drives: Deny read access
- Tape Drives: Deny write access
- Time (in seconds) to force reboot
- WPD Devices: Deny read access
- WPD Devices: Deny write access
- Scripts
- User Profiles
- Century interpretation for Year 2000
- Custom User Interface
- Don't run specified Windows applications
- Do not display the Getting Started welcome screen at logon
- Download missing COM components
- Prevent access to registry editing tools
- Prevent access to the command prompt
- Restrict these programs from being launched from Help
- Run only specified Windows applications
- Windows Automatic Updates
- Windows Components
- Add features to Windows 8.1
- Application Compatibility
- App runtime
- Attachment Manager
- Default risk level for file attachments
- Do not preserve zone information in file attachments
- Hide mechanisms to remove zone information
- Inclusion list for high risk file types
- Inclusion list for low file types
- Inclusion list for moderate risk file types
- Notify antivirus programs when opening attachments
- Trust logic for file attachments
- AutoPlay Policies
- Backup
- Client
- Prevent backing up to local disks
- Prevent backing up to network location
- Prevent backing up to optical media (CD/DVD)
- Prevent the user from running the Backup Status and Configuration program
- Turn off restore functionality
- Turn off the ability to back up data files
- Turn off the ability to create a system image
- Client
- Calculator
- Cloud Content
- Configure Windows spotlight on lock screen
- Do not suggest third-party content in Windows spotlight
- Do not use diagnostic data for tailored experiences
- Turn off all Windows spotlight features
- Turn off the Windows Welcome Experience
- Turn off Windows Spotlight on Action Center
- Turn off Windows Spotlight on Settings
- Credential User Interface
- Data Collection and Preview Builds
- Desktop Gadgets
- Desktop Window Manager
- Digital Locker
- Edge UI
- Allow edge swipe
- Disable help tips
- Do not show recent apps when the mouse is pointing to the upper-left corner of the screen
- Prevent users from replacing the Command Prompt with Windows PowerShell in the menu they see when they right-click the lower-left corner or press the Windows logo key+X
- Search, Share, Start, Devices, and Settings don't appear when the mouse is pointing to the upper-right corner of the screen
- Turn off switching between recent apps
- Turn off tracking of app usage
- File Explorer
- Common Open File Dialog
- Explorer Frame Pane
- Previous Versions
- Allow only per user or approved shell extensions
- Disable binding directly to IPropertySetStorage without intermediate layers.
- Disable Known Folders
- Display confirmation dialog when deleting files
- Display the menu bar in File Explorer
- Do not allow Folder Options to be opened from the Options button on the View tab of the ribbon
- Do not display the Welcome Center at user logon
- Do not move deleted files to the Recycle Bin
- Do not request alternate credentials
- Do not track Shell shortcuts during roaming
- Hides the Manage item on the File Explorer context menu
- Hide these specified drives in My Computer
- Location where all default Library definition files for users/machines reside.
- Maximum allowed Recycle Bin size
- Maximum number of recent documents
- No Computers Near Me in Network Locations
- No Entire Network in Network Locations
- Pin Internet search sites to the "Search again" links and the Start menu
- Pin Libraries or Search Connectors to the "Search again" links and the Start menu
- Prevent access to drives from My Computer
- Prevent users from adding files to the root of their Users Files folder.
- Remove "Map Network Drive" and "Disconnect Network Drive"
- Remove CD Burning features
- Remove DFS tab
- Remove File Explorer's default context menu
- Remove File menu from File Explorer
- Remove Hardware tab
- Remove Search button from File Explorer
- Remove Security tab
- Remove the Search the Internet "Search again" link
- Remove UI to change menu animation setting
- Request credentials for network installations
- Start File Explorer with ribbon minimized
- Turn off caching of thumbnail pictures
- Turn off common control and window animations
- Turn off display of recent search entries in the File Explorer search box
- Turn off numerical sorting in File Explorer
- Turn off shell protocol protected mode
- Turn off the caching of thumbnails in hidden thumbs.db files
- Turn off the display of snippets in Content view mode
- Turn off the display of thumbnails and only display icons.
- Turn off the display of thumbnails and only display icons on network folders
- Turn off Windows Key hotkeys
- Turn off Windows Libraries features that rely on indexed file data
- Turn on Classic Shell
- File Revocation
- IME
- Configure Japanese IME version
- Configure Simplified Chinese IME version
- Configure Traditional Chinese IME version
- Do not include Non-Publishing Standard Glyph in the candidate list
- Restrict character code range of conversion
- Turn off custom dictionary
- Turn off history-based predictive input
- Turn off Internet search integration
- Turn off Open Extended Dictionary
- Turn off saving auto-tuning data to file
- Turn on cloud candidate for CHS
- Turn on cloud candidate
- Turn on lexicon update
- Turn on Live Sticker
- Turn on misconversion logging for misconversion report
- Instant Search
- Internet Explorer
- Accelerators
- Administrator Approved Controls
- Application Compatibility
- Browser menus
- Disable Open in New Window menu option
- Disable Save this program to disk option
- File menu: Disable closing the browser and Explorer windows
- File menu: Disable New menu option
- File menu: Disable Open menu option
- File menu: Disable Save As... menu option
- File menu: Disable Save As Web Page Complete
- Help menu: Remove 'For Netscape Users' menu option
- Help menu: Remove 'Send Feedback' menu option
- Help menu: Remove 'Tip of the Day' menu option
- Help menu: Remove 'Tour' menu option
- Hide Favorites menu
- Tools menu: Disable Internet Options... menu option
- Turn off Print Menu
- Turn off Shortcut Menu
- Turn off the ability to launch report site problems using a menu option
- View menu: Disable Full Screen menu option
- View menu: Disable Source menu option
- Compatibility View
- Delete Browsing History
- Allow deleting browsing history on exit
- Disable "Configuring History"
- Prevent access to Delete Browsing History
- Prevent deleting ActiveX Filtering, Tracking Protection, and Do Not Track data
- Prevent deleting cookies
- Prevent deleting download history
- Prevent deleting favorites site data
- Prevent deleting form data
- Prevent deleting InPrivate Filtering data
- Prevent deleting passwords
- Prevent deleting temporary Internet files
- Prevent deleting websites that the user has visited
- Prevent the deletion of temporary Internet files and cookies
- Internet Control Panel
- Advanced Page
- Allow active content from CDs to run on user machines
- Allow Install On Demand (except Internet Explorer)
- Allow Install On Demand (Internet Explorer)
- Allow Internet Explorer to use the HTTP2 network protocol
- Allow Internet Explorer to use the SPDY/3 network protocol
- Allow software to run or install even if the signature is invalid
- Allow third-party browser extensions
- Always send Do Not Track header
- Automatically check for Internet Explorer updates
- Check for server certificate revocation
- Check for signatures on downloaded programs
- Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled
- Do not allow resetting Internet Explorer settings
- Do not save encrypted pages to disk
- Empty Temporary Internet Files folder when browser is closed
- Play animations in web pages
- Play sounds in web pages
- Play videos in web pages
- Turn off ClearType
- Turn off encryption support
- Turn off loading websites and content in the background to optimize performance
- Turn off Profile Assistant
- Turn off sending UTF-8 query strings for URLs
- Turn off the flip ahead with page prediction feature
- Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows
- Turn on Caret Browsing support
- Turn on Enhanced Protected Mode
- Use HTTP 1.1 through proxy connections
- Use HTTP 1.1
- Content Page
- General Page
- Browsing History
- Allow websites to store application caches on client computers
- Allow websites to store indexed databases on client computers
- Set application caches expiration time limit for individual domains
- Set application cache storage limits for individual domains
- Set default storage limits for websites
- Set indexed database storage limits for individual domains
- Set maximum application cache individual resource size
- Set maximum application cache resource list size
- Set maximum application caches storage limit for all domains
- Set maximum indexed database storage limit for all domains
- Start Internet Explorer with tabs from last browsing session
- Browsing History
- Security Page
- Internet Zone
- Access data sources across domains
- Allow active content over restricted protocols to access my computer
- Allow active scripting
- Allow binary and script behaviors
- Allow cut, copy or paste operations from the clipboard via script
- Allow drag and drop or copy and paste files
- Allow file downloads
- Allow font downloads
- Allow installation of desktop items
- Allow loading of XAML Browser Applications
- Allow loading of XAML files
- Allow loading of XPS files
- Allow META REFRESH
- Allow only approved domains to use ActiveX controls without prompt
- Allow only approved domains to use the TDC ActiveX control
- Allow OpenSearch queries in File Explorer
- Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
- Allow script-initiated windows without size or position constraints
- Allow scripting of Internet Explorer WebBrowser controls
- Allow scriptlets
- Allow updates to status bar via script
- Allow VBScript to run in Internet Explorer
- Allow video and animation on a webpage that uses an older media player
- Allow websites to open windows without status bar or Address bar
- Allow websites to prompt for information by using scripted windows
- Automatic prompting for ActiveX controls
- Automatic prompting for file downloads
- Display mixed content
- Don't run antimalware programs against ActiveX controls
- Do not prompt for client certificate selection when no certificates or only one certificate exists.
- Download signed ActiveX controls
- Download unsigned ActiveX controls
- Enable dragging of content from different domains across windows
- Enable dragging of content from different domains within a window
- Enable MIME Sniffing
- Include local path when user is uploading files to a server
- Initialize and script ActiveX controls not marked as safe
- Java permissions
- Launching applications and files in an IFRAME
- Logon options
- Render legacy filters
- Run .NET Framework-reliant components not signed with Authenticode
- Run .NET Framework-reliant components signed with Authenticode
- Run ActiveX controls and plugins
- Script ActiveX controls marked safe for scripting
- Scripting of Java applets
- Show security warning for potentially unsafe files
- Software channel permissions
- Submit non-encrypted form data
- Turn off .NET Framework Setup
- Turn off first-run prompt
- Turn on Cross-Site Scripting Filter
- Turn on Protected Mode
- Turn on SmartScreen Filter scan
- Use Pop-up Blocker
- Userdata persistence
- Web sites in less privileged Web content zones can navigate into this zone
- Intranet Zone
- Access data sources across domains
- Allow active content over restricted protocols to access my computer
- Allow active scripting
- Allow binary and script behaviors
- Allow cut, copy or paste operations from the clipboard via script
- Allow drag and drop or copy and paste files
- Allow file downloads
- Allow font downloads
- Allow installation of desktop items
- Allow loading of XAML Browser Applications
- Allow loading of XAML files
- Allow loading of XPS files
- Allow META REFRESH
- Allow only approved domains to use ActiveX controls without prompt
- Allow only approved domains to use the TDC ActiveX control
- Allow OpenSearch queries in File Explorer
- Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
- Allow script-initiated windows without size or position constraints
- Allow scripting of Internet Explorer WebBrowser controls
- Allow scriptlets
- Allow updates to status bar via script
- Allow VBScript to run in Internet Explorer
- Allow video and animation on a webpage that uses an older media player
- Allow websites to open windows without status bar or Address bar
- Allow websites to prompt for information by using scripted windows
- Automatic prompting for ActiveX controls
- Automatic prompting for file downloads
- Display mixed content
- Don't run antimalware programs against ActiveX controls
- Do not prompt for client certificate selection when no certificates or only one certificate exists.
- Download signed ActiveX controls
- Download unsigned ActiveX controls
- Enable dragging of content from different domains across windows
- Enable dragging of content from different domains within a window
- Enable MIME Sniffing
- Include local path when user is uploading files to a server
- Initialize and script ActiveX controls not marked as safe
- Java permissions
- Launching applications and files in an IFRAME
- Logon options
- Render legacy filters
- Run .NET Framework-reliant components not signed with Authenticode
- Run .NET Framework-reliant components signed with Authenticode
- Run ActiveX controls and plugins
- Script ActiveX controls marked safe for scripting
- Scripting of Java applets
- Show security warning for potentially unsafe files
- Software channel permissions
- Submit non-encrypted form data
- Turn off .NET Framework Setup
- Turn off first-run prompt
- Turn on Cross-Site Scripting Filter
- Turn on Protected Mode
- Turn on SmartScreen Filter scan
- Use Pop-up Blocker
- Userdata persistence
- Web sites in less privileged Web content zones can navigate into this zone
- Local Machine Zone
- Access data sources across domains
- Allow active content over restricted protocols to access my computer
- Allow active scripting
- Allow binary and script behaviors
- Allow cut, copy or paste operations from the clipboard via script
- Allow drag and drop or copy and paste files
- Allow file downloads
- Allow font downloads
- Allow installation of desktop items
- Allow loading of XAML Browser Applications
- Allow loading of XAML files
- Allow loading of XPS files
- Allow META REFRESH
- Allow only approved domains to use ActiveX controls without prompt
- Allow only approved domains to use the TDC ActiveX control
- Allow OpenSearch queries in File Explorer
- Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
- Allow script-initiated windows without size or position constraints
- Allow scripting of Internet Explorer WebBrowser controls
- Allow scriptlets
- Allow updates to status bar via script
- Allow VBScript to run in Internet Explorer
- Allow video and animation on a webpage that uses an older media player
- Allow websites to open windows without status bar or Address bar
- Allow websites to prompt for information by using scripted windows
- Automatic prompting for ActiveX controls
- Automatic prompting for file downloads
- Display mixed content
- Don't run antimalware programs against ActiveX controls
- Do not prompt for client certificate selection when no certificates or only one certificate exists.
- Download signed ActiveX controls
- Download unsigned ActiveX controls
- Enable dragging of content from different domains across windows
- Enable dragging of content from different domains within a window
- Enable MIME Sniffing
- Include local path when user is uploading files to a server
- Initialize and script ActiveX controls not marked as safe
- Java permissions
- Launching applications and files in an IFRAME
- Logon options
- Render legacy filters
- Run .NET Framework-reliant components not signed with Authenticode
- Run .NET Framework-reliant components signed with Authenticode
- Run ActiveX controls and plugins
- Script ActiveX controls marked safe for scripting
- Scripting of Java applets
- Show security warning for potentially unsafe files
- Software channel permissions
- Submit non-encrypted form data
- Turn off .NET Framework Setup
- Turn off first-run prompt
- Turn on Cross-Site Scripting Filter
- Turn on Protected Mode
- Turn on SmartScreen Filter scan
- Use Pop-up Blocker
- Userdata persistence
- Web sites in less privileged Web content zones can navigate into this zone
- Locked-Down Internet Zone
- Access data sources across domains
- Allow active scripting
- Allow binary and script behaviors
- Allow cut, copy or paste operations from the clipboard via script
- Allow drag and drop or copy and paste files
- Allow file downloads
- Allow font downloads
- Allow installation of desktop items
- Allow loading of XAML Browser Applications
- Allow loading of XAML files
- Allow loading of XPS files
- Allow META REFRESH
- Allow only approved domains to use ActiveX controls without prompt
- Allow only approved domains to use the TDC ActiveX control
- Allow OpenSearch queries in File Explorer
- Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
- Allow script-initiated windows without size or position constraints
- Allow scripting of Internet Explorer WebBrowser controls
- Allow scriptlets
- Allow updates to status bar via script
- Allow VBScript to run in Internet Explorer
- Allow video and animation on a webpage that uses an older media player
- Allow websites to open windows without status bar or Address bar
- Allow websites to prompt for information by using scripted windows
- Automatic prompting for ActiveX controls
- Automatic prompting for file downloads
- Display mixed content
- Don't run antimalware programs against ActiveX controls
- Do not prompt for client certificate selection when no certificates or only one certificate exists.
- Download signed ActiveX controls
- Download unsigned ActiveX controls
- Enable dragging of content from different domains across windows
- Enable dragging of content from different domains within a window
- Enable MIME Sniffing
- Include local path when user is uploading files to a server
- Initialize and script ActiveX controls not marked as safe
- Java permissions
- Launching applications and files in an IFRAME
- Logon options
- Render legacy filters
- Run .NET Framework-reliant components not signed with Authenticode
- Run .NET Framework-reliant components signed with Authenticode
- Run ActiveX controls and plugins
- Script ActiveX controls marked safe for scripting
- Scripting of Java applets
- Show security warning for potentially unsafe files
- Software channel permissions
- Submit non-encrypted form data
- Turn off .NET Framework Setup
- Turn off first-run prompt
- Turn on Cross-Site Scripting Filter
- Turn on Protected Mode
- Turn on SmartScreen Filter scan
- Use Pop-up Blocker
- Userdata persistence
- Web sites in less privileged Web content zones can navigate into this zone
- Locked-Down Intranet Zone
- Access data sources across domains
- Allow active scripting
- Allow binary and script behaviors
- Allow cut, copy or paste operations from the clipboard via script
- Allow drag and drop or copy and paste files
- Allow file downloads
- Allow font downloads
- Allow installation of desktop items
- Allow loading of XAML Browser Applications
- Allow loading of XAML files
- Allow loading of XPS files
- Allow META REFRESH
- Allow only approved domains to use ActiveX controls without prompt
- Allow only approved domains to use the TDC ActiveX control
- Allow OpenSearch queries in File Explorer
- Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
- Allow script-initiated windows without size or position constraints
- Allow scripting of Internet Explorer WebBrowser controls
- Allow scriptlets
- Allow updates to status bar via script
- Allow VBScript to run in Internet Explorer
- Allow video and animation on a webpage that uses an older media player
- Allow websites to open windows without status bar or Address bar
- Allow websites to prompt for information by using scripted windows
- Automatic prompting for ActiveX controls
- Automatic prompting for file downloads
- Display mixed content
- Don't run antimalware programs against ActiveX controls
- Do not prompt for client certificate selection when no certificates or only one certificate exists.
- Download signed ActiveX controls
- Download unsigned ActiveX controls
- Enable dragging of content from different domains across windows
- Enable dragging of content from different domains within a window
- Enable MIME Sniffing
- Include local path when user is uploading files to a server
- Initialize and script ActiveX controls not marked as safe
- Java permissions
- Launching applications and files in an IFRAME
- Logon options
- Render legacy filters
- Run .NET Framework-reliant components not signed with Authenticode
- Run .NET Framework-reliant components signed with Authenticode
- Run ActiveX controls and plugins
- Script ActiveX controls marked safe for scripting
- Scripting of Java applets
- Show security warning for potentially unsafe files
- Software channel permissions
- Submit non-encrypted form data
- Turn off .NET Framework Setup
- Turn off first-run prompt
- Turn on Cross-Site Scripting Filter
- Turn on Protected Mode
- Turn on SmartScreen Filter scan
- Use Pop-up Blocker
- Userdata persistence
- Web sites in less privileged Web content zones can navigate into this zone
- Locked-Down Local Machine Zone
- Access data sources across domains
- Allow active scripting
- Allow binary and script behaviors
- Allow cut, copy or paste operations from the clipboard via script
- Allow drag and drop or copy and paste files
- Allow file downloads
- Allow font downloads
- Allow installation of desktop items
- Allow loading of XAML Browser Applications
- Allow loading of XAML files
- Allow loading of XPS files
- Allow META REFRESH
- Allow only approved domains to use ActiveX controls without prompt
- Allow only approved domains to use the TDC ActiveX control
- Allow OpenSearch queries in File Explorer
- Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
- Allow script-initiated windows without size or position constraints
- Allow scripting of Internet Explorer WebBrowser controls
- Allow scriptlets
- Allow updates to status bar via script
- Allow VBScript to run in Internet Explorer
- Allow video and animation on a webpage that uses an older media player
- Allow websites to open windows without status bar or Address bar
- Allow websites to prompt for information by using scripted windows
- Automatic prompting for ActiveX controls
- Automatic prompting for file downloads
- Display mixed content
- Don't run antimalware programs against ActiveX controls
- Do not prompt for client certificate selection when no certificates or only one certificate exists.
- Download signed ActiveX controls
- Download unsigned ActiveX controls
- Enable dragging of content from different domains across windows
- Enable dragging of content from different domains within a window
- Enable MIME Sniffing
- Include local path when user is uploading files to a server
- Initialize and script ActiveX controls not marked as safe
- Java permissions
- Launching applications and files in an IFRAME
- Logon options
- Render legacy filters
- Run .NET Framework-reliant components not signed with Authenticode
- Run .NET Framework-reliant components signed with Authenticode
- Run ActiveX controls and plugins
- Script ActiveX controls marked safe for scripting
- Scripting of Java applets
- Show security warning for potentially unsafe files
- Software channel permissions
- Submit non-encrypted form data
- Turn off .NET Framework Setup
- Turn off first-run prompt
- Turn on Cross-Site Scripting Filter
- Turn on Protected Mode
- Turn on SmartScreen Filter scan
- Use Pop-up Blocker
- Userdata persistence
- Web sites in less privileged Web content zones can navigate into this zone
- Locked-Down Restricted Sites Zone
- Access data sources across domains
- Allow active scripting
- Allow binary and script behaviors
- Allow cut, copy or paste operations from the clipboard via script
- Allow drag and drop or copy and paste files
- Allow file downloads
- Allow font downloads
- Allow installation of desktop items
- Allow loading of XAML Browser Applications
- Allow loading of XAML files
- Allow loading of XPS files
- Allow META REFRESH
- Allow only approved domains to use ActiveX controls without prompt
- Allow only approved domains to use the TDC ActiveX control
- Allow OpenSearch queries in File Explorer
- Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
- Allow script-initiated windows without size or position constraints
- Allow scripting of Internet Explorer WebBrowser controls
- Allow scriptlets
- Allow updates to status bar via script
- Allow VBScript to run in Internet Explorer
- Allow video and animation on a webpage that uses an older media player
- Allow websites to open windows without status bar or Address bar
- Allow websites to prompt for information by using scripted windows
- Automatic prompting for ActiveX controls
- Automatic prompting for file downloads
- Display mixed content
- Don't run antimalware programs against ActiveX controls
- Do not prompt for client certificate selection when no certificates or only one certificate exists.
- Download signed ActiveX controls
- Download unsigned ActiveX controls
- Enable dragging of content from different domains across windows
- Enable dragging of content from different domains within a window
- Enable MIME Sniffing
- Include local path when user is uploading files to a server
- Initialize and script ActiveX controls not marked as safe
- Java permissions
- Launching applications and files in an IFRAME
- Logon options
- Render legacy filters
- Run .NET Framework-reliant components not signed with Authenticode
- Run .NET Framework-reliant components signed with Authenticode
- Run ActiveX controls and plugins
- Script ActiveX controls marked safe for scripting
- Scripting of Java applets
- Show security warning for potentially unsafe files
- Software channel permissions
- Submit non-encrypted form data
- Turn off .NET Framework Setup
- Turn off first-run prompt
- Turn on Cross-Site Scripting Filter
- Turn on Protected Mode
- Turn on SmartScreen Filter scan
- Use Pop-up Blocker
- Userdata persistence
- Web sites in less privileged Web content zones can navigate into this zone
- Locked-Down Trusted Sites Zone
- Access data sources across domains
- Allow active scripting
- Allow binary and script behaviors
- Allow cut, copy or paste operations from the clipboard via script
- Allow drag and drop or copy and paste files
- Allow file downloads
- Allow font downloads
- Allow installation of desktop items
- Allow loading of XAML Browser Applications
- Allow loading of XAML files
- Allow loading of XPS files
- Allow META REFRESH
- Allow only approved domains to use ActiveX controls without prompt
- Allow only approved domains to use the TDC ActiveX control
- Allow OpenSearch queries in File Explorer
- Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
- Allow script-initiated windows without size or position constraints
- Allow scripting of Internet Explorer WebBrowser controls
- Allow scriptlets
- Allow updates to status bar via script
- Allow VBScript to run in Internet Explorer
- Allow video and animation on a webpage that uses an older media player
- Allow websites to open windows without status bar or Address bar
- Allow websites to prompt for information by using scripted windows
- Automatic prompting for ActiveX controls
- Automatic prompting for file downloads
- Display mixed content
- Don't run antimalware programs against ActiveX controls
- Do not prompt for client certificate selection when no certificates or only one certificate exists.
- Download signed ActiveX controls
- Download unsigned ActiveX controls
- Enable dragging of content from different domains across windows
- Enable dragging of content from different domains within a window
- Enable MIME Sniffing
- Include local path when user is uploading files to a server
- Initialize and script ActiveX controls not marked as safe
- Java permissions
- Launching applications and files in an IFRAME
- Logon options
- Render legacy filters
- Run .NET Framework-reliant components not signed with Authenticode
- Run .NET Framework-reliant components signed with Authenticode
- Run ActiveX controls and plugins
- Script ActiveX controls marked safe for scripting
- Scripting of Java applets
- Show security warning for potentially unsafe files
- Software channel permissions
- Submit non-encrypted form data
- Turn off .NET Framework Setup
- Turn off first-run prompt
- Turn on Cross-Site Scripting Filter
- Turn on Protected Mode
- Turn on SmartScreen Filter scan
- Use Pop-up Blocker
- Userdata persistence
- Web sites in less privileged Web content zones can navigate into this zone
- Restricted Sites Zone
- Access data sources across domains
- Allow active content over restricted protocols to access my computer
- Allow active scripting
- Allow binary and script behaviors
- Allow cut, copy or paste operations from the clipboard via script
- Allow drag and drop or copy and paste files
- Allow file downloads
- Allow font downloads
- Allow installation of desktop items
- Allow loading of XAML Browser Applications
- Allow loading of XAML files
- Allow loading of XPS files
- Allow META REFRESH
- Allow only approved domains to use ActiveX controls without prompt
- Allow only approved domains to use the TDC ActiveX control
- Allow OpenSearch queries in File Explorer
- Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
- Allow script-initiated windows without size or position constraints
- Allow scripting of Internet Explorer WebBrowser controls
- Allow scriptlets
- Allow updates to status bar via script
- Allow VBScript to run in Internet Explorer
- Allow video and animation on a webpage that uses an older media player
- Allow websites to open windows without status bar or Address bar
- Allow websites to prompt for information by using scripted windows
- Automatic prompting for ActiveX controls
- Automatic prompting for file downloads
- Display mixed content
- Don't run antimalware programs against ActiveX controls
- Do not prompt for client certificate selection when no certificates or only one certificate exists.
- Download signed ActiveX controls
- Download unsigned ActiveX controls
- Enable dragging of content from different domains across windows
- Enable dragging of content from different domains within a window
- Enable MIME Sniffing
- Include local path when user is uploading files to a server
- Initialize and script ActiveX controls not marked as safe
- Java permissions
- Launching applications and files in an IFRAME
- Logon options
- Render legacy filters
- Run .NET Framework-reliant components not signed with Authenticode
- Run .NET Framework-reliant components signed with Authenticode
- Run ActiveX controls and plugins
- Script ActiveX controls marked safe for scripting
- Scripting of Java applets
- Show security warning for potentially unsafe files
- Software channel permissions
- Submit non-encrypted form data
- Turn off .NET Framework Setup
- Turn off first-run prompt
- Turn on Cross-Site Scripting Filter
- Turn on Protected Mode
- Turn on SmartScreen Filter scan
- Use Pop-up Blocker
- Userdata persistence
- Web sites in less privileged Web content zones can navigate into this zone
- Trusted Sites Zone
- Access data sources across domains
- Allow active content over restricted protocols to access my computer
- Allow active scripting
- Allow binary and script behaviors
- Allow cut, copy or paste operations from the clipboard via script
- Allow drag and drop or copy and paste files
- Allow file downloads
- Allow font downloads
- Allow installation of desktop items
- Allow loading of XAML Browser Applications
- Allow loading of XAML files
- Allow loading of XPS files
- Allow META REFRESH
- Allow only approved domains to use ActiveX controls without prompt
- Allow only approved domains to use the TDC ActiveX control
- Allow OpenSearch queries in File Explorer
- Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
- Allow script-initiated windows without size or position constraints
- Allow scripting of Internet Explorer WebBrowser controls
- Allow scriptlets
- Allow updates to status bar via script
- Allow VBScript to run in Internet Explorer
- Allow video and animation on a webpage that uses an older media player
- Allow websites to open windows without status bar or Address bar
- Allow websites to prompt for information by using scripted windows
- Automatic prompting for ActiveX controls
- Automatic prompting for file downloads
- Display mixed content
- Don't run antimalware programs against ActiveX controls
- Do not prompt for client certificate selection when no certificates or only one certificate exists.
- Download signed ActiveX controls
- Download unsigned ActiveX controls
- Enable dragging of content from different domains across windows
- Enable dragging of content from different domains within a window
- Enable MIME Sniffing
- Include local path when user is uploading files to a server
- Initialize and script ActiveX controls not marked as safe
- Java permissions
- Launching applications and files in an IFRAME
- Logon options
- Render legacy filters
- Run .NET Framework-reliant components not signed with Authenticode
- Run .NET Framework-reliant components signed with Authenticode
- Run ActiveX controls and plugins
- Script ActiveX controls marked safe for scripting
- Scripting of Java applets
- Show security warning for potentially unsafe files
- Software channel permissions
- Submit non-encrypted form data
- Turn off .NET Framework Setup
- Turn off first-run prompt
- Turn on Cross-Site Scripting Filter
- Turn on Protected Mode
- Turn on SmartScreen Filter scan
- Use Pop-up Blocker
- Userdata persistence
- Web sites in less privileged Web content zones can navigate into this zone
- Internet Zone Template
- Intranet Sites: Include all local (intranet) sites not listed in other zones
- Intranet Sites: Include all network paths (UNCs)
- Intranet Sites: Include all sites that bypass the proxy server
- Intranet Zone Template
- Local Machine Zone Template
- Locked-Down Internet Zone Template
- Locked-Down Intranet Zone Template
- Locked-Down Local Machine Zone Template
- Locked-Down Restricted Sites Zone Template
- Locked-Down Trusted Sites Zone Template
- Restricted Sites Zone Template
- Site to Zone Assignment List
- Trusted Sites Zone Template
- Turn on automatic detection of intranet
- Turn on certificate address mismatch warning
- Turn on Notification bar notification for intranet content
- Internet Zone
- Disable the Advanced page
- Disable the Connections page
- Disable the Content page
- Disable the General page
- Disable the Privacy page
- Disable the Programs page
- Disable the Security page
- Prevent ignoring certificate errors
- Send internationalized domain names
- Use UTF-8 for mailto links
- Advanced Page
- Internet Settings
- Advanced settings
- Browsing
- Go to an intranet site for a one-word entry in the Address bar
- Hide the button (next to the New Tab button) that opens Microsoft Edge
- Turn off configuring underline links
- Turn off details in messages about Internet connection problems
- Turn off page transitions
- Turn off phone number detection
- Turn off smooth scrolling
- Turn on script debugging
- Turn on the display of script errors
- Internet Connection Wizard Settings
- Multimedia
- Printing
- Searching
- Signup Settings
- Browsing
- AutoComplete
- Display settings
- General Colors
- Link Colors
- Prevent choosing default text size
- URL Encoding
- Open Internet Explorer tiles on the desktop
- Set how links are opened in Internet Explorer
- Advanced settings
- Offline Pages
- Disable adding channels
- Disable adding schedules for offline pages
- Disable all scheduled offline pages
- Disable channel user interface completely
- Disable downloading of site subscription content
- Disable editing and creating of schedule groups
- Disable editing schedules for offline pages
- Disable offline page hit logging
- Disable removing channels
- Disable removing schedules for offline pages
- Subscription Limits
- Persistence Behavior
- Privacy
- Establish InPrivate Filtering threshold
- Establish Tracking Protection threshold
- Prevent the computer from loading toolbars and Browser Helper Objects when InPrivate Browsing starts
- Turn off collection of InPrivate Filtering data
- Turn off InPrivate Browsing
- Turn off InPrivate Filtering
- Turn off Tracking Protection
- Security Features
- Add-on Management
- Add-on List
- All Processes
- Deny all add-ons unless specifically allowed in the Add-on List
- Process List
- Remove "Run this time" button for outdated ActiveX controls in Internet Explorer
- Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects
- Turn off automatic download of the ActiveX VersionList
- Turn off blocking of outdated ActiveX controls for Internet Explorer
- Turn off blocking of outdated ActiveX controls for Internet Explorer on specific domains
- Turn on ActiveX control logging in Internet Explorer
- AJAX
- Binary Behavior Security Restriction
- Consistent Mime Handling
- Local Machine Zone Lockdown Security
- Mime Sniffing Safety Feature
- MK Protocol Security Restriction
- Network Protocol Lockdown
- Notification bar
- Object Caching Protection
- Protection From Zone Elevation
- Restrict ActiveX Install
- Restrict File Download
- Scripted Window Security Restrictions
- Do not display the reveal password button
- Turn off Data URI support
- Add-on Management
- Toolbars
- Configure Toolbar Buttons
- Customize command labels
- Disable customizing browser toolbar buttons
- Disable customizing browser toolbars
- Display tabs on a separate row
- Hide the Command bar
- Hide the status bar
- Lock all toolbars
- Lock location of Stop and Refresh buttons
- Turn off Developer Tools
- Turn off toolbar upgrade tool
- Use large icons for command buttons
- Add a specific list of search providers to the user's list of search providers
- Allow "Save Target As" in Internet Explorer mode
- Allow Internet Explorer 8 shutdown behavior
- Allow Microsoft services to provide enhanced suggestions as the user types in the Address bar
- Automatically activate newly installed add-ons
- Configure Media Explorer Bar
- Configure Outlook Express
- Configure which channel of Microsoft Edge to use for opening redirected sites
- Customize user agent string
- Disable AutoComplete for forms
- Disable caching of Auto-Proxy scripts
- Disable changing accessibility settings
- Disable changing Advanced page settings
- Disable changing Automatic Configuration settings
- Disable changing Calendar and Contact settings
- Disable changing certificate settings
- Disable changing color settings
- Disable changing connection settings
- Disable changing default browser check
- Disable changing font settings
- Disable changing home page settings
- Disable changing language settings
- Disable changing link color settings
- Disable changing Messaging settings
- Disable changing Profile Assistant settings
- Disable changing ratings settings
- Disable changing secondary home page settings
- Disable changing Temporary Internet files settings
- Disable external branding of Internet Explorer
- Disable Import/Export Settings wizard
- Disable Internet Connection wizard
- Disable Internet Explorer 11 as a standalone browser
- Disable the Reset Web Settings feature
- Display error message on proxy script download failure
- Do not allow users to enable or disable add-ons
- Enable extended hot keys in Internet Explorer mode
- Enable global window list in Internet Explorer mode
- Enforce full-screen mode
- Hide Internet Explorer 11 retirement notification
- Identity Manager: Prevent users from using Identities
- Keep all intranet sites in Internet Explorer
- Let users turn on and use Enterprise Mode from the Tools menu
- Limit Site Discovery output by Domain
- Limit Site Discovery output by Zone
- Notify users if Internet Explorer is not the default web browser
- Pop-up allow list
- Prevent "Fix settings" functionality
- Prevent access to Internet Explorer Help
- Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet
- Prevent bypassing SmartScreen Filter warnings
- Prevent changing pop-up filter level
- Prevent changing proxy settings
- Prevent changing the default search provider
- Prevent configuration of how windows open
- Prevent configuration of new tab creation
- Prevent Internet Explorer Search box from appearing
- Prevent managing pop-up exception list
- Prevent managing SmartScreen Filter
- Prevent managing the phishing filter
- Prevent participation in the Customer Experience Improvement Program
- Prevent per-user installation of ActiveX controls
- Prevent running First Run wizard
- Reset zoom to default for HTML dialogs in Internet Explorer mode
- Restrict search providers to a specific list
- Search: Disable Find Files via F3 within the browser
- Search: Disable Search Customization
- Send all sites not included in the Enterprise Mode Site List to Microsoft Edge.
- Set tab process growth
- Show message when opening sites in Microsoft Edge using Enterprise Mode
- Specify default behavior for a new tab
- Specify use of ActiveX Installer Service for installation of ActiveX controls
- Turn off ability to pin sites in Internet Explorer on the desktop
- Turn off ActiveX Opt-In prompt
- Turn off add-on performance notifications
- Turn off Automatic Crash Recovery
- Turn off browser geolocation
- Turn off configuration of pop-up windows in tabbed browsing
- Turn off Crash Detection
- Turn off Favorites bar
- Turn off Managing SmartScreen Filter for Internet Explorer 8
- Turn off page-zooming functionality
- Turn off pop-up management
- Turn off Quick Tabs functionality
- Turn off Reopen Last Browsing Session
- Turn off suggestions for all user-installed providers
- Turn off tabbed browsing
- Turn off Tab Grouping
- Turn off the auto-complete feature for web addresses
- Turn off the quick pick menu
- Turn off the Security Settings Check feature
- Turn on ActiveX Filtering
- Turn on compatibility logging
- Turn on menu bar by default
- Turn on Site Discovery WMI output
- Turn on Site Discovery XML output
- Turn on Suggested Sites
- Turn on the auto-complete feature for user names and passwords on forms
- Use Automatic Detection for dial-up connections
- Use the Enterprise Mode IE website list
- Location and Sensors
- Microsoft Edge
- Allow Address bar drop-down list suggestions
- Allow Adobe Flash
- Allow clearing browsing data on exit
- Allow configuration updates for the Books Library
- Allow employees to send Do Not Track headers
- Allow extended telemetry for the Books tab
- Allow Extensions
- Allow FullScreen Mode
- Allow Microsoft Compatibility List
- Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed
- Allow Microsoft Edge to start and load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed
- Allow printing
- Allow Saving History
- Allow search engine customization
- Allow Sideloading of extension
- Always show the Books Library in Microsoft Edge
- Configure additional search engines
- Configure Cookies
- Configure corporate Home pages
- Configure Favorites Bar
- Configure Favorites
- Configure Home Button
- Configure kiosk mode
- Configure kiosk reset after idle timeout
- Configure Open Microsoft Edge With
- Configure the Adobe Flash Click-to-Run setting
- Configure the Enterprise Mode Site List
- Disable lockdown of Start pages
- Don't allow SmartScreen Filter warning overrides for unverified files
- Don't allow SmartScreen Filter warning overrides
- Don't allow WebRTC to share the LocalHost IP address
- For PDF files that have both landscape and portrait pages, print each in its own orientation.
- Keep favorites in sync between Internet Explorer and Microsoft Edge
- Open a new tab with an empty tab
- Prevent access to the about:flags page in Microsoft Edge
- Prevent certificate error overrides
- Prevent changes to Favorites on Microsoft Edge
- Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start
- Prevent Microsoft Edge from starting and loading the Start and New Tab page at Windows startup and each time Microsoft Edge is closed
- Prevent the First Run webpage from opening on Microsoft Edge
- Prevent turning off required extensions
- Provision Favorites
- Send all intranet sites to Internet Explorer 11
- Set default search engine
- Set Home Button URL
- Set New Tab page URL
- Show message when opening sites in Internet Explorer
- Suppress the display of Edge Deprecation Notification
- Turn off address bar search suggestions
- Turn off Autofill
- Turn off Developer Tools
- Turn off InPrivate browsing
- Turn off Password Manager
- Turn off Pop-up Blocker
- Turn off the SmartScreen Filter
- Unlock Home Button
- Microsoft Management Console
- Restricted/Permitted snap-ins
- Extension snap-ins
- AppleTalk Routing
- Authorization Manager
- Certification Authority Policy Settings
- Connection Sharing (NAT)
- DCOM Configuration Extension
- Device Manager
- DFS Management Extension
- DHCP Relay Management
- Disk Management Extension
- Event Viewer (Windows Vista)
- Event Viewer
- Extended View (Web View)
- File Server Resource Manager Extension
- IAS Logging
- IGMP Routing
- IP Routing
- IPX RIP Routing
- IPX Routing
- IPX SAP Routing
- Logical and Mapped Drives
- OSPF Routing
- Public Key Policies
- RAS Dialin - User Node
- Remote Access
- Removable Storage
- RIP Routing
- Routing
- Send Console Message
- Service Dependencies
- SMTP Protocol
- SNMP
- Storage Manager for SANS Extension
- System Properties
- Group Policy
- Group Policy snap-in extensions
- Administrative Templates (Computers)
- Administrative Templates (Users)
- Folder Redirection
- Internet Explorer Maintenance
- IP Security Policy Management
- NAP Client Configuration
- Remote Installation Services
- Scripts (Logon/Logoff)
- Scripts (Startup/Shutdown)
- Security Settings
- Software Installation (Computers)
- Software Installation (Users)
- Windows Firewall with Advanced Security
- Wired Network (IEEE 802.3) Policies
- Wireless Network (IEEE 802.11) Policies
- Preference snap-in extensions
- Permit use of Application snap-ins
- Permit use of Applications preference extension
- Permit use of Control Panel Settings (Computers)
- Permit use of Control Panel Settings (Users)
- Permit use of Data Sources preference extension
- Permit use of Devices preference extension
- Permit use of Drive Maps preference extension
- Permit use of Environment preference extension
- Permit use of Files preference extension
- Permit use of Folder Options preference extension
- Permit use of Folders preference extension
- Permit use of Ini Files preference extension
- Permit use of Internet Settings preference extension
- Permit use of Local Users and Groups preference extension
- Permit use of Network Options preference extension
- Permit use of Power Options preference extension
- Permit use of Preferences tab
- Permit use of Printers preference extension
- Permit use of Regional Options preference extension
- Permit use of Registry preference extension
- Permit use of Scheduled Tasks preference extension
- Permit use of Services preference extension
- Permit use of Shortcuts preference extension
- Permit use of Start Menu preference extension
- Resultant Set of Policy snap-in extensions
- Group Policy Management Editor
- Group Policy Management
- Group Policy Object Editor
- Group Policy Starter GPO Editor
- Group Policy tab for Active Directory Tools
- Resultant Set of Policy snap-in
- Group Policy snap-in extensions
- .Net Framework Configuration
- Active Directory Domains and Trusts
- Active Directory Sites and Services
- Active Directory Users and Computers
- ActiveX Control
- ADSI Edit
- Certificates
- Certificate Templates
- Certification Authority
- Component Services
- Computer Management
- Device Manager
- DFS Management
- Disk Defragmenter
- Disk Management
- Distributed File System
- Enterprise PKI
- Event Viewer (Windows Vista)
- Event Viewer
- Failover Clusters Manager
- FAX Service
- File Server Resource Manager
- FrontPage Server Extensions
- Health Registration Authority (HRA)
- Indexing Service
- Internet Authentication Service (IAS)
- Internet Information Services
- IP Security Monitor
- IP Security Policy Management
- Link to Web Address
- Local Users and Groups
- NAP Client Configuration
- Network Policy Server (NPS)
- Online Responder
- Performance Logs and Alerts
- QoS Admission Control
- Remote Desktop Services Configuration
- Remote Desktops
- Removable Storage Management
- Routing and Remote Access
- Security Configuration and Analysis
- Security Templates
- Server Manager
- Services
- Storage Manager for SANs
- System Information
- Telephony
- TPM Management
- Windows Firewall with Advanced Security
- Wireless Monitor
- WMI Control
- Extension snap-ins
- Restrict the user from entering author mode
- Restrict users to the explicitly permitted list of snap-ins
- Restricted/Permitted snap-ins
- Microsoft Passport for Work
- Microsoft User Experience Virtualization
- Applications
- Access 2013 backup only
- Access 2016 backup only
- Calculator
- Common 2013 backup only
- Common 2016 backup only
- Excel 2013 backup only
- Excel 2016 backup only
- InfoPath 2013 backup only
- Internet Explorer 8
- Internet Explorer 9
- Internet Explorer 10
- Internet Explorer 11
- Internet Explorer Common Settings
- Lync 2013 backup only
- Lync 2016 backup only
- Microsoft Access 2010
- Microsoft Access 2013
- Microsoft Access 2016
- Microsoft Excel 2010
- Microsoft Excel 2013
- Microsoft Excel 2016
- Microsoft InfoPath 2010
- Microsoft InfoPath 2013
- Microsoft Lync 2010
- Microsoft Lync 2013
- Microsoft Lync 2016
- Microsoft Office 365 Access 2013
- Microsoft Office 365 Access 2016
- Microsoft Office 365 Common 2013
- Microsoft Office 365 Common 2016
- Microsoft Office 365 Excel 2013
- Microsoft Office 365 Excel 2016
- Microsoft Office 365 InfoPath 2013
- Microsoft Office 365 Lync 2013
- Microsoft Office 365 Lync 2016
- Microsoft Office 365 OneNote 2013
- Microsoft Office 365 OneNote 2016
- Microsoft Office 365 Outlook 2013
- Microsoft Office 365 Outlook 2016
- Microsoft Office 365 PowerPoint 2013
- Microsoft Office 365 PowerPoint 2016
- Microsoft Office 365 Project 2013
- Microsoft Office 365 Project 2016
- Microsoft Office 365 Publisher 2013
- Microsoft Office 365 Publisher 2016
- Microsoft Office 365 Visio 2013
- Microsoft Office 365 Visio 2016
- Microsoft Office 365 Word 2013
- Microsoft Office 365 Word 2016
- Microsoft Office 2010 Common Settings
- Microsoft Office 2013 Common Settings
- Microsoft Office 2013 Upload Center
- Microsoft Office 2016 Common Settings
- Microsoft Office 2016 Upload Center
- Microsoft OneDrive for Business 2013
- Microsoft OneDrive for Business 2016
- Microsoft OneNote 2010
- Microsoft OneNote 2013
- Microsoft OneNote 2016
- Microsoft Outlook 2010
- Microsoft Outlook 2013
- Microsoft Outlook 2016
- Microsoft PowerPoint 2010
- Microsoft PowerPoint 2013
- Microsoft PowerPoint 2016
- Microsoft Project 2010
- Microsoft Project 2013
- Microsoft Project 2016
- Microsoft Publisher 2010
- Microsoft Publisher 2013
- Microsoft Publisher 2016
- Microsoft Visio 2010
- Microsoft Visio 2013
- Microsoft Visio 2016
- Microsoft Word 2010
- Microsoft Word 2013
- Microsoft Word 2016
- Notepad
- OneNote 2013 backup only
- OneNote 2016 backup only
- Outlook 2013 backup only
- Outlook 2016 backup only
- PowerPoint 2013 backup only
- PowerPoint 2016 backup only
- Project 2013 backup only
- Project 2016 backup only
- Publisher 2013 backup only
- Publisher 2016 backup only
- Visio 2013 backup only
- Visio 2016 backup only
- Word 2013 backup only
- Word 2016 backup only
- WordPad
- Windows Apps
- Configure Sync Method
- Do not synchronize Windows Apps
- Ping the settings storage location before sync
- Settings package size warning threshold
- Settings storage path
- Synchronization timeout
- Synchronize Windows settings
- Sync settings over metered connections even when roaming
- Sync settings over metered connections
- Use User Experience Virtualization (UE-V)
- VDI Configuration
- Applications
- Multitasking
- NetMeeting
- Application Sharing
- Audio & Video
- Options Page
- Allow persisting automatic acceptance of Calls
- Disable Chat
- Disable Directory services
- Disable NetMeeting 2.x Whiteboard
- Disable Whiteboard
- Enable Automatic Configuration
- Limit the size of sent files
- Prevent adding Directory servers
- Prevent automatic acceptance of Calls
- Prevent changing Call placement method
- Prevent receiving files
- Prevent sending files
- Prevent viewing Web directory
- Set Call Security options
- Set the intranet support Web page
- Network Sharing
- OOBE
- Presentation Settings
- Remote Desktop Services
- RD Gateway
- RemoteApp and Desktop Connections
- Remote Desktop Connection Client
- Remote Desktop Session Host
- Connections
- Device and Resource Redirection
- Printer Redirection
- Remote Session Environment
- Session Time Limits
- RSS Feeds
- Search
- Sound Recorder
- Store
- Tablet PC
- Accessories
- Cursors
- Hardware Buttons
- Input Panel
- Disable text prediction
- For tablet pen input, don't show the Input Panel icon
- For touch input, don't show the Input Panel icon
- Include rarely used Chinese, Kanji, or Hanja characters
- Prevent Input Panel tab from appearing
- Turn off AutoComplete integration with Input Panel
- Turn off password security in Input Panel
- Turn off tolerant and Z-shaped scratch-out gestures
- Pen Flicks Learning
- Pen UX Behaviors
- Tablet PC Pen Training
- Touch Input
- Task Scheduler
- Windows Calendar
- Windows Color System
- Windows Defender SmartScreen
- Windows Error Reporting
- Advanced Error Reporting Settings
- Consent
- Automatically send memory dumps for OS-generated error reports
- Disable logging
- Disable Windows Error Reporting
- Do not send additional data
- Do not throttle additional data
- Send additional data when on battery power
- Send data when on connected to a restricted/costed network
- Windows Installer
- Windows Logon Options
- Windows Mail
- Windows Media Center
- Windows Media Player
- Networking
- Playback
- User Interface
- Prevent CD and DVD Media Information Retrieval
- Prevent Music File Media Information Retrieval
- Prevent Radio Station Preset Retrieval
- Windows Messenger
- Windows Mobility Center
- Windows PowerShell
- Windows Update
- Work Folders
- Enable auto-subscription