Toggle navigation
Group Policy Home
Windows 10 and Windows Server 2016
(current)
עברית (ישראל)
Czech (Czech Republic)
čeština (Česká republika)
Danish (Denmark)
dansk (Danmark)
German (Germany)
Deutsch (Deutschland)
Greek (Greece)
Ελληνικά (Ελλάδα)
English (United States)
English (United States)
Spanish (Spain, International Sort)
Español (España, alfabetización internacional)
Finnish (Finland)
suomi (Suomi)
French (France)
français (France)
Hungarian (Hungary)
magyar (Magyarország)
Italian (Italy)
italiano (Italia)
Japanese (Japan)
日本語 (日本)
Korean (Korea)
한국어 (대한민국)
Norwegian, Bokmål (Norway)
norsk, bokmål (Norge)
Dutch (Netherlands)
Nederlands (Nederland)
Polish (Poland)
polski (Polska)
Portuguese (Brazil)
Português (Brasil)
Portuguese (Portugal)
português (Portugal)
Russian (Russia)
русский (Россия)
Swedish (Sweden)
svenska (Sverige)
Turkish (Turkey)
Türkçe (Türkiye)
Chinese (Simplified, PRC)
中文(中华人民共和国)
Chinese (Traditional, Hong Kong S.A.R.)
中文(香港特別行政區)
Chinese (Traditional, Taiwan)
中文(台灣)
Search
MMC_SoftwareInstalationComputers_2
נתמך ב:
לפחות Windows XP Professional או משפחת Windows Server 2003
Registry Hive
HKEY_CURRENT_USER
Registry Path
Software\Policies\Microsoft\MMC\{7E45546F-6D52-4D10-B702-9C2E67232E62}
Value Name
Restrict_Run
Value Type
REG_DWORD
Enabled Value
0
Disabled Value
1
mmcsnapins.admx
תבניות מנהליות (מחשבים)
Control Panel
Personalization
Do not display the lock screen
Force a specific background and accent color
Force a specific default lock screen and logon image
Force a specific Start background
Prevent changing lock screen and logon image
Prevent changing start menu background
Prevent enabling lock screen camera
Prevent enabling lock screen slide show
Regional and Language Options
Handwriting personalization
Turn off automatic learning
Allow users to enable online speech recognition services
Block clean-up of unused language packs
Force selected system UI language to overwrite the user UI language
Restricts the UI language Windows uses for all logged users
חשבונות משתמשים
החלת תמונת הכניסה של המשתמש המהווה ברירת מחדל, על כל המשתמשים
Allow Online Tips
Settings Page Visibility
Network
Background Intelligent Transfer Service (BITS)
Allow BITS Peercaching
Do not allow the BITS client to use Windows Branch Cache
Do not allow the computer to act as a BITS Peercaching client
Do not allow the computer to act as a BITS Peercaching server
Limit the age of files in the BITS Peercache
Limit the BITS Peercache size
Limit the maximum BITS job download time
Limit the maximum network bandwidth for BITS background transfers
Limit the maximum network bandwidth used for Peercaching
Limit the maximum number of BITS jobs for each user
Limit the maximum number of BITS jobs for this computer
Limit the maximum number of files allowed in a BITS job
Limit the maximum number of ranges that can be added to the file in a BITS job
Set default download behavior for BITS jobs on costed networks
Set up a maintenance schedule to limit the maximum network bandwidth used for BITS background transfers
Set up a work schedule to limit the maximum network bandwidth used for BITS background transfers
Timeout for inactive BITS jobs
BranchCache
Configure BranchCache for network files
Configure Client BranchCache Version Support
Configure Hosted Cache Servers
Enable Automatic Hosted Cache Discovery by Service Connection Point
Set age for segments in the data cache
Set BranchCache Distributed Cache mode
Set BranchCache Hosted Cache mode
Set percentage of disk space used for client computer cache
Turn on BranchCache
DirectAccess Client Experience Settings
Corporate Resources
Custom Commands
DirectAccess Passive Mode
Friendly Name
IPsec Tunnel Endpoints
Prefer Local Names Allowed
Support Email Address
User Interface
DNS Client
Allow DNS suffix appending to unqualified multi-label name queries
Allow NetBT queries for fully qualified domain names
Connection-specific DNS suffix
DNS servers
DNS suffix search list
Dynamic update
IDN mapping
Prefer link local responses over DNS when received over a network with higher precedence
Primary DNS suffix devolution level
Primary DNS suffix devolution
Primary DNS suffix
Register DNS records with connection-specific DNS suffix
Register PTR records
Registration refresh interval
Replace addresses in conflicts
TTL value for A and PTR records
Turn off IDN encoding
Turn off multicast name resolution
Turn off smart multi-homed name resolution
Turn off smart protocol reordering
Update security level
Update top level domain zones
Fonts
Enable Font Providers
Hotspot Authentication
Enable Hotspot Authentication
Lanman Server
Cipher suite order
Hash Publication for BranchCache
Hash Version support for BranchCache
Honor cipher suite order
Lanman Workstation
Cipher suite order
Enable insecure guest logons
Handle Caching on Continuous Availability Shares
Offline Files Availability on Continuous Availability Shares
Network Connectivity Status Indicator
Specify corporate DNS probe host address
Specify corporate DNS probe host name
Specify corporate site prefix list
Specify corporate Website probe URL
Specify domain location determination URL
Specify global DNS
Specify passive polling
Network Isolation
Domains categorized as both work and personal
Enterprise resource domains hosted in the cloud
Internet proxy servers for apps
Intranet proxy servers for apps
Private network ranges for apps
Proxy definitions are authoritative
Subnet definitions are authoritative
Network Provider
Hardened UNC Paths
Offline Files
Action on server disconnect
Allow or Disallow use of the Offline Files feature
At logoff, delete local copy of user's offline files
Configure Background Sync
Configure slow-link mode
Configure Slow link speed
Default cache size
Enable file screens
Enable file synchronization on costed networks
Enable Transparent Caching
Encrypt the Offline Files cache
Event logging level
Files not cached
Initial reminder balloon lifetime
Limit disk space used by Offline Files
Non-default server disconnect actions
Prevent use of Offline Files folder
Prohibit user configuration of Offline Files
Reminder balloon frequency
Reminder balloon lifetime
Remove "Make Available Offline" command
Remove "Make Available Offline" for these files and folders
Remove "Work offline" command
Specify administratively assigned Offline Files
Subfolders always available offline
Synchronize all offline files before logging off
Synchronize all offline files when logging on
Synchronize offline files before suspend
Turn off reminder balloons
Turn on economical application of administratively assigned Offline Files
SNMP
מלכודות לקהילה ציבורית
מנהלים מורשים
קהילות
SSL Configuration Settings
ECC Curve Order
SSL Cipher Suite Order
TCPIP Settings
IPv6 Transition Technologies
Set 6to4 Relay Name
Set 6to4 Relay Name Resolution Interval
Set 6to4 State
Set IP-HTTPS State
Set ISATAP Router Name
Set ISATAP State
Set Teredo Client Port
Set Teredo Default Qualified
Set Teredo Refresh Rate
Set Teredo Server Name
Set Teredo State
Parameters
Set IP Stateless Autoconfiguration Limits State
Set Window Scaling Heuristics State
Windows Connection Manager
Disable power management in connected standby mode
Enable Windows to soft-disconnect a computer from a network
Minimize the number of simultaneous connections to the Internet or a Windows Domain
Prohibit connection to non-domain networks when connected to domain authenticated network
Prohibit connection to roaming Mobile Broadband networks
Windows Connect Now
מנע גישה לאשפי Windows Connect Now
קביעת תצורה של הגדרות אלחוטיות באמצעות Windows Connect Now
Wireless Display
Prefer PIN pairing
Require PIN pairing
WLAN Service
WLAN Media Cost
Set Cost
WLAN Settings
Allow Windows to automatically connect to suggested open hotspots, to networks shared by contacts, and to hotspots offering paid services
WWAN Service
Cellular Data Access
Let Windows apps access cellular data
WWAN Media Cost
Set 3G Cost
Set 4G Cost
WWAN UI Settings
Set Per-App Cellular Access UI Visibility
גילוי טופולוגיית שכבת קישור
הפעל את מנהל ההתקן של ממפה I/O (LLTDIO)
הפעל את מנהל ההתקן של רכיב Responder (RSPNDR)
חיבורי רשת
חומת האש של Windows
פרופיל רגיל
חומת האש של Windows: אל תאפשר חריגים
חומת האש של Windows: אפשר חריגים ליציאות מקומיות
חומת האש של Windows: אפשר חריגים למסגרת UPnP נכנסת
חומת האש של Windows: אפשר חריגים לניהול מרוחק נכנס
חומת האש של Windows: אפשר חריגים לשולחן עבודה מרוחק נכנס
חומת האש של Windows: אפשר חריגים לשיתוף קבצים ומדפסות נכנס
חומת האש של Windows: אפשר חריגים של ICMP
חומת האש של Windows: אפשר חריגים של תוכניות מקומיות
חומת האש של Windows: אפשר רישום
חומת האש של Windows: הגדר חריגים ליציאות נכנסות
חומת האש של Windows: הגדר חריגים לתוכניות נכנסות
חומת האש של Windows: הגן על כל חיבורי הרשת
חומת האש של Windows: מנע הודעות
חומת האש של Windows: מנע תגובת שידור ליעד בודד לבקשות לשידור לקבוצה או לשידור רחב
פרופיל תחום
חומת האש של Windows: אל תאפשר חריגים
חומת האש של Windows: אפשר חריגים ליציאות מקומיות
חומת האש של Windows: אפשר חריגים למסגרת UPnP נכנסת
חומת האש של Windows: אפשר חריגים לניהול מרוחק נכנס
חומת האש של Windows: אפשר חריגים לשולחן עבודה מרוחק נכנס
חומת האש של Windows: אפשר חריגים לשיתוף קבצים ומדפסות נכנס
חומת האש של Windows: אפשר חריגים של ICMP
חומת האש של Windows: אפשר חריגים של תוכניות מקומיות
חומת האש של Windows: אפשר רישום
חומת האש של Windows: הגדר חריגים ליציאות נכנסות
חומת האש של Windows: הגדר חריגים לתוכניות נכנסות
חומת האש של Windows: הגן על כל חיבורי הרשת
חומת האש של Windows: מנע הודעות
חומת האש של Windows: מנע תגובת שידור ליעד בודד לבקשות לשידור לקבוצה או לשידור רחב
חומת האש של Windows: אפשר עקיפה באמצעות אימות IPSec
את תציג את סמל הרשת "גישה מקומית בלבד"
דרוש ממשתמשי תחום לבצע העלאה בעת הגדרת מיקום של רשת
מנע התקנה וקביעת תצורה של גשר רשת ברשת תחומי DNS
מנע שימוש בחומת אש של חיבור לאינטרנט ברשת תחומי DNS
מנע שימוש בתכונה שיתוף התקשרויות לאינטרנט ברשת תחומי ה- DNS שלך
נתב את כל התעבורה דרך הרשת הפנימית
מתזמן המנות של איכות השירות (QoS)
ערך DSCP של מנות לא תואמות
סוג שירות איכותי
סוג שירות בקרת רשת
סוג שירות טעינה מבוקרת
סוג שירות מאמץ מיטבי
סוג שירות מובטח
ערך DSCP של מנות תואמות
סוג שירות איכותי
סוג שירות בקרת רשת
סוג שירות טעינה מבוקרת
סוג שירות מאמץ מיטבי
סוג שירות מובטח
ערך עדיפות שכבה 2
מנות שלא תואמות
סוג שירות איכותי
סוג שירות בקרת רשת
סוג שירות טעינה מבוקרת
סוג שירות מאמץ מיטבי
סוג שירות מובטח
הגבלת מספר המנות שנמצאות בטיפול
הגבלת רוחב שפס הניתן להזמנה מראש
הגדר יחידות תזמון
שירותי רשת מסוג עמית-לעמית של Microsoft
פרוטוקול זיהוי שם עמית
עננים גלובליים
בטל אתחול שידור לקבוצה
בטל יצירת ענן PNRP
הגדר ענן PNRP לזיהוי בלבד
קבע שרת Seed
עננים מקומיים של אתרים
בטל אתחול שידור לקבוצה
בטל יצירת ענן PNRP
הגדר ענן PNRP לזיהוי בלבד
קבע שרת Seed
עננים מקומיים של קישורים
בטל אתחול שידור לקבוצה
בטל יצירת ענן PNRP
הגדר ענן PNRP לזיהוי בלבד
קבע שרת Seed
בטל שירותי רשת מסוג עמית-לעמית של Microsoft
הפוך אימות עוצמת סיסמה עבור קיבוץ עמיתים ללא זמין
הגדרת התכיפות בה לקוח של מערכת קבצים מבוזרת (DFS) מזהה בקרי תחום
Printers
Activate Internet printing
Add Printer wizard - Network scan page (Managed network)
Add Printer wizard - Network scan page (Unmanaged network)
Allow job name in event logs
Allow printers to be published
Allow Print Spooler to accept client connections
Allow pruning of published printers
Always rasterize content to be printed using a software rasterizer
Always render print jobs on the server
Automatically publish new printers in Active Directory
Change Microsoft XPS Document Writer (MXDW) default output format to the legacy Microsoft XPS format (*.xps)
Check published state
Computer location
Custom support URL in the Printers folder's left pane
Directory pruning interval
Directory pruning priority
Directory pruning retry
Disallow installation of printers using kernel-mode drivers
Do not allow v4 printer drivers to show printer extensions
Enable Device Control Printing Restrictions
Execute print drivers in isolated processes
Extend Point and Print connection to search Windows Update
Isolate print drivers from applications
Limits print driver installation to Administrators
List of Approved USB-connected print devices
Log directory pruning retry events
Only use Package Point and print
Override print driver execution compatibility setting reported by print driver
Package Point and print - Approved servers
Point and Print Restrictions
Pre-populate printer search location text
Printer browsing
Prune printers that are not automatically republished
Start Menu and Taskbar
Disable context menus in the Start Menu
Pin Apps to Start when installed
Remove "Recently added" list from Start Menu
Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands
Show or hide "Most used" list from Start menu
Start Layout
System
Access-Denied Assistance
Customize message for Access Denied errors
Enable access-denied assistance on client for all file types
App-V
CEIP
Microsoft Customer Experience Improvement Program (CEIP)
Client Coexistence
Enable Migration Mode
Integration
Integration Root Global
Integration Root User
Roaming File Exclusions
Roaming Registry Exclusions
PackageManagement
Enable automatic cleanup of unused appv packages
PowerManagement
Enable background sync to server when on battery power
Publishing
Enable Publishing Refresh UX
Publishing Server 1 Settings
Publishing Server 2 Settings
Publishing Server 3 Settings
Publishing Server 4 Settings
Publishing Server 5 Settings
Reporting
Reporting Server
Scripting
Enable Package Scripts
Streaming
Allow First Time Application Launches if on a High Cost Windows 8 Metered Connection
Certificate Filter For Client SSL
Enable Support for BranchCache
Location Provider
Package Installation Root
Package Source Root
Reestablishment Interval
Reestablishment Retries
Require Publish As Admin
Shared Content Store (SCS) mode
Specify what to load in background (aka AutoLoad)
Verify certificate revocation list
Virtualization
Enable Dynamic Virtualization
Virtual Component Process Allow List
Enable App-V Client
Audit Process Creation
Include command line in process creation events
Credentials Delegation
Allow delegating default credentials
Allow delegating default credentials with NTLM-only server authentication
Allow delegating fresh credentials
Allow delegating fresh credentials with NTLM-only server authentication
Allow delegating saved credentials
Allow delegating saved credentials with NTLM-only server authentication
Deny delegating default credentials
Deny delegating fresh credentials
Deny delegating saved credentials
Encryption Oracle Remediation
Remote host allows delegation of non-exportable credentials
Restrict delegation of credentials to remote servers
Device Guard
Deploy Code Integrity Policy
Turn On Virtualization Based Security
Device Health Attestation Service
Enable Device Health Attestation Monitoring and Reporting
Device Installation
Device Installation Restrictions
Allow administrators to override Device Installation Restriction policies
Allow installation of devices that match any of these device IDs
Allow installation of devices that match any of these device instance IDs
Allow installation of devices using drivers that match these device setup classes
Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria
Display a custom message title when device installation is prevented by a policy setting
Display a custom message when installation is prevented by a policy setting
Prevent installation of devices not described by other policy settings
Prevent installation of devices that match any of these device IDs
Prevent installation of devices that match any of these device instance IDs
Prevent installation of devices using drivers that match these device setup classes
Prevent installation of removable devices
Time (in seconds) to force reboot when required for policy changes to take effect
Allow remote access to the Plug and Play interface
Configure device installation time-out
Do not send a Windows error report when a generic driver is installed on a device
Prevent creation of a system restore point during device activity that would normally prompt creation of a restore point
Prevent device metadata retrieval from the Internet
Prevent Windows from sending an error report when a device driver requests additional software during installation
Prioritize all digitally signed drivers equally during the driver ranking and selection process
Specify search order for device driver source locations
Specify the search server for device driver updates
Turn off "Found New Hardware" balloons during device installation
Display
Configure Per-Process System DPI settings
Turn off GdiDPIScaling for applications
Turn on GdiDPIScaling for applications
Distributed COM
הגדרות תאימות יישומים
אפשר פטורים מבדיקת אבטחה של הפעלה מקומית
הגדר פטורים מבדיקת אבטחה של ההפעלה
Driver Installation
Allow non-administrators to install drivers for these device setup classes
Turn off Windows Update device driver search prompt
Early Launch Antimalware
Boot-Start Driver Initialization Policy
Enhanced Storage Access
Allow only USB root hub connected Enhanced Storage devices
Configure list of Enhanced Storage devices usable on your computer
Configure list of IEEE 1667 silos usable on your computer
Do not allow non-Enhanced Storage removable devices
Do not allow password authentication of Enhanced Storage devices
Do not allow Windows to activate Enhanced Storage devices
Lock Enhanced Storage when the computer is locked
File Classification Infrastructure
File Classification Infrastructure: Display Classification tab in File Explorer
File Classification Infrastructure: Specify classification properties list
File Share Shadow Copy Agent
Configure maximum age of file server shadow copies
File Share Shadow Copy Provider
Allow or Disallow use of encryption to protect the RPC protocol messages between File Share Shadow Copy Provider running on application server and File Share Shadow Copy Agent running on the file servers.
Filesystem
NTFS
Do not allow compression on all NTFS volumes
Do not allow encryption on all NTFS volumes
Enable / disable TXF deprecated features
Enable NTFS pagefile encryption
Short name creation options
Disable delete notifications on all volumes
Enable Win32 long paths
Selectively allow the evaluation of a symbolic link
Folder Redirection
Redirect folders on primary computers only
Use localized subfolder names when redirecting Start Menu and My Documents
Group Policy
Logging and tracing
Configure Applications preference logging and tracing
Configure Data Sources preference logging and tracing
Configure Devices preference logging and tracing
Configure Drive Maps preference logging and tracing
Configure Environment preference logging and tracing
Configure Files preference logging and tracing
Configure Folder Options preference logging and tracing
Configure Folders preference logging and tracing
Configure Ini Files preference logging and tracing
Configure Internet Settings preference logging and tracing
Configure Local Users and Groups preference logging and tracing
Configure Network Options preference logging and tracing
Configure Network Shares preference logging and tracing
Configure Power Options preference logging and tracing
Configure Printers preference logging and tracing
Configure Regional Options preference logging and tracing
Configure Registry preference logging and tracing
Configure Scheduled Tasks preference logging and tracing
Configure Services preference logging and tracing
Configure Shortcuts preference logging and tracing
Configure Start Menu preference logging and tracing
Allow asynchronous user Group Policy processing when logging on through Remote Desktop Services
Allow cross-forest user policy and roaming user profiles
Always use local ADM files for Group Policy Object Editor
Change Group Policy processing to run asynchronously when a slow network connection is detected.
Configure Applications preference extension policy processing
Configure Data Sources preference extension policy processing
Configure Devices preference extension policy processing
Configure Direct Access connections as a fast network connection
Configure disk quota policy processing
Configure Drive Maps preference extension policy processing
Configure EFS recovery policy processing
Configure Environment preference extension policy processing
Configure Files preference extension policy processing
Configure Folder Options preference extension policy processing
Configure folder redirection policy processing
Configure Folders preference extension policy processing
Configure Group Policy Caching
Configure Group Policy slow link detection
Configure Ini Files preference extension policy processing
Configure Internet Explorer Maintenance policy processing
Configure Internet Settings preference extension policy processing
Configure IP security policy processing
Configure Local Users and Groups preference extension policy processing
Configure Logon Script Delay
Configure Network Options preference extension policy processing
Configure Network Shares preference extension policy processing
Configure Power Options preference extension policy processing
Configure Printers preference extension policy processing
Configure Regional Options preference extension policy processing
Configure registry policy processing
Configure Registry preference extension policy processing
Configure Scheduled Tasks preference extension policy processing
Configure scripts policy processing
Configure security policy processing
Configure Services preference extension policy processing
Configure Shortcuts preference extension policy processing
Configure software Installation policy processing
Configure Start Menu preference extension policy processing
Configure user Group Policy loopback processing mode
Configure web-to-app linking with app URI handlers
Configure wired policy processing
Configure wireless policy processing
Continue experiences on this device
Determine if interactive users can generate Resultant Set of Policy data
Enable AD/DFS domain controller synchronization during policy refresh
Enable Group Policy Caching for Servers
Phone-PC linking on this device
Remove users' ability to invoke machine policy refresh
Set Group Policy refresh interval for computers
Set Group Policy refresh interval for domain controllers
Specify startup policy processing wait time
Specify workplace connectivity wait time for policy processing
Turn off background refresh of Group Policy
Turn off Group Policy Client Service AOAC optimization
Turn off Local Group Policy Objects processing
Turn off Resultant Set of Policy logging
Internet Communication Management
Internet Communication settings
Turn off access to all Windows Update features
Turn off access to the Store
Turn off Automatic Root Certificates Update
Turn off downloading of print drivers over HTTP
Turn off Event Viewer "Events.asp" links
Turn off Help and Support Center "Did you know?" content
Turn off Help and Support Center Microsoft Knowledge Base search
Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com
Turn off Internet download for Web publishing and online ordering wizards
Turn off Internet File Association service
Turn off printing over HTTP
Turn off Registration if URL connection is referring to Microsoft.com
Turn off Search Companion content file updates
Turn off the "Order Prints" picture task
Turn off the "Publish to Web" task for files and folders
Turn off the Windows Messenger Customer Experience Improvement Program
Turn off Windows Customer Experience Improvement Program
Turn off Windows Error Reporting
Turn off Windows Network Connectivity Status Indicator active tests
Turn off Windows Update device driver searching
בטל דיווח שגיאה של זיהוי כתב יד
בטל שיתוף נתוני התאמה אישית של כתב יד
Restrict Internet communication
iSCSI
iSCSI כללי
אל תאפשר כניסות הפעלה נוספות
אל תאפשר שינויים בשם ה- iqn של המאתחל
אבטחת iSCSI
אל תאפשר הפעלות ללא CHAP הדדי
אל תאפשר הפעלות ללא CHAP חד-כיווני
אל תאפשר חיבורים ללא IPSec
אל תאפשר שינויים בסוד ה- CHAP של המאתחל
גילוי יעד iSCSI
אל תאפשר הוספת יעדים חדשים על-ידי קביעת תצורה ידנית
אל תאפשר קביעת תצורה ידנית של יעדים שהתגלו
אל תאפשר קביעת תצורה ידנית של פורטלי יעד
אל תאפשר קביעת תצורה ידנית של שרתי iSCSI
KDC
KDC support for claims, compound authentication and Kerberos armoring
KDC support for PKInit Freshness Extension
Provide information about previous logons to client computers
Request compound authentication
Use forest search order
Warning for large Kerberos tickets
Kerberos
Allow retrieving the cloud kerberos ticket during the logon
Always send compound authentication first
Define host name-to-Kerberos realm mappings
Define interoperable Kerberos V5 realm settings
Disable revocation checking for the SSL certificate of KDC proxy servers
Fail authentication requests when Kerberos armoring is not available
Kerberos client support for claims, compound authentication and Kerberos armoring
Require strict KDC validation
Require strict target SPN match on remote procedure calls
Set maximum Kerberos SSPI context token buffer size
Specify KDC proxy servers for Kerberos clients
Support compound authentication
Support device authentication using certificate
Use forest search order
Kernel DMA Protection
Enumeration policy for external devices incompatible with Kernel DMA Protection
Locale Services
Disallow changing of geographic location
Disallow copying of user input methods to the system account for sign-in
Disallow selection of Custom Locales
Disallow user override of locale settings
Restrict system locales
Restrict user locales
Logon
Allow users to select when a password is required when resuming from connected standby
Always use classic logon
Always use custom logon background
Always wait for the network at computer startup and logon
Assign a default credential provider
Assign a default domain for logon
Block user from showing account details on sign-in
Configure Dynamic Lock
Do not display network selection UI
Do not display the Getting Started welcome screen at logon
Do not enumerate connected users on domain-joined computers
Do not process the legacy run list
Do not process the run once list
Enumerate local users on domain-joined computers
Exclude credential providers
Hide entry points for Fast User Switching
Run these programs at user logon
Show clear logon background
Show first sign-in animation
Turn off app notifications on the lock screen
Turn off picture password sign-in
Turn off Windows Startup sound
Turn on convenience PIN sign-in
Turn on security key sign-in
Mitigation Options
Process Mitigation Options
Untrusted Font Blocking
Net Logon
DC Locator DNS Records
Do not process incoming mailslot messages used for domain controller location based on NetBIOS domain names
Do not use NetBIOS-based discovery for domain controller location when DNS-based discovery fails
Force Rediscovery Interval
Return domain controller address type
Set Priority in the DC Locator DNS SRV records
Set TTL in the DC Locator DNS Records
Set Weight in the DC Locator DNS SRV records
Specify address lookup behavior for DC locator ping
Specify DC Locator DNS records not registered by the DCs
Specify dynamic registration of the DC Locator DNS Records
Specify Refresh Interval of the DC Locator DNS records
Specify sites covered by the application directory partition DC Locator DNS SRV records
Specify sites covered by the DC Locator DNS SRV records
Specify sites covered by the GC Locator DNS SRV Records
Try Next Closest Site
Use automated site coverage by the DC Locator DNS SRV Records
Use DNS name resolution when a single-label domain name is used, by appending different registered DNS suffixes, if the AllowSingleLabelDnsDomain setting is not enabled.
Use DNS name resolution with a single-label domain name instead of NetBIOS name resolution to locate the DC
Allow cryptography algorithms compatible with Windows NT 4.0
Contact PDC on logon failure
Set Netlogon share compatibility
Set scavenge interval
Set SYSVOL share compatibility
Specify expected dial-up delay on logon
Specify log file debug output level
Specify maximum log file size
Specify negative DC Discovery cache setting
Specify positive periodic DC Cache refresh for non-background callers
Specify site name
Use final DC discovery retry setting for background callers
Use initial DC discovery retry setting for background callers
Use maximum DC discovery retry interval setting for background callers
Use positive periodic DC cache refresh for background callers
Use urgent mode when pinging domain controllers
OS Policies
Allow Clipboard History
Allow Clipboard synchronization across devices
Allow publishing of User Activities
Allow upload of User Activities
Enables Activity Feed
Recovery
Allow restore of system to default state
Server Manager
Configure the refresh interval for Server Manager
Do not display Initial Configuration Tasks window automatically at logon
Do not display Server Manager automatically at logon
Service Control Manager Settings
Security Settings
Enable svchost.exe mitigation options
Shutdown
Require use of fast startup
Storage Health
Allow downloading updates to the Disk Failure Prediction Model
Storage Sense
Allow Storage Sense
Allow Storage Sense Temporary Files cleanup
Configure Storage Sense cadence
Configure Storage Sense Cloud Content dehydration threshold
Configure Storage Sense Recycle Bin cleanup threshold
Configure Storage Storage Downloads cleanup threshold
Troubleshooting and Diagnostics
Application Compatibility Diagnostics
Detect application failures caused by deprecated COM objects
Detect application failures caused by deprecated Windows DLLs
Detect application installers that need to be run as administrator
Detect application install failures
Detect applications unable to launch installers under UAC
Detect compatibility issues for applications and drivers
Notify blocked drivers
Windows Performance PerfTrack
הפוך PerfTrack לזמין/לא זמין
אבחון ביצועי היציאה של Windows
קביעת תצורה של רמת ביצוע תרחישים
אבחון ביצועי המתנה/חידוש פעולה של Windows
קביעת תצורה של רמת ביצוע תרחישים
אבחון ביצועי יכולת התגובה של מערכת Windows
קביעת תצורה של רמת ביצוע תרחישים
אבחון ביצועים של אתחול Windows
קביעת תצורה של רמת ביצוע תרחישים
אבחון דיסק
אבחון דיסק: קבע תצורה של טקסט התראה מותאם אישית
אבחון דיסק: קבע תצורה של רמת הפעלה
אבחון דליפת זיכרון של Windows
קביעת תצורה של רמת ביצוע תרחישים
אבחון מבוסס-Script
פתרון בעיות: אפשר למשתמשים לגשת אל אשפי פתרון בעיות ולהפעיל אותם
פתרון בעיות: אפשר למשתמשים לגשת אל תוכן מקוון לפתרון בעיות בשרתי Microsoft דרך אפשרות פתרון הבעיות בלוח הבקרה (באמצעות שירות פתרון הבעיות המקוון של Windows - WOTS)
קבע תצורה של מדיניות אבטחה עבור אבחון מבוסס-Script
זיהוי ופתרון של מיצוי משאבי Windows
קביעת תצורה של רמת ביצוע תרחישים
זיכרון עמיד בפני תקלות
קביעת תצורה של רמת ביצוע תרחישים
כלי האבחון של תמיכת Microsoft
Troubleshooting: Allow users to access recommended troubleshooting for known problems
כלי האבחון של תמיכת Microsoft: הגבל הורדת כלים
כלי האבחון של תמיכת Microsoft: הפעל את התקשורת האינטראקטיבית של MSDT עם ספק תמיכה
כלי האבחון של תמיכת Microsoft: קבע תצורה של רמת הפעלה
שחזור קובץ MSI פגום
קבע תצורה של אופן פעולת שחזור של קובץ MSI פגום
תחזוקה מתוזמנת
קבע תצורה של אופן פעולת תצורה מתוזמנת
שחזור קובץ פגום
קבע תצורה של התנהגות שחזור קובץ פגום
אבחון: קביעת התצורה של רמת ביצוע תרחישים
אבחון: קבע תצורה של שמירת תרחישים בזכרון
Trusted Platform Module Services
Configure the level of TPM owner authorization information available to the operating system
Configure the list of blocked TPM commands
Configure the system to clear the TPM if it is not in a ready state.
Configure the system to use legacy Dictionary Attack Prevention Parameters setting for TPM 2.0.
Ignore the default list of blocked TPM commands
Ignore the local list of blocked TPM commands
Standard User Individual Lockout Threshold
Standard User Lockout Duration
Standard User Total Lockout Threshold
Turn on TPM backup to Active Directory Domain Services
User Profiles
Add the Administrators security group to roaming user profiles
Control slow network connection timeout for user profiles
Delete cached copies of roaming profiles
Delete user profiles older than a specified number of days on system restart
Disable detection of slow network connections
Do not check for user ownership of Roaming Profile Folders
Do not forcefully unload the users registry at user logoff
Do not log users on with temporary profiles
Download roaming profiles on primary computers only
Establish timeout value for dialog boxes
Leave Windows Installer and Group Policy Software Installation Data
Maximum retries to unload and update user profile
Only allow local user profiles
Prevent Roaming Profile changes from propagating to the server
Prompt user when a slow network connection is detected
Set maximum wait time for the network if a user has a roaming user profile or remote home directory
Set roaming profile path for all users logging onto this computer
Set the schedule for background upload of a roaming user profile's registry file while user is logged on
Set user home folder
Turn off the advertising ID
User management of sharing user name, account picture, and domain information with apps (not desktop apps)
Wait for remote user profile
Windows Time Service
Time Providers
Configure Windows NTP Client
Enable Windows NTP Client
Enable Windows NTP Server
Global Configuration Settings
אפשרויות כיבוי
בטל הפסקה אוטומטית של יישומים אשר חוסמים או מבטלים כיבוי
גישה לאחסון נשלף
דיסקים נשלפים: מנע גישת הפעלה
דיסקים נשלפים: מנע גישת כתיבה
דיסקים נשלפים: מנע גישת קריאה
התקני WPD: מנע גישת כתיבה
התקני WPD: מנע גישת קריאה
זמן (בשניות) לכפיית אתחול מחדש
כונני קלטות: מנע גישת הפעלה
כונני קלטות: מנע גישת כתיבה
כונני קלטות: מנע גישת קריאה
כונני תקליטונים: מנע גישת הפעלה
כונני תקליטונים: מנע גישת כתיבה
כונני תקליטונים: מנע גישת קריאה
כל מחלקות האחסון הנשלף: אפשר גישה ישירה בהפעלות מרחוק
כל מחלקות האחסון הנשלף: מנע כל גישה
מחלקות מותאמות אישית: מנע גישת כתיבה
מחלקות מותאמות אישית: מנע גישת קריאה
תקליטור ו- DVD: מנע גישת הפעלה
תקליטור ו- DVD: מנע גישת כתיבה
תקליטור ו- DVD: מנע גישת קריאה
הגנת קבצים של Windows
הגבל את גודל המטמון של הגנת הקבצים של Windows
הגדר סריקה של הגנת קבצים של Windows
הסתר את חלון ההתקדמות של סריקת קבצים
ציין מיקום עבור מטמון הגנת הקבצים של Windows
מטמון NV של דיסק
בטל את התכונה מטמון שאינו נדיף
בטל מיטוב של אתחול וחידוש פעולה
בטל מצב Solid State
בטל מצב צריכת חשמל במטמון
מיכסות דיסק
אכוף מגבלה על מיכסת דיסק
אפשר מיכסות דיסק
החל מדיניות על מדיה נשלפת
ערכי ברירת מחדל של מגבלת מיכסה ורמת אזהרה
צור רישום אירוע כאשר משתמש חורג מהמיכסה
צור רישום אירוע כאשר מתרחשת חריגה מרמת האזהרה
ניהול צריכת חשמל
Energy Saver Settings
Energy Saver Battery Threshold (on battery)
Energy Saver Battery Threshold (plugged in)
Power Throttling Settings
Turn off Power Throttling
הגדרות דיסק קשיח
בטל את פעולת הדיסק הקשיח (מופעל באמצעות סוללה)
בטל את פעולת הדיסק הקשיח (מחובר)
הגדרות הודעה
בטל הודעת משתמש על סוללה חלשה
פעולת הודעה על סוללה במצב קריטי
פעולת הודעה על סוללה חלשה
רמת הודעה על חיסכון סוללה
רמת הודעה של סוללה במצב קריטי
רמת הודעה של סוללה חלשה
הגדרות וידאו ותצוגה
בטל את התצוגה (מחובר)
בטל את התצוגה (על סוללה)
בטל זמן קצוב של תצוגה מותאמת (מחובר)
בטל זמן קצוב של תצוגה מותאמת (על סוללה)
הפחת בהירות תצוגה (מופעל באמצעות סוללה)
הפחת בהירות תצוגה (מחובר)
הפעל הצגת שקופיות ברקע שולחן העבודה (מחובר)
הפעל מצגת שקופיות ברקע שולחן העבודה (מופעל באמצעות סוללה)
ציין את בהירות עמעום התצוגה (מופעל באמצעות סוללה)
ציין את בהירות עמעום התצוגה (מחובר)
הגדרות לחצנים
בחר את פעולת לחצן 'הפעלה' (מופעל באמצעות סוללה)
בחר את פעולת לחצן 'הפעלה' (מחובר)
בחר את פעולת לחצן 'הפעלה' בתפריט התחלה (מחובר)
בחר את פעולת לחצן 'הפעלה' התפריט התחלה (מופעל באמצעות סוללה)
בחר את פעולת לחצן 'שינה' (מופעל באמצעות סוללה)
בחר את פעולת לחצן שינה (מחובר)
בחר את פעולת מתג מכסה (מופעל באמצעות סוללה)
בחר את פעולת מתג מכסה (מחובר)
הגדרות מצב שינה
Allow network connectivity during connected-standby (on battery)
Allow network connectivity during connected-standby (plugged in)
אפשר ליישומים למנוע שינה אוטומטית (מופעל באמצעות סוללה)
אפשר ליישומים למנוע שינה אוטומטית (מחובר)
אפשר מצבי המתנה (S1-S3) במצב שינה (מופעל באמצעות סוללה)
אפשר מצבי המתנה (S1-S3) במצב שינה (מחובר)
אפשר שינה אוטומטית עם קבצי רשת פתוחים (מופעל באמצעות סוללה)
אפשר שינה אוטומטית עם קבצי רשת פתוחים (מחובר)
בטל שינה היברידית (מופעל באמצעות סוללה)
בטל שינה היברידית (מחובר)
דרוש סיסמה כשהמחשב חוזר לפעולה (מופעל באמצעות סוללה)
דרוש סיסמה כשהמחשב חוזר לפעולה (מחובר)
הפעל את היכולת של יישומים למנוע מעברים למצב שינה (מופעל באמצעות סוללה)
הפעל את היכולת של יישומים למנוע מעברים למצב שינה (מחובר)
ציין את הזמן הקצוב לשינה ללא התערבות (מחובר)
ציין את הזמן הקצוב של מצב השינה של המערכת (מחובר)
ציין את הזמן הקצוב של מצב שינה בהיעדר השגחה (מופעל באמצעות סוללה)
ציין את הזמן הקצוב של מצב שינה של המערכת (מופעל באמצעות סוללה)
ציין את הזמן הקצוב של מצב שינה של המערכת (מופעל באמצעות סוללה)
ציין את הזמן הקצוב של מצב שינה של המערכת (מחובר)
בחר תוכנית צריכת חשמל פעילה
ציין תוכנית צריכת חשמל פעילה מותאמת אישית
ניתוב מחדש של התקן
הגבלות ניתוב מחדש של התקן
מנע ניתוב מחדש של התקני USB
מנע ניתוב מחדש של התקנים התואמים למזהי התקנים אלה
סיוע מרחוק
אפשר חיבורים של Vista או גירסאות מאוחרות יותר בלבד
הפעל מיטוב רוחב פס
הפעל רישום הפעלות
הצע סיוע מרחוק
התאם אישית הודעות אזהרה
עזרה מרחוק לפי דרישה
קבצי Script
אפשר Scripts של כניסה כאשר NetBIOS או WINS אינם זמינים
הפעל קבצי Script לכניסה באופן מסונכרן
הפעל קבצי Script של Windows PowerShell תחילה בעת הפעלת וכיבוי המחשב
הפעל קבצי Script של Windows PowerShell תחילה בעת כניסה ויציאה של משתמש
הפעל קבצי Script של הפעלה באופן לא מסונכרן
הפעל קבצי Script של הפעלה באופן נראה לעין
הפעל קבצי Script של כיבוי באופן נראה לעין
משך המתנה מרבי עבור קבצי Script של המדיניות הקבוצתית
קריאה לפרוצדורה מרוחקת
אימות לקוח ממפה נקודות קצה של RPC
הגבלות עבור לקוחות RPC שלא אומתו
הפצה של מידע שגיאות מורחב
התעלם מכשל הקצאה
זמן קצוב מינימלי לחיבור סרק עבור חיבורי RPC/HTTP
מידע על מצב פתרון תקלות RPC
שחזור מערכת
כבה שחזור מערכת
כבה תצורה
Display highly detailed status messages
Do not display Manage Your Server page at logon
Remove Boot / Shutdown / Logon / Logoff status messages
Specify settings for optional component installation and component repair
אל תבטל את צריכת החשמל של המערכת לאחר כיבוי של מערכת Windows.
אל תצפין באופן אוטומטי קבצים שהועברו לתיקיות מוצפנות
אפשר חותמת זמן מתמדת
אפשר ללקוחות Distributed Link Tracking להשתמש במשאבי תחום
בטל מניעת ביצוע נתונים עבור קובץ הפעלה של HTML Help
הגבל את הפעלת התוכניות הבאות מתוך העזרה
הגבל פונקציות HTML Help העלולות להיות לא בטוחות לתיקיות ספציפיות
הגדר מיקום לקובץ התקנת Windows
הורד רכיבי COM חסרים
הפעל את תכונת נתוני מצב המערכת של עוקב אירועי הכיבוי
הצג עוקב אירועי כיבוי
מגדיר את מיקום קובץ ההתקנה של Windows Service Pack
Windows Components
Application Compatibility
Prevent access to 16-bit applications
Remove Program Compatibility Property Page
Turn off Application Compatibility Engine
Turn off Application Telemetry
Turn off Inventory Collector
Turn off Program Compatibility Assistant
Turn off Steps Recorder
Turn off SwitchBack Compatibility Engine
App Package Deployment
Allow all trusted apps to install
Allow a Windows app to share application data between users
Allow deployment operations in special profiles
Allows development of Windows Store apps and installing them from an integrated development environment (IDE)
Disable installing Windows apps on non-system volumes
Prevent non-admin users from installing packaged Windows apps
Prevent users' app data from being stored on non-system volumes
App Privacy
Let Windows apps access account information
Let Windows apps access an eye tracker device
Let Windows apps access call history
Let Windows apps access contacts
Let Windows apps access diagnostic information about other apps
Let Windows apps access email
Let Windows apps access location
Let Windows apps access messaging
Let Windows apps access motion
Let Windows apps access notifications
Let Windows apps access Tasks
Let Windows apps access the calendar
Let Windows apps access the camera
Let Windows apps access the microphone
Let Windows apps access trusted devices
Let Windows apps access user movements while running in the background
Let Windows apps activate with voice
Let Windows apps activate with voice while the system is locked
Let Windows apps control radios
Let Windows apps make phone calls
Let Windows apps run in the background
Let Windows apps sync with devices
App runtime
Allow Microsoft accounts to be optional
Block launching desktop apps associated with a file.
Block launching desktop apps associated with a URI scheme
Block launching Universal Windows apps with Windows Runtime API access from hosted content.
Turn on dynamic Content URI Rules for Windows store apps
BitLocker Drive Encryption
Fixed Data Drives
Allow access to BitLocker-protected fixed data drives from earlier versions of Windows
Choose how BitLocker-protected fixed drives can be recovered
Configure use of hardware-based encryption for fixed data drives
Configure use of passwords for fixed data drives
Configure use of smart cards on fixed data drives
Deny write access to fixed drives not protected by BitLocker
Enforce drive encryption type on fixed data drives
Operating System Drives
Allow devices compliant with InstantGo or HSTI to opt out of pre-boot PIN.
Allow enhanced PINs for startup
Allow network unlock at startup
Allow Secure Boot for integrity validation
Choose how BitLocker-protected operating system drives can be recovered
Configure minimum PIN length for startup
Configure pre-boot recovery message and URL
Configure TPM platform validation profile (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2)
Configure TPM platform validation profile for BIOS-based firmware configurations
Configure TPM platform validation profile for native UEFI firmware configurations
Configure use of hardware-based encryption for operating system drives
Configure use of passwords for operating system drives
Disallow standard users from changing the PIN or password
Enable use of BitLocker authentication requiring preboot keyboard input on slates
Enforce drive encryption type on operating system drives
Require additional authentication at startup (Windows Server 2008 and Windows Vista)
Require additional authentication at startup
Reset platform validation data after BitLocker recovery
Use enhanced Boot Configuration Data validation profile
Removable Data Drives
Allow access to BitLocker-protected removable data drives from earlier versions of Windows
Choose how BitLocker-protected removable drives can be recovered
Configure use of hardware-based encryption for removable data drives
Configure use of passwords for removable data drives
Configure use of smart cards on removable data drives
Control use of BitLocker on removable drives
Deny write access to removable drives not protected by BitLocker
Enforce drive encryption type on removable data drives
Choose default folder for recovery password
Choose drive encryption method and cipher strength (Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10 [Version 1507])
Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)
Choose drive encryption method and cipher strength (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2)
Choose how users can recover BitLocker-protected drives (Windows Server 2008 and Windows Vista)
Disable new DMA devices when this computer is locked
Prevent memory overwrite on restart
Provide the unique identifiers for your organization
Store BitLocker recovery information in Active Directory Domain Services (Windows Server 2008 and Windows Vista)
Validate smart card certificate usage rule compliance
Camera
Allow Use of Camera
Cloud Content
Do not show Windows Tips
Turn off cloud optimized content
Turn off Microsoft consumer experiences
Connect
Don't allow this PC to be projected to
Require pin for pairing
Credential User Interface
Do not display the password reveal button
Enumerate administrator accounts on elevation
Prevent the use of security questions for local accounts
Require trusted path for credential entry
Data Collection and Preview Builds
Allow commercial data pipeline
Allow Desktop Analytics Processing
Allow device name to be sent in Windows diagnostic data
Allow Telemetry
Allow Update Compliance Processing
Allow WUfB Cloud Processing
Configure Authenticated Proxy usage for the Connected User Experience and Telemetry service
Configure collection of browsing data for Desktop Analytics
Configure Connected User Experiences and Telemetry
Configure diagnostic data upload endpoint for Desktop Analytics
Configure telemetry opt-in change notifications.
Configure telemetry opt-in setting user interface.
Configure the Commercial ID
Disable deleting diagnostic data
Disable diagnostic data viewer.
Disable OneSettings Downloads
Disable pre-release features or settings
Do not show feedback notifications
Enable OneSettings Auditing
Limit Enhanced diagnostic data to the minimum required by Windows Analytics
Toggle user control over Insider builds
Delivery Optimization
Absolute Max Cache Size (in GB)
Allow uploads while the device is on battery while under set Battery level (percentage)
Cache Server Hostname
Cache Server Hostname Source
Delay Background download Cache Server fallback (in seconds)
Delay background download from http (in secs)
Delay Foreground download Cache Server fallback (in seconds)
Delay Foreground download from http (in secs)
Download Mode
Enable Peer Caching while the device connects via VPN
Group ID
Max Cache Age
Max Cache Size
Maximum Background Download Bandwidth (in KB/s)
Maximum Background Download Bandwidth (percentage)
Maximum Download Bandwidth (in KB/s)
Maximum Download Bandwidth (percentage)
Maximum Foreground Download Bandwidth (in KB/s)
Maximum Foreground Download Bandwidth (percentage)
Max Upload Bandwidth
Minimum Background QoS (in KB/s)
Minimum disk size allowed to use Peer Caching (in GB)
Minimum Peer Caching Content File Size (in MB)
Minimum RAM capacity (inclusive) required to enable use of Peer Caching (in GB)
Modify Cache Drive
Monthly Upload Data Cap (in GB)
Select a method to restrict Peer Selection
Select the source of Group IDs
Set Business Hours to Limit Background Download Bandwidth
Set Business Hours to Limit Foreground Download Bandwidth
Desktop Gadgets
Restrict unpacking and installation of gadgets that are not digitally signed.
Turn off desktop gadgets
Turn Off user-installed desktop gadgets
Desktop Window Manager
Window Frame Coloring
Do not allow color changes
Specify a default color
Do not allow Flip3D invocation
Do not allow window animations
Use solid color for Start background
Device and Driver Compatibility
Device compatibility settings
Driver compatibility settings
Device Registration
Register domain joined computers as devices
Edge UI
Allow edge swipe
Disable help tips
Event Logging
Enable Protected Event Logging
Event Log Service
Application
Back up log automatically when full
Configure log access (legacy)
Configure log access
Control Event Log behavior when the log file reaches its maximum size
Control the location of the log file
Specify the maximum log file size (KB)
Security
Back up log automatically when full
Configure log access (legacy)
Configure log access
Control Event Log behavior when the log file reaches its maximum size
Control the location of the log file
Specify the maximum log file size (KB)
Setup
Back up log automatically when full
Configure log access (legacy)
Configure log access
Control Event Log behavior when the log file reaches its maximum size
Control the location of the log file
Specify the maximum log file size (KB)
Turn on logging
System
Back up log automatically when full
Configure log access (legacy)
Configure log access
Control Event Log behavior when the log file reaches its maximum size
Control the location of the log file
Specify the maximum log file size (KB)
File Explorer
Previous Versions
Hide previous versions list for local files
Hide previous versions list for remote files
Hide previous versions of files on backup location
Prevent restoring local previous versions
Prevent restoring previous versions from backups
Prevent restoring remote previous versions
Allow the use of remote paths in file shortcut icons
Configure Windows Defender SmartScreen
Disable binding directly to IPropertySetStorage without intermediate layers.
Do not reinitialize a pre-existing roamed user profile when it is loaded on a machine for the first time
Do not show the 'new application installed' notification
Location where all default Library definition files for users/machines reside.
Set a default associations configuration file
Set a support web page link
Show hibernate in the power options menu
Show lock in the user tile menu
Show sleep in the power options menu
Start File Explorer with ribbon minimized
Turn off Data Execution Prevention for Explorer
Turn off heap termination on corruption
Turn off numerical sorting in File Explorer
Turn off shell protocol protected mode
Verify old and new Folder Redirection targets point to the same share before redirecting
File History
Turn off File History
Find My Device
Turn On/Off Find My Device
Handwriting
Handwriting Panel Default Mode Docked
Internet Explorer
Accelerators
Add default Accelerators
Add non-default Accelerators
Restrict Accelerators to those deployed through Group Policy
Turn off Accelerators
Application Compatibility
Clipboard access
Bypass prompting for Clipboard access for scripts running in any process
Bypass prompting for Clipboard access for scripts running in the Internet Explorer process
Define applications and processes that can access the Clipboard without prompting
Browser menus
Turn off Print Menu
Turn off the ability to launch report site problems using a menu option
Compatibility View
Include updated website lists from Microsoft
Turn off Compatibility View button
Turn off Compatibility View
Turn on Internet Explorer 7 Standards Mode
Turn on Internet Explorer Standards Mode for local intranet
Use Policy List of Internet Explorer 7 sites
Use Policy List of Quirks Mode sites
Corporate Settings
Code Download
Prevent specifying the code download path for each computer
Delete Browsing History
Allow deleting browsing history on exit
Disable "Configuring History"
Prevent access to Delete Browsing History
Prevent deleting ActiveX Filtering, Tracking Protection, and Do Not Track data
Prevent deleting cookies
Prevent deleting download history
Prevent deleting favorites site data
Prevent deleting form data
Prevent deleting InPrivate Filtering data
Prevent deleting passwords
Prevent deleting temporary Internet files
Prevent deleting websites that the user has visited
Prevent the deletion of temporary Internet files and cookies
Internet Control Panel
Advanced Page
Allow active content from CDs to run on user machines
Allow Install On Demand (except Internet Explorer)
Allow Install On Demand (Internet Explorer)
Allow Internet Explorer to use the HTTP2 network protocol
Allow Internet Explorer to use the SPDY/3 network protocol
Allow software to run or install even if the signature is invalid
Allow third-party browser extensions
Always send Do Not Track header
Automatically check for Internet Explorer updates
Check for server certificate revocation
Check for signatures on downloaded programs
Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled
Do not allow resetting Internet Explorer settings
Do not save encrypted pages to disk
Empty Temporary Internet Files folder when browser is closed
Play animations in web pages
Play sounds in web pages
Play videos in web pages
Turn off ClearType
Turn off encryption support
Turn off loading websites and content in the background to optimize performance
Turn off Profile Assistant
Turn off sending UTF-8 query strings for URLs
Turn off the flip ahead with page prediction feature
Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows
Turn on Caret Browsing support
Turn on Enhanced Protected Mode
Use HTTP 1.1 through proxy connections
Use HTTP 1.1
Content Page
Show Content Advisor on Internet Options
General Page
Browsing History
Allow websites to store application caches on client computers
Allow websites to store indexed databases on client computers
Set application caches expiration time limit for individual domains
Set application cache storage limits for individual domains
Set default storage limits for websites
Set indexed database storage limits for individual domains
Set maximum application cache individual resource size
Set maximum application cache resource list size
Set maximum application caches storage limit for all domains
Set maximum indexed database storage limit for all domains
Start Internet Explorer with tabs from last browsing session
Security Page
Internet Zone
Access data sources across domains
Allow active content over restricted protocols to access my computer
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow loading of XAML Browser Applications
Allow loading of XAML files
Allow loading of XPS files
Allow META REFRESH
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use the TDC ActiveX control
Allow OpenSearch queries in File Explorer
Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer WebBrowser controls
Allow scriptlets
Allow updates to status bar via script
Allow VBScript to run in Internet Explorer
Allow video and animation on a webpage that uses an older media player
Allow websites to open windows without status bar or Address bar
Allow websites to prompt for information by using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Display mixed content
Don't run antimalware programs against ActiveX controls
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Enable dragging of content from different domains across windows
Enable dragging of content from different domains within a window
Enable MIME Sniffing
Include local path when user is uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Logon options
Navigate windows and frames across different domains
Render legacy filters
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Show security warning for potentially unsafe files
Software channel permissions
Submit non-encrypted form data
Turn off .NET Framework Setup
Turn off first-run prompt
Turn on Cross-Site Scripting Filter
Turn on Protected Mode
Turn on SmartScreen Filter scan
Use Pop-up Blocker
Userdata persistence
Web sites in less privileged Web content zones can navigate into this zone
Intranet Zone
Access data sources across domains
Allow active content over restricted protocols to access my computer
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow loading of XAML Browser Applications
Allow loading of XAML files
Allow loading of XPS files
Allow META REFRESH
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use the TDC ActiveX control
Allow OpenSearch queries in File Explorer
Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer WebBrowser controls
Allow scriptlets
Allow updates to status bar via script
Allow VBScript to run in Internet Explorer
Allow video and animation on a webpage that uses an older media player
Allow websites to open windows without status bar or Address bar
Allow websites to prompt for information by using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Display mixed content
Don't run antimalware programs against ActiveX controls
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Enable dragging of content from different domains across windows
Enable dragging of content from different domains within a window
Enable MIME Sniffing
Include local path when user is uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Logon options
Navigate windows and frames across different domains
Render legacy filters
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Show security warning for potentially unsafe files
Software channel permissions
Submit non-encrypted form data
Turn off .NET Framework Setup
Turn off first-run prompt
Turn on Cross-Site Scripting Filter
Turn on Protected Mode
Turn on SmartScreen Filter scan
Use Pop-up Blocker
Userdata persistence
Web sites in less privileged Web content zones can navigate into this zone
Local Machine Zone
Access data sources across domains
Allow active content over restricted protocols to access my computer
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow loading of XAML Browser Applications
Allow loading of XAML files
Allow loading of XPS files
Allow META REFRESH
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use the TDC ActiveX control
Allow OpenSearch queries in File Explorer
Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer WebBrowser controls
Allow scriptlets
Allow updates to status bar via script
Allow VBScript to run in Internet Explorer
Allow video and animation on a webpage that uses an older media player
Allow websites to open windows without status bar or Address bar
Allow websites to prompt for information by using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Display mixed content
Don't run antimalware programs against ActiveX controls
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Enable dragging of content from different domains across windows
Enable dragging of content from different domains within a window
Enable MIME Sniffing
Include local path when user is uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Logon options
Navigate windows and frames across different domains
Render legacy filters
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Show security warning for potentially unsafe files
Software channel permissions
Submit non-encrypted form data
Turn off .NET Framework Setup
Turn off first-run prompt
Turn on Cross-Site Scripting Filter
Turn on Protected Mode
Turn on SmartScreen Filter scan
Use Pop-up Blocker
Userdata persistence
Web sites in less privileged Web content zones can navigate into this zone
Locked-Down Internet Zone
Access data sources across domains
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow loading of XAML Browser Applications
Allow loading of XAML files
Allow loading of XPS files
Allow META REFRESH
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use the TDC ActiveX control
Allow OpenSearch queries in File Explorer
Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer WebBrowser controls
Allow scriptlets
Allow updates to status bar via script
Allow VBScript to run in Internet Explorer
Allow video and animation on a webpage that uses an older media player
Allow websites to open windows without status bar or Address bar
Allow websites to prompt for information by using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Display mixed content
Don't run antimalware programs against ActiveX controls
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Enable dragging of content from different domains across windows
Enable dragging of content from different domains within a window
Enable MIME Sniffing
Include local path when user is uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Logon options
Navigate windows and frames across different domains
Render legacy filters
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Show security warning for potentially unsafe files
Software channel permissions
Submit non-encrypted form data
Turn off .NET Framework Setup
Turn off first-run prompt
Turn on Cross-Site Scripting Filter
Turn on Protected Mode
Turn on SmartScreen Filter scan
Use Pop-up Blocker
Userdata persistence
Web sites in less privileged Web content zones can navigate into this zone
Locked-Down Intranet Zone
Access data sources across domains
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow loading of XAML Browser Applications
Allow loading of XAML files
Allow loading of XPS files
Allow META REFRESH
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use the TDC ActiveX control
Allow OpenSearch queries in File Explorer
Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer WebBrowser controls
Allow scriptlets
Allow updates to status bar via script
Allow VBScript to run in Internet Explorer
Allow video and animation on a webpage that uses an older media player
Allow websites to open windows without status bar or Address bar
Allow websites to prompt for information by using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Display mixed content
Don't run antimalware programs against ActiveX controls
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Enable dragging of content from different domains across windows
Enable dragging of content from different domains within a window
Enable MIME Sniffing
Include local path when user is uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Logon options
Navigate windows and frames across different domains
Render legacy filters
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Show security warning for potentially unsafe files
Software channel permissions
Submit non-encrypted form data
Turn off .NET Framework Setup
Turn off first-run prompt
Turn on Cross-Site Scripting Filter
Turn on Protected Mode
Turn on SmartScreen Filter scan
Use Pop-up Blocker
Userdata persistence
Web sites in less privileged Web content zones can navigate into this zone
Locked-Down Local Machine Zone
Access data sources across domains
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow loading of XAML Browser Applications
Allow loading of XAML files
Allow loading of XPS files
Allow META REFRESH
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use the TDC ActiveX control
Allow OpenSearch queries in File Explorer
Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer WebBrowser controls
Allow scriptlets
Allow updates to status bar via script
Allow VBScript to run in Internet Explorer
Allow video and animation on a webpage that uses an older media player
Allow websites to open windows without status bar or Address bar
Allow websites to prompt for information by using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Display mixed content
Don't run antimalware programs against ActiveX controls
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Enable dragging of content from different domains across windows
Enable dragging of content from different domains within a window
Enable MIME Sniffing
Include local path when user is uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Logon options
Navigate windows and frames across different domains
Render legacy filters
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Show security warning for potentially unsafe files
Software channel permissions
Submit non-encrypted form data
Turn off .NET Framework Setup
Turn off first-run prompt
Turn on Cross-Site Scripting Filter
Turn on Protected Mode
Turn on SmartScreen Filter scan
Use Pop-up Blocker
Userdata persistence
Web sites in less privileged Web content zones can navigate into this zone
Locked-Down Restricted Sites Zone
Access data sources across domains
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow loading of XAML Browser Applications
Allow loading of XAML files
Allow loading of XPS files
Allow META REFRESH
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use the TDC ActiveX control
Allow OpenSearch queries in File Explorer
Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer WebBrowser controls
Allow scriptlets
Allow updates to status bar via script
Allow VBScript to run in Internet Explorer
Allow video and animation on a webpage that uses an older media player
Allow websites to open windows without status bar or Address bar
Allow websites to prompt for information by using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Display mixed content
Don't run antimalware programs against ActiveX controls
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Enable dragging of content from different domains across windows
Enable dragging of content from different domains within a window
Enable MIME Sniffing
Include local path when user is uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Logon options
Navigate windows and frames across different domains
Render legacy filters
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Show security warning for potentially unsafe files
Software channel permissions
Submit non-encrypted form data
Turn off .NET Framework Setup
Turn off first-run prompt
Turn on Cross-Site Scripting Filter
Turn on Protected Mode
Turn on SmartScreen Filter scan
Use Pop-up Blocker
Userdata persistence
Web sites in less privileged Web content zones can navigate into this zone
Locked-Down Trusted Sites Zone
Access data sources across domains
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow loading of XAML Browser Applications
Allow loading of XAML files
Allow loading of XPS files
Allow META REFRESH
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use the TDC ActiveX control
Allow OpenSearch queries in File Explorer
Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer WebBrowser controls
Allow scriptlets
Allow updates to status bar via script
Allow VBScript to run in Internet Explorer
Allow video and animation on a webpage that uses an older media player
Allow websites to open windows without status bar or Address bar
Allow websites to prompt for information by using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Display mixed content
Don't run antimalware programs against ActiveX controls
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Enable dragging of content from different domains across windows
Enable dragging of content from different domains within a window
Enable MIME Sniffing
Include local path when user is uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Logon options
Navigate windows and frames across different domains
Render legacy filters
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Show security warning for potentially unsafe files
Software channel permissions
Submit non-encrypted form data
Turn off .NET Framework Setup
Turn off first-run prompt
Turn on Cross-Site Scripting Filter
Turn on Protected Mode
Turn on SmartScreen Filter scan
Use Pop-up Blocker
Userdata persistence
Web sites in less privileged Web content zones can navigate into this zone
Restricted Sites Zone
Access data sources across domains
Allow active content over restricted protocols to access my computer
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow loading of XAML Browser Applications
Allow loading of XAML files
Allow loading of XPS files
Allow META REFRESH
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use the TDC ActiveX control
Allow OpenSearch queries in File Explorer
Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer WebBrowser controls
Allow scriptlets
Allow updates to status bar via script
Allow VBScript to run in Internet Explorer
Allow video and animation on a webpage that uses an older media player
Allow websites to open windows without status bar or Address bar
Allow websites to prompt for information by using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Display mixed content
Don't run antimalware programs against ActiveX controls
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Enable dragging of content from different domains across windows
Enable dragging of content from different domains within a window
Enable MIME Sniffing
Include local path when user is uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Logon options
Navigate windows and frames across different domains
Render legacy filters
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Show security warning for potentially unsafe files
Software channel permissions
Submit non-encrypted form data
Turn off .NET Framework Setup
Turn off first-run prompt
Turn on Cross-Site Scripting Filter
Turn on Protected Mode
Turn on SmartScreen Filter scan
Use Pop-up Blocker
Userdata persistence
Web sites in less privileged Web content zones can navigate into this zone
Trusted Sites Zone
Access data sources across domains
Allow active content over restricted protocols to access my computer
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow loading of XAML Browser Applications
Allow loading of XAML files
Allow loading of XPS files
Allow META REFRESH
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use the TDC ActiveX control
Allow OpenSearch queries in File Explorer
Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer WebBrowser controls
Allow scriptlets
Allow updates to status bar via script
Allow VBScript to run in Internet Explorer
Allow video and animation on a webpage that uses an older media player
Allow websites to open windows without status bar or Address bar
Allow websites to prompt for information by using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Display mixed content
Don't run antimalware programs against ActiveX controls
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Enable dragging of content from different domains across windows
Enable dragging of content from different domains within a window
Enable MIME Sniffing
Include local path when user is uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Logon options
Navigate windows and frames across different domains
Render legacy filters
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Show security warning for potentially unsafe files
Software channel permissions
Submit non-encrypted form data
Turn off .NET Framework Setup
Turn off first-run prompt
Turn on Cross-Site Scripting Filter
Turn on Protected Mode
Turn on SmartScreen Filter scan
Use Pop-up Blocker
Userdata persistence
Web sites in less privileged Web content zones can navigate into this zone
Internet Zone Template
Intranet Sites: Include all local (intranet) sites not listed in other zones
Intranet Sites: Include all network paths (UNCs)
Intranet Sites: Include all sites that bypass the proxy server
Intranet Zone Template
Local Machine Zone Template
Locked-Down Internet Zone Template
Locked-Down Intranet Zone Template
Locked-Down Local Machine Zone Template
Locked-Down Restricted Sites Zone Template
Locked-Down Trusted Sites Zone Template
Restricted Sites Zone Template
Site to Zone Assignment List
Trusted Sites Zone Template
Turn on automatic detection of intranet
Turn on certificate address mismatch warning
Turn on Notification bar notification for intranet content
Disable the Advanced page
Disable the Connections page
Disable the Content page
Disable the General page
Disable the Privacy page
Disable the Programs page
Disable the Security page
Prevent ignoring certificate errors
Send internationalized domain names
Use UTF-8 for mailto links
Internet Settings
Advanced settings
Browsing
Go to an intranet site for a one-word entry in the Address bar
Turn off phone number detection
Multimedia
Allow Internet Explorer to play media files that use alternative codecs
Searching
Prevent configuration of search on Address bar
Prevent configuration of top-result search on Address bar
AutoComplete
Turn off URL Suggestions
Turn off Windows Search AutoComplete
Component Updates
Help Menu > About Internet Explorer
Prevent specifying cipher strength update information URLs
Periodic check for updates to Internet Explorer and Internet Tools
Prevent changing the URL for checking updates to Internet Explorer and Internet Tools
Prevent specifying the update check interval (in days)
Open Internet Explorer tiles on the desktop
Set how links are opened in Internet Explorer
Privacy
Establish InPrivate Filtering threshold
Establish Tracking Protection threshold
Prevent the computer from loading toolbars and Browser Helper Objects when InPrivate Browsing starts
Turn off collection of InPrivate Filtering data
Turn off InPrivate Browsing
Turn off InPrivate Filtering
Turn off Tracking Protection
Security Features
Add-on Management
Add-on List
All Processes
Deny all add-ons unless specifically allowed in the Add-on List
Process List
Remove "Run this time" button for outdated ActiveX controls in Internet Explorer
Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects
Turn off blocking of outdated ActiveX controls for Internet Explorer
Turn off blocking of outdated ActiveX controls for Internet Explorer on specific domains
Turn on ActiveX control logging in Internet Explorer
AJAX
Allow native XMLHTTP support
Change the maximum number of connections per host (HTTP 1.1)
Maximum number of connections per server (HTTP 1.0)
Set the maximum number of WebSocket connections per server
Turn off cross-document messaging
Turn off the WebSocket Object
Turn off the XDomainRequest object
Binary Behavior Security Restriction
Admin-approved behaviors
All Processes
Install binaries signed by MD2 and MD4 signing technologies
Internet Explorer Processes
Process List
Consistent Mime Handling
All Processes
Internet Explorer Processes
Process List
Local Machine Zone Lockdown Security
All Processes
Internet Explorer Processes
Process List
Mime Sniffing Safety Feature
All Processes
Internet Explorer Processes
Process List
MK Protocol Security Restriction
All Processes
Internet Explorer Processes
Process List
Network Protocol Lockdown
Restricted Protocols Per Security Zone
Internet Zone Restricted Protocols
Intranet Zone Restricted Protocols
Local Machine Zone Restricted Protocols
Restricted Sites Zone Restricted Protocols
Trusted Sites Zone Restricted Protocols
All Processes
Internet Explorer Processes
Process List
Notification bar
All Processes
Internet Explorer Processes
Process List
Object Caching Protection
All Processes
Internet Explorer Processes
Process List
Protection From Zone Elevation
All Processes
Internet Explorer Processes
Process List
Restrict ActiveX Install
All Processes
Internet Explorer Processes
Process List
Restrict File Download
All Processes
Internet Explorer Processes
Process List
Scripted Window Security Restrictions
All Processes
Internet Explorer Processes
Process List
Allow fallback to SSL 3.0 (Internet Explorer)
Do not display the reveal password button
Turn off Data Execution Prevention
Turn off Data URI support
Toolbars
Customize command labels
Display tabs on a separate row
Hide the Command bar
Hide the status bar
Lock all toolbars
Lock location of Stop and Refresh buttons
Turn off Developer Tools
Turn off toolbar upgrade tool
Use large icons for command buttons
Add a specific list of search providers to the user's list of search providers
Allow "Save Target As" in Internet Explorer mode
Allow Internet Explorer 8 shutdown behavior
Allow Microsoft services to provide enhanced suggestions as the user types in the Address bar
Automatically activate newly installed add-ons
Configure which channel of Microsoft Edge to use for opening redirected sites
Customize user agent string
Disable Automatic Install of Internet Explorer components
Disable changing Automatic Configuration settings
Disable changing connection settings
Disable changing secondary home page settings
Disable Import/Export Settings wizard
Disable Internet Explorer 11 as a standalone browser
Disable Periodic Check for Internet Explorer software updates
Disable showing the splash screen
Disable software update shell notifications on program launch
Do not allow users to enable or disable add-ons
Enable extended hot keys in Internet Explorer mode
Enable global window list in Internet Explorer mode
Enforce full-screen mode
Hide Internet Explorer 11 retirement notification
Install new versions of Internet Explorer automatically
Keep all intranet sites in Internet Explorer
Let users turn on and use Enterprise Mode from the Tools menu
Limit Site Discovery output by Domain
Limit Site Discovery output by Zone
Make proxy settings per-machine (rather than per-user)
Pop-up allow list
Prevent "Fix settings" functionality
Prevent access to Internet Explorer Help
Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet
Prevent bypassing SmartScreen Filter warnings
Prevent changing pop-up filter level
Prevent changing proxy settings
Prevent changing the default search provider
Prevent configuration of how windows open
Prevent configuration of new tab creation
Prevent Internet Explorer Search box from appearing
Prevent managing pop-up exception list
Prevent managing SmartScreen Filter
Prevent managing the phishing filter
Prevent participation in the Customer Experience Improvement Program
Prevent per-user installation of ActiveX controls
Prevent running First Run wizard
Reset zoom to default for HTML dialogs in Internet Explorer mode
Restrict search providers to a specific list
Security Zones: Do not allow users to add/delete sites
Security Zones: Do not allow users to change policies
Security Zones: Use only machine settings
Send all sites not included in the Enterprise Mode Site List to Microsoft Edge.
Set tab process growth
Show message when opening sites in Microsoft Edge using Enterprise Mode
Specify default behavior for a new tab
Specify use of ActiveX Installer Service for installation of ActiveX controls
Turn off ability to pin sites in Internet Explorer on the desktop
Turn off ActiveX Opt-In prompt
Turn off add-on performance notifications
Turn off Automatic Crash Recovery
Turn off browser geolocation
Turn off configuration of pop-up windows in tabbed browsing
Turn off Crash Detection
Turn off Favorites bar
Turn off Managing SmartScreen Filter for Internet Explorer 8
Turn off page-zooming functionality
Turn off pop-up management
Turn off Quick Tabs functionality
Turn off Reopen Last Browsing Session
Turn off suggestions for all user-installed providers
Turn off tabbed browsing
Turn off the auto-complete feature for web addresses
Turn off the quick pick menu
Turn off the Security Settings Check feature
Turn on ActiveX Filtering
Turn on compatibility logging
Turn on menu bar by default
Turn on Site Discovery WMI output
Turn on Site Discovery XML output
Turn on Suggested Sites
Use the Enterprise Mode IE website list
Internet Information Services
מנע התקנת IIS
Maintenance Scheduler
Automatic Maintenance Activation Boundary
Automatic Maintenance Random Delay
Automatic Maintenance WakeUp Policy
Maps
Turn off Automatic Download and Update of Map Data
Turn off unsolicited network traffic on the Offline Maps settings page
MDM
Disable MDM Enrollment
Enable automatic MDM enrollment using default Azure AD credentials
Messaging
Allow Message Service Cloud Sync
Microsoft account
Block all consumer Microsoft account user authentication
Microsoft Defender Antivirus
Client Interface
Display additional text to clients when they need to perform an action
Enable headless UI mode
Suppress all notifications
Suppresses reboot notifications
Device Control
Define device control policy groups
Define device control policy rules
Exclusions
Extension Exclusions
Path Exclusions
Process Exclusions
Turn off Auto Exclusions
MAPS
Configure local setting override for reporting to Microsoft MAPS
Configure the 'Block at First Sight' feature
Join Microsoft MAPS
Send file samples when further analysis is required
Microsoft Defender Exploit Guard
Attack Surface Reduction
Configure Attack Surface Reduction rules
Exclude files and paths from Attack Surface Reduction Rules
Controlled Folder Access
Configure allowed applications
Configure Controlled folder access
Configure protected folders
Network Protection
Prevent users and apps from accessing dangerous websites
MpEngine
Configure extended cloud check
Enable file hash computation feature
Select cloud protection level
Network Inspection System
Exclusions
IP address range Exclusions
Port number Exclusions
Process Exclusions for outbound traffic
Threat ID Exclusions
Define the rate of detection events for logging
Specify additional definition sets for network traffic inspection
Turn on definition retirement
Turn on protocol recognition
Quarantine
Configure local setting override for the removal of items from Quarantine folder
Configure removal of items from Quarantine folder
Real-time Protection
Configure local setting override for monitoring file and program activity on your computer
Configure local setting override for monitoring for incoming and outgoing file activity
Configure local setting override for scanning all downloaded files and attachments
Configure local setting override for turn on behavior monitoring
Configure local setting override to turn off Intrusion Prevention System
Configure local setting override to turn on real-time protection
Configure monitoring for incoming and outgoing file and program activity
Define the maximum size of downloaded files and attachments to be scanned
Monitor file and program activity on your computer
Scan all downloaded files and attachments
Turn off real-time protection
Turn on behavior monitoring
Turn on Information Protection Control
Turn on network protection against exploits of known vulnerabilities
Turn on process scanning whenever real-time protection is enabled
Turn on raw volume write notifications
Remediation
Configure local setting override for the time of day to run a scheduled full scan to complete remediation
Specify the day of the week to run a scheduled full scan to complete remediation
Specify the time of day to run a scheduled full scan to complete remediation
Reporting
Configure time out for detections in critically failed state
Configure time out for detections in non-critical failed state
Configure time out for detections in recently remediated state
Configure time out for detections requiring additional action
Configure Watson events
Configure Windows software trace preprocessor components
Configure WPP tracing level
Turn off enhanced notifications
Scan
Allow users to pause scan
Check for the latest virus and spyware security intelligence before running a scheduled scan
Configure local setting override for maximum percentage of CPU utilization
Configure local setting override for scheduled quick scan time
Configure local setting override for scheduled scan time
Configure local setting override for schedule scan day
Configure local setting override for the scan type to use for a scheduled scan
Configure low CPU priority for scheduled scans
Create a system restore point
Define the number of days after which a catch-up scan is forced
Run full scan on mapped network drives
Scan archive files
Scan network files
Scan packed executables
Scan removable drives
Specify the day of the week to run a scheduled scan
Specify the interval to run quick scans per day
Specify the maximum depth to scan archive files
Specify the maximum percentage of CPU utilization during a scan
Specify the maximum size of archive files to be scanned
Specify the scan type to use for a scheduled scan
Specify the time for a daily quick scan
Specify the time of day to run a scheduled scan
Start the scheduled scan only when computer is on but not in use
Turn on catch-up full scan
Turn on catch-up quick scan
Turn on e-mail scanning
Turn on heuristics
Turn on removal of items from scan history folder
Turn on reparse point scanning
Security Intelligence Updates
Allow notifications to disable security intelligence based reports to Microsoft MAPS
Allow real-time security intelligence updates based on reports to Microsoft MAPS
Allow security intelligence updates from Microsoft Update
Allow security intelligence updates when running on battery power
Check for the latest virus and spyware security intelligence on startup
Define file shares for downloading security intelligence updates
Define security intelligence location for VDI clients.
Define the number of days after which a catch-up security intelligence update is required
Define the number of days before spyware security intelligence is considered out of date
Define the number of days before virus security intelligence is considered out of date
Define the order of sources for downloading security intelligence updates
Initiate security intelligence update on startup
Specify the day of the week to check for security intelligence updates
Specify the interval to check for security intelligence updates
Specify the time to check for security intelligence updates
Turn on scan after security intelligence update
Threats
Specify threat alert levels at which default action should not be taken when detected
Specify threats upon which default action should not be taken when detected
Allow antimalware service to remain running always
Allow antimalware service to startup with normal priority
Configure detection for potentially unwanted applications
Configure local administrator merge behavior for lists
Define addresses to bypass proxy server
Define proxy auto-config (.pac) for connecting to the network
Define proxy server for connecting to the network
Randomize scheduled task times
Turn off Microsoft Defender Antivirus
Turn off routine remediation
Microsoft Defender Application Guard
Allow auditing events in Microsoft Defender Application Guard
Allow camera and microphone access in Microsoft Defender Application Guard
Allow data persistence for Microsoft Defender Application Guard
Allow files to download and save to the host operating system from Microsoft Defender Application Guard
Allow hardware-accelerated rendering for Microsoft Defender Application Guard
Allow Microsoft Defender Application Guard to use Root Certificate Authorities from the user's device
Allow users to trust files that open in Windows Defender Application Guard
Configure additional sources for untrusted files in Windows Defender Application Guard.
Configure Microsoft Defender Application Guard clipboard settings
Configure Microsoft Defender Application Guard print settings
Prevent enterprise websites from loading non-enterprise content in Microsoft Edge and Internet Explorer
Turn on Microsoft Defender Application Guard in Managed Mode
Microsoft Defender Exploit Guard
Exploit Protection
Use a common set of exploit protection settings
Microsoft Edge
Allow Address bar drop-down list suggestions
Allow Adobe Flash
Allow a shared Books folder
Allow clearing browsing data on exit
Allow configuration updates for the Books Library
Allow employees to send Do Not Track headers
Allow extended telemetry for the Books tab
Allow Extensions
Allow FullScreen Mode
Allow Microsoft Compatibility List
Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed
Allow Microsoft Edge to start and load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed
Allow printing
Allow Saving History
Allow search engine customization
Allow Sideloading of extension
Always show the Books Library in Microsoft Edge
Configure additional search engines
Configure Cookies
Configure corporate Home pages
Configure Favorites Bar
Configure Favorites
Configure Home Button
Configure kiosk mode
Configure kiosk reset after idle timeout
Configure Open Microsoft Edge With
Configure the Adobe Flash Click-to-Run setting
Configure the Enterprise Mode Site List
Disable lockdown of Start pages
Don't allow SmartScreen Filter warning overrides for unverified files
Don't allow SmartScreen Filter warning overrides
Don't allow WebRTC to share the LocalHost IP address
For PDF files that have both landscape and portrait pages, print each in its own orientation.
Keep favorites in sync between Internet Explorer and Microsoft Edge
Open a new tab with an empty tab
Prevent access to the about:flags page in Microsoft Edge
Prevent certificate error overrides
Prevent changes to Favorites on Microsoft Edge
Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start
Prevent Microsoft Edge from starting and loading the Start and New Tab page at Windows startup and each time Microsoft Edge is closed
Prevent the First Run webpage from opening on Microsoft Edge
Prevent turning off required extensions
Provision Favorites
Send all intranet sites to Internet Explorer 11
Set default search engine
Set Home Button URL
Set New Tab page URL
Show message when opening sites in Internet Explorer
Suppress the display of Edge Deprecation Notification
Turn off address bar search suggestions
Turn off Autofill
Turn off Developer Tools
Turn off InPrivate browsing
Turn off Password Manager
Turn off Pop-up Blocker
Turn off the SmartScreen Filter
Unlock Home Button
Microsoft FIDO Authentication
Enable usage of FIDO devices to sign on
Microsoft Passport for Work
PIN Complexity
Expiration
History
Maximum PIN length
Minimum PIN length
Require digits
Require lowercase letters
Require special characters
Require uppercase letters
Remote Passport
Use Remote Passport
Allow enumeration of emulated smart card for all users
Configure device unlock factors
Configure dynamic lock factors
Turn off smart card emulation
Use a hardware security device
Use biometrics
Use certificate for on-premises authentication
Use cloud trust for on-premises authentication
Use Microsoft Passport for Work
Use PIN Recovery
Use Windows Hello for Business certificates as smart card certificates
Microsoft Secondary Authentication Factor
Allow companion device for secondary authentication
Microsoft User Experience Virtualization
Applications
Access 2013 backup only
Access 2016 backup only
Calculator
Common 2013 backup only
Common 2016 backup only
Excel 2013 backup only
Excel 2016 backup only
InfoPath 2013 backup only
Internet Explorer 8
Internet Explorer 9
Internet Explorer 10
Internet Explorer 11
Internet Explorer Common Settings
Lync 2013 backup only
Lync 2016 backup only
Microsoft Access 2010
Microsoft Access 2013
Microsoft Access 2016
Microsoft Excel 2010
Microsoft Excel 2013
Microsoft Excel 2016
Microsoft InfoPath 2010
Microsoft InfoPath 2013
Microsoft Lync 2010
Microsoft Lync 2013
Microsoft Lync 2016
Microsoft Office 365 Access 2013
Microsoft Office 365 Access 2016
Microsoft Office 365 Common 2013
Microsoft Office 365 Common 2016
Microsoft Office 365 Excel 2013
Microsoft Office 365 Excel 2016
Microsoft Office 365 InfoPath 2013
Microsoft Office 365 Lync 2013
Microsoft Office 365 Lync 2016
Microsoft Office 365 OneNote 2013
Microsoft Office 365 OneNote 2016
Microsoft Office 365 Outlook 2013
Microsoft Office 365 Outlook 2016
Microsoft Office 365 PowerPoint 2013
Microsoft Office 365 PowerPoint 2016
Microsoft Office 365 Project 2013
Microsoft Office 365 Project 2016
Microsoft Office 365 Publisher 2013
Microsoft Office 365 Publisher 2016
Microsoft Office 365 SharePoint Designer 2013
Microsoft Office 365 Visio 2013
Microsoft Office 365 Visio 2016
Microsoft Office 365 Word 2013
Microsoft Office 365 Word 2016
Microsoft Office 2010 Common Settings
Microsoft Office 2013 Common Settings
Microsoft Office 2013 Upload Center
Microsoft Office 2016 Common Settings
Microsoft Office 2016 Upload Center
Microsoft OneDrive for Business 2013
Microsoft OneDrive for Business 2016
Microsoft OneNote 2010
Microsoft OneNote 2013
Microsoft OneNote 2016
Microsoft Outlook 2010
Microsoft Outlook 2013
Microsoft Outlook 2016
Microsoft PowerPoint 2010
Microsoft PowerPoint 2013
Microsoft PowerPoint 2016
Microsoft Project 2010
Microsoft Project 2013
Microsoft Project 2016
Microsoft Publisher 2010
Microsoft Publisher 2013
Microsoft Publisher 2016
Microsoft SharePoint Designer 2010
Microsoft SharePoint Designer 2013
Microsoft SharePoint Workspace 2010
Microsoft Visio 2010
Microsoft Visio 2013
Microsoft Visio 2016
Microsoft Word 2010
Microsoft Word 2013
Microsoft Word 2016
Notepad
OneNote 2013 backup only
OneNote 2016 backup only
Outlook 2013 backup only
Outlook 2016 backup only
PowerPoint 2013 backup only
PowerPoint 2016 backup only
Project 2013 backup only
Project 2016 backup only
Publisher 2013 backup only
Publisher 2016 backup only
SharePoint Designer 2013 backup only
Visio 2013 backup only
Visio 2016 backup only
Word 2013 backup only
Word 2016 backup only
WordPad
Windows Apps
Finance
Games
Maps
Music
News
Reader
Sports
Travel
Video
Weather
Configure Sync Method
Contact IT Link Text
Contact IT URL
Do not synchronize Windows Apps
Enable UEV
First Use Notification
Ping the settings storage location before sync
Settings package size warning threshold
Settings storage path
Settings template catalog path
Synchronization timeout
Synchronize Windows settings
Sync settings over metered connections even when roaming
Sync settings over metered connections
Sync Unlisted Windows Apps
Tray Icon
Use User Experience Virtualization (UE-V)
VDI Configuration
NetMeeting
הפוך שיתוף שולחן עבודה מרוחק ללא זמין
News and interests
Enable news and interests on the taskbar
OneDrive
Prevent OneDrive files from syncing over metered connections
Prevent OneDrive from generating network traffic until the user signs in to OneDrive
Prevent the usage of OneDrive for file storage
Prevent the usage of OneDrive for file storage on Windows 8.1
Save documents to OneDrive by default
OOBE
Don't launch privacy settings experience on user logon
Parental Controls
Make Parental Controls control panel visible on a Domain
Portable Operating System
Allow hibernate (S4) when starting from a Windows To Go workspace
Disallow standby sleep states (S1-S3) when starting from a Windows to Go workspace
Windows To Go Default Startup Options
Push To Install
Turn off Push To Install service
Remote Desktop Services
RD Licensing
License server security group
Prevent license upgrade
Remote Desktop Connection Client
RemoteFX USB Device Redirection
Allow RDP redirection of other supported RemoteFX USB devices from this computer
Allow .rdp files from unknown publishers
Allow .rdp files from valid publishers and user's default .rdp settings
Configure server authentication for client
Do not allow hardware accelerated decoding
Do not allow passwords to be saved
Prompt for credentials on the client computer
Specify SHA1 thumbprints of certificates representing trusted .rdp publishers
Turn Off UDP On Client
Remote Desktop Session Host
Application Compatibility
Do not use Remote Desktop Session Host server IP address when virtual IP address is not available
Select the network adapter to be used for Remote Desktop IP Virtualization
Turn off Windows Installer RDS Compatibility
Turn on Remote Desktop IP Virtualization
Connections
Allow remote start of unlisted programs
Allow users to connect remotely by using Remote Desktop Services
Automatic reconnection
Configure keep-alive connection interval
Deny logoff of an administrator logged in to the console session
Limit number of connections
Restrict Remote Desktop Services users to a single Remote Desktop Services session
Select network detection on the server
Select RDP transport protocols
Set rules for remote control of Remote Desktop Services user sessions
Suspend user sign-in to complete app registration
Turn off Fair Share CPU Scheduling
Device and Resource Redirection
Allow audio and video playback redirection
Allow audio recording redirection
Allow time zone redirection
Do not allow Clipboard redirection
Do not allow COM port redirection
Do not allow drive redirection
Do not allow LPT port redirection
Do not allow smart card device redirection
Do not allow supported Plug and Play device redirection
Do not allow video capture redirection
Limit audio playback quality
Licensing
Hide notifications about RD Licensing problems that affect the RD Session Host server
Set the Remote Desktop licensing mode
Use the specified Remote Desktop license servers
Printer Redirection
Do not allow client printer redirection
Do not set default client printer to be default printer in a session
Redirect only the default client printer
Specify RD Session Host server fallback printer driver behavior
Use Remote Desktop Easy Print printer driver first
Profiles
Limit the size of the entire roaming user profile cache
Set path for Remote Desktop Services Roaming User Profile
Set Remote Desktop Services User Home Directory
Use mandatory profiles on the RD Session Host server
RD Connection Broker
Configure RD Connection Broker farm name
Configure RD Connection Broker server name
Join RD Connection Broker
Use IP Address Redirection
Use RD Connection Broker load balancing
Remote Session Environment
RemoteFX for Windows Server 2008 R2
Configure RemoteFX
Optimize visual experience for Remote Desktop Service Sessions
Optimize visual experience when using RemoteFX
Allow desktop composition for remote desktop sessions
Always show desktop on connection
Configure compression for RemoteFX data
Configure H.264/AVC hardware encoding for Remote Desktop Connections
Configure image quality for RemoteFX Adaptive Graphics
Configure RemoteFX Adaptive Graphics
Do not allow font smoothing
Enable RemoteFX encoding for RemoteFX clients designed for Windows Server 2008 R2 SP1
Enforce Removal of Remote Desktop Wallpaper
Limit maximum color depth
Limit maximum display resolution
Limit number of monitors
Prioritize H.264/AVC 444 graphics mode for Remote Desktop Connections
Remove "Disconnect" option from Shut Down dialog
Remove Windows Security item from Start menu
Start a program on connection
Use advanced RemoteFX graphics for RemoteApp
Use hardware graphics adapters for all Remote Desktop Services sessions
Use the hardware default graphics adapter for all Remote Desktop Services sessions
Use WDDM graphics display driver for Remote Desktop Connections
Security
Always prompt for password upon connection
Do not allow local administrators to customize permissions
Require secure RPC communication
Require use of specific security layer for remote (RDP) connections
Require user authentication for remote connections by using Network Level Authentication
Server authentication certificate template
Set client connection encryption level
Session Time Limits
End session when time limits are reached
Set time limit for active but idle Remote Desktop Services sessions
Set time limit for active Remote Desktop Services sessions
Set time limit for disconnected sessions
Set time limit for logoff of RemoteApp sessions
Temporary folders
Do not delete temp folders upon exit
Do not use temporary folders per session
RSS Feeds
Prevent access to feed list
Prevent automatic discovery of feeds and Web Slices
Prevent downloading of enclosures
Prevent subscribing to or deleting a feed or a Web Slice
Turn off background synchronization for feeds and Web Slices
Turn on Basic feed authentication over HTTP
Search
OCR
Force TIFF IFilter to perform OCR for every page in a TIFF document
Select OCR language from a code page
Select OCR language
Add primary intranet search location
Add secondary intranet search locations
Allow Cloud Search
Allow Cortana above lock screen
Allow Cortana
Allow Cortana Page in OOBE on an AAD account
Allow indexing of encrypted files
Allow search and Cortana to use location
Allow search highlights
Allow use of diacritics
Always use automatic language detection when indexing content and properties
Control rich previews for attachments
Default excluded paths
Default indexed paths
Disable indexer backoff
Don't search the web or display web results in Search
Don't search the web or display web results in Search over metered connections
Do not allow locations on removable drives to be added to libraries
Do not allow web search
Enable indexing of online delegate mailboxes
Enable indexing uncached Exchange folders
Enable throttling for online mail indexing
Indexer data location
Prevent adding UNC locations to index from Control Panel
Prevent adding user-specified locations to the All Locations menu
Prevent automatically adding shared folders to the Windows Search index
Prevent clients from querying the index remotely
Prevent customization of indexed locations in Control Panel
Prevent indexing certain paths
Prevent indexing e-mail attachments
Prevent indexing files in offline files cache
Prevent indexing Microsoft Office Outlook
Prevent indexing of certain file types
Prevent indexing public folders
Prevent indexing when running on battery power to conserve energy
Prevent the display of advanced indexing options for Windows Search in the Control Panel
Prevent unwanted iFilters and protocol handlers
Preview pane location
Set large or small icon view in desktop search results
Set the SafeSearch setting for Search
Set what information is shared in Search
Stop indexing in the event of limited hard drive space
Shutdown Options
Timeout for hung logon sessions during shutdown
Turn off legacy remote shutdown interface
Software Protection Platform
Control Device Reactivation for Retail devices
Turn off KMS Client Online AVS Validation
Speech
Allow Automatic Update of Speech Data
Store
Disable all apps from Windows Store
Only display the private store within the Microsoft Store
Only display the private store within the Microsoft Store
Turn off Automatic Download and Install of updates
Turn off Automatic Download of updates on Win8 machines
Turn off the offer to update to the latest version of Windows
Turn off the Store application
Sync your settings
Do not sync app settings
Do not sync Apps
Do not sync browser settings
Do not sync desktop personalization
Do not sync
Do not sync on metered connections
Do not sync other Windows settings
Do not sync passwords
Do not sync personalize
Do not sync start settings
Tablet PC
Accessories
Do not allow Inkball to run
Do not allow printing to Journal Note Writer
Do not allow Snipping Tool to run
Do not allow Windows Journal to be run
Cursors
Turn off pen feedback
Hardware Buttons
Prevent Back-ESC mapping
Prevent launch an application
Prevent press and hold
Turn off hardware buttons
Input Panel
Disable text prediction
For tablet pen input, don't show the Input Panel icon
For touch input, don't show the Input Panel icon
Include rarely used Chinese, Kanji, or Hanja characters
Prevent Input Panel tab from appearing
Turn off AutoComplete integration with Input Panel
Turn off password security in Input Panel
Turn off tolerant and Z-shaped scratch-out gestures
Pen Flicks Learning
Prevent Flicks Learning Mode
Pen UX Behaviors
Prevent flicks
Touch Input
Turn off Tablet PC touch input
Turn off Touch Panning
הדרכת עט של Tablet PC
בטל הדרכת עט במחשב לוח
Tenant Restrictions
Cloud Policy Details
Text Input
Allow uninstallation of language features when a language is uninstalled
Improve inking and typing recognition
Windows Anytime Upgrade
מנע הפעלה של Windows Anytime Upgrade.
Windows Defender SmartScreen
Explorer
Configure App Install Control
Configure Windows Defender SmartScreen
Microsoft Edge
Configure Windows Defender SmartScreen
Prevent bypassing Windows Defender SmartScreen prompts for files
Prevent bypassing Windows Defender SmartScreen prompts for sites
Windows Error Reporting
Advanced Error Reporting Settings
Configure Corporate Windows Error Reporting
Configure Report Archive
Configure Report Queue
Default application reporting settings
List of applications to always report errors for
List of applications to be excluded
List of applications to never report errors for
Report operating system errors
דווח על אירועי כיבוי בלתי צפויים
Consent
Configure Default consent
Customize consent settings
Ignore custom consent settings
Automatically send memory dumps for OS-generated error reports
Configure Error Reporting
Disable logging
Disable Windows Error Reporting
Display Error Notification
Do not send additional data
Do not throttle additional data
Prevent display of the user interface for critical errors
Send additional data when on battery power
Send data when on connected to a restricted/costed network
Windows Game Recording and Broadcasting
Enables or disables Windows Game Recording and Broadcasting
Windows Ink Workspace
Allow suggested apps in Windows Ink Workspace
Allow Windows Ink Workspace
Windows Installer
Allow user control over installs
Allow users to browse for source while elevated
Allow users to patch elevated products
Allow users to use media source while elevated
Always install with elevated privileges
Always install with elevated privileges
Control maximum size of baseline file cache
Enforce upgrade component rules
Prevent embedded UI
Prevent Internet Explorer security prompt for Windows Installer scripts
Prevent users from using Windows Installer to install updates and upgrades
Prohibit flyweight patching
Prohibit non-administrators from applying vendor signed updates
Prohibit removal of updates
Prohibit rollback
Prohibit use of Restart Manager
Prohibit User Installs
Remove browse dialog box for new source
Save copies of transform files in a secure location on workstation
Specify the types of events Windows Installer records in its transaction log
Turn off creation of System Restore checkpoints
Turn off logging via package settings
Turn off shared components
Turn off Windows Installer
Windows Logon Options
Configure the mode of automatically signing in and locking last interactive user after a restart or cold boot
Disable or enable software Secure Attention Sequence
Display information about previous logons during user logon
Report when logon server was not available during user logon
Sign-in and lock last interactive user automatically after a restart
Windows Mail
בטל את תכונות הקהילות
הפסק את פעולתו של יישום Windows Mail
Windows Media Center
אל תאפשר הפעלה של Windows Media Center
Windows Messenger
אל תאפשר הפעלה של Windows Messenger
אל תפעיל את Windows Messenger באופן אוטומטי מראש
Windows PowerShell
Set the default source path for Update-Help
Turn on Module Logging
Turn on PowerShell Script Block Logging
Turn on PowerShell Transcription
Turn on Script Execution
Windows Remote Management (WinRM)
WinRM Client
Allow Basic authentication
Allow CredSSP authentication
Allow unencrypted traffic
Disallow Digest authentication
Disallow Kerberos authentication
Disallow Negotiate authentication
Trusted Hosts
WinRM Service
Allow Basic authentication
Allow CredSSP authentication
Allow remote server management through WinRM
Allow unencrypted traffic
Disallow Kerberos authentication
Disallow Negotiate authentication
Disallow WinRM from storing RunAs credentials
Specify channel binding token hardening level
Turn On Compatibility HTTP Listener
Turn On Compatibility HTTPS Listener
Windows Remote Shell
MaxConcurrentUsers
אפשר גישה למעטפת מרוחקת
ציין זמן קצוב של חוסר פעילות
ציין זמן קצוב של מעטפת
ציין כמות זיכרון מרבית ב- MB למעטפת
ציין מספר מרבי של פריטי מעטפת מרוחקים לכל משתמש
ציין מספר מרבי של תהליכים לכל מעטפת
Windows Security
Account protection
Hide the Account protection area
App and browser protection
Hide the App and browser protection area
Prevent users from modifying settings
Device performance and health
Hide the Device performance and health area
Device security
Disable the Clear TPM button
Hide the Device security area
Hide the Secure boot area
Hide the Security processor (TPM) troubleshooter page
Hide the TPM Firmware Update recommendation.
Enterprise Customization
Configure customized contact information
Configure customized notifications
Specify contact company name
Specify contact email address or Email ID
Specify contact phone number or Skype ID
Specify contact website
Family options
Hide the Family options area
Firewall and network protection
Hide the Firewall and network protection area
Notifications
Hide all notifications
Hide non-critical notifications
Systray
Hide Windows Security Systray
Virus and threat protection
Hide the Ransomware data recovery area
Hide the Virus and threat protection area
Windows Update
Windows Update for Business
Disable safeguards for Feature Updates
Manage preview builds
Select the target Feature Update version
Select when Preview Builds and Feature Updates are received
Select when Quality Updates are received
Allow Automatic Updates immediate installation
Allow non-administrators to receive update notifications
Allow signed updates from an intranet Microsoft update service location
Allow updates to be downloaded automatically over metered connections
Always automatically restart at the scheduled time
Automatic Updates detection frequency
Configure auto-restart reminder notifications for updates
Configure auto-restart required notification for updates
Configure auto-restart warning notifications schedule for updates
Configure Automatic Updates
Defer Upgrades and Updates
Delay Restart for scheduled installations
Display options for update notifications
Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box
Do not allow update deferral policies to cause scans against Windows Update
Do not connect to any Windows Update Internet locations
Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box
Do not include drivers with Windows Updates
Enable client-side targeting
Enabling Windows Update Power Management to automatically wake up the system to install scheduled updates
No auto-restart with logged on users for scheduled automatic updates installations
Re-prompt for restart with scheduled installations
Remove access to "Pause updates" feature
Remove access to use all Windows Update features
Reschedule Automatic Updates scheduled installations
Specify active hours range for auto-restarts
Specify deadline before auto-restart for update installation
Specify deadlines for automatic updates and restarts
Specify Engaged restart transition and notification schedule for updates
Specify intranet Microsoft update service location
Specify source service for specific classes of Windows Updates
Turn off auto-restart for updates during active hours
Turn off auto-restart notifications for update installations
Turn on recommended updates via Automatic Updates
Turn on Software Notifications
Update Power Policy for Cart Restarts
Work Folders
Force automatic setup for all users
ארונית דיגיטלית
אל תאפשר הפעלת ארונית דיגיטלית
ביומטריה
Facial Features
Configure enhanced anti-spoofing
אפשר למשתמשים להיכנס למערכת באמצעות ביומטריה
אפשר למשתמשי תחום להיכנס למערכת באמצעות ביומטריה
אפשר שימוש בביומטריה
זמן קצוב לאירועי החלפת משתמש מהיר
גיבוי
Server
Allow only system backup
Disallow locally attached storage as backup target
Disallow network as backup target
Disallow optical media as backup target
Disallow run-once backups
לקוח
בטל את היכולת לגבות קבצי נתונים
בטל את היכולת ליצור תמונת מערכת
בטל פונקציונליות של שחזור
מנע גיבוי בדיסקים מקומיים
מנע גיבוי במדיה אופטית (תקליטור/DVD)
מנע גיבוי במיקום ברשת
מנע מהמשתמש להפעיל את התוכנית 'מצב ותצורת הגיבוי'
הגדרות מצגת
בטל את הגדרות המצגת של Windows
העברת אירועים
ForwarderResourceUsage
קבע את התצורה של כתובת השרת, מרווח הזמן לרענון ורשות האישורים המנפיקה של מנהל מנוי המשמש כיעד
התוכנית לשיפור חוויית הלקוח של Windows
אפשר ניתוב מחדש ברמת הארגון של העלאות השייכות ל'תוכנית לשיפור חוויית הלקוח'
תייג את נתוני התוכנית לשיפור חוויית הלקוח של Windows עם מזהה מחקר
לוח השנה של Windows
בטל את לוח השנה של Windows
מדיניות הפעלה אוטומטית
אופן פעולה המוגדר כברירת מחדל עבור הפעלה אוטומטית
אל תגדיר את תיבת הסימון 'בצע תמיד פעולה זו'
בטל הפעלה אוטומטית
בטל הפעלה אוטומטית של התקנים שאינם אמצעי אחסון
מיקומים וחיישנים
Windows Location Provider
Turn off Windows Location Provider
בטל Scripting של מיקום
בטל מיקום
כבה חיישנים
מערכת הצבעים של Windows
מנע התקנה או הסרת התקנה של פרופילי צבעים
מציג האירועים
התוכנית Events.asp
כתובת ה- URL של Events.asp
פרמטרי שורת הפקודה של התוכנית Events.asp
מרכז האבטחה
הפעל את מרכז האבטחה (מחשבי תחום בלבד)
מרכז הניידות של Windows
בטל את מרכז הניידות של Windows
מתזמן המשימות
הסתר את תיבת הסימון 'מאפיינים מתקדמים' באשף הוספת משימה מתוזמנת
הסתר עמודי מאפיינים
מנע גרירה ושחרור
מנע הפעלה או סיום של משימה
מנע יצירת משימה חדשה
מנע מחיקת משימות
מנע עיון
ניהול זכויות דיגיטלי של Windows Media
מנע גישה לאינטרנט של Windows Media DRM
ניתוח מהימנות של Windows
הגדר תצורה של ספקי WMI של מהימנות
סיוע מקוון
בטל עזרה פעילה
סייר משחקים
בטל הורדה של מידע משחק
בטל מעקב אחר מועד המשחק האחרון של משחקים בתיקיה משחקים
בטל עדכוני משחקים
קבוצה ביתית
מנע מהמחשב להצטרף לקבוצה ביתית
רשמקול
אל תאפשר הפעלת רשמקול
שירות מתקין ActiveX
אתרי התקנה מאושרים עבור פקדי ActiveX
מדיניות התקנת ActiveX לאתרים באזורים מהימנים
Windows Media Player
אל תציג את תיבות הדו-שיח של השימוש הראשון
מנע החלקת וידאו
מנע יצירת קיצורי דרך בסרגל הכלים הפעלה מהירה
מנע יצירת קיצורי דרך בשולחן העבודה
מנע עדכונים אוטומטיים
מנע שיתוף מדיה
כרטיס חכם
אישורי כניסה מרובי מסננים
אפשר אישורים ללא תכונת אישור של שימוש במפתח מורחב
אפשר אישורים עם זמן לא חוקי
אפשר הצגה של מסך ביטול חסימה משולב בעת כניסה
אפשר מפתחות חתימה חוקיים לכניסה
אפשר רמיזת שם משתמש
אפשר שימוש באישורי ECC לצורך כניסה ואימות
הודע למשתמש על התקנה מוצלחת של מנהל התקן של כרטיס חכם
הפוך את שם הנושא המאוחסן באישור בעת הצגה
הפעל הפצת אישורי בסיס מכרטיס חכם
הפעל הפצת אישורים מכרטיס חכם
הפעל שירות הכנס-הפעל של כרטיס חכם
הצג מחרוזת כאשר הכרטיס החכם חסום
כפה קריאה של כל האישורים מהכרטיס החכם
מנע החזרת קודי PIN של טקסט רגיל על-ידי מנהל האישורים
קבע תצורה של ניקוי אישור בסיס
תבניות מנהליות (משתמשים)
Configuration Manager
User State Management Client Side Extension
Control Panel
Display
Disable the Display Control Panel
Hide Settings tab
Personalization
Enable screen saver
Force a specific visual style file or force Windows Classic
Force specific screen saver
Load a specific theme
Password protect the screen saver
Prevent changing color and appearance
Prevent changing color scheme
Prevent changing desktop background
Prevent changing desktop icons
Prevent changing mouse pointers
Prevent changing screen saver
Prevent changing sounds
Prevent changing theme
Prevent changing visual style for windows and buttons
Prohibit selection of visual style font size
Screen saver timeout
Printers
Browse a common web site to find printers
Browse the network to find printers
Default Active Directory path when searching for printers
Enable Device Control Printing Restrictions
List of Approved USB-connected print devices
Only use Package Point and print
Package Point and print - Approved servers
Point and Print Restrictions
Prevent addition of printers
Prevent deletion of printers
Turn off Windows default printer management
Programs
Hide "Get Programs" page
Hide "Installed Updates" page
Hide "Programs and Features" page
Hide "Set Program Access and Computer Defaults" page
Hide "Windows Features"
Hide "Windows Marketplace"
Hide the Programs Control Panel
Regional and Language Options
Handwriting personalization
Turn off automatic learning
Hide Regional and Language Options administrative options
Hide the geographic location option
Hide the select language group options
Hide user locale selection and customization options
Restrict selection of Windows menus and dialogs language
Restricts the UI languages Windows should use for the selected user
Turn off autocorrect misspelled words
Turn off highlight misspelled words
Turn off insert a space after selecting a text prediction
Turn off offer text predictions as I type
הוספה או הסרה של תוכניות
הסר את הוספה או הסרה של תוכניות
הסר מידע תמיכה
הסתר את האפשרות "הוסף תוכנית מתקליטור או מתקליטון"
הסתר את האפשרות "הוספת תוכניות מ- Microsoft"
הסתר את האפשרות "הוספת תוכניות מהרשת שלך"
הסתר את העמוד הוספה/הסרה של רכיבי Windows
הסתר את עמוד הגדר גישה לתוכניות וברירות מחדל
הסתר את עמוד הוספת תוכניות חדשות
הסתר את עמוד שינוי או הסרה של תוכניות
עבור ישירות אל אשף הרכיבים
ציין קטגוריית ברירת מחדל עבור הוספת תוכניות חדשות
Settings Page Visibility
הסתר את פריטי לוח הבקרה שצוינו
הצג את פריטי לוח הבקרה שצוינו בלבד
מנע גישה ללוח הבקרה
פתח תמיד את כל פריטי לוח הבקרה בעת פתיחת לוח הבקרה
Desktop
Active Directory
Enable filter in Find dialog box
Hide Active Directory folder
Maximum size of Active Directory searches
Desktop
Add/Delete items
Allow only bitmapped wallpaper
Desktop Wallpaper
Disable Active Desktop
Disable all items
Enable Active Desktop
Prohibit adding items
Prohibit changes
Prohibit closing items
Prohibit deleting items
Prohibit editing items
Don't save settings at exit
Do not add shares of recently opened documents to Network Locations
Hide and disable all items on the desktop
Hide Internet Explorer icon on desktop
Hide Network Locations icon on desktop
Prevent adding, dragging, dropping and closing the Taskbar's toolbars
Prohibit adjusting desktop toolbars
Prohibit User from manually redirecting Profile Folders
Remove Computer icon on the desktop
Remove My Documents icon on the desktop
Remove Properties from the Computer icon context menu
Remove Properties from the Documents icon context menu
Remove Properties from the Recycle Bin context menu
Remove Recycle Bin icon from desktop
Remove the Desktop Cleanup Wizard
Turn off Aero Shake window minimizing mouse gesture
Network
Offline Files
Action on server disconnect
Event logging level
Initial reminder balloon lifetime
Non-default server disconnect actions
Prevent use of Offline Files folder
Prohibit user configuration of Offline Files
Reminder balloon frequency
Reminder balloon lifetime
Remove "Make Available Offline" command
Remove "Make Available Offline" for these files and folders
Remove "Work offline" command
Specify administratively assigned Offline Files
Synchronize all offline files before logging off
Synchronize all offline files when logging on
Synchronize offline files before suspend
Turn off reminder balloons
Windows Connect Now
מנע גישה לאשפי Windows Connect Now
חיבורי רשת
הפוך הגדרות חיבורי רשת של Windows 2000 לזמינות עבור מנהלי מערכת
יכולת להפוך חיבור LAN לזמין או ללא זמין
יכולת למחוק חיבורי גישה מרחוק של כל המשתמשים
יכולת לשנות מאפיינים של חיבור גישה מרחוק של כל המשתמשים
יכולת לשנות שם של חיבורי LAN
יכולת לשנות שם של חיבורי גישה מרחוק של כל המשתמשים
כל המשתמשים יכולים לשנות שם של חיבורי LAN או חיבורי גישה מרחוק
מונע גישה לפריט 'העדפות גישה מרחוק' שבתפריט 'מתקדם'
מנע גישה לאשף ההתקשרות החדשה
מנע גישה למאפייני חיבור LAN
מנע גישה למאפיינים של רכיבי חיבור LAN
מנע גישה למאפיינים של רכיבי חיבור לגישה מרחוק
מנע גישה לפריט 'הגדרות מתקדמות' שבתפריט מתקדם
מנע הוספה או הסרה של רכיבי חיבור LAN או גישה מרחוק
מנע הפיכת רכיבי חיבור LAN לזמינים או ללא זמינים
מנע הצגת מצב של חיבור פעיל
מנע חיבור וניתוק של חיבור גישה מרחוק
מנע מחיקה של חיבורי גישה מרחוק
מנע קביעת הגדרות תצורה מתקדמות של TCP/IP
מנע שינוי מאפיינים של חיבור גישה מרחוק פרטי
מנע שינוי שם של חיבורי גישה מרחוק פרטיים
בטל דיווחים כאשר הקישוריות של חיבור מסוים מוגבלת או אינה קיימת
Shared Folders
אפשר פרסום ספריות בסיס של מערכות קבצים מבוזרות (DFS)
אפשר פרסום תיקיות משותפות
Start Menu and Taskbar
Notifications
Set the time Quiet Hours begins each day
Set the time Quiet Hours ends each day
Turn off calls during Quiet Hours
Turn off notification mirroring
Turn off notifications network usage
Turn off Quiet Hours
Turn off tile notifications
Turn off toast notifications
Turn off toast notifications on the lock screen
Turn on multiple expanded toast notifications in action center
Add "Run in Separate Memory Space" check box to Run dialog box
Add Logoff to the Start Menu
Add Search Internet link to Start Menu
Add the Run command to the Start Menu
Change Start Menu power button
Clear history of recently opened documents on exit
Clear the recent programs list for new users
Clear tile notifications during log on
Disable context menus in the Start Menu
Disable showing balloon notifications as toasts.
Do not allow pinning items in Jump Lists
Do not allow pinning programs to the Taskbar
Do not allow pinning Store app to the Taskbar
Do not allow taskbars on more than one display
Do not display any custom toolbars in the taskbar
Do not display or track items in Jump Lists from remote locations
Do not keep history of recently opened documents
Do not search communications
Do not search for files
Do not search Internet
Do not search programs and Control Panel items
Do not use the search-based method when resolving shell shortcuts
Do not use the tracking-based method when resolving shell shortcuts
Force classic Start Menu
Force Start to be either full screen size or menu size
Go to the desktop instead of Start when signing in
Gray unavailable Windows Installer programs Start Menu shortcuts
Hide the notification area
List desktop apps first in the Apps view
Lock all taskbar settings
Lock the Taskbar
Pin Apps to Start when installed
Prevent changes to Taskbar and Start Menu Settings
Prevent grouping of taskbar items
Prevent users from adding or removing toolbars
Prevent users from customizing their Start Screen
Prevent users from moving taskbar to another screen dock location
Prevent users from rearranging toolbars
Prevent users from resizing the taskbar
Prevent users from uninstalling applications from Start
Remove access to the context menus for the taskbar
Remove All Programs list from the Start menu
Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands
Remove Balloon Tips on Start Menu items
Remove Clock from the system notification area
Remove common program groups from Start Menu
Remove Default Programs link from the Start menu.
Remove Documents icon from Start Menu
Remove Downloads link from Start Menu
Remove Favorites menu from Start Menu
Remove frequent programs list from the Start Menu
Remove Games link from Start Menu
Remove Help menu from Start Menu
Remove Homegroup link from Start Menu
Remove links and access to Windows Update
Remove Logoff on the Start Menu
Remove Music icon from Start Menu
Remove Network Connections from Start Menu
Remove Network icon from Start Menu
Remove Notifications and Action Center
Remove Pictures icon from Start Menu
Remove pinned programs from the Taskbar
Remove pinned programs list from the Start Menu
Remove programs on Settings menu
Remove Recent Items menu from Start Menu
Remove Recorded TV link from Start Menu
Remove Run menu from Start Menu
Remove Search Computer link
Remove Search link from Start Menu
Remove See More Results / Search Everywhere link
Remove the "Undock PC" button from the Start Menu
Remove the battery meter
Remove the Meet Now icon
Remove the networking icon
Remove the People Bar from the taskbar
Remove the Security and Maintenance icon
Remove the volume control icon
Remove user's folders from the Start Menu
Remove user folder link from Start Menu
Remove user name from Start Menu
Remove Videos link from Start Menu
Search just apps from the Apps view
Show "Run as different user" command on Start
Show additional calendar
Show or hide "Most used" list from Start menu
Show QuickLaunch on Taskbar
Show Start on the display the user is using when they press the Windows logo key
Show the Apps view automatically when the user goes to Start
Show Windows Store apps on the taskbar
Start Layout
Turn off all balloon notifications
Turn off automatic promotion of notification icons to the taskbar
Turn off feature advertisement balloon notifications
Turn off notification area cleanup
Turn off personalized menus
Turn off taskbar thumbnails
Turn off user tracking
System
Display
Configure Per-Process System DPI settings
Driver Installation
Code signing for driver packages
Configure driver search locations
Turn off Windows Update device driver search prompt
Folder Redirection
Do not automatically make all redirected folders available offline
Do not automatically make specific redirected folders available offline
Enable optimized move of contents in Offline Files cache on Folder Redirection server path change
Redirect folders on primary computers only
Use localized subfolder names when redirecting Start Menu and My Documents
Group Policy
Configure Group Policy domain controller selection
Configure Group Policy slow link detection
Create new Group Policy Object links disabled by default
Determine if interactive users can generate Resultant Set of Policy data
Enforce Show Policies Only
Set default name for new Group Policy objects
Set Group Policy refresh interval for users
Turn off automatic update of ADM files
Internet Communication Management
Internet Communication settings
Turn off access to the Store
Turn off downloading of print drivers over HTTP
Turn off Internet download for Web publishing and online ordering wizards
Turn off Internet File Association service
Turn off printing over HTTP
Turn off the "Order Prints" picture task
Turn off the "Publish to Web" task for files and folders
Turn off the Windows Messenger Customer Experience Improvement Program
בטל את Windows Online
בטל את התוכנית לשיפור חוויית העזרה
בטל דיווח שגיאה של זיהוי כתב יד
בטל דירוג עזרה
בטל שיתוף נתוני התאמה אישית של כתב יד
Restrict Internet communication
Locale Services
Disallow changing of geographic location
Disallow selection of Custom Locales
Disallow user override of locale settings
Restrict user locales
Logon
Do not process the legacy run list
Do not process the run once list
Run these programs at user logon
Mitigation Options
Process Mitigation Options
User Profiles
Connect home directory to root of the share
Exclude directories in roaming profile
Limit profile size
Specify network directories to sync at logon/logoff time only
אפשרויות Ctrl+Alt+Del
הסר את מנהל המשימות
הסר את נעילת המחשב
הסר ניתוק
הסר שינוי סיסמה
גישה לאחסון נשלף
דיסקים נשלפים: מנע גישת כתיבה
דיסקים נשלפים: מנע גישת קריאה
התקני WPD: מנע גישת כתיבה
התקני WPD: מנע גישת קריאה
זמן (בשניות) לכפיית אתחול מחדש
כונני קלטות: מנע גישת כתיבה
כונני קלטות: מנע גישת קריאה
כונני תקליטונים: מנע גישת כתיבה
כונני תקליטונים: מנע גישת קריאה
כל מחלקות האחסון הנשלף: מנע כל גישה
מחלקות מותאמות אישית: מנע גישת כתיבה
מחלקות מותאמות אישית: מנע גישת קריאה
תקליטור ו- DVD: מנע גישת כתיבה
תקליטור ו- DVD: מנע גישת קריאה
ניהול צריכת חשמל
בקש סיסמה בעת חידוש פעולה ממצב שינה / השעיה
קבצי Script
הפעל קבצי Script לכניסה באופן מסונכרן
הפעל קבצי Script לכניסה באופן נראה לעין
הפעל קבצי Script לכניסה מדור קודם כשהם מוסתרים
הפעל קבצי Script של Windows PowerShell תחילה בעת כניסה ויציאה של משתמש
הפעל קבצי Script של יציאה באופן נראה לעין
Century interpretation for Year 2000
Custom User Interface
Do not display the Getting Started welcome screen at logon
Windows Automatic Updates
אל תפעיל את יישומי Windows שצוינו
הגבל את הפעלת התוכניות הבאות מתוך העזרה
הורד רכיבי COM חסרים
הפעל רק יישומים מוגדרים של Windows
מנע גישה אל כלי עריכת רישום
מנע גישה לשורת הפקודה
Windows Components
Application Compatibility
Turn off Program Compatibility Assistant
App runtime
Block launching desktop apps associated with a file.
Block launching desktop apps associated with a URI scheme
Calculator
Allow Graphing Calculator
Cloud Content
Configure Windows spotlight on lock screen
Do not suggest third-party content in Windows spotlight
Do not use diagnostic data for tailored experiences
Turn off all Windows spotlight features
Turn off the Windows Welcome Experience
Turn off Windows Spotlight on Action Center
Turn off Windows Spotlight on Settings
Credential User Interface
Do not display the password reveal button
Data Collection and Preview Builds
Allow Telemetry
Configure collection of browsing data for Desktop Analytics
Desktop Gadgets
Restrict unpacking and installation of gadgets that are not digitally signed.
Turn off desktop gadgets
Turn Off user-installed desktop gadgets
Desktop Window Manager
Window Frame Coloring
Do not allow color changes
Specify a default color
Do not allow Flip3D invocation
Do not allow window animations
Edge UI
Allow edge swipe
Disable help tips
Do not show recent apps when the mouse is pointing to the upper-left corner of the screen
Prevent users from replacing the Command Prompt with Windows PowerShell in the menu they see when they right-click the lower-left corner or press the Windows logo key+X
Search, Share, Start, Devices, and Settings don't appear when the mouse is pointing to the upper-right corner of the screen
Turn off switching between recent apps
Turn off tracking of app usage
File Explorer
Common Open File Dialog
Hide the common dialog back button
Hide the common dialog places bar
Hide the dropdown list of recent files
Items displayed in Places Bar
Explorer Frame Pane
Turn off Preview Pane
Turn on or off details pane
Previous Versions
Hide previous versions list for local files
Hide previous versions list for remote files
Hide previous versions of files on backup location
Prevent restoring local previous versions
Prevent restoring previous versions from backups
Prevent restoring remote previous versions
Allow only per user or approved shell extensions
Disable binding directly to IPropertySetStorage without intermediate layers.
Disable Known Folders
Display confirmation dialog when deleting files
Display the menu bar in File Explorer
Do not allow Folder Options to be opened from the Options button on the View tab of the ribbon
Do not move deleted files to the Recycle Bin
Do not request alternate credentials
Do not track Shell shortcuts during roaming
Hides the Manage item on the File Explorer context menu
Hide these specified drives in My Computer
Location where all default Library definition files for users/machines reside.
Maximum allowed Recycle Bin size
Maximum number of recent documents
No Computers Near Me in Network Locations
No Entire Network in Network Locations
Pin Internet search sites to the "Search again" links and the Start menu
Pin Libraries or Search Connectors to the "Search again" links and the Start menu
Prevent access to drives from My Computer
Prevent users from adding files to the root of their Users Files folder.
Remove "Map Network Drive" and "Disconnect Network Drive"
Remove CD Burning features
Remove DFS tab
Remove File Explorer's default context menu
Remove File menu from File Explorer
Remove Hardware tab
Remove Search button from File Explorer
Remove Security tab
Remove Shared Documents from My Computer
Remove the Search the Internet "Search again" link
Remove UI to change keyboard navigation indicator setting
Remove UI to change menu animation setting
Request credentials for network installations
Start File Explorer with ribbon minimized
Turn off caching of thumbnail pictures
Turn off common control and window animations
Turn off display of recent search entries in the File Explorer search box
Turn off numerical sorting in File Explorer
Turn off shell protocol protected mode
Turn off the display of snippets in Content view mode
Turn off Windows Key hotkeys
Turn off Windows Libraries features that rely on indexed file data
Turn on Classic Shell
אל תציג את מסך הפתיחה בעת כניסת משתמשים
בטל אחסון במטמון של תמונות ממוזערות בקבצי thumbs.db מוסתרים
בטל תצוגה של תמונות ממוזערות והצג סמלים בלבד.
בטל תצוגה של תמונות ממוזערות והצג סמלים בלבד בתיקיות רשת
File Revocation
Allow Windows Runtime apps to revoke enterprise data
IME
Configure Japanese IME version
Configure Simplified Chinese IME version
Configure Traditional Chinese IME version
Do not include Non-Publishing Standard Glyph in the candidate list
Restrict character code range of conversion
Turn off custom dictionary
Turn off history-based predictive input
Turn off Internet search integration
Turn off Open Extended Dictionary
Turn off saving auto-tuning data to file
Turn on cloud candidate for CHS
Turn on cloud candidate
Turn on lexicon update
Turn on Live Sticker
Turn on misconversion logging for misconversion report
Internet Explorer
Accelerators
Add default Accelerators
Add non-default Accelerators
Restrict Accelerators to those deployed through Group Policy
Turn off Accelerators
Administrator Approved Controls
Audio/Video Player
Carpoint
DHTML Edit Control
Investor
Menu Controls
Microsoft Agent
Microsoft Chat
Microsoft Scriptlet Component
Microsoft Survey Control
MSNBC
NetShow File Transfer Control
Shockwave Flash
Application Compatibility
Clipboard access
Bypass prompting for Clipboard access for scripts running in any process
Bypass prompting for Clipboard access for scripts running in the Internet Explorer process
Define applications and processes that can access the Clipboard without prompting
Browser menus
Disable Open in New Window menu option
Disable Save this program to disk option
File menu: Disable closing the browser and Explorer windows
File menu: Disable New menu option
File menu: Disable Open menu option
File menu: Disable Save As... menu option
File menu: Disable Save As Web Page Complete
Help menu: Remove 'For Netscape Users' menu option
Help menu: Remove 'Send Feedback' menu option
Help menu: Remove 'Tip of the Day' menu option
Help menu: Remove 'Tour' menu option
Hide Favorites menu
Tools menu: Disable Internet Options... menu option
Turn off Print Menu
Turn off Shortcut Menu
Turn off the ability to launch report site problems using a menu option
View menu: Disable Full Screen menu option
View menu: Disable Source menu option
Compatibility View
Include updated website lists from Microsoft
Turn off Compatibility View button
Turn off Compatibility View
Turn on Internet Explorer 7 Standards Mode
Turn on Internet Explorer Standards Mode for local intranet
Use Policy List of Internet Explorer 7 sites
Use Policy List of Quirks Mode sites
Delete Browsing History
Allow deleting browsing history on exit
Disable "Configuring History"
Prevent access to Delete Browsing History
Prevent deleting ActiveX Filtering, Tracking Protection, and Do Not Track data
Prevent deleting cookies
Prevent deleting download history
Prevent deleting favorites site data
Prevent deleting form data
Prevent deleting InPrivate Filtering data
Prevent deleting passwords
Prevent deleting temporary Internet files
Prevent deleting websites that the user has visited
Prevent the deletion of temporary Internet files and cookies
Internet Control Panel
Advanced Page
Allow active content from CDs to run on user machines
Allow Install On Demand (except Internet Explorer)
Allow Install On Demand (Internet Explorer)
Allow Internet Explorer to use the HTTP2 network protocol
Allow Internet Explorer to use the SPDY/3 network protocol
Allow software to run or install even if the signature is invalid
Allow third-party browser extensions
Always send Do Not Track header
Automatically check for Internet Explorer updates
Check for server certificate revocation
Check for signatures on downloaded programs
Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled
Do not allow resetting Internet Explorer settings
Do not save encrypted pages to disk
Empty Temporary Internet Files folder when browser is closed
Play animations in web pages
Play sounds in web pages
Play videos in web pages
Turn off ClearType
Turn off encryption support
Turn off loading websites and content in the background to optimize performance
Turn off Profile Assistant
Turn off sending UTF-8 query strings for URLs
Turn off the flip ahead with page prediction feature
Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows
Turn on Caret Browsing support
Turn on Enhanced Protected Mode
Use HTTP 1.1 through proxy connections
Use HTTP 1.1
Content Page
Show Content Advisor on Internet Options
General Page
Browsing History
Allow websites to store application caches on client computers
Allow websites to store indexed databases on client computers
Set application caches expiration time limit for individual domains
Set application cache storage limits for individual domains
Set default storage limits for websites
Set indexed database storage limits for individual domains
Set maximum application cache individual resource size
Set maximum application cache resource list size
Set maximum application caches storage limit for all domains
Set maximum indexed database storage limit for all domains
Start Internet Explorer with tabs from last browsing session
Security Page
Internet Zone
Access data sources across domains
Allow active content over restricted protocols to access my computer
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow loading of XAML Browser Applications
Allow loading of XAML files
Allow loading of XPS files
Allow META REFRESH
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use the TDC ActiveX control
Allow OpenSearch queries in File Explorer
Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer WebBrowser controls
Allow scriptlets
Allow updates to status bar via script
Allow VBScript to run in Internet Explorer
Allow video and animation on a webpage that uses an older media player
Allow websites to open windows without status bar or Address bar
Allow websites to prompt for information by using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Display mixed content
Don't run antimalware programs against ActiveX controls
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Enable dragging of content from different domains across windows
Enable dragging of content from different domains within a window
Enable MIME Sniffing
Include local path when user is uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Logon options
Navigate windows and frames across different domains
Render legacy filters
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Show security warning for potentially unsafe files
Software channel permissions
Submit non-encrypted form data
Turn off .NET Framework Setup
Turn off first-run prompt
Turn on Cross-Site Scripting Filter
Turn on Protected Mode
Turn on SmartScreen Filter scan
Use Pop-up Blocker
Userdata persistence
Web sites in less privileged Web content zones can navigate into this zone
Intranet Zone
Access data sources across domains
Allow active content over restricted protocols to access my computer
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow loading of XAML Browser Applications
Allow loading of XAML files
Allow loading of XPS files
Allow META REFRESH
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use the TDC ActiveX control
Allow OpenSearch queries in File Explorer
Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer WebBrowser controls
Allow scriptlets
Allow updates to status bar via script
Allow VBScript to run in Internet Explorer
Allow video and animation on a webpage that uses an older media player
Allow websites to open windows without status bar or Address bar
Allow websites to prompt for information by using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Display mixed content
Don't run antimalware programs against ActiveX controls
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Enable dragging of content from different domains across windows
Enable dragging of content from different domains within a window
Enable MIME Sniffing
Include local path when user is uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Logon options
Navigate windows and frames across different domains
Render legacy filters
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Show security warning for potentially unsafe files
Software channel permissions
Submit non-encrypted form data
Turn off .NET Framework Setup
Turn off first-run prompt
Turn on Cross-Site Scripting Filter
Turn on Protected Mode
Turn on SmartScreen Filter scan
Use Pop-up Blocker
Userdata persistence
Web sites in less privileged Web content zones can navigate into this zone
Local Machine Zone
Access data sources across domains
Allow active content over restricted protocols to access my computer
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow loading of XAML Browser Applications
Allow loading of XAML files
Allow loading of XPS files
Allow META REFRESH
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use the TDC ActiveX control
Allow OpenSearch queries in File Explorer
Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer WebBrowser controls
Allow scriptlets
Allow updates to status bar via script
Allow VBScript to run in Internet Explorer
Allow video and animation on a webpage that uses an older media player
Allow websites to open windows without status bar or Address bar
Allow websites to prompt for information by using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Display mixed content
Don't run antimalware programs against ActiveX controls
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Enable dragging of content from different domains across windows
Enable dragging of content from different domains within a window
Enable MIME Sniffing
Include local path when user is uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Logon options
Navigate windows and frames across different domains
Render legacy filters
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Show security warning for potentially unsafe files
Software channel permissions
Submit non-encrypted form data
Turn off .NET Framework Setup
Turn off first-run prompt
Turn on Cross-Site Scripting Filter
Turn on Protected Mode
Turn on SmartScreen Filter scan
Use Pop-up Blocker
Userdata persistence
Web sites in less privileged Web content zones can navigate into this zone
Locked-Down Internet Zone
Access data sources across domains
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow loading of XAML Browser Applications
Allow loading of XAML files
Allow loading of XPS files
Allow META REFRESH
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use the TDC ActiveX control
Allow OpenSearch queries in File Explorer
Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer WebBrowser controls
Allow scriptlets
Allow updates to status bar via script
Allow VBScript to run in Internet Explorer
Allow video and animation on a webpage that uses an older media player
Allow websites to open windows without status bar or Address bar
Allow websites to prompt for information by using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Display mixed content
Don't run antimalware programs against ActiveX controls
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Enable dragging of content from different domains across windows
Enable dragging of content from different domains within a window
Enable MIME Sniffing
Include local path when user is uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Logon options
Navigate windows and frames across different domains
Render legacy filters
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Show security warning for potentially unsafe files
Software channel permissions
Submit non-encrypted form data
Turn off .NET Framework Setup
Turn off first-run prompt
Turn on Cross-Site Scripting Filter
Turn on Protected Mode
Turn on SmartScreen Filter scan
Use Pop-up Blocker
Userdata persistence
Web sites in less privileged Web content zones can navigate into this zone
Locked-Down Intranet Zone
Access data sources across domains
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow loading of XAML Browser Applications
Allow loading of XAML files
Allow loading of XPS files
Allow META REFRESH
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use the TDC ActiveX control
Allow OpenSearch queries in File Explorer
Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer WebBrowser controls
Allow scriptlets
Allow updates to status bar via script
Allow VBScript to run in Internet Explorer
Allow video and animation on a webpage that uses an older media player
Allow websites to open windows without status bar or Address bar
Allow websites to prompt for information by using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Display mixed content
Don't run antimalware programs against ActiveX controls
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Enable dragging of content from different domains across windows
Enable dragging of content from different domains within a window
Enable MIME Sniffing
Include local path when user is uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Logon options
Navigate windows and frames across different domains
Render legacy filters
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Show security warning for potentially unsafe files
Software channel permissions
Submit non-encrypted form data
Turn off .NET Framework Setup
Turn off first-run prompt
Turn on Cross-Site Scripting Filter
Turn on Protected Mode
Turn on SmartScreen Filter scan
Use Pop-up Blocker
Userdata persistence
Web sites in less privileged Web content zones can navigate into this zone
Locked-Down Local Machine Zone
Access data sources across domains
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow loading of XAML Browser Applications
Allow loading of XAML files
Allow loading of XPS files
Allow META REFRESH
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use the TDC ActiveX control
Allow OpenSearch queries in File Explorer
Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer WebBrowser controls
Allow scriptlets
Allow updates to status bar via script
Allow VBScript to run in Internet Explorer
Allow video and animation on a webpage that uses an older media player
Allow websites to open windows without status bar or Address bar
Allow websites to prompt for information by using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Display mixed content
Don't run antimalware programs against ActiveX controls
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Enable dragging of content from different domains across windows
Enable dragging of content from different domains within a window
Enable MIME Sniffing
Include local path when user is uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Logon options
Navigate windows and frames across different domains
Render legacy filters
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Show security warning for potentially unsafe files
Software channel permissions
Submit non-encrypted form data
Turn off .NET Framework Setup
Turn off first-run prompt
Turn on Cross-Site Scripting Filter
Turn on Protected Mode
Turn on SmartScreen Filter scan
Use Pop-up Blocker
Userdata persistence
Web sites in less privileged Web content zones can navigate into this zone
Locked-Down Restricted Sites Zone
Access data sources across domains
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow loading of XAML Browser Applications
Allow loading of XAML files
Allow loading of XPS files
Allow META REFRESH
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use the TDC ActiveX control
Allow OpenSearch queries in File Explorer
Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer WebBrowser controls
Allow scriptlets
Allow updates to status bar via script
Allow VBScript to run in Internet Explorer
Allow video and animation on a webpage that uses an older media player
Allow websites to open windows without status bar or Address bar
Allow websites to prompt for information by using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Display mixed content
Don't run antimalware programs against ActiveX controls
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Enable dragging of content from different domains across windows
Enable dragging of content from different domains within a window
Enable MIME Sniffing
Include local path when user is uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Logon options
Navigate windows and frames across different domains
Render legacy filters
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Show security warning for potentially unsafe files
Software channel permissions
Submit non-encrypted form data
Turn off .NET Framework Setup
Turn off first-run prompt
Turn on Cross-Site Scripting Filter
Turn on Protected Mode
Turn on SmartScreen Filter scan
Use Pop-up Blocker
Userdata persistence
Web sites in less privileged Web content zones can navigate into this zone
Locked-Down Trusted Sites Zone
Access data sources across domains
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow loading of XAML Browser Applications
Allow loading of XAML files
Allow loading of XPS files
Allow META REFRESH
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use the TDC ActiveX control
Allow OpenSearch queries in File Explorer
Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer WebBrowser controls
Allow scriptlets
Allow updates to status bar via script
Allow VBScript to run in Internet Explorer
Allow video and animation on a webpage that uses an older media player
Allow websites to open windows without status bar or Address bar
Allow websites to prompt for information by using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Display mixed content
Don't run antimalware programs against ActiveX controls
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Enable dragging of content from different domains across windows
Enable dragging of content from different domains within a window
Enable MIME Sniffing
Include local path when user is uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Logon options
Navigate windows and frames across different domains
Render legacy filters
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Show security warning for potentially unsafe files
Software channel permissions
Submit non-encrypted form data
Turn off .NET Framework Setup
Turn off first-run prompt
Turn on Cross-Site Scripting Filter
Turn on Protected Mode
Turn on SmartScreen Filter scan
Use Pop-up Blocker
Userdata persistence
Web sites in less privileged Web content zones can navigate into this zone
Restricted Sites Zone
Access data sources across domains
Allow active content over restricted protocols to access my computer
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow loading of XAML Browser Applications
Allow loading of XAML files
Allow loading of XPS files
Allow META REFRESH
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use the TDC ActiveX control
Allow OpenSearch queries in File Explorer
Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer WebBrowser controls
Allow scriptlets
Allow updates to status bar via script
Allow VBScript to run in Internet Explorer
Allow video and animation on a webpage that uses an older media player
Allow websites to open windows without status bar or Address bar
Allow websites to prompt for information by using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Display mixed content
Don't run antimalware programs against ActiveX controls
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Enable dragging of content from different domains across windows
Enable dragging of content from different domains within a window
Enable MIME Sniffing
Include local path when user is uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Logon options
Navigate windows and frames across different domains
Render legacy filters
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Show security warning for potentially unsafe files
Software channel permissions
Submit non-encrypted form data
Turn off .NET Framework Setup
Turn off first-run prompt
Turn on Cross-Site Scripting Filter
Turn on Protected Mode
Turn on SmartScreen Filter scan
Use Pop-up Blocker
Userdata persistence
Web sites in less privileged Web content zones can navigate into this zone
Trusted Sites Zone
Access data sources across domains
Allow active content over restricted protocols to access my computer
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow loading of XAML Browser Applications
Allow loading of XAML files
Allow loading of XPS files
Allow META REFRESH
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use the TDC ActiveX control
Allow OpenSearch queries in File Explorer
Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer WebBrowser controls
Allow scriptlets
Allow updates to status bar via script
Allow VBScript to run in Internet Explorer
Allow video and animation on a webpage that uses an older media player
Allow websites to open windows without status bar or Address bar
Allow websites to prompt for information by using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Display mixed content
Don't run antimalware programs against ActiveX controls
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Enable dragging of content from different domains across windows
Enable dragging of content from different domains within a window
Enable MIME Sniffing
Include local path when user is uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Logon options
Navigate windows and frames across different domains
Render legacy filters
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Show security warning for potentially unsafe files
Software channel permissions
Submit non-encrypted form data
Turn off .NET Framework Setup
Turn off first-run prompt
Turn on Cross-Site Scripting Filter
Turn on Protected Mode
Turn on SmartScreen Filter scan
Use Pop-up Blocker
Userdata persistence
Web sites in less privileged Web content zones can navigate into this zone
Internet Zone Template
Intranet Sites: Include all local (intranet) sites not listed in other zones
Intranet Sites: Include all network paths (UNCs)
Intranet Sites: Include all sites that bypass the proxy server
Intranet Zone Template
Local Machine Zone Template
Locked-Down Internet Zone Template
Locked-Down Intranet Zone Template
Locked-Down Local Machine Zone Template
Locked-Down Restricted Sites Zone Template
Locked-Down Trusted Sites Zone Template
Restricted Sites Zone Template
Site to Zone Assignment List
Trusted Sites Zone Template
Turn on automatic detection of intranet
Turn on certificate address mismatch warning
Turn on Notification bar notification for intranet content
Disable the Advanced page
Disable the Connections page
Disable the Content page
Disable the General page
Disable the Privacy page
Disable the Programs page
Disable the Security page
Prevent ignoring certificate errors
Send internationalized domain names
Use UTF-8 for mailto links
Internet Settings
Advanced settings
Browsing
Go to an intranet site for a one-word entry in the Address bar
Hide the button (next to the New Tab button) that opens Microsoft Edge
Turn off configuring underline links
Turn off details in messages about Internet connection problems
Turn off page transitions
Turn off phone number detection
Turn off smooth scrolling
Turn on script debugging
Turn on the display of script errors
Internet Connection Wizard Settings
Start the Internet Connection Wizard automatically
Multimedia
Allow Internet Explorer to play media files that use alternative codecs
Allow the display of image download placeholders
Turn off automatic image resizing
Turn off image display
Turn off smart image dithering
Printing
Turn on printing of background colors and images
Searching
Prevent configuration of search on Address bar
Prevent configuration of top-result search on Address bar
Signup Settings
Turn on automatic signup
AutoComplete
Turn off inline AutoComplete in File Explorer
Turn off URL Suggestions
Turn off Windows Search AutoComplete
Turn on inline AutoComplete
Display settings
General Colors
Prevent specifying background color
Prevent specifying text color
Prevent the use of Windows colors
Link Colors
Prevent specifying the color of links that have already been clicked
Prevent specifying the color of links that have not yet been clicked
Prevent specifying the hover color
Turn on the hover color option
Prevent choosing default text size
URL Encoding
Turn off sending URL path as UTF-8
Open Internet Explorer tiles on the desktop
Set how links are opened in Internet Explorer
Offline Pages
Disable adding channels
Disable adding schedules for offline pages
Disable all scheduled offline pages
Disable channel user interface completely
Disable downloading of site subscription content
Disable editing and creating of schedule groups
Disable editing schedules for offline pages
Disable offline page hit logging
Disable removing channels
Disable removing schedules for offline pages
Subscription Limits
Persistence Behavior
File size limits for Internet zone
File size limits for Intranet zone
File size limits for Local Machine zone
File size limits for Restricted Sites zone
File size limits for Trusted Sites zone
Privacy
Establish InPrivate Filtering threshold
Establish Tracking Protection threshold
Prevent the computer from loading toolbars and Browser Helper Objects when InPrivate Browsing starts
Turn off collection of InPrivate Filtering data
Turn off InPrivate Browsing
Turn off InPrivate Filtering
Turn off Tracking Protection
Security Features
Add-on Management
Add-on List
All Processes
Deny all add-ons unless specifically allowed in the Add-on List
Process List
Remove "Run this time" button for outdated ActiveX controls in Internet Explorer
Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects
Turn off automatic download of the ActiveX VersionList
Turn off blocking of outdated ActiveX controls for Internet Explorer
Turn off blocking of outdated ActiveX controls for Internet Explorer on specific domains
Turn on ActiveX control logging in Internet Explorer
AJAX
Allow native XMLHTTP support
Change the maximum number of connections per host (HTTP 1.1)
Maximum number of connections per server (HTTP 1.0)
Set the maximum number of WebSocket connections per server
Turn off cross-document messaging
Turn off the WebSocket Object
Turn off the XDomainRequest object
Binary Behavior Security Restriction
Admin-approved behaviors
All Processes
Install binaries signed by MD2 and MD4 signing technologies
Internet Explorer Processes
Process List
Consistent Mime Handling
All Processes
Internet Explorer Processes
Process List
Local Machine Zone Lockdown Security
All Processes
Internet Explorer Processes
Process List
Mime Sniffing Safety Feature
All Processes
Internet Explorer Processes
Process List
MK Protocol Security Restriction
All Processes
Internet Explorer Processes
Process List
Network Protocol Lockdown
Restricted Protocols Per Security Zone
Internet Zone Restricted Protocols
Intranet Zone Restricted Protocols
Local Machine Zone Restricted Protocols
Restricted Sites Zone Restricted Protocols
Trusted Sites Zone Restricted Protocols
All Processes
Internet Explorer Processes
Process List
Notification bar
All Processes
Internet Explorer Processes
Process List
Object Caching Protection
All Processes
Internet Explorer Processes
Process List
Protection From Zone Elevation
All Processes
Internet Explorer Processes
Process List
Restrict ActiveX Install
All Processes
Internet Explorer Processes
Process List
Restrict File Download
All Processes
Internet Explorer Processes
Process List
Scripted Window Security Restrictions
All Processes
Internet Explorer Processes
Process List
Do not display the reveal password button
Turn off Data URI support
Toolbars
Configure Toolbar Buttons
Customize command labels
Disable customizing browser toolbar buttons
Disable customizing browser toolbars
Display tabs on a separate row
Hide the Command bar
Hide the status bar
Lock all toolbars
Lock location of Stop and Refresh buttons
Turn off Developer Tools
Turn off toolbar upgrade tool
Use large icons for command buttons
Add a specific list of search providers to the user's list of search providers
Allow "Save Target As" in Internet Explorer mode
Allow Internet Explorer 8 shutdown behavior
Allow Microsoft services to provide enhanced suggestions as the user types in the Address bar
Automatically activate newly installed add-ons
Configure Media Explorer Bar
Configure Outlook Express
Configure which channel of Microsoft Edge to use for opening redirected sites
Customize user agent string
Disable AutoComplete for forms
Disable caching of Auto-Proxy scripts
Disable changing accessibility settings
Disable changing Advanced page settings
Disable changing Automatic Configuration settings
Disable changing Calendar and Contact settings
Disable changing certificate settings
Disable changing color settings
Disable changing connection settings
Disable changing default browser check
Disable changing font settings
Disable changing home page settings
Disable changing language settings
Disable changing link color settings
Disable changing Messaging settings
Disable changing Profile Assistant settings
Disable changing ratings settings
Disable changing secondary home page settings
Disable changing Temporary Internet files settings
Disable external branding of Internet Explorer
Disable Import/Export Settings wizard
Disable Internet Connection wizard
Disable Internet Explorer 11 as a standalone browser
Disable the Reset Web Settings feature
Display error message on proxy script download failure
Do not allow users to enable or disable add-ons
Enable extended hot keys in Internet Explorer mode
Enable global window list in Internet Explorer mode
Enforce full-screen mode
Hide Internet Explorer 11 retirement notification
Identity Manager: Prevent users from using Identities
Keep all intranet sites in Internet Explorer
Let users turn on and use Enterprise Mode from the Tools menu
Limit Site Discovery output by Domain
Limit Site Discovery output by Zone
Notify users if Internet Explorer is not the default web browser
Pop-up allow list
Position the menu bar above the navigation bar
Prevent "Fix settings" functionality
Prevent access to Internet Explorer Help
Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet
Prevent bypassing SmartScreen Filter warnings
Prevent changing pop-up filter level
Prevent changing proxy settings
Prevent changing the default search provider
Prevent configuration of how windows open
Prevent configuration of new tab creation
Prevent Internet Explorer Search box from appearing
Prevent managing pop-up exception list
Prevent managing SmartScreen Filter
Prevent managing the phishing filter
Prevent participation in the Customer Experience Improvement Program
Prevent per-user installation of ActiveX controls
Prevent running First Run wizard
Reset zoom to default for HTML dialogs in Internet Explorer mode
Restrict search providers to a specific list
Search: Disable Find Files via F3 within the browser
Search: Disable Search Customization
Send all sites not included in the Enterprise Mode Site List to Microsoft Edge.
Set tab process growth
Show message when opening sites in Microsoft Edge using Enterprise Mode
Specify default behavior for a new tab
Specify use of ActiveX Installer Service for installation of ActiveX controls
Turn off ability to pin sites in Internet Explorer on the desktop
Turn off ActiveX Opt-In prompt
Turn off add-on performance notifications
Turn off Automatic Crash Recovery
Turn off browser geolocation
Turn off configuration of pop-up windows in tabbed browsing
Turn off Crash Detection
Turn off Favorites bar
Turn off Managing SmartScreen Filter for Internet Explorer 8
Turn off page-zooming functionality
Turn off pop-up management
Turn off Quick Tabs functionality
Turn off Reopen Last Browsing Session
Turn off suggestions for all user-installed providers
Turn off tabbed browsing
Turn off Tab Grouping
Turn off the auto-complete feature for web addresses
Turn off the quick pick menu
Turn off the Security Settings Check feature
Turn on ActiveX Filtering
Turn on compatibility logging
Turn on menu bar by default
Turn on Site Discovery WMI output
Turn on Site Discovery XML output
Turn on Suggested Sites
Turn on the auto-complete feature for user names and passwords on forms
Use Automatic Detection for dial-up connections
Use the Enterprise Mode IE website list
Microsoft Edge
Allow Address bar drop-down list suggestions
Allow Adobe Flash
Allow a shared Books folder
Allow clearing browsing data on exit
Allow configuration updates for the Books Library
Allow employees to send Do Not Track headers
Allow extended telemetry for the Books tab
Allow Extensions
Allow FullScreen Mode
Allow Microsoft Compatibility List
Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed
Allow Microsoft Edge to start and load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed
Allow printing
Allow Saving History
Allow search engine customization
Allow Sideloading of extension
Always show the Books Library in Microsoft Edge
Configure additional search engines
Configure Cookies
Configure corporate Home pages
Configure Favorites Bar
Configure Favorites
Configure Home Button
Configure kiosk mode
Configure kiosk reset after idle timeout
Configure Open Microsoft Edge With
Configure the Adobe Flash Click-to-Run setting
Configure the Enterprise Mode Site List
Disable lockdown of Start pages
Don't allow SmartScreen Filter warning overrides for unverified files
Don't allow SmartScreen Filter warning overrides
Don't allow WebRTC to share the LocalHost IP address
For PDF files that have both landscape and portrait pages, print each in its own orientation.
Keep favorites in sync between Internet Explorer and Microsoft Edge
Open a new tab with an empty tab
Prevent access to the about:flags page in Microsoft Edge
Prevent certificate error overrides
Prevent changes to Favorites on Microsoft Edge
Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start
Prevent Microsoft Edge from starting and loading the Start and New Tab page at Windows startup and each time Microsoft Edge is closed
Prevent the First Run webpage from opening on Microsoft Edge
Prevent turning off required extensions
Provision Favorites
Send all intranet sites to Internet Explorer 11
Set default search engine
Set Home Button URL
Set New Tab page URL
Show message when opening sites in Internet Explorer
Suppress the display of Edge Deprecation Notification
Turn off address bar search suggestions
Turn off Autofill
Turn off Developer Tools
Turn off InPrivate browsing
Turn off Password Manager
Turn off Pop-up Blocker
Turn off the SmartScreen Filter
Unlock Home Button
Microsoft Management Console
יישומי Snap-in שהוגבלו/הותרו
יישומי Snap-in של הרחבות
DFS Management Extension
Disk Management Extension
File Server Resource Manager Extension
Share and Storage Management Extension
SNMP
Storage Manager for SANS Extension
אחסון נשלף
גישה מרחוק
הגדרות מדיניות של רשות אישורים
הרחבת תצורת DCOM
חיוג שירות גישה מרחוק (RAS) - צומת משתמש
יחסי תלות של שירות
כוננים לוגיים וכוננים ממופים
מאפייני מערכת
מנהל ההרשאות
מנהל ההתקנים
מציג האירועים (Windows Vista)
מציג האירועים
ניהול ממסר פרוטוקול תצורת מארח דינאמי (DHCP)
ניתוב AppleTalk
ניתוב IGMP
ניתוב IP
ניתוב IPX
ניתוב IPX RIP
ניתוב IPX SAP
ניתוב
ניתוב OSPF
ניתוב RIP
סיומת של תיקיות משותפות
פרוטוקול דואר פשוט (SMTP)
פריטי מדיניות של מפתחות ציבוריים
רישום שירות אימות באינטרנט (IAS)
שיתוף חיבורים (NAT)
שליחת הודעת מסוף
תצוגה מורחבת (תצוגת אינטרנט)
מדיניות קבוצתית
Preference snap-in extensions
Permit use of Application snap-ins
Permit use of Applications preference extension
Permit use of Control Panel Settings (Computers)
Permit use of Control Panel Settings (Users)
Permit use of Data Sources preference extension
Permit use of Devices preference extension
Permit use of Drive Maps preference extension
Permit use of Environment preference extension
Permit use of Files preference extension
Permit use of Folder Options preference extension
Permit use of Folders preference extension
Permit use of Ini Files preference extension
Permit use of Internet Settings preference extension
Permit use of Local Users and Groups preference extension
Permit use of Network Options preference extension
Permit use of Network Shares preference extension
Permit use of Power Options preference extension
Permit use of Preferences tab
Permit use of Printers preference extension
Permit use of Regional Options preference extension
Permit use of Registry preference extension
Permit use of Scheduled Tasks preference extension
Permit use of Services preference extension
Permit use of Shortcuts preference extension
Permit use of Start Menu preference extension
הרחבות יישומי עזר של המדיניות הקבוצתית
הגדרות אבטחה
חומת האש של Windows עם אבטחה מתקדמת
ניהול מדיניות של אבטחת IP
ניתוב מחדש של תיקיות
פריטי מדיניות של רשת אלחוטית (IEEE 802.11)
פריטי מדיניות של רשת מחווטת (IEEE 802.3)
קבצי Script (הפעלה/כיבוי)
קבצי Script (כניסה/יציאה)
שירותי התקנה מרחוק
תבניות מנהליות (מחשבים)
תבניות מנהליות (משתמשים)
תחזוקת Internet Explorer
תצורת לקוח NAP
התקנת תוכנה (מחשבים)
התקנת תוכנה (משתמשים)
הרחבות יישומי עזר של מערכת תוצאות של מדיניות
הגדרות אבטחה
ניתוב מחדש של תיקיות
קבצי Script (הפעלה/כיבוי)
קבצי Script (כניסה/יציאה)
תבניות מנהליות (מחשבים)
תבניות מנהליות (משתמשים)
תחזוקת Internet Explorer
התקנת תוכנה (מחשבים)
התקנת תוכנה (משתמשים)
Group Policy Management Editor
Group Policy Starter GPO Editor
Snap-in של מערכת תוצאות של מדיניות
כרטיסיית מדיניות קבוצתית עבור כלים של Active Directory
ניהול מדיניות קבוצתית
עורך אובייקט המדיניות הקבוצתית
DFS Management
Enterprise PKI
File Server Resource Manager
Internet Information Services
Share and Storage Management
Storage Manager for SANs
אישורים
אתרים ושירותים של Active Directory
בקרת WMI
בקרת אבטחת IP
בקרת כניסה של איכות השירות (QoS)
הרחבות שרת FrontPage
חומת האש של Windows עם אבטחה מתקדמת
טלפוניה
יומני רישום והתראות של ביצועים
מאחה הדיסק
מידע מערכת
מנהל אשכולות של מעבר לגיבוי בעת כשל
מנהל ההתקנים
מנהל השרתים
מערכת קבצים מבוזרת
מציג האירועים (Windows Vista)
מציג האירועים
משיב מקוון
משתמשים ומחשבים של Active Directory
משתמשים מקומיים וקבוצות מקומיות
ניהול TPM
ניהול אחסון נשלף
ניהול דיסקים
ניהול מדיניות של אבטחת IP
ניהול מחשב
ניתוב וגישה מרחוק
עריכת ADSI
פקד ActiveX
צג אלחוטי
קביעת תצורה וניתוח של אבטחה
קישור לכתובת אינטרנט
רשות אישורים
רשות לרישום תקינות (HRA)
שולחנות עבודה מרוחקים
שירות אימות באינטרנט (IAS)
שירותים
שירות יצירת האינדקסים
שירותי רכיבים
שירות פקס
שרת מדיניות רשת (NPS)
תבניות אבטחה
תחומים ויחסי אמון של Active Directory
תיקיות משותפות
תצורת לקוח NAP
תצורת שירותי שולחן עבודה מרוחק
תצורת .Net Framework
תבניות אישורים
הגבל משתמשים לרשימת יישומי Snap-in שהותרו במפורש
מנע מהמשתמש להיכנס למצב מחבר
Microsoft Passport for Work
PIN Complexity
Expiration
History
Maximum PIN length
Minimum PIN length
Require digits
Require lowercase letters
Require special characters
Require uppercase letters
Use certificate for on-premises authentication
Microsoft User Experience Virtualization
Applications
Access 2013 backup only
Access 2016 backup only
Calculator
Common 2013 backup only
Common 2016 backup only
Excel 2013 backup only
Excel 2016 backup only
InfoPath 2013 backup only
Internet Explorer 8
Internet Explorer 9
Internet Explorer 10
Internet Explorer 11
Internet Explorer Common Settings
Lync 2013 backup only
Lync 2016 backup only
Microsoft Access 2010
Microsoft Access 2013
Microsoft Access 2016
Microsoft Excel 2010
Microsoft Excel 2013
Microsoft Excel 2016
Microsoft InfoPath 2010
Microsoft InfoPath 2013
Microsoft Lync 2010
Microsoft Lync 2013
Microsoft Lync 2016
Microsoft Office 365 Access 2013
Microsoft Office 365 Access 2016
Microsoft Office 365 Common 2013
Microsoft Office 365 Common 2016
Microsoft Office 365 Excel 2013
Microsoft Office 365 Excel 2016
Microsoft Office 365 InfoPath 2013
Microsoft Office 365 Lync 2013
Microsoft Office 365 Lync 2016
Microsoft Office 365 OneNote 2013
Microsoft Office 365 OneNote 2016
Microsoft Office 365 Outlook 2013
Microsoft Office 365 Outlook 2016
Microsoft Office 365 PowerPoint 2013
Microsoft Office 365 PowerPoint 2016
Microsoft Office 365 Project 2013
Microsoft Office 365 Project 2016
Microsoft Office 365 Publisher 2013
Microsoft Office 365 Publisher 2016
Microsoft Office 365 SharePoint Designer 2013
Microsoft Office 365 Visio 2013
Microsoft Office 365 Visio 2016
Microsoft Office 365 Word 2013
Microsoft Office 365 Word 2016
Microsoft Office 2010 Common Settings
Microsoft Office 2013 Common Settings
Microsoft Office 2013 Upload Center
Microsoft Office 2016 Common Settings
Microsoft Office 2016 Upload Center
Microsoft OneDrive for Business 2013
Microsoft OneDrive for Business 2016
Microsoft OneNote 2010
Microsoft OneNote 2013
Microsoft OneNote 2016
Microsoft Outlook 2010
Microsoft Outlook 2013
Microsoft Outlook 2016
Microsoft PowerPoint 2010
Microsoft PowerPoint 2013
Microsoft PowerPoint 2016
Microsoft Project 2010
Microsoft Project 2013
Microsoft Project 2016
Microsoft Publisher 2010
Microsoft Publisher 2013
Microsoft Publisher 2016
Microsoft SharePoint Designer 2010
Microsoft SharePoint Designer 2013
Microsoft SharePoint Workspace 2010
Microsoft Visio 2010
Microsoft Visio 2013
Microsoft Visio 2016
Microsoft Word 2010
Microsoft Word 2013
Microsoft Word 2016
Notepad
OneNote 2013 backup only
OneNote 2016 backup only
Outlook 2013 backup only
Outlook 2016 backup only
PowerPoint 2013 backup only
PowerPoint 2016 backup only
Project 2013 backup only
Project 2016 backup only
Publisher 2013 backup only
Publisher 2016 backup only
SharePoint Designer 2013 backup only
Visio 2013 backup only
Visio 2016 backup only
Word 2013 backup only
Word 2016 backup only
WordPad
Windows Apps
Finance
Games
Maps
Music
News
Reader
Sports
Travel
Video
Weather
Configure Sync Method
Do not synchronize Windows Apps
Ping the settings storage location before sync
Settings package size warning threshold
Settings storage path
Synchronization timeout
Synchronize Windows settings
Sync settings over metered connections even when roaming
Sync settings over metered connections
Use User Experience Virtualization (UE-V)
VDI Configuration
Multitasking
Configure the inclusion of Microsoft Edge tabs into Alt-Tab
NetMeeting
וידאו ושמע
הגבל את רוחב הפס של וידאו ושמע
הפוך שמע בדופלקס מלא ללא זמין
הפוך שמע ללא זמין
מנע קבלת וידאו
מנע שינוי הגדרת שמע של DirectSound
מנע שליחת וידאו
עמוד אפשרויות
הסתר את העמוד 'אבטחה'
הסתר את העמוד 'וידאו'
הסתר את העמוד 'כללי'
הסתר את העמוד 'שמע'
הפוך את לחצן התקשרות מתקדמת ללא זמין
שיתוף יישומים
אל תאפשר שיתוף יישומים
מנע שיתוף
מנע שיתוף חלונות סייר
מנע שיתוף יישומים בצבע מלא
מנע שיתוף שולחן העבודה
מנע שיתוף שורות פקודה
מנע שליטה
אפשר קביעת תצורה אוטומטית
אפשר קבלה אוטומטית עקבית של שיחות
בטל שירותי מדריך כתובות
הגבל את גודלם של קבצים שנשלחים
הגדר אפשרויות אבטחת שיחות
הגדר את דף התמיכה של האינטרא-נט
הפוך את Chat ללא זמין
הפוך את Whiteboard ללא זמין
הפוך את לוח ציור של NetMeeting 2.x ללא זמין
מנע את שינוי שיטת ביצוע השיחות
מנע הוספת שרתי מדריך כתובות
מנע הצגת מדריך כתובות באינטרנט
מנע קבלה אוטומטית של שיחות
מנע קבלת קבצים
מנע שליחת קבצים
OOBE
Don't launch privacy settings experience on user logon
Remote Desktop Services
RD Gateway
Enable connection through RD Gateway
Set RD Gateway authentication method
Set RD Gateway server address
RemoteApp and Desktop Connections
Specify default connection URL
Remote Desktop Connection Client
Allow .rdp files from unknown publishers
Allow .rdp files from valid publishers and user's default .rdp settings
Do not allow passwords to be saved
Specify SHA1 thumbprints of certificates representing trusted .rdp publishers
Remote Desktop Session Host
Connections
Set rules for remote control of Remote Desktop Services user sessions
Device and Resource Redirection
Allow time zone redirection
Do not allow Clipboard redirection
Printer Redirection
Redirect only the default client printer
Use Remote Desktop Easy Print printer driver first
Remote Session Environment
Always show desktop on connection
Remove remote desktop wallpaper
Start a program on connection
Session Time Limits
End session when time limits are reached
Set time limit for active but idle Remote Desktop Services sessions
Set time limit for active Remote Desktop Services sessions
Set time limit for disconnected sessions
Set time limit for logoff of RemoteApp sessions
RSS Feeds
Prevent access to feed list
Prevent automatic discovery of feeds and Web Slices
Prevent downloading of enclosures
Prevent subscribing to or deleting a feed or a Web Slice
Turn off background synchronization for feeds and Web Slices
Turn on Basic feed authentication over HTTP
Search
Default excluded paths
Default indexed paths
Prevent adding UNC locations to index from Control Panel
Prevent customization of indexed locations in Control Panel
Prevent indexing certain paths
Turn off storage and display of search history
Store
Only display the private store within the Microsoft Store
Only display the private store within the Microsoft Store
Turn off the offer to update to the latest version of Windows
Turn off the Store application
Tablet PC
Accessories
Do not allow Inkball to run
Do not allow printing to Journal Note Writer
Do not allow Snipping Tool to run
Do not allow Windows Journal to be run
Cursors
Turn off pen feedback
Hardware Buttons
Prevent Back-ESC mapping
Prevent launch an application
Prevent press and hold
Turn off hardware buttons
Input Panel
Disable text prediction
For tablet pen input, don't show the Input Panel icon
For touch input, don't show the Input Panel icon
Include rarely used Chinese, Kanji, or Hanja characters
Prevent Input Panel tab from appearing
Turn off AutoComplete integration with Input Panel
Turn off password security in Input Panel
Turn off tolerant and Z-shaped scratch-out gestures
Pen Flicks Learning
Prevent Flicks Learning Mode
Pen UX Behaviors
Prevent flicks
Touch Input
Turn off Tablet PC touch input
Turn off Touch Panning
הדרכת עט של Tablet PC
בטל הדרכת עט במחשב לוח
Windows Anytime Upgrade
מנע הפעלה של Windows Anytime Upgrade.
Windows Defender SmartScreen
Microsoft Edge
Configure Windows Defender SmartScreen
Prevent bypassing Windows Defender SmartScreen prompts for files
Prevent bypassing Windows Defender SmartScreen prompts for sites
Windows Error Reporting
Advanced Error Reporting Settings
Configure Report Archive
Configure Report Queue
List of applications to be excluded
Consent
Configure Default consent
Customize consent settings
Ignore custom consent settings
Automatically send memory dumps for OS-generated error reports
Disable logging
Disable Windows Error Reporting
Do not send additional data
Do not throttle additional data
Send additional data when on battery power
Send data when on connected to a restricted/costed network
Windows Installer
Always install with elevated privileges
Always install with elevated privileges
Prevent removable media source for any installation
Prohibit rollback
Specify the order in which Windows Installer searches for installation files
Windows Logon Options
Remove logon hours expiration warnings
Report when logon server was not available during user logon
Set action to take when logon hours expire
Windows Mail
בטל את תכונות הקהילות
הפסק את פעולתו של יישום Windows Mail
Windows Media Center
אל תאפשר הפעלה של Windows Media Center
Windows Messenger
אל תאפשר הפעלה של Windows Messenger
אל תפעיל את Windows Messenger באופן אוטומטי מראש
Windows PowerShell
Set the default source path for Update-Help
Turn on Module Logging
Turn on PowerShell Script Block Logging
Turn on PowerShell Transcription
Turn on Script Execution
Windows Update
Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box
Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box
Remove access to use all Windows Update features
Work Folders
Enables the use of Token Broker for AD FS authentication
Specify Work Folders settings
ארונית דיגיטלית
אל תאפשר הפעלת ארונית דיגיטלית
גיבוי
לקוח
בטל את היכולת לגבות קבצי נתונים
בטל את היכולת ליצור תמונת מערכת
בטל פונקציונליות של שחזור
מנע גיבוי בדיסקים מקומיים
מנע גיבוי במדיה אופטית (תקליטור/DVD)
מנע גיבוי במיקום ברשת
מנע מהמשתמש להפעיל את התוכנית 'מצב ותצורת הגיבוי'
הגדרות מצגת
בטל את הגדרות המצגת של Windows
חיפוש מיידי
ספק חיפוש באינטרנט של 'חיפוש מיידי' מותאם אישית
לוח השנה של Windows
בטל את לוח השנה של Windows
מדיניות הפעלה אוטומטית
אופן פעולה המוגדר כברירת מחדל עבור הפעלה אוטומטית
אל תגדיר את תיבת הסימון 'בצע תמיד פעולה זו'
בטל הפעלה אוטומטית
בטל הפעלה אוטומטית של התקנים שאינם אמצעי אחסון
מיקומים וחיישנים
בטל Scripting של מיקום
בטל מיקום
כבה חיישנים
מנהל הקבצים המצורפים
אל תשמור מידע לגבי אזור בקבצים מצורפים
הודע לתוכניות אנטי-וירוס בעת פתיחת קבצים מצורפים
הסתר מנגנונים להסרת מידע אודות אזור
לוגיקת אמון עבור קבצים מצורפים
רמת הסיכון המהווה ברירת מחדל עבור קבצים מצורפים
רשימת כלילה עבור סוגי קבצים בסיכון בינוני
רשימת כלילה עבור סוגי קבצים בסיכון גבוה
רשימת כלילה עבור סוגי קבצים בסיכון נמוך
מערכת הצבעים של Windows
מנע התקנה או הסרת התקנה של פרופילי צבעים
מרכז הניידות של Windows
בטל את מרכז הניידות של Windows
מתזמן המשימות
הסתר את תיבת הסימון 'מאפיינים מתקדמים' באשף הוספת משימה מתוזמנת
הסתר עמודי מאפיינים
מנע גרירה ושחרור
מנע הפעלה או סיום של משימה
מנע יצירת משימה חדשה
מנע מחיקת משימות
מנע עיון
רשמקול
אל תאפשר הפעלת רשמקול
שיתוף ברשת
מניעה ממשתמשים לשתף קבצים בתוך הפרופיל שלהם.
Windows Media Player
הפעלה
אפשר שומר מסך
מנע הורדת Codec
ממשק משתמש
אל תציג עוגן
הגדר ונעל מעטפת
הסתר את הכרטיסיה אבטחה
הסתר את הכרטיסיה פרטיות
רשת
הסתר את הכרטיסיה רשת
פרוטוקולי מדיה של זרימה
קביעת תצורה של MMS Proxy
קבע תצורה של אגירת רשת
קבע תצורה של שרת HTTP Proxy
קבע תצורה של שרת Proxy של RTSP
מניעת אחזור של תחנות רדיו קבועות מראש
מנע אחזור פרטי מדיה אודות קובץ מוסיקה
מנע אחזור פרטי מדיה אודות תקליטורים ודיסקי DVD
Enable auto-subscription
×
Search in Group Policy Administrative Templates