Toggle navigation
Group Policy Home
Windows 11 and Windows Server 2022
(current)
中文(香港特別行政區)
Czech (Czech Republic)
čeština (Česká republika)
Danish (Denmark)
dansk (Danmark)
German (Germany)
Deutsch (Deutschland)
Greek (Greece)
Ελληνικά (Ελλάδα)
English (United States)
English (United States)
Spanish (Spain, International Sort)
Español (España, alfabetización internacional)
Finnish (Finland)
suomi (Suomi)
French (France)
français (France)
Hungarian (Hungary)
magyar (Magyarország)
Italian (Italy)
italiano (Italia)
Japanese (Japan)
日本語 (日本)
Korean (Korea)
한국어 (대한민국)
Norwegian, Bokmål (Norway)
norsk, bokmål (Norge)
Dutch (Netherlands)
Nederlands (Nederland)
Polish (Poland)
polski (Polska)
Portuguese (Brazil)
Português (Brasil)
Portuguese (Portugal)
português (Portugal)
Russian (Russia)
русский (Россия)
Swedish (Sweden)
svenska (Sverige)
Turkish (Turkey)
Türkçe (Türkiye)
Chinese (Simplified, PRC)
中文(中华人民共和国)
Chinese (Traditional, Taiwan)
中文(台灣)
Search
Servicing
支援的作業系統:
至少需要 Windows Server 2012、Windows 8 或 Windows RT
servicing.admx
系統管理範本 (電腦)
Control Panel
Regional and Language Options
Handwriting personalization
Turn off automatic learning
Allow users to enable online speech recognition services
Block clean-up of unused language packs
Force selected system UI language to overwrite the user UI language
Restrict Language Pack and Language Feature Installation
Restricts the UI language Windows uses for all logged users
使用者帳戶
將預設的帳戶圖片套用到所有使用者
個人化
Prevent lock screen background motion
不要顯示鎖定畫面
強制使用特定的 [開始] 畫面背景
強制使用特定的預設鎖定畫面影像
強制使用特定背景色彩和輔色
防止啟用鎖定畫面投影片放映
防止啟用鎖定畫面相機
防止變更鎖定畫面的影像
防止變更開始功能表的背景
Allow Online Tips
Settings Page Visibility
Network
BranchCache
設定 BranchCache 分散式快取模式
設定 BranchCache 託管快取模式
設定用戶端 BranchCache 版本支援
設定用於用戶端電腦快取的磁碟空間百分比
設定用於網路檔案的 BranchCache
設定託管快取伺服器
設定資料快取中的區段留存時間
透過服務連接點啟用自動託管快取探索
開啟 BranchCache
DirectAccess 用戶端經驗設定
DirectAccess 被動模式
IPsec 通道端點
使用者介面
允許慣用本機名稱
公司資源
支援電子郵件地址
易記名稱
自訂命令
DNS Client
Allow DNS suffix appending to unqualified multi-label name queries
Allow NetBT queries for fully qualified domain names
Configure DNS over HTTPS (DoH) name resolution
Connection-specific DNS suffix
DNS servers
DNS suffix search list
Dynamic update
IDN mapping
Prefer link local responses over DNS when received over a network with higher precedence
Primary DNS suffix devolution level
Primary DNS suffix devolution
Primary DNS suffix
Register DNS records with connection-specific DNS suffix
Register PTR records
Registration refresh interval
Replace addresses in conflicts
TTL value for A and PTR records
Turn off IDN encoding
Turn off multicast name resolution
Turn off smart multi-homed name resolution
Turn off smart protocol reordering
Update security level
Update top level domain zones
Fonts
Enable Font Providers
LanMan 伺服器
BranchCache 的雜湊版本支援
BranchCache 的雜湊發行
加密套件順序
加密套件順序優先權
Lanman 工作站
Handle Caching on Continuous Availability Shares
Offline Files Availability on Continuous Availability Shares
加密套件順序
啟用不安全的來賓登入
Microsoft 對等網路服務
對等名稱解析通訊協定
全域定域機組
將 PNRP 定域機組設定為僅解析
設定種子伺服器
關閉 PNRP 定域機組建立
關閉多點傳送啟動載入
站台-本機定域機組
將 PNRP 定域機組設定為僅解析
設定種子伺服器
關閉 PNRP 定域機組建立
關閉多點傳送啟動載入
連結-本機定域機組
將 PNRP 定域機組設定為僅解析
設定種子伺服器
關閉 PNRP 定域機組建立
關閉多點傳送啟動載入
停用對等群組的密碼強度驗證
關閉 Microsoft 對等網路服務
QoS 封包排程器
不合格封包的 DSCP 數值
保證服務類型
性質服務類型
控制載入服務類型
最佳成就服務類型
網路控制服務類型
合格封包的 DSCP 數值
保證服務類型
性質服務類型
控制載入服務類型
最佳成就服務類型
網路控制服務類型
層級-2 優先順序值
不合格的封包
保證服務類型
性質服務類型
控制載入服務類型
最佳成就服務類型
網路控制服務類型
設定計時器解析
限制可保留的頻寬
限制未送的封包
SNMP
指定公用群體設陷
指定群體
指定許可的管理員
SSL 組態設定
ECC 曲線順序
SSL 加密套件順序
TCPIP 設定值
IPv6 轉換技術
設定 6to4 狀態
設定 6to4 轉送名稱
設定 6to4 轉送名稱解析間隔
設定 IP-HTTPS 狀態
設定 ISATAP 狀態
設定 ISATAP 路由器名稱
設定 Teredo 伺服器名稱
設定 Teredo 狀態
設定 Teredo 用戶端連接埠
設定 Teredo 重新整理速率
設定 Teredo 預設為合格
參數
設定 IP 無狀態自動設定限制狀態
設定窗口縮放啟發學習法狀態
Windows Connect Now
使用 Windows Connect Now 進行無線設定
禁止存取 Windows Connect Now 精靈
Windows 連線管理員
Enable Windows to soft-disconnect a computer from a network
停用連線待命模式的電源管理
最小化網際網路或 Windows 網域的同時連線數目
當連線到通過網域驗證的網路時,禁止連線到非網域網路
禁止漫遊行動寬頻網路的連線
WLAN 服務
WLAN 媒體成本
設定成本
WLAN 設定
允許 Windows 自動連線到建議的開放式熱點、連絡人分享的網路或提供付費服務的熱點
WWAN 服務
Cellular Data Access
Let Windows apps access cellular data
WWAN UI Settings
Set Per-App Cellular Access UI Visibility
WWAN 媒體成本
設定 3G 成本
設定 4G 成本
作用區驗證
啟用作用區驗證
無線顯示器
偏好 PIN 配對
需要 PIN 配對
網路提供者
已強化的 UNC 路徑
網路連線
Windows 防火牆
標準設定檔
Windows 防火牆:不允許例外
Windows 防火牆:保護所有網路連線
Windows 防火牆:允許 ICMP 例外
Windows 防火牆:允許本機程式例外
Windows 防火牆:允許本機連接埠例外
Windows 防火牆:允許記錄
Windows 防火牆:允許輸入的 UPnP 架構例外
Windows 防火牆:允許輸入的檔案和印表機共用例外
Windows 防火牆:允許輸入的遠端桌面例外
Windows 防火牆:允許輸入的遠端系統管理例外
Windows 防火牆:定義輸入的程式例外
Windows 防火牆:定義輸入的連接埠例外
Windows 防火牆:禁止單點傳送回應到多點傳送或廣播要求
Windows 防火牆:禁止通知
網域設定檔
Windows 防火牆:不允許例外
Windows 防火牆:保護所有網路連線
Windows 防火牆:允許 ICMP 例外
Windows 防火牆:允許本機程式例外
Windows 防火牆:允許本機連接埠例外
Windows 防火牆:允許記錄
Windows 防火牆:允許輸入的 UPnP 架構例外
Windows 防火牆:允許輸入的檔案和印表機共用例外
Windows 防火牆:允許輸入的遠端桌面例外
Windows 防火牆:允許輸入的遠端系統管理例外
Windows 防火牆:定義輸入的程式例外
Windows 防火牆:定義輸入的連接埠例外
Windows 防火牆:禁止單點傳送回應到多點傳送或廣播要求
Windows 防火牆:禁止通知
Windows 防火牆:允許經過驗證的 IPSec 繞道
不顯示 [僅本機存取] 網路圖示
禁止在您的 DNS 網域網路上安裝、設定及使用網路橋接
禁止在您的 DNS 網域網路中使用網際網路連線共用
禁止在您的 DNS 網域網路中使用網際網路連線防火牆
要求網域使用者在設定網路的位置時必須提升權限
透過內部網路路由傳送所有流量
網路連線狀態指示器
Specify global DNS
指定公司 DNS 探查主機位址
指定公司 DNS 探查主機名稱
指定公司站台首碼清單
指定公司網站探查 URL
指定網域位置判定 URL
指定被動輪詢
網路隔離
Domains categorized as both work and personal
Enterprise resource domains hosted in the cloud
Proxy 定義具有權限
子網路定義具有權限
應用程式的內部網路 Proxy 伺服器
應用程式的私人網路範圍
應用程式的網際網路 Proxy 伺服器
背景智慧型傳送服務 (BITS)
不允許 BITS 用戶端使用 Windows 分支快取
不允許此電腦做為 BITS 對等快取伺服器
不允許此電腦做為 BITS 對等快取用戶端
允許 BITS 對等快取
設定工作排程以限制用於 BITS 背景傳送的最大網路頻寬
設定維護排程以限制用於 BITS 背景傳送的最大網路頻寬
針對成本已評估網路上的 BITS 工作設定預設下載行為
限制 BITS 對等快取中檔案的留存時間
限制 BITS 對等快取的大小
限制 BITS 工作下載時間上限
限制 BITS 工作中可新增至檔案的最大範圍數目
限制 BITS 工作中所允許的最大檔案數目
限制 BITS 背景傳送的最大網路頻寬
限制對等快取的最大網路頻寬
限制此電腦的最大 BITS 工作數目
限制每個使用者的最大 BITS 工作數目
非使用中 BITS 工作的逾時
連結階層拓樸搜索
開啟 Mapper I/O (LLTDIO) 驅動程式
開啟 Responder (RSPNDR) 驅動程式
離線檔案
事件記錄層級
伺服器中斷連線時的動作
備忘提醒出現頻率
備忘提醒存留時間
備忘提醒的初始存留時間
允許或禁止使用離線檔案功能
加密離線檔案快取
啟用廣域網路快取
啟用檔案檢測
在付費網路中啟用檔案同步處理
在暫停之前同步處理離線檔案
子資料夾永遠可離線瀏覽
指定系統管理指派的離線檔案
檔案並未進入快取
登入時將所有離線檔案同步處理
登出前對所有離線檔案進行同步處理
登出時移除使用者離線檔案的本機複本
禁止使用者設定離線檔案
移除 [設定成可離線瀏覽] 命令
移除 [離線工作] 命令
移除這些檔案和資料夾的 [設定成可離線瀏覽]
設定低速連結模式
設定低速連結速度
設定背景同步處理
開啟以系統管理方式指派之離線檔案的經濟應用程式
關閉備忘提醒
防止使用離線檔案資料夾
限制離線檔案使用的磁碟空間
非預設的伺服器中斷連線時的動作
預設快取大小
設定 DFS 用戶端搜尋網域控制站的頻率
Printers
Activate Internet printing
Add Printer wizard - Network scan page (Managed network)
Add Printer wizard - Network scan page (Unmanaged network)
Allow job name in event logs
Always rasterize content to be printed using a software rasterizer
Always render print jobs on the server
Change Microsoft XPS Document Writer (MXDW) default output format to the legacy Microsoft XPS format (*.xps)
Computer location
Custom support URL in the Printers folder's left pane
Disallow installation of printers using kernel-mode drivers
Do not allow v4 printer drivers to show printer extensions
Enable Device Control Printing Restrictions
Execute print drivers in isolated processes
Extend Point and Print connection to search Windows Update
Isolate print drivers from applications
List of Approved USB-connected print devices
Only use Package Point and print
Override print driver execution compatibility setting reported by print driver
Package Point and print - Approved servers
Point and Print Restrictions
Pre-populate printer search location text
Printer browsing
允許公佈印表機
允許列印多工緩衝處理器接受用戶端連線
允許剪除已公佈的印表機
剪除無法自動重新公佈的印表機
檢查公佈狀態
目錄剪除優先順序
目錄剪除重試
目錄剪除間隔
自動在 Active Directory 上公佈新的印表機
記錄目錄剪除重試事件
Start Menu and Taskbar
Notifications
Enables group policy for the WNS FQDN
Turn off notifications network usage
Disable context menus in the Start Menu
Do not keep history of recently opened documents
Force Start to be either full screen size or menu size
Pin Apps to Start when installed
Remove "Recently added" list from Start Menu
Remove All Programs list from the Start menu
Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands
Remove frequent programs list from the Start Menu
Show or hide "Most used" list from Start menu
Start Layout
System
App-V
CEIP
Microsoft Customer Experience Improvement Program (CEIP)
Client Coexistence
Enable Migration Mode
Integration
Integration Root Global
Integration Root User
Roaming File Exclusions
Roaming Registry Exclusions
PackageManagement
Enable automatic cleanup of unused appv packages
PowerManagement
Enable background sync to server when on battery power
Publishing
Enable Publishing Refresh UX
Publishing Server 1 Settings
Publishing Server 2 Settings
Publishing Server 3 Settings
Publishing Server 4 Settings
Publishing Server 5 Settings
Reporting
Reporting Server
Scripting
Enable Package Scripts
Streaming
Allow First Time Application Launches if on a High Cost Windows 8 Metered Connection
Certificate Filter For Client SSL
Enable Support for BranchCache
Location Provider
Package Installation Root
Package Source Root
Reestablishment Interval
Reestablishment Retries
Require Publish As Admin
Shared Content Store (SCS) mode
Specify what to load in background (aka AutoLoad)
Verify certificate revocation list
Virtualization
Enable Dynamic Virtualization
Virtual Component Process Allow List
Enable App-V Client
Device Health Attestation Service
Enable Device Health Attestation Monitoring and Reporting
Display
Configure Per-Process System DPI settings
Turn off GdiDPIScaling for applications
Turn on GdiDPIScaling for applications
Filesystem
NTFS
Do not allow compression on all NTFS volumes
Do not allow encryption on all NTFS volumes
Enable / disable TXF deprecated features
Enable NTFS non-paged pool usage
Enable NTFS pagefile encryption
NTFS default tier
NTFS parallel flush threshold
NTFS parallel flush worker threads
Short name creation options
Disable delete notifications on all volumes
Enable Win32 long paths
Selectively allow the evaluation of a symbolic link
Internet Communication Management
Internet Communication settings
如果 URL 連線正在參照 Microsoft.com 時,關閉網際網路連線精靈
如果 URL 連線正在參照 Microsoft.com 時,關閉註冊
關閉 HTTP 上的列印
關閉 Windows Messenger 客戶經驗改進計畫
關閉 Windows Update 裝置驅動程式搜尋
關閉 Windows 客戶經驗改進計畫
關閉 Windows 網路連線狀態指示器使用中測試
關閉 Windows 錯誤報告
關閉 [訂購沖印] 圖片工作
關閉事件檢視器 "Events.asp" 連結
關閉個人化手寫資料共用
關閉對所有 Windows Update 功能的存取
關閉市集的存取權
關閉手寫辨識錯誤報告
關閉搜尋小幫手內容檔更新
關閉檔案及資料夾的 [發佈到網站] 工作
關閉網際網路檔案關聯服務
關閉網頁發佈和線上訂購精靈的網際網路下載
關閉自動根憑證更新
關閉說明及支援中心 Microsoft 知識庫搜尋
關閉說明及支援中心的「您知道嗎?」內容
關閉透過 HTTP 下載印表機驅動程式
限制網際網路通訊
iSCSI
iSCSI 安全性
不允許未使用 IPSec 的連線
不允許未使用單向 CHAP 的工作階段
不允許未使用相互 CHAP 的工作階段
不允許變更啟動器 CHAP 密碼
iSCSI 目標搜索
不允許手動設定 iSNS 伺服器
不允許手動設定找到的目標
不允許手動設定目標入口網站
不允許透過手動設定新增目標
一般 iSCSI
不允許其他工作階段登入
不允許變更啟動器 iqn 名稱
KDC
KDC support for PKInit Freshness Extension
KDC 支援宣告、複合驗證以及 Kerberos 保護
使用樹系搜尋順序
大型 Kerberos 票證的警告
提供用戶端電腦有關先前登入的資訊
要求複合驗證
Kerberos
Allow retrieving the cloud kerberos ticket during the logon
Kerberos 用戶端支援宣告、複合驗證以及 Kerberos 保護
一律先傳送複合驗證
使用樹系搜尋順序
停用 KDC Proxy 伺服器 SSL 憑證的撤銷檢查
定義主機名稱與 Kerberos 領域對應
定義可在內部操控的 Kerberos V5 領域設定
對遠端程序呼叫要求嚴格的目標 SPN 比對
指定 Kerberos 用戶端的 KDC Proxy 伺服器
支援使用憑證進行裝置驗證
支援複合驗證
無法使用 Kerberos 保護時,驗證要求會失敗
要求嚴格的 KDC 驗證
設定 Kerberos SSPI 內容權杖緩衝區大小上限
Kernel DMA Protection
Enumeration policy for external devices incompatible with Kernel DMA Protection
Locale Services
Disallow changing of geographic location
Disallow copying of user input methods to the system account for sign-in
Disallow selection of Custom Locales
Disallow user override of locale settings
Restrict system locales
Restrict user locales
Net Logon
DC Locator DNS Records
Do not process incoming mailslot messages used for domain controller location based on NetBIOS domain names
Do not use NetBIOS-based discovery for domain controller location when DNS-based discovery fails
Force Rediscovery Interval
Return domain controller address type
Set Priority in the DC Locator DNS SRV records
Set TTL in the DC Locator DNS Records
Set Weight in the DC Locator DNS SRV records
Specify address lookup behavior for DC locator ping
Specify DC Locator DNS records not registered by the DCs
Specify dynamic registration of the DC Locator DNS Records
Specify Refresh Interval of the DC Locator DNS records
Specify sites covered by the application directory partition DC Locator DNS SRV records
Specify sites covered by the DC Locator DNS SRV records
Specify sites covered by the GC Locator DNS SRV Records
Try Next Closest Site
Use automated site coverage by the DC Locator DNS SRV Records
Use DNS name resolution when a single-label domain name is used, by appending different registered DNS suffixes, if the AllowSingleLabelDnsDomain setting is not enabled.
Use DNS name resolution with a single-label domain name instead of NetBIOS name resolution to locate the DC
Use lowercase DNS host names when registering domain controller SRV records
Allow cryptography algorithms compatible with Windows NT 4.0
Contact PDC on logon failure
Set Netlogon share compatibility
Set scavenge interval
Set SYSVOL share compatibility
Specify expected dial-up delay on logon
Specify log file debug output level
Specify maximum log file size
Specify negative DC Discovery cache setting
Specify positive periodic DC Cache refresh for non-background callers
Specify site name
Use final DC discovery retry setting for background callers
Use initial DC discovery retry setting for background callers
Use maximum DC discovery retry interval setting for background callers
Use positive periodic DC cache refresh for background callers
Use urgent mode when pinging domain controllers
OS Policies
Allow Clipboard History
Allow Clipboard synchronization across devices
Allow publishing of User Activities
Allow upload of User Activities
Enables Activity Feed
PIN 複雜度
到期
最大 PIN 長度
最小 PIN 長度
歷程記錄
需要數字
需要有大寫字母
需要有小寫字母
需要有特殊字元
Security Account Manager
Configure validation of ROCA-vulnerable WHfB keys during authentication
Service Control Manager Settings
Security Settings
Enable svchost.exe mitigation options
Storage Health
Allow downloading updates to the Disk Failure Prediction Model
Storage Sense
Allow Storage Sense
Allow Storage Sense Temporary Files cleanup
Configure Storage Sense cadence
Configure Storage Sense Cloud Content dehydration threshold
Configure Storage Sense Recycle Bin cleanup threshold
Configure Storage Storage Downloads cleanup threshold
Troubleshooting and Diagnostics
Microsoft 支援服務診斷工具
Microsoft 支援服務診斷工具: 設定執行層級
Microsoft 支援服務診斷工具: 開啟 MSDT 與支援提供者的互動式通訊
Microsoft 支援服務診斷工具: 限制工具下載
Troubleshooting: Allow users to access recommended troubleshooting for known problems
MSI 損毀檔案修復
設定 MSI 損毀檔案修復行為
Windows 待命/繼續效能診斷
設定狀況執行層級
Windows 效能 PerfTrack
啟用/停用 PerfTrack
Windows 系統回應效能診斷
設定狀況執行層級
Windows 記憶體遺漏診斷
設定狀況執行層級
Windows 資源耗損偵測與解析
設定狀況執行層級
Windows 開機效能診斷
設定狀況執行層級
Windows 關機效能診斷
設定狀況執行層級
執行指令的診斷
為執行指令的診斷設定安全性原則
疑難排解: 允許使用者存取和執行疑難排解精靈
疑難排解: 允許使用者從 [疑難排解控制台] 存取 Microsoft 伺服器上的線上疑難排解內容 (經由 Windows 線上疑難排解服務 - WOTS)
容錯堆積
設定狀況執行層級
應用程式相容性診斷
偵測應用程式和驅動程式的相容性問題
偵測應用程式安裝失敗
偵測應用程式無法在 UAC 下啟動安裝程式
偵測由過時的 COM 物件所造成的應用程式失敗
偵測由過時的 Windows DLL 所造成的應用程式失敗
偵測需要以系統管理員身分執行的應用程式安裝程式
通知封鎖的驅動程式
排程維護
設定排程維護行為
損毀檔案修復
設定損毀檔案修復行為
磁碟診斷
磁碟診斷: 設定執行層級
磁碟診斷: 設定自訂警訊文字
診斷: 設定狀況保留
診斷: 設定狀況執行層級
Windows 時間服務
時間提供者
啟用 Windows NTP 伺服器
啟用 Windows NTP 用戶端
設定 Windows NTP 用戶端
全域設定值
Windows 檔案保護
指定 Windows 檔案保護的快取位置
設定 Windows 檔案保護掃描
限制 Windows 檔案保護快取大小
隱藏檔案掃描進度視窗
伺服器管理員
登入時不要自動顯示 [初始設定工作] 視窗
登入時不要自動顯示伺服器管理員
設定伺服器管理員的重新整理間隔
使用者設定檔
不要以暫存設定檔登入使用者
不要檢查漫遊設定檔資料夾的使用者擁有權
保留 Windows Installer 和群組原則軟體安裝資料
停用低速網路連線偵測功能
偵測到低速網路連線時提示使用者
刪除漫遊設定檔的快取複本
只在主要電腦下載漫遊設定檔
只能使用本機使用者設定檔
在系統重新啟動時,刪除超過所指定天數的使用者設定檔
如果使用者有漫遊使用者設定檔或遠端主目錄,設定網路的最大等待時間
將 Administrators 安全性群組加入漫遊使用者設定檔
建立對話方塊的逾時值
應用程式 (非傳統型應用程式) 的共用使用者名稱、帳戶圖片和網域資訊的使用者管理
控制低速網路連線對使用者設定檔的等候時間
為登入此電腦的所有使用者設定漫遊設定檔路徑
等待遠端使用者設定檔
解除載入及更新使用者設定檔的最多重試次數
設定使用者主資料夾
設定在使用者已登入的狀態下,於背景上傳漫遊使用者設定檔登錄檔案的排程
請勿在使用者登出時強制卸載使用者登錄
關閉廣告識別碼
防止漫遊設定檔變更傳播到伺服器
分散式 COM
應用程式相容性設定
允許本機啟動安全性檢查豁免
定義啟動安全性檢查豁免
可信賴平台模組服務
Configure the system to clear the TPM if it is not in a ready state.
Configure the system to use legacy Dictionary Attack Prevention Parameters setting for TPM 2.0.
忽略封鎖 TPM 命令的本機清單
忽略封鎖 TPM 命令的預設清單
標準使用者個別鎖定閾值
標準使用者鎖定期間
標準使用者鎖定總閾值
設定作業系統可用的 TPM 擁有者授權資訊的層級
設定封鎖 TPM 命令的清單
增強的存放區存取
不允許 Windows 啟用增強的存放裝置
不允許增強存放裝置的密碼驗證
不允許非增強的抽取式存放裝置
只允許連接 USB 根集線器的增強存放裝置
設定您的電腦可用的 IEEE 1667 定址接收器清單
設定您的電腦可用的增強存放裝置清單
電腦為鎖定狀態時,鎖定增強的存放區
復原
允許將系統還原到預設狀態
抽取式存放裝置存取權
CD 與 DVD: 拒絕執行存取權
CD 與 DVD: 拒絕寫入存取權
CD 與 DVD: 拒絕讀取存取權
WPD 裝置: 拒絕寫入存取權
WPD 裝置: 拒絕讀取存取權
所有抽取式儲存裝置: 允許在遠端工作階段中直接存取
所有抽取式儲存裝置類別: 拒絕所有存取
抽取式磁碟: 拒絕執行存取權
抽取式磁碟: 拒絕寫入存取權
抽取式磁碟: 拒絕讀取存取權
磁帶機: 拒絕執行存取權
磁帶機: 拒絕寫入存取權
磁帶機: 拒絕讀取存取權
自訂類別: 拒絕寫入存取權
自訂類別: 拒絕讀取存取權
設定強制重新開機的時間 (秒)
軟碟機: 拒絕執行存取權
軟碟機: 拒絕寫入存取權
軟碟機: 拒絕讀取存取權
拒絕存取時的協助
用戶端的所有檔案類型啟用拒絕存取時的協助
自訂拒絕存取錯誤訊息
指令碼
使用者登入、登出時先執行 Windows PowerShell 指令碼
停用 NetBIOS 或 WINS 時允許登入指令碼
同步執行登入指令檔
執行啟動指令碼時顯示其中的指示。
執行關機指令碼時顯示其中的指示。
指定群組原則指令碼的最長等待時間
電腦啟動、關機時先執行 Windows PowerShell 指令碼
非同步執行啟動指令碼
檔案共用陰影複製提供者
允許或不允許使用加密來保護檔案共用陰影複製提供者 (在應用程式伺服器上執行 ) 和檔案共用陰影複製代理程式 (在檔案伺服器上執行) 之間的 RPC 通訊協定訊息。
檔案分類基礎結構
檔案分類基礎結構: 在 [檔案總管] 中顯示 [分類] 索引標籤
檔案分類基礎結構: 指定分類屬性清單
登入
Block user from showing account details on sign-in
Show clear logon background
Turn on security key sign-in
不要列舉加入網域電腦上的連線使用者
不要處理只執行一次清單
不要處理舊版執行清單
不要顯示網路選取 UI
允許使用者選取從連線待命繼續執行時需要輸入密碼
列舉加入網域電腦上的本機使用者
指定登入的預設網域
指派預設認證提供者
排除認證提供者
永遠使用傳統登入
永遠使用自訂登入背景
永遠在電腦啟動及登入時等待網路啟動
當使用者登入時執行這些程式
登入時不要顯示 [開始使用] 的歡迎畫面
開啟方便的 PIN 登入
關閉 Windows 啟動音效
關閉圖片密碼登入
關閉鎖定畫面上的應用程式通知
隱藏快速切換使用者的進入點
顯示首次登入動畫
磁碟 NV 快取
關閉固態模式
關閉快取電源模式
關閉開機和繼續最佳化
關閉靜態快取功能
磁碟配額
啟用磁碟配額
套用原則到抽取式媒體
強制執行磁碟配額限制
指定預設配額限制和警告等級
當超過配額警告等級時記錄事件
當超過配額限制時記錄事件
稽核建立處理程序
在建立處理程序事件中包含命令列
系統還原
關閉系統還原
關閉設定
緩和選項
Process Mitigation Options
封鎖未受信任的字型
群組原則
記錄和追蹤
設定 Ini 檔案喜好設定記錄與追蹤
設定印表機喜好設定記錄與追蹤
設定地區選項喜好設定記錄與追蹤
設定應用程式喜好設定記錄與追蹤
設定捷徑喜好設定記錄與追蹤
設定排定的工作喜好設定記錄與追蹤
設定服務喜好設定記錄與追蹤
設定本機使用者和群組喜好設定記錄與追蹤
設定檔案喜好設定記錄與追蹤
設定環境喜好設定記錄與追蹤
設定登錄喜好設定記錄與追蹤
設定磁碟機對應喜好設定記錄與追蹤
設定網路共用喜好設定記錄與追蹤
設定網路選項喜好設定記錄與追蹤
設定網際網路設定喜好設定記錄與追蹤
設定裝置喜好設定記錄與追蹤
設定資料來源喜好設定記錄與追蹤
設定資料夾喜好設定記錄與追蹤
設定資料夾選項喜好設定記錄與追蹤
設定開始功能表喜好設定記錄與追蹤
設定電源選項喜好設定記錄與追蹤
Configure web-to-app linking with app URI handlers
Continue experiences on this device
Phone-PC linking on this device
不讓使用者啟動電腦原則更新
允許交互樹系使用者原則和漫遊使用者設定檔
啟用伺服器的群組原則快取
啟用原則重新整理期間的 AD/DFS 網域控制站同步
將直接存取連線設定成快速網路連線
指定原則處理等待工作地點連線的時間
指定啟動原則處理等待時間
永遠使用本機 ADM 檔案於群組原則物件編輯器
決定互動式使用者是否可以產生原則結果組資料
設定 EFS 修復原則處理
設定 Ini 檔案喜好設定延伸原則處理
設定 Internet Explorer 維護原則處理
設定 IP 安全性原則處理
設定使用者群組原則回送處理模式
設定印表機喜好設定延伸原則處理
設定地區選項喜好設定延伸原則處理
設定安全性原則處理
設定應用程式喜好設定延伸原則處理
設定指令碼原則處理
設定捷徑喜好設定延伸原則處理
設定排定的工作喜好設定延伸原則處理
設定有線原則處理
設定服務喜好設定延伸原則處理
設定本機使用者和群組喜好設定延伸原則處理
設定檔案喜好設定延伸原則處理
設定無線原則處理
設定環境喜好設定延伸原則處理
設定登入指令碼延遲
設定登錄原則處理
設定登錄喜好設定延伸原則處理
設定磁碟機對應喜好設定延伸原則處理
設定磁碟配額原則處理
設定網域控制站群組原則更新的間隔
設定網路共用喜好設定延伸原則處理
設定網路選項喜好設定延伸原則處理
設定網際網路設定喜好設定延伸原則處理
設定群組原則低速連結偵測
設定群組原則快取
設定裝置喜好設定延伸原則處理
設定資料來源喜好設定延伸原則處理
設定資料夾喜好設定延伸原則處理
設定資料夾選項喜好設定延伸原則處理
設定資料夾重新導向原則處理
設定軟體安裝原則處理
設定開始功能表喜好設定延伸原則處理
設定電源選項喜好設定延伸原則處理
設定電腦的群組原則更新間隔
變更群組原則處理,在偵測到低速網路連線時非同步執行。
透過遠端桌面服務登入時,允許非同步使用者群組原則處理
關閉原則結果組記錄
關閉本機群組原則物件處理
關閉群組原則用戶端服務 AOAC 最佳化
關閉群組原則背景更新
裝置安裝
裝置安裝限制
Allow installation of devices that match any of these device instance IDs
Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria
Prevent installation of devices that match any of these device instance IDs
允許使用符合這些裝置安裝類別的驅動程式安裝裝置
允許安裝符合這些裝置識別碼的裝置
允許系統管理員覆寫裝置安裝限制原則
在原則設定防止安裝時顯示自訂訊息
在原則設定防止裝置安裝時顯示自訂訊息標題
為使原則變更生效而必須強制重新開機的時間 (秒)
防止使用符合這些裝置安裝類別的驅動程式安裝裝置
防止安裝抽取式裝置
防止安裝未由其他原則設定描述的裝置
防止安裝符合下列任何裝置識別碼的裝置
允許遠端存取隨插即用介面
在裝置安裝期間關閉 [找到新硬體] 提示氣球
在通常會提示建立系統還原點的裝置活動期間,防止建立系統還原點
在驅動程式排名與選取程序中,將所有經過數位簽署的驅動程式設為相等的優先權
指定裝置驅動程式來源位置的搜尋順序
指定裝置驅動程式更新的搜尋伺服器
當裝置上已安裝標準驅動程式時,不要傳送 Windows 錯誤報告
當裝置驅動程式在安裝期間要求其他軟體時,防止 Windows 傳送錯誤報告
設定裝置安裝逾時
防止從網際網路擷取裝置中繼資料
裝置防護
部署程式碼完整性原則
開啟虛擬化型安全性
認證委派
Encryption Oracle Remediation
Remote host allows delegation of non-exportable credentials
允許在僅使用 NTLM 的伺服器驗證時委派已儲存的認證
允許在僅使用 NTLM 的伺服器驗證時委派新認證
允許在僅使用 NTLM 的伺服器驗證時委派預設認證
允許委派已儲存的認證
允許委派新認證
允許委派預設認證
拒絕委派已儲存的認證
拒絕委派新認證
拒絕委派預設認證
限制委派認證給遠端伺服器
資料夾重新導向
僅重新導向主要電腦中的資料夾
重新導向 [開始] 功能表和 [我的文件] 時,使用當地語系化的子資料夾名稱
遠端協助
僅允許 Windows Vista 或更新版本的連線
自訂警告訊息
設定提供遠端協助
設定請求遠端協助
開啟工作階段記錄
開啟頻寬最佳化
遠端程序呼叫
傳播延伸錯誤的資訊
啟用 RPC 端點對應程式用戶端驗證
略過委派失敗
維護 RPC 疑難排解狀態資訊
設定 RPC/HTTP 連線的閒置連線等候逾時最小值
限制未經驗證的 RPC 用戶端
開機初期啟動的反惡意程式碼
開機啟動驅動程式初始化原則
關機
要求使用快速啟動
關機選項
關閉會封鎖或取消關機之應用程式的自動終止
電源管理
Energy Saver Settings
Energy Saver Battery Threshold (on battery)
Energy Saver Battery Threshold (plugged in)
Power Throttling Settings
Turn off Power Throttling
按鈕設定
選取睡眠按鈕動作 (一般電源)
選取睡眠按鈕動作 (使用電池)
選取螢幕切換動作 (一般電源)
選取螢幕切換動作 (使用電池)
選取開始功能表電源按鈕動作 (一般電源)
選取開始功能表電源按鈕動作 (使用電池)
選取電源按鈕動作 (一般電源)
選取電源按鈕動作 (使用電池)
睡眠設定
Allow network connectivity during connected-standby (on battery)
Allow network connectivity during connected-standby (plugged in)
允許應用程式防止自動睡眠 (一般電源)
允許應用程式防止自動睡眠 (使用電池)
允許開啟網路檔案時自動睡眠 (一般電源)
允許開啟網路檔案時自動睡眠 (使用電池)
喚醒電腦時必須使用密碼 (一般電源)
喚醒電腦時必須使用密碼 (使用電池)
指定系統休眠逾時 (一般電源)
指定系統休眠逾時 (使用電池)
指定系統睡眠逾時 (一般電源)
指定系統睡眠逾時 (使用電池)
指定自動睡眠逾時 (一般電源)
指定自動睡眠逾時 (使用電池)
睡眠時允許待命狀態 (S1-S3) (一般電源)
睡眠時允許待命狀態 (S1-S3) (使用電池)
開啟應用程式以防止睡眠轉換 (一般電源)
開啟應用程式防止睡眠轉換的能力 (使用電池)
關閉交互式睡眠 (一般電源)
關閉交互式睡眠 (使用電池)
硬碟設定
關閉硬碟 (一般電源)
關閉硬碟 (使用電池)
視訊與顯示設定
指定顯示器變暗亮度 (一般電源)
指定顯示器變暗亮度 (使用電池)
開啟桌面背景投影片放映 (一般電源)
開啟桌面背景投影片放映 (使用電池)
關閉彈性顯示器逾時 (一般電源)
關閉彈性顯示器逾時 (使用電池)
關閉顯示器 (一般電源)
關閉顯示器 (使用電池)
降低顯示器亮度 (一般電源)
降低顯示器亮度 (使用電池)
通知設定值
保留剩餘電力通知等級
關閉電力偏低使用者通知
電力不足通知動作
電力不足通知等級
電力偏低通知動作
電力偏低通知等級
指定自訂使用中電源計劃
選取使用中電源計劃
驅動程式安裝
允許非系統管理員安裝這些裝置安裝類別的驅動程式
關閉 Windows Update 裝置驅動程式搜尋提示
下載遺失的 COM 元件
不要將移到已加密資料夾中的檔案自動加密
允許散佈式連結追蹤用戶端使用網域資源
啟動關機事件追蹤器系統狀態資料功能
啟用持續的時間戳記
在發生 Windows 系統關機後不要關閉系統電源。
將可能不安全的 HTML 說明功能限制於指定的資料夾
指定 Windows Service Pack 安裝檔案位置
指定 Windows 安裝檔案的位置
指定選用之元件安裝和元件修復的相關設定
登入時不要顯示 [管理您的伺服器] 頁面
移除開機 / 關機 / 登入 / 登出狀態訊息
關閉 HTML Help 可執行檔的資料執行防止
限制這些程式從說明中啟動
顯示關機事件追蹤器
顯示非常詳細的狀態訊息
Windows Components
ActiveX Installer 服務
ActiveX 控制項的認可安裝網站
建立信任區域中網站的 ActiveX 安裝原則
App Package Deployment
Allow all trusted apps to install
Allow a Windows app to share application data between users
Allow deployment operations in special profiles
Allows development of Windows Store apps and installing them from an integrated development environment (IDE)
Archive infrequently used apps
Disable installing Windows apps on non-system volumes
Not allow sideloaded apps to auto-update in the background
Not allow sideloaded apps to auto-update in the background on a metered network
Prevent non-admin users from installing packaged Windows apps
Prevent users' app data from being stored on non-system volumes
App Privacy
Let Windows apps access account information
Let Windows apps access an eye tracker device
Let Windows apps access call history
Let Windows apps access contacts
Let Windows apps access diagnostic information about other apps
Let Windows apps access email
Let Windows apps access location
Let Windows apps access messaging
Let Windows apps access motion
Let Windows apps access notifications
Let Windows apps access Tasks
Let Windows apps access the calendar
Let Windows apps access the camera
Let Windows apps access the microphone
Let Windows apps access trusted devices
Let Windows apps access user movements while running in the background
Let Windows apps activate with voice
Let Windows apps activate with voice while the system is locked
Let Windows apps communicate with unpaired devices
Let Windows apps control radios
Let Windows apps make phone calls
Let Windows apps run in the background
Let Windows apps take screenshots of various windows or displays
Let Windows apps turn off the screenshot border
Backup
伺服器
不允許只執行一次的備份
不允許將光學媒體為備份目標
不允許將本機連接的儲存裝置做為備份目標
不允許將網路做為備份目標
僅允許系統備份
BitLocker 磁碟機加密
作業系統磁碟機
Allow devices compliant with InstantGo or HSTI to opt out of pre-boot PIN.
BitLocker 修復結束後重設平台驗證資料
不允許標準使用者變更 PIN 或密碼
使用增強的開機設定資料驗證設定檔
允許使用安全開機來進行完整性驗證
允許啟動時網路解除鎖定
允許用於啟動的增強 PIN
啟動時需要其他驗證 (Windows Server 2008 與 Windows Vista)
啟動時需要其他驗證
啟用需要平板電腦開機前鍵盤輸入使用 BitLocker 驗證
強制作業系統磁碟機的磁碟機加密類型
設定 BIOS 韌體設定的 TPM 平台驗證設定檔
設定 TPM 平台驗證設定檔 (Windows Vista、Windows Server 2008、Windows 7、Windows Server 2008 R2)
設定作業系統磁碟機使用硬體式加密
設定作業系統磁碟機的密碼使用方式
設定原生 UEFI 韌體設定的 TPM 平台驗證設定檔
設定用於啟動的最小 PIN 長度
設定開機前修復訊息及 URL
選擇如何修復受 BitLocker 保護的作業系統磁碟機
固定式資料磁碟機
允許從舊版 Windows 存取受 BitLocker 保護的固定式資料磁碟機
強制固定式資料磁碟機的磁碟機加密類型
拒絕未受 BitLocker 保護之固定磁碟機的寫入存取權
設定固定式資料磁碟機使用硬體式加密
設定固定式資料磁碟機的密碼使用方式
設定固定式資料磁碟機的智慧卡使用方式
選擇如何修復受 BitLocker 保護的固定磁碟機
抽取式資料磁碟機
允許從舊版 Windows 存取受 BitLocker 保護的抽取式資料磁碟機
強制抽取式資料磁碟機的磁碟機加密類型
拒絕未受 BitLocker 保護之抽取式磁碟機的寫入存取權
控制抽取式磁碟機上 BitLocker 的使用方式
設定抽取式資料磁碟機使用硬體式加密
設定抽取式資料磁碟機的密碼使用方式
設定抽取式資料磁碟機的智慧卡使用方式
選擇如何修復受 BitLocker 保護的抽取式磁碟機
Disable new DMA devices when this computer is locked
將 BitLocker 修復資訊儲存在 Active Directory 網域服務 (Windows Server 2008 和 Windows Vista)
為組織提供唯一識別碼
選擇使用者如何修復受 BitLocker 保護的磁碟機 (Windows Server 2008 與 Windows Vista)
選擇修復密碼的預設資料夾
選擇磁碟機加密方法和加密強度 (Windows 8、Windows Server 2012、Windows 8.1、Windows Server 2012 R2、Windows 10 [版本 1507])
選擇磁碟機加密方法和加密強度 (Windows 10 [版本 1511] 與更新的版本)
選擇磁碟機加密方法和加密強度 (Windows Vista、Windows Server 2008、Windows 7、Windows Server 2008 R2)
重新啟動時防止記憶體覆寫
驗證智慧卡憑證使用規則相符性
Camera
Allow Use of Camera
Chat
Configures the Chat icon on the taskbar
Connect
Don't allow this PC to be projected to
Require pin for pairing
Data Collection and Preview Builds
Allow commercial data pipeline
Allow Desktop Analytics Processing
Allow device name to be sent in Windows diagnostic data
Allow Diagnostic Data
Allow Update Compliance Processing
Allow WUfB Cloud Processing
Configure Authenticated Proxy usage for the Connected User Experience and Telemetry service
Configure collection of browsing data for Desktop Analytics
Configure Connected User Experiences and Telemetry
Configure diagnostic data opt-in change notifications
Configure diagnostic data opt-in settings user interface
Configure diagnostic data upload endpoint for Desktop Analytics
Configure the Commercial ID
Disable deleting diagnostic data
Disable diagnostic data viewer
Disable OneSettings Downloads
Enable OneSettings Auditing
Limit Diagnostic Log Collection
Limit Dump Collection
Limit optional diagnostic data for Desktop Analytics
不顯示意見反應通知
切換測試人員組建的使用者控制項
Delivery Optimization
Absolute Max Cache Size (in GB)
Allow uploads while the device is on battery while under set Battery level (percentage)
Cache Server Hostname
Cache Server Hostname Source
Delay Background download Cache Server fallback (in seconds)
Delay background download from http (in secs)
Delay Foreground download Cache Server fallback (in seconds)
Delay Foreground download from http (in secs)
Download Mode
Enable Peer Caching while the device connects via VPN
Group ID
Max Cache Age (in seconds)
Max Cache Size (percentage)
Maximum Background Download Bandwidth (in KB/s)
Maximum Background Download Bandwidth (percentage)
Maximum Foreground Download Bandwidth (in KB/s)
Maximum Foreground Download Bandwidth (percentage)
Minimum Background QoS (in KB/s)
Minimum disk size allowed to use Peer Caching (in GB)
Minimum Peer Caching Content File Size (in MB)
Minimum RAM capacity (inclusive) required to enable use of Peer Caching (in GB)
Modify Cache Drive
Monthly Upload Data Cap (in GB)
Select a method to restrict Peer Selection
Select the source of Group IDs
Set Business Hours to Limit Background Download Bandwidth
Set Business Hours to Limit Foreground Download Bandwidth
File Explorer
舊版
防止從備份還原先前的版本
防止還原本機舊版
防止還原遠端舊版
隱藏備份位置上的舊版檔案
隱藏舊版本機檔案的清單
隱藏舊版遠端檔案的清單
不顯示「已安裝新應用程式」通知
使用功能區最小化啟動 [檔案總管]
使用者/電腦的所有預設媒體櫃定義檔所在的位置。
停用在沒有中介層的情況下直接繫結到 IPropertySetStorage。
允許在檔案捷徑圖示中使用遠端路徑
在使用者磚功能表中顯示鎖定
在電源選項功能表中顯示休眠
在電源選項功能表中顯示睡眠
損毀時關閉終止堆集
第一次在電腦上載入時,不要重新初始化既存的漫遊使用者設定檔
設定 Windows SmartScreen 篩選工具
設定支援網頁連結
設定預設關聯設定檔
重新導向前,確認新舊資料夾重新導向的目標指向相同的共用
關閉 [檔案總管] 中的數字排序
關閉檔案總管的資料執行防止
關閉殼層通訊協定受保護模式
Find My Device
Turn On/Off Find My Device
Handwriting
Handwriting Panel Default Mode Docked
HomeGroup
防止電腦加入家用群組
Human Presence
Force Instant Lock
Force Instant Wake
Lock Timeout
Internet Explorer
Accelerators
Add default Accelerators
Add non-default Accelerators
Restrict Accelerators to those deployed through Group Policy
Turn off Accelerators
Application Compatibility
Clipboard access
Bypass prompting for Clipboard access for scripts running in any process
Bypass prompting for Clipboard access for scripts running in the Internet Explorer process
Define applications and processes that can access the Clipboard without prompting
Browser menus
Turn off Print Menu
Turn off the ability to launch report site problems using a menu option
Compatibility View
Include updated website lists from Microsoft
Turn off Compatibility View button
Turn off Compatibility View
Turn on Internet Explorer 7 Standards Mode
Turn on Internet Explorer Standards Mode for local intranet
Use Policy List of Internet Explorer 7 sites
Use Policy List of Quirks Mode sites
Corporate Settings
Code Download
Prevent specifying the code download path for each computer
Delete Browsing History
Allow deleting browsing history on exit
Disable "Configuring History"
Prevent access to Delete Browsing History
Prevent deleting ActiveX Filtering, Tracking Protection, and Do Not Track data
Prevent deleting cookies
Prevent deleting download history
Prevent deleting favorites site data
Prevent deleting form data
Prevent deleting InPrivate Filtering data
Prevent deleting passwords
Prevent deleting temporary Internet files
Prevent deleting websites that the user has visited
Prevent the deletion of temporary Internet files and cookies
Internet Control Panel
Advanced Page
Allow active content from CDs to run on user machines
Allow Install On Demand (except Internet Explorer)
Allow Install On Demand (Internet Explorer)
Allow Internet Explorer to use the HTTP2 network protocol
Allow Internet Explorer to use the SPDY/3 network protocol
Allow software to run or install even if the signature is invalid
Allow third-party browser extensions
Always send Do Not Track header
Automatically check for Internet Explorer updates
Check for server certificate revocation
Check for signatures on downloaded programs
Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled
Do not allow resetting Internet Explorer settings
Do not save encrypted pages to disk
Empty Temporary Internet Files folder when browser is closed
Play animations in web pages
Play sounds in web pages
Play videos in web pages
Turn off ClearType
Turn off encryption support
Turn off loading websites and content in the background to optimize performance
Turn off Profile Assistant
Turn off sending UTF-8 query strings for URLs
Turn off the flip ahead with page prediction feature
Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows
Turn on Caret Browsing support
Turn on Enhanced Protected Mode
Use HTTP 1.1 through proxy connections
Use HTTP 1.1
Content Page
Show Content Advisor on Internet Options
General Page
Browsing History
Allow websites to store application caches on client computers
Allow websites to store indexed databases on client computers
Set application caches expiration time limit for individual domains
Set application cache storage limits for individual domains
Set default storage limits for websites
Set indexed database storage limits for individual domains
Set maximum application cache individual resource size
Set maximum application cache resource list size
Set maximum application caches storage limit for all domains
Set maximum indexed database storage limit for all domains
Start Internet Explorer with tabs from last browsing session
Security Page
Internet Zone
Access data sources across domains
Allow active content over restricted protocols to access my computer
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow loading of XAML Browser Applications
Allow loading of XAML files
Allow loading of XPS files
Allow META REFRESH
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use the TDC ActiveX control
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer WebBrowser controls
Allow scriptlets
Allow updates to status bar via script
Allow VBScript to run in Internet Explorer
Allow video and animation on a webpage that uses an older media player
Allow websites to open windows without status bar or Address bar
Allow websites to prompt for information by using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Display mixed content
Don't run antimalware programs against ActiveX controls
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Enable dragging of content from different domains across windows
Enable dragging of content from different domains within a window
Enable MIME Sniffing
Include local path when user is uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Logon options
Navigate windows and frames across different domains
Render legacy filters
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Show security warning for potentially unsafe files
Software channel permissions
Submit non-encrypted form data
Turn off .NET Framework Setup
Turn off first-run prompt
Turn on Cross-Site Scripting Filter
Turn on Protected Mode
Turn on SmartScreen Filter scan
Use Pop-up Blocker
Userdata persistence
Web sites in less privileged Web content zones can navigate into this zone
允許在 [檔案總管] 的 OpenSearch 查詢結果中預覽和自訂縮圖
在 [檔案總管] 中允許 OpenSearch 查詢
Intranet Zone
Access data sources across domains
Allow active content over restricted protocols to access my computer
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow loading of XAML Browser Applications
Allow loading of XAML files
Allow loading of XPS files
Allow META REFRESH
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use the TDC ActiveX control
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer WebBrowser controls
Allow scriptlets
Allow updates to status bar via script
Allow VBScript to run in Internet Explorer
Allow video and animation on a webpage that uses an older media player
Allow websites to open windows without status bar or Address bar
Allow websites to prompt for information by using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Display mixed content
Don't run antimalware programs against ActiveX controls
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Enable dragging of content from different domains across windows
Enable dragging of content from different domains within a window
Enable MIME Sniffing
Include local path when user is uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Logon options
Navigate windows and frames across different domains
Render legacy filters
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Show security warning for potentially unsafe files
Software channel permissions
Submit non-encrypted form data
Turn off .NET Framework Setup
Turn off first-run prompt
Turn on Cross-Site Scripting Filter
Turn on Protected Mode
Turn on SmartScreen Filter scan
Use Pop-up Blocker
Userdata persistence
Web sites in less privileged Web content zones can navigate into this zone
允許在 [檔案總管] 的 OpenSearch 查詢結果中預覽和自訂縮圖
在 [檔案總管] 中允許 OpenSearch 查詢
Local Machine Zone
Access data sources across domains
Allow active content over restricted protocols to access my computer
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow loading of XAML Browser Applications
Allow loading of XAML files
Allow loading of XPS files
Allow META REFRESH
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use the TDC ActiveX control
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer WebBrowser controls
Allow scriptlets
Allow updates to status bar via script
Allow VBScript to run in Internet Explorer
Allow video and animation on a webpage that uses an older media player
Allow websites to open windows without status bar or Address bar
Allow websites to prompt for information by using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Display mixed content
Don't run antimalware programs against ActiveX controls
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Enable dragging of content from different domains across windows
Enable dragging of content from different domains within a window
Enable MIME Sniffing
Include local path when user is uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Logon options
Navigate windows and frames across different domains
Render legacy filters
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Show security warning for potentially unsafe files
Software channel permissions
Submit non-encrypted form data
Turn off .NET Framework Setup
Turn off first-run prompt
Turn on Cross-Site Scripting Filter
Turn on Protected Mode
Turn on SmartScreen Filter scan
Use Pop-up Blocker
Userdata persistence
Web sites in less privileged Web content zones can navigate into this zone
允許在 [檔案總管] 的 OpenSearch 查詢結果中預覽和自訂縮圖
在 [檔案總管] 中允許 OpenSearch 查詢
Locked-Down Internet Zone
Access data sources across domains
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow loading of XAML Browser Applications
Allow loading of XAML files
Allow loading of XPS files
Allow META REFRESH
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use the TDC ActiveX control
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer WebBrowser controls
Allow scriptlets
Allow updates to status bar via script
Allow VBScript to run in Internet Explorer
Allow video and animation on a webpage that uses an older media player
Allow websites to open windows without status bar or Address bar
Allow websites to prompt for information by using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Display mixed content
Don't run antimalware programs against ActiveX controls
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Enable dragging of content from different domains across windows
Enable dragging of content from different domains within a window
Enable MIME Sniffing
Include local path when user is uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Logon options
Navigate windows and frames across different domains
Render legacy filters
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Show security warning for potentially unsafe files
Software channel permissions
Submit non-encrypted form data
Turn off .NET Framework Setup
Turn off first-run prompt
Turn on Cross-Site Scripting Filter
Turn on Protected Mode
Turn on SmartScreen Filter scan
Use Pop-up Blocker
Userdata persistence
Web sites in less privileged Web content zones can navigate into this zone
允許在 [檔案總管] 的 OpenSearch 查詢結果中預覽和自訂縮圖
在 [檔案總管] 中允許 OpenSearch 查詢
Locked-Down Intranet Zone
Access data sources across domains
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow loading of XAML Browser Applications
Allow loading of XAML files
Allow loading of XPS files
Allow META REFRESH
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use the TDC ActiveX control
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer WebBrowser controls
Allow scriptlets
Allow updates to status bar via script
Allow VBScript to run in Internet Explorer
Allow video and animation on a webpage that uses an older media player
Allow websites to open windows without status bar or Address bar
Allow websites to prompt for information by using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Display mixed content
Don't run antimalware programs against ActiveX controls
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Enable dragging of content from different domains across windows
Enable dragging of content from different domains within a window
Enable MIME Sniffing
Include local path when user is uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Logon options
Navigate windows and frames across different domains
Render legacy filters
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Show security warning for potentially unsafe files
Software channel permissions
Submit non-encrypted form data
Turn off .NET Framework Setup
Turn off first-run prompt
Turn on Cross-Site Scripting Filter
Turn on Protected Mode
Turn on SmartScreen Filter scan
Use Pop-up Blocker
Userdata persistence
Web sites in less privileged Web content zones can navigate into this zone
允許在 [檔案總管] 的 OpenSearch 查詢結果中預覽和自訂縮圖
在 [檔案總管] 中允許 OpenSearch 查詢
Locked-Down Local Machine Zone
Access data sources across domains
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow loading of XAML Browser Applications
Allow loading of XAML files
Allow loading of XPS files
Allow META REFRESH
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use the TDC ActiveX control
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer WebBrowser controls
Allow scriptlets
Allow updates to status bar via script
Allow VBScript to run in Internet Explorer
Allow video and animation on a webpage that uses an older media player
Allow websites to open windows without status bar or Address bar
Allow websites to prompt for information by using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Display mixed content
Don't run antimalware programs against ActiveX controls
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Enable dragging of content from different domains across windows
Enable dragging of content from different domains within a window
Enable MIME Sniffing
Include local path when user is uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Logon options
Navigate windows and frames across different domains
Render legacy filters
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Show security warning for potentially unsafe files
Software channel permissions
Submit non-encrypted form data
Turn off .NET Framework Setup
Turn off first-run prompt
Turn on Cross-Site Scripting Filter
Turn on Protected Mode
Turn on SmartScreen Filter scan
Use Pop-up Blocker
Userdata persistence
Web sites in less privileged Web content zones can navigate into this zone
允許在 [檔案總管] 的 OpenSearch 查詢結果中預覽和自訂縮圖
在 [檔案總管] 中允許 OpenSearch 查詢
Locked-Down Restricted Sites Zone
Access data sources across domains
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow loading of XAML Browser Applications
Allow loading of XAML files
Allow loading of XPS files
Allow META REFRESH
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use the TDC ActiveX control
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer WebBrowser controls
Allow scriptlets
Allow updates to status bar via script
Allow VBScript to run in Internet Explorer
Allow video and animation on a webpage that uses an older media player
Allow websites to open windows without status bar or Address bar
Allow websites to prompt for information by using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Display mixed content
Don't run antimalware programs against ActiveX controls
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Enable dragging of content from different domains across windows
Enable dragging of content from different domains within a window
Enable MIME Sniffing
Include local path when user is uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Logon options
Navigate windows and frames across different domains
Render legacy filters
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Show security warning for potentially unsafe files
Software channel permissions
Submit non-encrypted form data
Turn off .NET Framework Setup
Turn off first-run prompt
Turn on Cross-Site Scripting Filter
Turn on Protected Mode
Turn on SmartScreen Filter scan
Use Pop-up Blocker
Userdata persistence
Web sites in less privileged Web content zones can navigate into this zone
允許在 [檔案總管] 的 OpenSearch 查詢結果中預覽和自訂縮圖
在 [檔案總管] 中允許 OpenSearch 查詢
Locked-Down Trusted Sites Zone
Access data sources across domains
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow loading of XAML Browser Applications
Allow loading of XAML files
Allow loading of XPS files
Allow META REFRESH
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use the TDC ActiveX control
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer WebBrowser controls
Allow scriptlets
Allow updates to status bar via script
Allow VBScript to run in Internet Explorer
Allow video and animation on a webpage that uses an older media player
Allow websites to open windows without status bar or Address bar
Allow websites to prompt for information by using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Display mixed content
Don't run antimalware programs against ActiveX controls
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Enable dragging of content from different domains across windows
Enable dragging of content from different domains within a window
Enable MIME Sniffing
Include local path when user is uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Logon options
Navigate windows and frames across different domains
Render legacy filters
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Show security warning for potentially unsafe files
Software channel permissions
Submit non-encrypted form data
Turn off .NET Framework Setup
Turn off first-run prompt
Turn on Cross-Site Scripting Filter
Turn on Protected Mode
Turn on SmartScreen Filter scan
Use Pop-up Blocker
Userdata persistence
Web sites in less privileged Web content zones can navigate into this zone
允許在 [檔案總管] 的 OpenSearch 查詢結果中預覽和自訂縮圖
在 [檔案總管] 中允許 OpenSearch 查詢
Restricted Sites Zone
Access data sources across domains
Allow active content over restricted protocols to access my computer
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow loading of XAML Browser Applications
Allow loading of XAML files
Allow loading of XPS files
Allow META REFRESH
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use the TDC ActiveX control
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer WebBrowser controls
Allow scriptlets
Allow updates to status bar via script
Allow VBScript to run in Internet Explorer
Allow video and animation on a webpage that uses an older media player
Allow websites to open windows without status bar or Address bar
Allow websites to prompt for information by using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Display mixed content
Don't run antimalware programs against ActiveX controls
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Enable dragging of content from different domains across windows
Enable dragging of content from different domains within a window
Enable MIME Sniffing
Include local path when user is uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Logon options
Navigate windows and frames across different domains
Render legacy filters
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Show security warning for potentially unsafe files
Software channel permissions
Submit non-encrypted form data
Turn off .NET Framework Setup
Turn off first-run prompt
Turn on Cross-Site Scripting Filter
Turn on Protected Mode
Turn on SmartScreen Filter scan
Use Pop-up Blocker
Userdata persistence
Web sites in less privileged Web content zones can navigate into this zone
允許在 [檔案總管] 的 OpenSearch 查詢結果中預覽和自訂縮圖
在 [檔案總管] 中允許 OpenSearch 查詢
Trusted Sites Zone
Access data sources across domains
Allow active content over restricted protocols to access my computer
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow loading of XAML Browser Applications
Allow loading of XAML files
Allow loading of XPS files
Allow META REFRESH
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use the TDC ActiveX control
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer WebBrowser controls
Allow scriptlets
Allow updates to status bar via script
Allow VBScript to run in Internet Explorer
Allow video and animation on a webpage that uses an older media player
Allow websites to open windows without status bar or Address bar
Allow websites to prompt for information by using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Display mixed content
Don't run antimalware programs against ActiveX controls
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Enable dragging of content from different domains across windows
Enable dragging of content from different domains within a window
Enable MIME Sniffing
Include local path when user is uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Logon options
Navigate windows and frames across different domains
Render legacy filters
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Show security warning for potentially unsafe files
Software channel permissions
Submit non-encrypted form data
Turn off .NET Framework Setup
Turn off first-run prompt
Turn on Cross-Site Scripting Filter
Turn on Protected Mode
Turn on SmartScreen Filter scan
Use Pop-up Blocker
Userdata persistence
Web sites in less privileged Web content zones can navigate into this zone
允許在 [檔案總管] 的 OpenSearch 查詢結果中預覽和自訂縮圖
在 [檔案總管] 中允許 OpenSearch 查詢
Internet Zone Template
Intranet Sites: Include all local (intranet) sites not listed in other zones
Intranet Sites: Include all network paths (UNCs)
Intranet Sites: Include all sites that bypass the proxy server
Intranet Zone Template
Local Machine Zone Template
Locked-Down Internet Zone Template
Locked-Down Intranet Zone Template
Locked-Down Local Machine Zone Template
Locked-Down Restricted Sites Zone Template
Locked-Down Trusted Sites Zone Template
Restricted Sites Zone Template
Site to Zone Assignment List
Trusted Sites Zone Template
Turn on automatic detection of intranet
Turn on certificate address mismatch warning
Turn on Notification bar notification for intranet content
Disable the Advanced page
Disable the Connections page
Disable the Content page
Disable the General page
Disable the Privacy page
Disable the Programs page
Disable the Security page
Prevent ignoring certificate errors
Send internationalized domain names
Use UTF-8 for mailto links
Internet Settings
Advanced settings
Browsing
Go to an intranet site for a one-word entry in the Address bar
Hide the button (next to the New Tab button) that opens Microsoft Edge
Turn off phone number detection
Multimedia
Allow Internet Explorer to play media files that use alternative codecs
Searching
Prevent configuration of search on Address bar
Prevent configuration of top-result search on Address bar
AutoComplete
Turn off URL Suggestions
Turn off Windows Search AutoComplete
Component Updates
Help Menu > About Internet Explorer
Prevent specifying cipher strength update information URLs
Periodic check for updates to Internet Explorer and Internet Tools
Prevent changing the URL for checking updates to Internet Explorer and Internet Tools
Prevent specifying the update check interval (in days)
Open Internet Explorer tiles on the desktop
Set how links are opened in Internet Explorer
Privacy
Establish InPrivate Filtering threshold
Establish Tracking Protection threshold
Prevent the computer from loading toolbars and Browser Helper Objects when InPrivate Browsing starts
Turn off collection of InPrivate Filtering data
Turn off InPrivate Browsing
Turn off InPrivate Filtering
Turn off Tracking Protection
Security Features
Add-on Management
Add-on List
All Processes
Deny all add-ons unless specifically allowed in the Add-on List
Process List
Remove "Run this time" button for outdated ActiveX controls in Internet Explorer
Turn off blocking of outdated ActiveX controls for Internet Explorer
Turn off blocking of outdated ActiveX controls for Internet Explorer on specific domains
Turn on ActiveX control logging in Internet Explorer
AJAX
Allow native XMLHTTP support
Change the maximum number of connections per host (HTTP 1.1)
Maximum number of connections per server (HTTP 1.0)
Set the maximum number of WebSocket connections per server
Turn off cross-document messaging
Turn off the WebSocket Object
Turn off the XDomainRequest object
Binary Behavior Security Restriction
Admin-approved behaviors
All Processes
Install binaries signed by MD2 and MD4 signing technologies
Internet Explorer Processes
Process List
Consistent Mime Handling
All Processes
Internet Explorer Processes
Process List
Local Machine Zone Lockdown Security
All Processes
Internet Explorer Processes
Process List
Mime Sniffing Safety Feature
All Processes
Internet Explorer Processes
Process List
MK Protocol Security Restriction
All Processes
Internet Explorer Processes
Process List
Network Protocol Lockdown
Restricted Protocols Per Security Zone
Internet Zone Restricted Protocols
Intranet Zone Restricted Protocols
Local Machine Zone Restricted Protocols
Restricted Sites Zone Restricted Protocols
Trusted Sites Zone Restricted Protocols
All Processes
Internet Explorer Processes
Process List
Notification bar
All Processes
Internet Explorer Processes
Process List
Object Caching Protection
All Processes
Internet Explorer Processes
Process List
Protection From Zone Elevation
All Processes
Internet Explorer Processes
Process List
Restrict ActiveX Install
All Processes
Internet Explorer Processes
Process List
Restrict File Download
All Processes
Internet Explorer Processes
Process List
Scripted Window Security Restrictions
All Processes
Internet Explorer Processes
Process List
Allow fallback to SSL 3.0 (Internet Explorer)
Do not display the reveal password button
Turn off Data Execution Prevention
Turn off Data URI support
Toolbars
Customize command labels
Display tabs on a separate row
Hide the Command bar
Hide the status bar
Lock all toolbars
Lock location of Stop and Refresh buttons
Turn off Developer Tools
Turn off toolbar upgrade tool
Use large icons for command buttons
Add a specific list of search providers to the user's list of search providers
Allow "Save Target As" in Internet Explorer mode
Allow Internet Explorer 8 shutdown behavior
Allow Microsoft services to provide enhanced suggestions as the user types in the Address bar
Automatically activate newly installed add-ons
Configure which channel of Microsoft Edge to use for opening redirected sites
Customize user agent string
Disable Automatic Install of Internet Explorer components
Disable changing Automatic Configuration settings
Disable changing connection settings
Disable changing secondary home page settings
Disable Import/Export Settings wizard
Disable Internet Explorer 11 as a standalone browser
Disable Periodic Check for Internet Explorer software updates
Disable showing the splash screen
Disable software update shell notifications on program launch
Do not allow users to enable or disable add-ons
Enable extended hot keys in Internet Explorer mode
Enforce full-screen mode
Install new versions of Internet Explorer automatically
Keep all intranet sites in Internet Explorer
Let users turn on and use Enterprise Mode from the Tools menu
Limit Site Discovery output by Domain
Limit Site Discovery output by Zone
Make proxy settings per-machine (rather than per-user)
Pop-up allow list
Prevent "Fix settings" functionality
Prevent access to Internet Explorer Help
Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet
Prevent bypassing SmartScreen Filter warnings
Prevent changing pop-up filter level
Prevent changing proxy settings
Prevent changing the default search provider
Prevent configuration of how windows open
Prevent configuration of new tab creation
Prevent Internet Explorer Search box from appearing
Prevent managing pop-up exception list
Prevent managing SmartScreen Filter
Prevent managing the phishing filter
Prevent participation in the Customer Experience Improvement Program
Prevent per-user installation of ActiveX controls
Prevent running First Run wizard
Replace JScript by loading JScript9Legacy in place of JScript via MSHTML/WebOC.
Restrict search providers to a specific list
Security Zones: Do not allow users to add/delete sites
Security Zones: Do not allow users to change policies
Security Zones: Use only machine settings
Send all sites not included in the Enterprise Mode Site List to Microsoft Edge.
Set tab process growth
Show message when opening sites in Microsoft Edge using Enterprise Mode
Specify default behavior for a new tab
Specify use of ActiveX Installer Service for installation of ActiveX controls
Turn off ability to pin sites in Internet Explorer on the desktop
Turn off ActiveX Opt-In prompt
Turn off add-on performance notifications
Turn off Automatic Crash Recovery
Turn off browser geolocation
Turn off configuration of pop-up windows in tabbed browsing
Turn off Crash Detection
Turn off Favorites bar
Turn off Managing SmartScreen Filter for Internet Explorer 8
Turn off page-zooming functionality
Turn off pop-up management
Turn off Quick Tabs functionality
Turn off Reopen Last Browsing Session
Turn off suggestions for all user-installed providers
Turn off tabbed browsing
Turn off the auto-complete feature for web addresses
Turn off the quick pick menu
Turn off the Security Settings Check feature
Turn on ActiveX Filtering
Turn on compatibility logging
Turn on menu bar by default
Turn on Site Discovery WMI output
Turn on Site Discovery XML output
Turn on Suggested Sites
Use the Enterprise Mode IE website list
Internet Information Services
避免安裝 IIS
Maps
Turn off Automatic Download and Update of Map Data
Turn off unsolicited network traffic on the Offline Maps settings page
MDM
Disable MDM Enrollment
Enable automatic MDM enrollment using default Azure AD credentials
Messaging
Allow Message Service Cloud Sync
Microsoft account
Block all consumer Microsoft account user authentication
Microsoft Defender Antivirus
Client Interface
Display additional text to clients when they need to perform an action
Enable headless UI mode
Suppress all notifications
Suppresses reboot notifications
Device Control
Define device control policy groups
Define device control policy rules
Exclusions
Extension Exclusions
Ip Address Exclusions
Path Exclusions
Process Exclusions
Turn off Auto Exclusions
MAPS
Configure local setting override for reporting to Microsoft MAPS
Configure the 'Block at First Sight' feature
Join Microsoft MAPS
Send file samples when further analysis is required
Microsoft Defender Exploit Guard
Attack Surface Reduction
Configure Attack Surface Reduction rules
Exclude files and paths from Attack Surface Reduction Rules
Controlled Folder Access
Configure allowed applications
Configure Controlled folder access
Configure protected folders
Network Protection
Prevent users and apps from accessing dangerous websites
This settings controls whether Network Protection is allowed to be configured into block or audit mode on Windows Server.
MpEngine
Configure extended cloud check
Enable file hash computation feature
Select cloud protection level
Network Inspection System
Specify additional definition sets for network traffic inspection
This setting controls datagram processing for network protection.
Turn on definition retirement
Turn on protocol recognition
Quarantine
Configure local setting override for the removal of items from Quarantine folder
Configure removal of items from Quarantine folder
Real-time Protection
Configure local setting override for monitoring file and program activity on your computer
Configure local setting override for monitoring for incoming and outgoing file activity
Configure local setting override for scanning all downloaded files and attachments
Configure local setting override for turn on behavior monitoring
Configure local setting override to turn on real-time protection
Configure monitoring for incoming and outgoing file and program activity
Define the maximum size of downloaded files and attachments to be scanned
Monitor file and program activity on your computer
Scan all downloaded files and attachments
Turn off real-time protection
Turn on behavior monitoring
Turn on process scanning whenever real-time protection is enabled
Turn on raw volume write notifications
Turn on script scanning
Remediation
Configure local setting override for the time of day to run a scheduled full scan to complete remediation
Specify the day of the week to run a scheduled full scan to complete remediation
Specify the time of day to run a scheduled full scan to complete remediation
Reporting
Configure time out for detections in critically failed state
Configure time out for detections in non-critical failed state
Configure time out for detections in recently remediated state
Configure time out for detections requiring additional action
Configure Watson events
Configure Windows software trace preprocessor components
Configure WPP tracing level
Turn off enhanced notifications
Scan
Allow users to pause scan
Check for the latest virus and spyware security intelligence before running a scheduled scan
Configure local setting override for maximum percentage of CPU utilization
Configure local setting override for scheduled quick scan time
Configure local setting override for scheduled scan time
Configure local setting override for schedule scan day
Configure local setting override for the scan type to use for a scheduled scan
Configure low CPU priority for scheduled scans
Create a system restore point
Define the number of days after which a catch-up scan is forced
Run full scan on mapped network drives
Scan archive files
Scan network files
Scan packed executables
Scan removable drives
Specify the day of the week to run a scheduled scan
Specify the interval to run quick scans per day
Specify the maximum depth to scan archive files
Specify the maximum percentage of CPU utilization during a scan
Specify the maximum size of archive files to be scanned
Specify the scan type to use for a scheduled scan
Specify the time for a daily quick scan
Specify the time of day to run a scheduled scan
Start the scheduled scan only when computer is on but not in use
Turn on catch-up full scan
Turn on catch-up quick scan
Turn on e-mail scanning
Turn on heuristics
Turn on removal of items from scan history folder
Turn on reparse point scanning
Security Intelligence Updates
Allow notifications to disable security intelligence based reports to Microsoft MAPS
Allow real-time security intelligence updates based on reports to Microsoft MAPS
Allow security intelligence updates from Microsoft Update
Allow security intelligence updates when running on battery power
Allows Microsoft Defender Antivirus to update and communicate over a metered connection.
Check for the latest virus and spyware security intelligence on startup
Define file shares for downloading security intelligence updates
Define security intelligence location for VDI clients.
Define the number of days after which a catch-up security intelligence update is required
Define the number of days before spyware security intelligence is considered out of date
Define the number of days before virus security intelligence is considered out of date
Define the order of sources for downloading security intelligence updates
Initiate security intelligence update on startup
Specify the day of the week to check for security intelligence updates
Specify the interval to check for security intelligence updates
Specify the time to check for security intelligence updates
Turn on scan after security intelligence update
Threats
Specify threat alert levels at which default action should not be taken when detected
Specify threats upon which default action should not be taken when detected
Allow antimalware service to remain running always
Allow antimalware service to startup with normal priority
Configure detection for potentially unwanted applications
Configure local administrator merge behavior for lists
Configure scheduled task times randomization window
Define addresses to bypass proxy server
Define proxy auto-config (.pac) for connecting to the network
Define proxy server for connecting to the network
Define the directory path to copy support log files
Randomize scheduled task times
Turn off Microsoft Defender Antivirus
Turn off routine remediation
Microsoft Defender Application Guard
Allow auditing events in Microsoft Defender Application Guard
Allow camera and microphone access in Microsoft Defender Application Guard
Allow data persistence for Microsoft Defender Application Guard
Allow files to download and save to the host operating system from Microsoft Defender Application Guard
Allow hardware-accelerated rendering for Microsoft Defender Application Guard
Allow Microsoft Defender Application Guard to use Root Certificate Authorities from the user's device
Configure Microsoft Defender Application Guard clipboard settings
Configure Microsoft Defender Application Guard print settings
Prevent enterprise websites from loading non-enterprise content in Microsoft Edge and Internet Explorer
Turn on Microsoft Defender Application Guard in Managed Mode
Microsoft Defender Exploit Guard
Exploit Protection
Use a common set of exploit protection settings
Microsoft Edge
Allow Address bar drop-down list suggestions
Allow Adobe Flash
Allow a shared Books folder
Allow clearing browsing data on exit
Allow configuration updates for the Books Library
Allow extended telemetry for the Books tab
Allow Extensions
Allow FullScreen Mode
Allow Microsoft Compatibility List
Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed
Allow Microsoft Edge to start and load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed
Allow printing
Allow Saving History
Allow search engine customization
Allow Sideloading of extension
Always show the Books Library in Microsoft Edge
Configure additional search engines
Configure Favorites Bar
Configure Home Button
Configure kiosk mode
Configure kiosk reset after idle timeout
Configure Open Microsoft Edge With
Configure the Adobe Flash Click-to-Run setting
Disable lockdown of Start pages
For PDF files that have both landscape and portrait pages, print each in its own orientation.
Keep favorites in sync between Internet Explorer and Microsoft Edge
Open a new tab with an empty tab
Prevent access to the about:flags page in Microsoft Edge
Prevent certificate error overrides
Prevent changes to Favorites on Microsoft Edge
Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start
Prevent the First Run webpage from opening on Microsoft Edge
Prevent turning off required extensions
Provision Favorites
Set default search engine
Set Home Button URL
Set New Tab page URL
Show message when opening sites in Internet Explorer
Suppress the display of Edge Deprecation Notification
Unlock Home Button
不允許 WebRTC 共用 LocalHost IP 位址
不允許「SmartScreen 篩選工具」警告覆寫
不允許針對未驗證之檔案的「SmartScreen 篩選工具」警告覆寫
允許員工傳送「不要追蹤」標頭
將所有內部網路網站傳送到 Internet Explorer 11
設定 Cookie
設定企業模式網站清單
設定公司首頁
設定我的最愛
關閉 InPrivate 瀏覽
關閉 SmartScreen 篩選工具
關閉密碼管理員
關閉快顯封鎖程式
關閉網址列搜尋建議
關閉自動填寫
關閉開發人員工具
Microsoft Passport for Work
Allow enumeration of emulated smart card for all users
Configure device unlock factors
Configure dynamic lock factors
Turn off smart card emulation
Use certificate for on-premises authentication
Use cloud trust for on-premises authentication
Use PIN Recovery
Use Windows Hello for Business certificates as smart card certificates
使用 Microsoft Passport for Work
使用生物識別技術
使用硬體安全性裝置
Microsoft Secondary Authentication Factor
Allow companion device for secondary authentication
Microsoft User Experience Virtualization
Applications
Access 2013 backup only
Access 2016 backup only
Calculator
Common 2013 backup only
Common 2016 backup only
Excel 2013 backup only
Excel 2016 backup only
InfoPath 2013 backup only
Internet Explorer 8
Internet Explorer 9
Internet Explorer 10
Internet Explorer 11
Internet Explorer Common Settings
Lync 2013 backup only
Lync 2016 backup only
Microsoft Access 2010
Microsoft Access 2013
Microsoft Access 2016
Microsoft Excel 2010
Microsoft Excel 2013
Microsoft Excel 2016
Microsoft InfoPath 2010
Microsoft InfoPath 2013
Microsoft Lync 2010
Microsoft Lync 2013
Microsoft Lync 2016
Microsoft Office 365 Access 2013
Microsoft Office 365 Access 2016
Microsoft Office 365 Common 2013
Microsoft Office 365 Common 2016
Microsoft Office 365 Excel 2013
Microsoft Office 365 Excel 2016
Microsoft Office 365 InfoPath 2013
Microsoft Office 365 Lync 2013
Microsoft Office 365 Lync 2016
Microsoft Office 365 OneNote 2013
Microsoft Office 365 OneNote 2016
Microsoft Office 365 Outlook 2013
Microsoft Office 365 Outlook 2016
Microsoft Office 365 PowerPoint 2013
Microsoft Office 365 PowerPoint 2016
Microsoft Office 365 Project 2013
Microsoft Office 365 Project 2016
Microsoft Office 365 Publisher 2013
Microsoft Office 365 Publisher 2016
Microsoft Office 365 SharePoint Designer 2013
Microsoft Office 365 Visio 2013
Microsoft Office 365 Visio 2016
Microsoft Office 365 Word 2013
Microsoft Office 365 Word 2016
Microsoft Office 2010 Common Settings
Microsoft Office 2013 Common Settings
Microsoft Office 2013 Upload Center
Microsoft Office 2016 Common Settings
Microsoft Office 2016 Upload Center
Microsoft OneDrive for Business 2013
Microsoft OneDrive for Business 2016
Microsoft OneNote 2010
Microsoft OneNote 2013
Microsoft OneNote 2016
Microsoft Outlook 2010
Microsoft Outlook 2013
Microsoft Outlook 2016
Microsoft PowerPoint 2010
Microsoft PowerPoint 2013
Microsoft PowerPoint 2016
Microsoft Project 2010
Microsoft Project 2013
Microsoft Project 2016
Microsoft Publisher 2010
Microsoft Publisher 2013
Microsoft Publisher 2016
Microsoft SharePoint Designer 2010
Microsoft SharePoint Designer 2013
Microsoft SharePoint Workspace 2010
Microsoft Visio 2010
Microsoft Visio 2013
Microsoft Visio 2016
Microsoft Word 2010
Microsoft Word 2013
Microsoft Word 2016
Notepad
OneNote 2013 backup only
OneNote 2016 backup only
Outlook 2013 backup only
Outlook 2016 backup only
PowerPoint 2013 backup only
PowerPoint 2016 backup only
Project 2013 backup only
Project 2016 backup only
Publisher 2013 backup only
Publisher 2016 backup only
SharePoint Designer 2013 backup only
Visio 2013 backup only
Visio 2016 backup only
Word 2013 backup only
Word 2016 backup only
WordPad
Windows Apps
Finance
Games
Maps
Music
News
Reader
Sports
Travel
Video
Weather
Configure Sync Method
Contact IT Link Text
Contact IT URL
Do not synchronize Windows Apps
Enable UEV
First Use Notification
Ping the settings storage location before sync
Settings package size warning threshold
Settings storage path
Settings template catalog path
Synchronization timeout
Synchronize Windows settings
Sync settings over metered connections even when roaming
Sync settings over metered connections
Sync Unlisted Windows Apps
Tray Icon
Use User Experience Virtualization (UE-V)
VDI Configuration
NetMeeting
停用遠端桌面共用
News and interests
Enable news and interests on the taskbar
OneDrive
Prevent OneDrive files from syncing over metered connections
Prevent OneDrive from generating network traffic until the user signs in to OneDrive
Prevent the usage of OneDrive for file storage on Windows 8.1
Save documents to OneDrive by default
防止使用 OneDrive 儲存檔案
OOBE
Don't launch privacy settings experience on user logon
Push To Install
Turn off Push To Install service
Remote Desktop Services
RD Licensing
License server security group
Prevent license upgrade
Remote Desktop Connection Client
RemoteFX USB Device Redirection
Allow RDP redirection of other supported RemoteFX USB devices from this computer
Allow .rdp files from unknown publishers
Allow .rdp files from valid publishers and user's default .rdp settings
Configure server authentication for client
Do not allow hardware accelerated decoding
Do not allow passwords to be saved
Prompt for credentials on the client computer
Specify SHA1 thumbprints of certificates representing trusted .rdp publishers
Turn Off UDP On Client
Remote Desktop Session Host
Connections
Allow users to connect remotely by using Remote Desktop Services
Automatic reconnection
Configure keep-alive connection interval
Deny logoff of an administrator logged in to the console session
Limit number of connections
Restrict Remote Desktop Services users to a single Remote Desktop Services session
Select network detection on the server
Select RDP transport protocols
Set rules for remote control of Remote Desktop Services user sessions
Suspend user sign-in to complete app registration
允許從遠端啟動未列出的程式
關閉公平共用 CPU 排程
Device and Resource Redirection
Allow audio and video playback redirection
Allow audio recording redirection
Allow time zone redirection
Allow UI Automation redirection
Do not allow Clipboard redirection
Do not allow COM port redirection
Do not allow drive redirection
Do not allow location redirection
Do not allow LPT port redirection
Do not allow smart card device redirection
Do not allow supported Plug and Play device redirection
Do not allow video capture redirection
Limit audio playback quality
Licensing
Hide notifications about RD Licensing problems that affect the RD Session Host server
Set the Remote Desktop licensing mode
Use the specified Remote Desktop license servers
Printer Redirection
Do not allow client printer redirection
Do not set default client printer to be default printer in a session
Specify RD Session Host server fallback printer driver behavior
Use Remote Desktop Easy Print printer driver first
只重新導向預設用戶端印表機
Profiles
Limit the size of the entire roaming user profile cache
Set path for Remote Desktop Services Roaming User Profile
Set Remote Desktop Services User Home Directory
Use mandatory profiles on the RD Session Host server
RD Connection Broker
Configure RD Connection Broker farm name
Configure RD Connection Broker server name
Join RD Connection Broker
Use IP Address Redirection
使用 RD 連線代理人負載平衡
Remote Session Environment
RemoteFX for Windows Server 2008 R2
Configure RemoteFX
Optimize visual experience for Remote Desktop Service Sessions
Optimize visual experience when using RemoteFX
Always show desktop on connection
Configure compression for RemoteFX data
Configure H.264/AVC hardware encoding for Remote Desktop Connections
Configure image quality for RemoteFX Adaptive Graphics
Configure RemoteFX Adaptive Graphics
Enable RemoteFX encoding for RemoteFX clients designed for Windows Server 2008 R2 SP1
Enforce Removal of Remote Desktop Wallpaper
Limit maximum color depth
Limit maximum display resolution
Limit number of monitors
Prioritize H.264/AVC 444 graphics mode for Remote Desktop Connections
Remove "Disconnect" option from Shut Down dialog
Remove Windows Security item from Start menu
Start a program on connection
Use advanced RemoteFX graphics for RemoteApp
Use hardware graphics adapters for all Remote Desktop Services sessions
Use WDDM graphics display driver for Remote Desktop Connections
不允許字型平滑處理
允許遠端桌面工作階段的桌面轉譯緩衝處理
Security
Always prompt for password upon connection
Do not allow local administrators to customize permissions
Require secure RPC communication
Require use of specific security layer for remote (RDP) connections
Require user authentication for remote connections by using Network Level Authentication
Server authentication certificate template
Set client connection encryption level
Session Time Limits
End session when time limits are reached
Set time limit for active but idle Remote Desktop Services sessions
Set time limit for active Remote Desktop Services sessions
Set time limit for disconnected sessions
設定登出 RemoteApp 工作階段的時間限制
Temporary folders
Do not delete temp folders upon exit
Do not use temporary folders per session
應用程式相容性
虛擬 IP 位址無法使用時,請勿使用遠端桌面工作階段主機伺服器 IP 位址
選取要用於遠端桌面 IP 虛擬的網路介面卡
開啟遠端桌面 IP 虛擬
關閉 Windows Installer RDS 相容性
RSS Feeds
Prevent access to feed list
Prevent automatic discovery of feeds and Web Slices
Prevent downloading of enclosures
Prevent subscribing to or deleting a feed or a Web Slice
Turn off background synchronization for feeds and Web Slices
Turn on Basic feed authentication over HTTP
Speech
Allow Automatic Update of Speech Data
Tablet PC
Tablet PC 畫筆訓練
關閉 Tablet PC 畫筆訓練
敏銳筆觸學習
防止筆觸學習模式
游標
關閉畫筆回饋
畫筆 UX 行為
防止筆觸
硬體按鈕
關閉硬體按鈕
防止 Back-ESC 對應
防止啟動應用程式
防止按住不放
觸控輸入
關閉 Tablet PC 觸控輸入
關閉觸控平移
輸入面板
停用文字預測
包含其他如香港特有字元的中文、漢字字元
在輸入面板中關閉密碼安全性
若為 Tablet 手寫筆輸入,則不顯示 [輸入面板] 圖示
若為觸控輸入,則不顯示 [輸入面板] 圖示
關閉寬容與 Z 型刪除筆勢
關閉與輸入面板的自動完成整合
防止輸入面板索引標籤出現
附屬應用程式
不允許列印到筆記本便箋書寫器
不允許執行 Windows 筆記本
不允許執行剪取工具
不允許執行筆跡球
Tenant Restrictions
Cloud Policy Details
Widgets
Allow widgets
Windows Defender SmartScreen
Explorer
Configure App Install Control
Configure Windows Defender SmartScreen
Microsoft Edge
Configure Windows Defender SmartScreen
Prevent bypassing Windows Defender SmartScreen prompts for sites
Windows Game Recording and Broadcasting
Enables or disables Windows Game Recording and Broadcasting
Windows Ink Workspace
Allow suggested apps in Windows Ink Workspace
Allow Windows Ink Workspace
Windows Installer
允許使用者修補已升級的產品
允許使用者控制安裝
將轉換檔案的複本儲存在工作站的安全位置
強制升級元件規則
指定 Windows Installer 記錄在其交易記錄中的事件類型
控制基準檔案快取的大小上限
永遠以較高的特殊權限安裝
當權限提高時,允許使用者使用媒體來源
當權限提高時,允許使用者瀏覽來源
禁止 Flyweight 修補
禁止使用者安裝
禁止使用重新啟動管理員
禁止復原
禁止移除更新
禁止非系統管理員套用廠商簽署的更新
移除新來源的 [瀏覽] 對話方塊
透過封裝設定關閉記錄
關閉 Windows Installer
關閉共用元件
關閉系統還原檢查點建立功能
防止使用者使用 Windows Installer 來安裝更新或升級
防止內嵌的 UI
防止出現 Windows Installer 指令碼的 Internet Explorer 安全性提示
Windows Media Digital Rights Management
防止 Windows Media DRM 網際網路存取
Windows Media Player
不要顯示 [安裝第一次使用] 對話方塊
防止媒體共用
防止建立 [快速啟動] 工具列捷徑
防止建立桌面捷徑
防止自動更新
防止視訊品質平滑化
Windows Messenger
不允許執行 Windows Messenger
不要一開始就自動啟動 Windows Messenger
Windows PowerShell
打開 PowerShell 指令碼區塊記錄
打開 PowerShell 轉譯
設定 Update-Help 的預設來源路徑
開啟指令碼執行
開啟模組記錄
Windows Sandbox
Allow audio input in Windows Sandbox
Allow clipboard sharing with Windows Sandbox
Allow networking in Windows Sandbox
Allow printer sharing with Windows Sandbox
Allow vGPU sharing for Windows Sandbox
Allow video input in Windows Sandbox
Windows Security
Account protection
Hide the Account protection area
App and browser protection
Hide the App and browser protection area
Prevent users from modifying settings
Device performance and health
Hide the Device performance and health area
Device security
Disable the Clear TPM button
Hide the Device security area
Hide the Secure boot area
Hide the Security processor (TPM) troubleshooter page
Hide the TPM Firmware Update recommendation.
Enterprise Customization
Configure customized contact information
Configure customized notifications
Specify contact company name
Specify contact email address or Email ID
Specify contact phone number or Skype ID
Specify contact website
Family options
Hide the Family options area
Firewall and network protection
Hide the Firewall and network protection area
Notifications
Hide all notifications
Hide non-critical notifications
Systray
Hide Windows Security Systray
Virus and threat protection
Hide the Ransomware data recovery area
Hide the Virus and threat protection area
Windows Update
Legacy Policies
Allow Automatic Updates immediate installation
Allow non-administrators to receive update notifications
Configure auto-restart reminder notifications for updates
Configure auto-restart required notification for updates
Configure auto-restart warning notifications schedule for updates
Delay Restart for scheduled installations
Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box
Do not allow update deferral policies to cause scans against Windows Update
Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box
Enabling Windows Update Power Management to automatically wake up the system to install scheduled updates
No auto-restart with logged on users for scheduled automatic updates installations
Re-prompt for restart with scheduled installations
Reschedule Automatic Updates scheduled installations
Specify deadline before auto-restart for update installation
Specify Engaged restart transition and notification schedule for updates
Turn off auto-restart notifications for update installations
Turn on recommended updates via Automatic Updates
Turn on Software Notifications
Manage end user experience
Allow updates to be downloaded automatically over metered connections
Always automatically restart at the scheduled time
Configure Automatic Updates
Display options for update notifications
Remove access to "Pause updates" feature
Remove access to use all Windows Update features
Specify active hours range for auto-restarts
Specify deadlines for automatic updates and restarts
Turn off auto-restart for updates during active hours
Update Power Policy for Cart Restarts
Manage updates offered from Windows Server Update Service
Allow signed updates from an intranet Microsoft update service location
Automatic Updates detection frequency
Do not connect to any Windows Update Internet locations
Enable client-side targeting
Specify intranet Microsoft update service location
Specify source service for specific classes of Windows Updates
Manage updates offered from Windows Update
Disable safeguards for Feature Updates
Do not include drivers with Windows Updates
Manage preview builds
Select the target Feature Update version
Select when Preview Builds and Feature Updates are received
Select when Quality Updates are received
Windows 可靠性分析
設定可靠性 WMI 提供者
Windows 客戶經驗改進計畫
使用研究識別元標記 Windows 客戶經驗改進計畫資料
允許公司重新導向客戶經驗改進上傳
Windows 登入選項
Configure the mode of automatically signing in and locking last interactive user after a restart or cold boot
停用或啟用軟體 Secure Attention Sequence
於使用者登入期間顯示有關上次登入的資訊
於使用者登入期間,報告登入伺服器無法使用
系統起始的重新啟動之後自動登入最後一個互動式使用者
Windows 色彩系統
禁止安裝或解除安裝色彩設定檔
Windows 行事曆
關閉 Windows 行事曆
Windows 行動中心
關閉 Windows 行動中心
Windows 遠端殼層
MaxConcurrentUsers
允許遠端殼層存取
指定殼層逾時
指定每個使用者的最大遠端殼層數目
指定每個殼層的最大處理程序數目
指定每個殼層的記憶體數量上限 (MB)
指定閒置逾時
Windows 遠端管理 (WinRM)
WinRM 服務
不允許 Kerberos 驗證
不允許 WinRM 儲存 RunAs 認證
不允許交涉式驗證
允許 CredSSP 驗證
允許基本驗證
允許未加密的流量
允許透過 WinRM 進行遠端伺服器管理
指定通道繫結權杖強化層級
開啟相容性 HTTPS 接聽程式
開啟相容性 HTTP 接聽程式
WinRM 用戶端
不允許 Kerberos 驗證
不允許交涉式驗證
不允許摘要式驗證
信任的主機
允許 CredSSP 驗證
允許基本驗證
允許未加密的流量
Windows 錯誤報告
同意
略過自訂同意設定
自訂同意設定
設定預設同意
進階錯誤報告設定
報告並未計劃的關機事件
報告作業系統錯誤
永不報告錯誤的應用程式清單
永遠報告錯誤的應用程式清單
要排除的應用程式清單
設定公司 Windows 錯誤報告
設定報告佇列
設定報告保存
預設應用程式報告設定
不傳送其他資料
不調節其他資料
使用者介面不顯示嚴重錯誤
使用電池電力時傳送其他資料
停用 Windows 錯誤報告
停用記錄
自動傳送 OS 產生的錯誤報告的記憶體傾印
設定錯誤報告
連線到受限/成本已評估網路時傳送資料
顯示錯誤通知
Work Folders
強制為所有使用者自動設定
事件檢視器
events.asp URL
events.asp 程式
events.asp 程式命令列參數
事件記錄
啟用受保護的事件記錄
事件記錄服務
安全性
指定記錄檔大小上限 (KB)
控制記錄檔的位置
控制記錄檔達到其大小上限時的事件記錄檔行為
記錄檔已滿時自動備份
設定記錄檔存取 (傳統)
設定記錄檔存取
安裝
指定記錄檔大小上限 (KB)
控制記錄檔的位置
控制記錄檔達到其大小上限時的事件記錄檔行為
記錄檔已滿時自動備份
設定記錄檔存取 (傳統)
設定記錄檔存取
開啟記錄
應用程式
指定記錄檔大小上限 (KB)
控制記錄檔的位置
控制記錄檔達到其大小上限時的事件記錄檔行為
記錄檔已滿時自動備份
設定記錄檔存取 (傳統)
設定記錄檔存取
系統
指定記錄檔大小上限 (KB)
控制記錄檔的位置
控制記錄檔達到其大小上限時的事件記錄檔行為
記錄檔已滿時自動備份
設定記錄檔存取 (傳統)
設定記錄檔存取
事件轉寄
設定目標訂閱管理員
設定轉寄站資源使用量
可攜式作業系統
Windows To Go 預設啟動選項
從 Windows To Go 工作區啟動時不允許待命睡眠狀態 (S1-S3)
從 Windows To Go 工作區啟動時允許休眠 (S4)
同步您的設定
不要同步
不要同步個人化
不要同步其他 Windows 設定
不要同步密碼
不要同步應用程式
不要同步應用程式設定
不要同步桌面個人化
不要同步瀏覽器設定
不要同步開始設定
不要在計量付費連線上進行同步
定位和感應器
Windows 定位提供者
關閉 Windows 定位提供者
關閉位置指令碼
關閉定位
關閉感應器
工作排程器
禁止工作刪除
禁止建立新工作
禁止拖放功能
禁止瀏覽
防止工作執行或結束
隱藏內容頁
隱藏新增排程工作精靈中的進階內容核取方塊
市集
Disable all apps from Windows Store
Only display the private store within the Microsoft Store
關閉 Win8 電腦上的自動下載更新
關閉市集應用程式
關閉更新至最新版 Windows 的服務
關閉自動下載和安裝更新
應用程式執行階段
允許選用 Microsoft 帳戶
封鎖啟動含有可從託管內容存取的 Windows 執行階段 API 的 Windows 市集應用程式。
封鎖啟動與 URI 配置關聯的傳統型應用程式
封鎖啟動與檔案關聯的傳統型應用程式。
開啟 Windows 市集應用程式的動態內容 URI 規則
應用程式相容性
移除程式相容性內容頁
關閉回溯相容性引擎
關閉應用程式相容性引擎
關閉應用程式遙測
關閉步驟收錄程式
關閉清查收集器
關閉程式相容性助理
防止存取 16 位元的應用程式
搜尋
OCR
Select OCR language from a code page
強制為 TIFF 文件的每一頁執行 TIFF Ifilter
選取 OCR 語言
Allow Cloud Search
Allow Cortana above lock screen
Allow Cortana Page in OOBE on an AAD account
不允許 Web 搜尋
不允許將抽取式磁碟機上的位置新增到媒體櫃
不要在 [搜尋] 中搜尋網路或顯示網路搜尋結果
以電池電力執行時防止編製索引以節省電池電力
使用計量付費連線時,不要在 [搜尋] 中搜尋網路或顯示網路搜尋結果
停用索引子降速功能
允許 Cortana
允許使用變音符號
允許加密檔案索引
允許搜尋和 Cortana 使用定位
啟用為未快取之 Exchange 資料夾編製索引的功能
啟用為線上委派信箱編製索引的功能
啟用線上郵件索引編製的速度調節功能
控制各種附件的預覽功能
新增主要內部網路搜尋位置
新增次要內部網路搜尋位置
磁碟空間不足時停止編製索引
索引子資料位置
編製內容和屬性的索引時,永遠使用自動語言偵測
設定 Desktop Search 結果中的大型或小型圖示檢視
設定 [搜尋] 中可以分享的資訊
設定 [搜尋] 的安全搜尋設定
防止使用不在清單中的 iFilter 與通訊協定處理程式
防止在控制台中顯示 Windows Search 的進階索引選項
防止將共用的資料夾新增至 Windows Search 索引
防止對 Microsoft Office Outlook 編製索引
防止對公用資料夾編製索引
防止對離線檔案快取中的檔案編製索引
防止對電子郵件的附件編製索引
防止從控制台新增 UNC 位置到索引
防止新增使用者指定的位置到 [所有位置] 功能表
防止為特定檔案類型編製索引
防止為特定路徑編製索引
防止用戶端從遠端查詢索引
防止自訂控制台中的已索引位置
預覽窗格位置
預設的已排除路徑
預設的已索引路徑
數位購物服務區
不允許執行數位購物服務區
文字輸入
Improve inking and typing recognition
允許解除安裝的語言功能
新增功能到 Windows 8.1
防止精靈執行。
智慧卡
允許不含擴充金鑰使用方法憑證屬性的憑證
允許使用者名稱提示
允許時間無效的憑證
允許登入和驗證時使用 ECC 憑證
允許登入時使用有效簽章金鑰
允許登入時顯示整合式解除封鎖畫面
強制從智慧卡讀取所有憑證
當智慧卡遭到封鎖時顯示字串
篩選重複的登入憑證
設定根憑證清理
通知使用者已成功安裝智慧卡驅動程式
開啟智慧卡的憑證傳播
開啟智慧卡的根憑證傳播
開啟智慧卡隨插即用服務
防止認證管理員傳回純文字 PIN
顯示時反轉憑證中所儲存的主體名稱
桌面小工具
關閉使用者安裝的桌面小工具
關閉桌面小工具
限制解壓縮和安裝未經過數位簽署的小工具。
桌面視窗管理員
視窗框架色彩設定
不允許色彩變更
指定預設色彩
不允許呼叫 Flip3D
不允許視窗動畫
使用純色做為開始背景
檔案歷程記錄
關閉檔案歷程記錄
生物識別技術
臉部功能
使用增強式反詐騙 (若可用)
允許使用生物識別
允許使用者使用生物識別登入
允許網域使用者使用生物識別登入
指定快速切換使用者事件的逾時
簡報設定
關閉 Windows 簡報設定
維護排程器
自動維護啟用界限
自動維護喚醒原則
自動維護隨機延遲
線上協助
關閉主動式說明
自動播放原則
不允許非磁碟區裝置的自動播放
設定 AutoRun 的預設行為
關閉自動播放
防止自動播放記住使用者的選擇。
裝置和驅動程式相容性
裝置相容性設定
驅動程式相容性設定
裝置註冊
註冊加入網域的電腦為裝置
認證使用者介面
Prevent the use of security questions for local accounts
不要顯示密碼顯示按鈕
提升權限時列舉系統管理員帳戶
要求認證項目之信任的路徑
資訊安全中心
開啟資訊安全中心 (僅網域 PC)
軟體保護平台
Control Device Reactivation for Retail devices
關閉 KMS 用戶端線上 AVS 驗證
邊緣 UI
Allow edge swipe
停用說明秘訣
錄音機
不允許執行錄音機
關機選項
關機期間暫停登入工作階段的逾時
關閉舊版的遠端關機介面
雲端內容
Turn off cloud consumer account state content
Turn off cloud optimized content
不顯示 Windows 祕訣
關閉 Microsoft 消費者體驗
系統管理範本 (使用者)
Control Panel
Printers
Browse a common web site to find printers
Browse the network to find printers
Default Active Directory path when searching for printers
Enable Device Control Printing Restrictions
List of Approved USB-connected print devices
Only use Package Point and print
Package Point and print - Approved servers
Point and Print Restrictions
Prevent addition of printers
Prevent deletion of printers
Turn off Windows default printer management
Regional and Language Options
Handwriting personalization
Turn off automatic learning
Hide Regional and Language Options administrative options
Hide the geographic location option
Hide the select language group options
Hide user locale selection and customization options
Restrict Language Pack and Language Feature Installation
Restrict selection of Windows menus and dialogs language
Restricts the UI languages Windows should use for the selected user
Turn off autocorrect misspelled words
Turn off highlight misspelled words
Turn off insert a space after selecting a text prediction
Turn off offer text predictions as I type
[顯示]
停用 [控制台] 中的 [顯示]
隱藏 [設定值] 索引標籤
個人化
以密碼保護螢幕保護裝置
啟用螢幕保護裝置
強制使用特定視覺樣式檔案或強制使用 Windows 傳統配色
強制特定螢幕保護裝置
禁止選取視覺樣式字型大小
螢幕保護裝置逾時
載入特定佈景主題
防止變更佈景主題
防止變更桌面圖示
防止變更桌面背景
防止變更滑鼠指標
防止變更聲音
防止變更色彩及外觀
防止變更色彩配置
防止變更螢幕保護裝置
防止變更視窗和按鈕的視覺樣式
新增或移除程式
指定 [新增程式] 的預設類別目錄
直接到元件精靈
移除 [新增或移除程式]
移除支援資訊
隱藏 [從 CD-ROM 或磁片新增程式] 選項
隱藏 [從 Microsoft 新增程式] 選項
隱藏 [從您的網路新增程式] 選項
隱藏 [新增/移除 Windows 元件] 畫面
隱藏 [新增程式] 畫面
隱藏 [設定程式存取及預設值] 畫面
隱藏 [變更或移除程式] 畫面
程式集
隱藏 Windows Marketplace
隱藏 Windows 功能
隱藏取得程式頁
隱藏已安裝的更新頁
隱藏程式和功能頁
隱藏程式集控制台
隱藏設定程式存取和電腦預設值頁
Settings Page Visibility
只顯示指定的控制台項目
禁止存取 [控制台] 和電腦設定
開啟 [控制台] 時永遠開啟 [所有控制台項目]
隱藏指定的控制台項目
Desktop
Active Directory
Active Directory 搜尋的大小上限
啟用 [尋找] 對話方塊中的篩選器
隱藏 Active Directory 資料夾
桌面
停用 Active Desktop
停用所有項目
只允許點陣圖桌布
啟用 Active Desktop
新增/刪除項目
桌面桌布
禁止刪除項目
禁止新增項目
禁止編輯項目
禁止變更
禁止關閉項目
不要將最近開啟的文件共用新增到 [網路位置] 中
從 [文件] 圖示內容功能表移除 [內容]
從 [資源回收筒] 內容功能表中移除 [內容]
從 [電腦] 圖示內容功能表移除 [內容]
禁止使用者手動重新導向設定檔資料夾
禁止調整桌面工具列
移除桌面上的 [我的文件] 圖示
移除桌面上的 [資源回收筒] 圖示
移除桌面上的 [電腦] 圖示
移除桌面清除精靈
結束時不儲存設定
關閉 Aero 搖動視窗最小化滑鼠手勢
防止新增、拖曳、置放及關閉工作列的工具列
隱藏並停用桌面上的所有項目
隱藏桌面上的 Internet Explorer 圖示
隱藏桌面上的 [網路位置] 圖示
Network
Windows Connect Now
禁止存取 Windows Connect Now 精靈
網路連線
可以刪除使用者開放遠端存取連線
可以啟用或停用區域網路連線
可以變更所有使用者遠端存取連線的內容
可以重新命名區域網路連線
可以重新命名所有使用者遠端存取連線
在只有有限的連線或無連線能力時關閉通知
所有的使用者都可以重新命名區域連線或遠端存取連線
禁止使用 TCP/IP 進階設定
禁止刪除遠端存取連線
禁止啟用或停用區域網路連線的元件
禁止存取 [進階] 功能表中的 [進階設定]
禁止存取 [進階] 功能表中的遠端存取喜好設定
禁止存取區域網路連線的屬性
禁止存取區域連線的元件屬性
禁止存取新增連線精靈
禁止存取遠端存取連線的元件屬性
禁止建立及中斷遠端存取連線
禁止新增及移除區域網路或遠端存取連線的元件
禁止檢視使用中連線的狀態
禁止變更私人遠端存取連線的屬性
禁止重新命名私人遠端存取連線
系統管理員可以進行 Windows 2000 網路連線設定
離線檔案
事件記錄層級
伺服器中斷連線時的動作
備忘提醒出現頻率
備忘提醒存留時間
備忘提醒的初始存留時間
在暫停之前同步處理離線檔案
指定系統管理指派的離線檔案
登入時將所有離線檔案同步處理
登出前對所有離線檔案進行同步處理
禁止使用者設定離線檔案
移除 [設定成可離線瀏覽] 命令
移除 [離線工作] 命令
移除這些檔案和資料夾的 [設定成可離線瀏覽]
關閉備忘提醒
防止使用離線檔案資料夾
非預設的伺服器中斷連線時的動作
Shared Folders
允許發佈共用資料夾
允許發佈分散式檔案系統根目錄
Start Menu and Taskbar
Notifications
Set the time Quiet Hours begins each day
Set the time Quiet Hours ends each day
Turn off calls during Quiet Hours
Turn off notification mirroring
Turn off Quiet Hours
Turn off tile notifications
Turn off toast notifications
Turn off toast notifications on the lock screen
Add "Run in Separate Memory Space" check box to Run dialog box
Add Logoff to the Start Menu
Add Search Internet link to Start Menu
Add the Run command to the Start Menu
Change Start Menu power button
Clear history of recently opened documents on exit
Clear the recent programs list for new users
Clear tile notifications during log on
Disable context menus in the Start Menu
Do not display any custom toolbars in the taskbar
Do not keep history of recently opened documents
Do not search communications
Do not search for files
Do not search Internet
Do not search programs and Control Panel items
Do not use the search-based method when resolving shell shortcuts
Do not use the tracking-based method when resolving shell shortcuts
Force classic Start Menu
Force Start to be either full screen size or menu size
Go to the desktop instead of Start when signing in
Gray unavailable Windows Installer programs Start Menu shortcuts
Hide the notification area
List desktop apps first in the Apps view
Lock the Taskbar
Pin Apps to Start when installed
Prevent changes to Taskbar and Start Menu Settings
Prevent grouping of taskbar items
Prevent users from customizing their Start Screen
Prevent users from uninstalling applications from Start
Remove "Recently added" list from Start Menu
Remove access to the context menus for the taskbar
Remove All Programs list from the Start menu
Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands
Remove Balloon Tips on Start Menu items
Remove Clock from the system notification area
Remove common program groups from Start Menu
Remove Default Programs link from the Start menu.
Remove Documents icon from Start Menu
Remove Downloads link from Start Menu
Remove Favorites menu from Start Menu
Remove frequent programs list from the Start Menu
Remove Games link from Start Menu
Remove Help menu from Start Menu
Remove Homegroup link from Start Menu
Remove links and access to Windows Update
Remove Logoff on the Start Menu
Remove Music icon from Start Menu
Remove Network Connections from Start Menu
Remove Network icon from Start Menu
Remove Pictures icon from Start Menu
Remove pinned programs list from the Start Menu
Remove programs on Settings menu
Remove Recent Items menu from Start Menu
Remove Recorded TV link from Start Menu
Remove Run menu from Start Menu
Remove Search Computer link
Remove Search link from Start Menu
Remove See More Results / Search Everywhere link
Remove the "Undock PC" button from the Start Menu
Remove the Meet Now icon
Remove the People Bar from the taskbar
Remove user's folders from the Start Menu
Remove user folder link from Start Menu
Remove user name from Start Menu
Remove Videos link from Start Menu
Search just apps from the Apps view
Show "Run as different user" command on Start
Show additional calendar
Show or hide "Most used" list from Start menu
Show QuickLaunch on Taskbar
Show Start on the display the user is using when they press the Windows logo key
Show the Apps view automatically when the user goes to Start
Start Layout
Turn off notification area cleanup
Turn off personalized menus
Turn off user tracking
不允許在多部顯示器顯示工作列
不允許釘選市集應用程式到工作列
不允許釘選程式到工作列
不允許釘選項目在捷徑清單上
不顯示或追蹤來自遠端位置的捷徑清單項目
停用顯示球形文字說明作為快顯通知。
在工作列上顯示 Windows 市集應用程式
從工作列移除釘選的程式
移除安全性與維護圖示
移除網路功能圖示
移除通知與重要訊息中心
移除電池計量表
移除音量控制圖示
鎖定所有工作列設定
關閉功能通告提示氣球通知
關閉工作列縮圖
關閉所有球形文字說明通知
關閉自動將通知圖示升級到工作列
防止使用者將工作列移至另一個螢幕固定位置
防止使用者新增或移除工具列
防止使用者調整工作列大小
防止使用者重新排列工具列
System
Ctrl+Alt+Del 選項
移除工作管理員
移除登出
移除變更密碼
移除鎖定電腦
Display
Configure Per-Process System DPI settings
Internet Communication Management
Internet Communication settings
關閉 HTTP 上的列印
關閉 Windows Messenger 客戶經驗改進計畫
關閉 Windows 線上
關閉 [訂購沖印] 圖片工作
關閉個人化手寫資料共用
關閉市集的存取權
關閉手寫辨識錯誤報告
關閉檔案及資料夾的 [發佈到網站] 工作
關閉網際網路檔案關聯服務
關閉網頁發佈和線上訂購精靈的網際網路下載
關閉說明使用經驗改進計畫
關閉說明分級
關閉透過 HTTP 下載印表機驅動程式
限制網際網路通訊
Locale Services
Disallow changing of geographic location
Disallow selection of Custom Locales
Disallow user override of locale settings
Restrict user locales
使用者設定檔
在漫遊設定檔中排除目錄
將主目錄連線到共用的根目錄
指定只可在登入/登出時同步網路目錄
限制設定檔大小
抽取式存放裝置存取權
CD 與 DVD: 拒絕寫入存取權
CD 與 DVD: 拒絕讀取存取權
WPD 裝置: 拒絕寫入存取權
WPD 裝置: 拒絕讀取存取權
所有抽取式儲存裝置類別: 拒絕所有存取
抽取式磁碟: 拒絕寫入存取權
抽取式磁碟: 拒絕讀取存取權
磁帶機: 拒絕寫入存取權
磁帶機: 拒絕讀取存取權
自訂類別: 拒絕寫入存取權
自訂類別: 拒絕讀取存取權
設定強制重新開機的時間 (秒)
軟碟機: 拒絕寫入存取權
軟碟機: 拒絕讀取存取權
指令碼
使用者登入、登出時先執行 Windows PowerShell 指令碼
同步執行登入指令檔
執行登入指令碼時顯示其中的指示
執行登出指令碼時顯示其中的指示
隱藏前版指令碼的執行狀態
登入
不要處理只執行一次清單
不要處理舊版執行清單
當使用者登入時執行這些程式
緩和選項
Process Mitigation Options
群組原則
只強制顯示原則
將新群組原則物件連結的預設建立為已停用
決定互動式使用者是否可以產生原則結果組資料
設定使用者的群組原則更新間隔
設定新群組原則物件的預設名稱
設定群組原則低速連結偵測
設定選取群組原則網域控制站
關閉 ADM 檔案的自動更新
資料夾重新導向
不要將所有重新導向資料夾自動變成離線可用
不要將特定重新導向資料夾自動變成離線可用
僅重新導向主要電腦中的資料夾
在資料夾重新導向伺服器路徑變更時啟用離線檔案快取內容的最佳移動方式
重新導向 [開始] 功能表和 [我的文件] 時,使用當地語系化的子資料夾名稱
電源管理
中止休眠/暫停狀態並恢復執行時必須輸入密碼
驅動程式安裝
裝置驅動程式的程式碼簽署
設定驅動程式搜尋位置
關閉 Windows Update 裝置驅動程式搜尋提示
Century interpretation for Year 2000
Windows Automatic Updates
下載遺失的 COM 元件
不要執行已指定的 Windows 應用程式
只執行指定的 Windows 應用程式
登入時不要顯示 [開始使用] 的歡迎畫面
自訂使用者介面
防止存取命令提示字元
防止存取登錄編輯工具
限制這些程式從說明中啟動
Windows Components
Calculator
Allow Graphing Calculator
Data Collection and Preview Builds
Allow Diagnostic Data
Configure collection of browsing data for Desktop Analytics
File Explorer
檔案總管框架窗格
開啟或關閉詳細資料窗格
關閉預覽窗格
舊版
防止從備份還原先前的版本
防止還原本機舊版
防止還原遠端舊版
隱藏備份位置上的舊版檔案
隱藏舊版本機檔案的清單
隱藏舊版遠端檔案的清單
通用開啟檔案對話方塊
隱藏一般對話方塊區域列
隱藏公用對話方塊中的 [上一步] 按鈕
隱藏最近檔案的下拉式清單
顯示在區域列的項目
[網路位置] 中不顯示整個網路
不允許從功能區 [檢視] 索引標籤上的 [選項] 按鈕開啟 [資料夾選項]
不要將已刪除的檔案移到資源回收筒中
不要求替代的認證
使用功能區最小化啟動 [檔案總管]
使用者/電腦的所有預設媒體櫃定義檔所在的位置。
使用者登入時不要顯示 [歡迎中心]
停用在沒有中介層的情況下直接繫結到 IPropertySetStorage。
停用已知資料夾
刪除檔案時顯示確認對話方塊
只允許個別使用者的或被允許的殼層延伸
啟動傳統殼層
將媒體櫃或搜尋連接器釘選在 [再次搜尋] 連結和 [開始] 功能表上
將網際網路搜尋網站釘選在 [再次搜尋] 連結和 [開始] 功能表上
從 [我的電腦] 移除 [共用文件]
從 [檔案總管] 中移除 [檔案] 功能表
最近文件的最大數目
漫遊時不追蹤殼層捷徑
移除 CD 燒錄功能
移除 [DFS] 索引標籤
移除 [安全性] 索引標籤
移除 [檔案總管] 的 [搜尋] 按鈕
移除 [檔案總管] 的預設內容功能表
移除 [硬體] 索引標籤
移除 [連線網路磁碟機] 及 [中斷網路磁碟機]
移除使用者介面來變更功能表動畫設定
移除使用者介面來變更鍵盤瀏覽指示器設定
移除搜尋網際網路的 [再次搜尋] 連結
網路位置中不含在我附近的電腦
要求網路安裝的認證
資源回收筒容量最大值
關閉 Windows+X 快速鍵
關閉 [內容檢視] 模式中程式碼片段的顯示
關閉 [檔案總管] 中的數字排序
關閉一般控制項與視窗動畫
關閉依存於索引檔案資料的 Windows 媒體櫃功能
關閉在 [檔案總管] 搜尋方塊中顯示最近搜尋項目
關閉在隱藏的 thumbs.db 檔案中快取縮圖
關閉殼層通訊協定受保護模式
關閉網路資料夾上的縮圖顯示,僅顯示圖示
關閉縮圖快取處理
關閉縮圖顯示,僅顯示圖示。
防止使用者新增檔案至其 [使用者檔案] 資料夾的根目錄中。
防止從 [我的電腦] 存取磁碟機
隱藏 [我的電腦] 中這些指定的磁碟機
隱藏 [檔案總管] 內容功能表上的 [管理] 項目
顯示 [檔案總管] 中的功能表列
IME
Configure Japanese IME version
Configure Korean IME version
Configure Simplified Chinese IME version
Configure Traditional Chinese IME version
Do not include Non-Publishing Standard Glyph in the candidate list
Restrict character code range of conversion
Turn off custom dictionary
Turn off history-based predictive input
Turn off Internet search integration
Turn off Open Extended Dictionary
Turn off saving auto-tuning data to file
Turn on cloud candidate for CHS
Turn on cloud candidate
Turn on lexicon update
Turn on Live Sticker
Turn on misconversion logging for misconversion report
Internet Explorer
Accelerators
Add default Accelerators
Add non-default Accelerators
Restrict Accelerators to those deployed through Group Policy
Turn off Accelerators
Administrator Approved Controls
Audio/Video Player
Carpoint
DHTML Edit Control
Investor
Menu Controls
Microsoft Agent
Microsoft Chat
Microsoft Scriptlet Component
Microsoft Survey Control
MSNBC
NetShow File Transfer Control
Shockwave Flash
Application Compatibility
Clipboard access
Bypass prompting for Clipboard access for scripts running in any process
Bypass prompting for Clipboard access for scripts running in the Internet Explorer process
Define applications and processes that can access the Clipboard without prompting
Browser menus
Disable Open in New Window menu option
Disable Save this program to disk option
File menu: Disable closing the browser and Explorer windows
File menu: Disable New menu option
File menu: Disable Open menu option
File menu: Disable Save As... menu option
File menu: Disable Save As Web Page Complete
Help menu: Remove 'For Netscape Users' menu option
Help menu: Remove 'Send Feedback' menu option
Help menu: Remove 'Tip of the Day' menu option
Help menu: Remove 'Tour' menu option
Hide Favorites menu
Tools menu: Disable Internet Options... menu option
Turn off Print Menu
Turn off Shortcut Menu
Turn off the ability to launch report site problems using a menu option
View menu: Disable Full Screen menu option
View menu: Disable Source menu option
Compatibility View
Include updated website lists from Microsoft
Turn off Compatibility View button
Turn off Compatibility View
Turn on Internet Explorer 7 Standards Mode
Turn on Internet Explorer Standards Mode for local intranet
Use Policy List of Internet Explorer 7 sites
Use Policy List of Quirks Mode sites
Delete Browsing History
Allow deleting browsing history on exit
Disable "Configuring History"
Prevent access to Delete Browsing History
Prevent deleting ActiveX Filtering, Tracking Protection, and Do Not Track data
Prevent deleting cookies
Prevent deleting download history
Prevent deleting favorites site data
Prevent deleting form data
Prevent deleting InPrivate Filtering data
Prevent deleting passwords
Prevent deleting temporary Internet files
Prevent deleting websites that the user has visited
Prevent the deletion of temporary Internet files and cookies
Internet Control Panel
Advanced Page
Allow active content from CDs to run on user machines
Allow Install On Demand (except Internet Explorer)
Allow Install On Demand (Internet Explorer)
Allow Internet Explorer to use the HTTP2 network protocol
Allow Internet Explorer to use the SPDY/3 network protocol
Allow software to run or install even if the signature is invalid
Allow third-party browser extensions
Always send Do Not Track header
Automatically check for Internet Explorer updates
Check for server certificate revocation
Check for signatures on downloaded programs
Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled
Do not allow resetting Internet Explorer settings
Do not save encrypted pages to disk
Empty Temporary Internet Files folder when browser is closed
Play animations in web pages
Play sounds in web pages
Play videos in web pages
Turn off ClearType
Turn off encryption support
Turn off loading websites and content in the background to optimize performance
Turn off Profile Assistant
Turn off sending UTF-8 query strings for URLs
Turn off the flip ahead with page prediction feature
Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows
Turn on Caret Browsing support
Turn on Enhanced Protected Mode
Use HTTP 1.1 through proxy connections
Use HTTP 1.1
Content Page
Show Content Advisor on Internet Options
General Page
Browsing History
Allow websites to store application caches on client computers
Allow websites to store indexed databases on client computers
Set application caches expiration time limit for individual domains
Set application cache storage limits for individual domains
Set default storage limits for websites
Set indexed database storage limits for individual domains
Set maximum application cache individual resource size
Set maximum application cache resource list size
Set maximum application caches storage limit for all domains
Set maximum indexed database storage limit for all domains
Start Internet Explorer with tabs from last browsing session
Security Page
Internet Zone
Access data sources across domains
Allow active content over restricted protocols to access my computer
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow loading of XAML Browser Applications
Allow loading of XAML files
Allow loading of XPS files
Allow META REFRESH
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use the TDC ActiveX control
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer WebBrowser controls
Allow scriptlets
Allow updates to status bar via script
Allow VBScript to run in Internet Explorer
Allow video and animation on a webpage that uses an older media player
Allow websites to open windows without status bar or Address bar
Allow websites to prompt for information by using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Display mixed content
Don't run antimalware programs against ActiveX controls
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Enable dragging of content from different domains across windows
Enable dragging of content from different domains within a window
Enable MIME Sniffing
Include local path when user is uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Logon options
Navigate windows and frames across different domains
Render legacy filters
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Show security warning for potentially unsafe files
Software channel permissions
Submit non-encrypted form data
Turn off .NET Framework Setup
Turn off first-run prompt
Turn on Cross-Site Scripting Filter
Turn on Protected Mode
Turn on SmartScreen Filter scan
Use Pop-up Blocker
Userdata persistence
Web sites in less privileged Web content zones can navigate into this zone
允許在 [檔案總管] 的 OpenSearch 查詢結果中預覽和自訂縮圖
在 [檔案總管] 中允許 OpenSearch 查詢
Intranet Zone
Access data sources across domains
Allow active content over restricted protocols to access my computer
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow loading of XAML Browser Applications
Allow loading of XAML files
Allow loading of XPS files
Allow META REFRESH
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use the TDC ActiveX control
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer WebBrowser controls
Allow scriptlets
Allow updates to status bar via script
Allow VBScript to run in Internet Explorer
Allow video and animation on a webpage that uses an older media player
Allow websites to open windows without status bar or Address bar
Allow websites to prompt for information by using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Display mixed content
Don't run antimalware programs against ActiveX controls
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Enable dragging of content from different domains across windows
Enable dragging of content from different domains within a window
Enable MIME Sniffing
Include local path when user is uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Logon options
Navigate windows and frames across different domains
Render legacy filters
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Show security warning for potentially unsafe files
Software channel permissions
Submit non-encrypted form data
Turn off .NET Framework Setup
Turn off first-run prompt
Turn on Cross-Site Scripting Filter
Turn on Protected Mode
Turn on SmartScreen Filter scan
Use Pop-up Blocker
Userdata persistence
Web sites in less privileged Web content zones can navigate into this zone
允許在 [檔案總管] 的 OpenSearch 查詢結果中預覽和自訂縮圖
在 [檔案總管] 中允許 OpenSearch 查詢
Local Machine Zone
Access data sources across domains
Allow active content over restricted protocols to access my computer
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow loading of XAML Browser Applications
Allow loading of XAML files
Allow loading of XPS files
Allow META REFRESH
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use the TDC ActiveX control
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer WebBrowser controls
Allow scriptlets
Allow updates to status bar via script
Allow VBScript to run in Internet Explorer
Allow video and animation on a webpage that uses an older media player
Allow websites to open windows without status bar or Address bar
Allow websites to prompt for information by using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Display mixed content
Don't run antimalware programs against ActiveX controls
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Enable dragging of content from different domains across windows
Enable dragging of content from different domains within a window
Enable MIME Sniffing
Include local path when user is uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Logon options
Navigate windows and frames across different domains
Render legacy filters
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Show security warning for potentially unsafe files
Software channel permissions
Submit non-encrypted form data
Turn off .NET Framework Setup
Turn off first-run prompt
Turn on Cross-Site Scripting Filter
Turn on Protected Mode
Turn on SmartScreen Filter scan
Use Pop-up Blocker
Userdata persistence
Web sites in less privileged Web content zones can navigate into this zone
允許在 [檔案總管] 的 OpenSearch 查詢結果中預覽和自訂縮圖
在 [檔案總管] 中允許 OpenSearch 查詢
Locked-Down Internet Zone
Access data sources across domains
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow loading of XAML Browser Applications
Allow loading of XAML files
Allow loading of XPS files
Allow META REFRESH
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use the TDC ActiveX control
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer WebBrowser controls
Allow scriptlets
Allow updates to status bar via script
Allow VBScript to run in Internet Explorer
Allow video and animation on a webpage that uses an older media player
Allow websites to open windows without status bar or Address bar
Allow websites to prompt for information by using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Display mixed content
Don't run antimalware programs against ActiveX controls
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Enable dragging of content from different domains across windows
Enable dragging of content from different domains within a window
Enable MIME Sniffing
Include local path when user is uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Logon options
Navigate windows and frames across different domains
Render legacy filters
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Show security warning for potentially unsafe files
Software channel permissions
Submit non-encrypted form data
Turn off .NET Framework Setup
Turn off first-run prompt
Turn on Cross-Site Scripting Filter
Turn on Protected Mode
Turn on SmartScreen Filter scan
Use Pop-up Blocker
Userdata persistence
Web sites in less privileged Web content zones can navigate into this zone
允許在 [檔案總管] 的 OpenSearch 查詢結果中預覽和自訂縮圖
在 [檔案總管] 中允許 OpenSearch 查詢
Locked-Down Intranet Zone
Access data sources across domains
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow loading of XAML Browser Applications
Allow loading of XAML files
Allow loading of XPS files
Allow META REFRESH
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use the TDC ActiveX control
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer WebBrowser controls
Allow scriptlets
Allow updates to status bar via script
Allow VBScript to run in Internet Explorer
Allow video and animation on a webpage that uses an older media player
Allow websites to open windows without status bar or Address bar
Allow websites to prompt for information by using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Display mixed content
Don't run antimalware programs against ActiveX controls
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Enable dragging of content from different domains across windows
Enable dragging of content from different domains within a window
Enable MIME Sniffing
Include local path when user is uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Logon options
Navigate windows and frames across different domains
Render legacy filters
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Show security warning for potentially unsafe files
Software channel permissions
Submit non-encrypted form data
Turn off .NET Framework Setup
Turn off first-run prompt
Turn on Cross-Site Scripting Filter
Turn on Protected Mode
Turn on SmartScreen Filter scan
Use Pop-up Blocker
Userdata persistence
Web sites in less privileged Web content zones can navigate into this zone
允許在 [檔案總管] 的 OpenSearch 查詢結果中預覽和自訂縮圖
在 [檔案總管] 中允許 OpenSearch 查詢
Locked-Down Local Machine Zone
Access data sources across domains
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow loading of XAML Browser Applications
Allow loading of XAML files
Allow loading of XPS files
Allow META REFRESH
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use the TDC ActiveX control
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer WebBrowser controls
Allow scriptlets
Allow updates to status bar via script
Allow VBScript to run in Internet Explorer
Allow video and animation on a webpage that uses an older media player
Allow websites to open windows without status bar or Address bar
Allow websites to prompt for information by using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Display mixed content
Don't run antimalware programs against ActiveX controls
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Enable dragging of content from different domains across windows
Enable dragging of content from different domains within a window
Enable MIME Sniffing
Include local path when user is uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Logon options
Navigate windows and frames across different domains
Render legacy filters
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Show security warning for potentially unsafe files
Software channel permissions
Submit non-encrypted form data
Turn off .NET Framework Setup
Turn off first-run prompt
Turn on Cross-Site Scripting Filter
Turn on Protected Mode
Turn on SmartScreen Filter scan
Use Pop-up Blocker
Userdata persistence
Web sites in less privileged Web content zones can navigate into this zone
允許在 [檔案總管] 的 OpenSearch 查詢結果中預覽和自訂縮圖
在 [檔案總管] 中允許 OpenSearch 查詢
Locked-Down Restricted Sites Zone
Access data sources across domains
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow loading of XAML Browser Applications
Allow loading of XAML files
Allow loading of XPS files
Allow META REFRESH
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use the TDC ActiveX control
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer WebBrowser controls
Allow scriptlets
Allow updates to status bar via script
Allow VBScript to run in Internet Explorer
Allow video and animation on a webpage that uses an older media player
Allow websites to open windows without status bar or Address bar
Allow websites to prompt for information by using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Display mixed content
Don't run antimalware programs against ActiveX controls
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Enable dragging of content from different domains across windows
Enable dragging of content from different domains within a window
Enable MIME Sniffing
Include local path when user is uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Logon options
Navigate windows and frames across different domains
Render legacy filters
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Show security warning for potentially unsafe files
Software channel permissions
Submit non-encrypted form data
Turn off .NET Framework Setup
Turn off first-run prompt
Turn on Cross-Site Scripting Filter
Turn on Protected Mode
Turn on SmartScreen Filter scan
Use Pop-up Blocker
Userdata persistence
Web sites in less privileged Web content zones can navigate into this zone
允許在 [檔案總管] 的 OpenSearch 查詢結果中預覽和自訂縮圖
在 [檔案總管] 中允許 OpenSearch 查詢
Locked-Down Trusted Sites Zone
Access data sources across domains
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow loading of XAML Browser Applications
Allow loading of XAML files
Allow loading of XPS files
Allow META REFRESH
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use the TDC ActiveX control
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer WebBrowser controls
Allow scriptlets
Allow updates to status bar via script
Allow VBScript to run in Internet Explorer
Allow video and animation on a webpage that uses an older media player
Allow websites to open windows without status bar or Address bar
Allow websites to prompt for information by using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Display mixed content
Don't run antimalware programs against ActiveX controls
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Enable dragging of content from different domains across windows
Enable dragging of content from different domains within a window
Enable MIME Sniffing
Include local path when user is uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Logon options
Navigate windows and frames across different domains
Render legacy filters
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Show security warning for potentially unsafe files
Software channel permissions
Submit non-encrypted form data
Turn off .NET Framework Setup
Turn off first-run prompt
Turn on Cross-Site Scripting Filter
Turn on Protected Mode
Turn on SmartScreen Filter scan
Use Pop-up Blocker
Userdata persistence
Web sites in less privileged Web content zones can navigate into this zone
允許在 [檔案總管] 的 OpenSearch 查詢結果中預覽和自訂縮圖
在 [檔案總管] 中允許 OpenSearch 查詢
Restricted Sites Zone
Access data sources across domains
Allow active content over restricted protocols to access my computer
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow loading of XAML Browser Applications
Allow loading of XAML files
Allow loading of XPS files
Allow META REFRESH
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use the TDC ActiveX control
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer WebBrowser controls
Allow scriptlets
Allow updates to status bar via script
Allow VBScript to run in Internet Explorer
Allow video and animation on a webpage that uses an older media player
Allow websites to open windows without status bar or Address bar
Allow websites to prompt for information by using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Display mixed content
Don't run antimalware programs against ActiveX controls
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Enable dragging of content from different domains across windows
Enable dragging of content from different domains within a window
Enable MIME Sniffing
Include local path when user is uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Logon options
Navigate windows and frames across different domains
Render legacy filters
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Show security warning for potentially unsafe files
Software channel permissions
Submit non-encrypted form data
Turn off .NET Framework Setup
Turn off first-run prompt
Turn on Cross-Site Scripting Filter
Turn on Protected Mode
Turn on SmartScreen Filter scan
Use Pop-up Blocker
Userdata persistence
Web sites in less privileged Web content zones can navigate into this zone
允許在 [檔案總管] 的 OpenSearch 查詢結果中預覽和自訂縮圖
在 [檔案總管] 中允許 OpenSearch 查詢
Trusted Sites Zone
Access data sources across domains
Allow active content over restricted protocols to access my computer
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow loading of XAML Browser Applications
Allow loading of XAML files
Allow loading of XPS files
Allow META REFRESH
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use the TDC ActiveX control
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer WebBrowser controls
Allow scriptlets
Allow updates to status bar via script
Allow VBScript to run in Internet Explorer
Allow video and animation on a webpage that uses an older media player
Allow websites to open windows without status bar or Address bar
Allow websites to prompt for information by using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Display mixed content
Don't run antimalware programs against ActiveX controls
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Enable dragging of content from different domains across windows
Enable dragging of content from different domains within a window
Enable MIME Sniffing
Include local path when user is uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Logon options
Navigate windows and frames across different domains
Render legacy filters
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Show security warning for potentially unsafe files
Software channel permissions
Submit non-encrypted form data
Turn off .NET Framework Setup
Turn off first-run prompt
Turn on Cross-Site Scripting Filter
Turn on Protected Mode
Turn on SmartScreen Filter scan
Use Pop-up Blocker
Userdata persistence
Web sites in less privileged Web content zones can navigate into this zone
允許在 [檔案總管] 的 OpenSearch 查詢結果中預覽和自訂縮圖
在 [檔案總管] 中允許 OpenSearch 查詢
Internet Zone Template
Intranet Sites: Include all local (intranet) sites not listed in other zones
Intranet Sites: Include all network paths (UNCs)
Intranet Sites: Include all sites that bypass the proxy server
Intranet Zone Template
Local Machine Zone Template
Locked-Down Internet Zone Template
Locked-Down Intranet Zone Template
Locked-Down Local Machine Zone Template
Locked-Down Restricted Sites Zone Template
Locked-Down Trusted Sites Zone Template
Restricted Sites Zone Template
Site to Zone Assignment List
Trusted Sites Zone Template
Turn on automatic detection of intranet
Turn on certificate address mismatch warning
Turn on Notification bar notification for intranet content
Disable the Advanced page
Disable the Connections page
Disable the Content page
Disable the General page
Disable the Privacy page
Disable the Programs page
Disable the Security page
Prevent ignoring certificate errors
Send internationalized domain names
Use UTF-8 for mailto links
Internet Settings
Advanced settings
Browsing
Go to an intranet site for a one-word entry in the Address bar
Hide the button (next to the New Tab button) that opens Microsoft Edge
Turn off configuring underline links
Turn off details in messages about Internet connection problems
Turn off page transitions
Turn off phone number detection
Turn off smooth scrolling
Turn on script debugging
Turn on the display of script errors
Internet Connection Wizard Settings
Start the Internet Connection Wizard automatically
Multimedia
Allow Internet Explorer to play media files that use alternative codecs
Allow the display of image download placeholders
Turn off automatic image resizing
Turn off image display
Turn off smart image dithering
Printing
Turn on printing of background colors and images
Searching
Prevent configuration of search on Address bar
Prevent configuration of top-result search on Address bar
Signup Settings
Turn on automatic signup
AutoComplete
Turn off inline AutoComplete in File Explorer
Turn off URL Suggestions
Turn off Windows Search AutoComplete
Turn on inline AutoComplete
Display settings
General Colors
Prevent specifying background color
Prevent specifying text color
Prevent the use of Windows colors
Link Colors
Prevent specifying the color of links that have already been clicked
Prevent specifying the color of links that have not yet been clicked
Prevent specifying the hover color
Turn on the hover color option
Prevent choosing default text size
URL Encoding
Turn off sending URL path as UTF-8
Open Internet Explorer tiles on the desktop
Set how links are opened in Internet Explorer
Offline Pages
Disable adding channels
Disable adding schedules for offline pages
Disable all scheduled offline pages
Disable channel user interface completely
Disable downloading of site subscription content
Disable editing and creating of schedule groups
Disable editing schedules for offline pages
Disable offline page hit logging
Disable removing channels
Disable removing schedules for offline pages
Subscription Limits
Persistence Behavior
File size limits for Internet zone
File size limits for Intranet zone
File size limits for Local Machine zone
File size limits for Restricted Sites zone
File size limits for Trusted Sites zone
Privacy
Establish InPrivate Filtering threshold
Establish Tracking Protection threshold
Prevent the computer from loading toolbars and Browser Helper Objects when InPrivate Browsing starts
Turn off collection of InPrivate Filtering data
Turn off InPrivate Browsing
Turn off InPrivate Filtering
Turn off Tracking Protection
Security Features
Add-on Management
Add-on List
All Processes
Deny all add-ons unless specifically allowed in the Add-on List
Process List
Remove "Run this time" button for outdated ActiveX controls in Internet Explorer
Turn off automatic download of the ActiveX VersionList
Turn off blocking of outdated ActiveX controls for Internet Explorer
Turn off blocking of outdated ActiveX controls for Internet Explorer on specific domains
Turn on ActiveX control logging in Internet Explorer
AJAX
Allow native XMLHTTP support
Change the maximum number of connections per host (HTTP 1.1)
Maximum number of connections per server (HTTP 1.0)
Set the maximum number of WebSocket connections per server
Turn off cross-document messaging
Turn off the WebSocket Object
Turn off the XDomainRequest object
Binary Behavior Security Restriction
Admin-approved behaviors
All Processes
Install binaries signed by MD2 and MD4 signing technologies
Internet Explorer Processes
Process List
Consistent Mime Handling
All Processes
Internet Explorer Processes
Process List
Local Machine Zone Lockdown Security
All Processes
Internet Explorer Processes
Process List
Mime Sniffing Safety Feature
All Processes
Internet Explorer Processes
Process List
MK Protocol Security Restriction
All Processes
Internet Explorer Processes
Process List
Network Protocol Lockdown
Restricted Protocols Per Security Zone
Internet Zone Restricted Protocols
Intranet Zone Restricted Protocols
Local Machine Zone Restricted Protocols
Restricted Sites Zone Restricted Protocols
Trusted Sites Zone Restricted Protocols
All Processes
Internet Explorer Processes
Process List
Notification bar
All Processes
Internet Explorer Processes
Process List
Object Caching Protection
All Processes
Internet Explorer Processes
Process List
Protection From Zone Elevation
All Processes
Internet Explorer Processes
Process List
Restrict ActiveX Install
All Processes
Internet Explorer Processes
Process List
Restrict File Download
All Processes
Internet Explorer Processes
Process List
Scripted Window Security Restrictions
All Processes
Internet Explorer Processes
Process List
Do not display the reveal password button
Turn off Data URI support
Toolbars
Configure Toolbar Buttons
Customize command labels
Disable customizing browser toolbar buttons
Disable customizing browser toolbars
Display tabs on a separate row
Hide the Command bar
Hide the status bar
Lock all toolbars
Lock location of Stop and Refresh buttons
Turn off Developer Tools
Turn off toolbar upgrade tool
Use large icons for command buttons
Add a specific list of search providers to the user's list of search providers
Allow "Save Target As" in Internet Explorer mode
Allow Internet Explorer 8 shutdown behavior
Allow Microsoft services to provide enhanced suggestions as the user types in the Address bar
Automatically activate newly installed add-ons
Configure Media Explorer Bar
Configure Outlook Express
Configure which channel of Microsoft Edge to use for opening redirected sites
Customize user agent string
Disable AutoComplete for forms
Disable caching of Auto-Proxy scripts
Disable changing accessibility settings
Disable changing Advanced page settings
Disable changing Automatic Configuration settings
Disable changing Calendar and Contact settings
Disable changing certificate settings
Disable changing color settings
Disable changing connection settings
Disable changing default browser check
Disable changing font settings
Disable changing home page settings
Disable changing language settings
Disable changing link color settings
Disable changing Messaging settings
Disable changing Profile Assistant settings
Disable changing ratings settings
Disable changing secondary home page settings
Disable changing Temporary Internet files settings
Disable external branding of Internet Explorer
Disable Import/Export Settings wizard
Disable Internet Connection wizard
Disable Internet Explorer 11 as a standalone browser
Disable the Reset Web Settings feature
Display error message on proxy script download failure
Do not allow users to enable or disable add-ons
Enable extended hot keys in Internet Explorer mode
Enforce full-screen mode
Identity Manager: Prevent users from using Identities
Keep all intranet sites in Internet Explorer
Let users turn on and use Enterprise Mode from the Tools menu
Limit Site Discovery output by Domain
Limit Site Discovery output by Zone
Notify users if Internet Explorer is not the default web browser
Pop-up allow list
Position the menu bar above the navigation bar
Prevent "Fix settings" functionality
Prevent access to Internet Explorer Help
Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet
Prevent bypassing SmartScreen Filter warnings
Prevent changing pop-up filter level
Prevent changing proxy settings
Prevent changing the default search provider
Prevent configuration of how windows open
Prevent configuration of new tab creation
Prevent Internet Explorer Search box from appearing
Prevent managing pop-up exception list
Prevent managing SmartScreen Filter
Prevent managing the phishing filter
Prevent participation in the Customer Experience Improvement Program
Prevent per-user installation of ActiveX controls
Prevent running First Run wizard
Replace JScript by loading JScript9Legacy in place of JScript via MSHTML/WebOC.
Restrict search providers to a specific list
Search: Disable Find Files via F3 within the browser
Search: Disable Search Customization
Send all sites not included in the Enterprise Mode Site List to Microsoft Edge.
Set tab process growth
Show message when opening sites in Microsoft Edge using Enterprise Mode
Specify default behavior for a new tab
Specify use of ActiveX Installer Service for installation of ActiveX controls
Turn off ability to pin sites in Internet Explorer on the desktop
Turn off ActiveX Opt-In prompt
Turn off add-on performance notifications
Turn off Automatic Crash Recovery
Turn off browser geolocation
Turn off configuration of pop-up windows in tabbed browsing
Turn off Crash Detection
Turn off Favorites bar
Turn off Managing SmartScreen Filter for Internet Explorer 8
Turn off page-zooming functionality
Turn off pop-up management
Turn off Quick Tabs functionality
Turn off Reopen Last Browsing Session
Turn off suggestions for all user-installed providers
Turn off tabbed browsing
Turn off Tab Grouping
Turn off the auto-complete feature for web addresses
Turn off the quick pick menu
Turn off the Security Settings Check feature
Turn on ActiveX Filtering
Turn on compatibility logging
Turn on menu bar by default
Turn on Site Discovery WMI output
Turn on Site Discovery XML output
Turn on Suggested Sites
Turn on the auto-complete feature for user names and passwords on forms
Use Automatic Detection for dial-up connections
Use the Enterprise Mode IE website list
Microsoft Edge
Allow Address bar drop-down list suggestions
Allow Adobe Flash
Allow a shared Books folder
Allow clearing browsing data on exit
Allow configuration updates for the Books Library
Allow extended telemetry for the Books tab
Allow Extensions
Allow FullScreen Mode
Allow Microsoft Compatibility List
Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed
Allow Microsoft Edge to start and load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed
Allow printing
Allow Saving History
Allow search engine customization
Allow Sideloading of extension
Always show the Books Library in Microsoft Edge
Configure additional search engines
Configure Favorites Bar
Configure Home Button
Configure kiosk mode
Configure kiosk reset after idle timeout
Configure Open Microsoft Edge With
Configure the Adobe Flash Click-to-Run setting
Disable lockdown of Start pages
For PDF files that have both landscape and portrait pages, print each in its own orientation.
Keep favorites in sync between Internet Explorer and Microsoft Edge
Open a new tab with an empty tab
Prevent access to the about:flags page in Microsoft Edge
Prevent certificate error overrides
Prevent changes to Favorites on Microsoft Edge
Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start
Prevent the First Run webpage from opening on Microsoft Edge
Prevent turning off required extensions
Provision Favorites
Set default search engine
Set Home Button URL
Set New Tab page URL
Show message when opening sites in Internet Explorer
Suppress the display of Edge Deprecation Notification
Unlock Home Button
不允許 WebRTC 共用 LocalHost IP 位址
不允許「SmartScreen 篩選工具」警告覆寫
不允許針對未驗證之檔案的「SmartScreen 篩選工具」警告覆寫
允許員工傳送「不要追蹤」標頭
將所有內部網路網站傳送到 Internet Explorer 11
設定 Cookie
設定企業模式網站清單
設定公司首頁
設定我的最愛
關閉 InPrivate 瀏覽
關閉 SmartScreen 篩選工具
關閉密碼管理員
關閉快顯封鎖程式
關閉網址列搜尋建議
關閉自動填寫
關閉開發人員工具
Microsoft Management Console
限制的/許可的嵌入式管理單元
延伸嵌入式管理單元
AppleTalk 路由
DCOM 設定延伸
DFS 管理延伸
DHCP 轉接管理
IAS 記錄
IGMP 路由
IPX RIP 路由
IPX SAP 路由
IPX 路由
IP 路由
OSPF 路由
RAS 撥入 - 使用者節點
RIP 路由
SAN 存放管理員延伸
SMTP 通訊協定
SNMP
事件檢視器 (Windows Vista)
事件檢視器
傳送主控台訊息
公開金鑰原則
共用與存放管理延伸
共用資料夾延伸
延伸檢視 (網頁檢視)
憑證授權單位原則設定
抽取式存放裝置
授權管理員
服務依存性
檔案伺服器資源管理員延伸
磁碟管理延伸
系統內容
裝置管理員
路由
連線共用 (NAT)
遠端存取
邏輯和對應磁碟機
群組原則
原則結果組嵌入式管理單元延伸
Internet Explorer 維護
安全性設定
指令碼 (啟動/關機)
指令碼 (登入/登出)
系統管理範本 (使用者)
系統管理範本 (電腦)
資料夾重新導向
軟體安裝 (使用者)
軟體安裝 (電腦)
喜好設定嵌入式管理單元延伸
允許使用 Ini 檔案喜好設定延伸
允許使用 [喜好設定] 索引標籤
允許使用印表機喜好設定延伸
允許使用地區選項喜好設定延伸
允許使用應用程式喜好設定延伸
允許使用應用程式嵌入式管理單元
允許使用捷徑喜好設定延伸
允許使用排定的工作喜好設定延伸
允許使用控制台設定 (使用者)
允許使用控制台設定 (電腦)
允許使用服務喜好設定延伸
允許使用本機使用者和群組喜好設定延伸
允許使用檔案喜好設定延伸
允許使用環境喜好設定延伸
允許使用登錄喜好設定延伸
允許使用磁碟機對應喜好設定延伸
允許使用網路共用喜好設定延伸
允許使用網路選項喜好設定延伸
允許使用網際網路設定喜好設定延伸
允許使用裝置喜好設定延伸
允許使用資料來源喜好設定延伸
允許使用資料夾喜好設定延伸
允許使用資料夾選項喜好設定延伸
允許使用開始功能表喜好設定延伸
允許使用電源選項喜好設定延伸
群組原則嵌入式管理單元延伸
Internet Explorer 維護
IP 安全性原則管理
NAP 用戶端設定
具有進階安全性的 Windows 防火牆
安全性設定
指令碼 (啟動/關機)
指令碼 (登入/登出)
有線網路 (IEEE 802.3) 原則
無線網路 (IEEE 802.11) 原則
系統管理範本 (使用者)
系統管理範本 (電腦)
資料夾重新導向
軟體安裝 (使用者)
軟體安裝 (電腦)
遠端安裝服務
Active Directory 工具的群組原則索引標籤
原則結果組嵌入式管理單元
群組原則入門 GPO 編輯器
群組原則物件編輯器
群組原則管理
群組原則管理編輯器
.Net Framework 組態
Active Directory 使用者和電腦
Active Directory 站台及服務
Active Directory 網域及信任
ActiveX 控制項
ADSI 編輯
DFS 管理
Enterprise PKI
FrontPage 伺服器延伸
IP 安全性原則管理
IP 安全性監視器
NAP 用戶端設定
QoS 許可控制
SAN 存放管理員
TPM 管理
WMI 控制
事件檢視器 (Windows Vista)
事件檢視器
伺服器管理員
健康情況登錄授權單位 (HRA)
傳真服務
元件服務
共用與存放管理
共用資料夾
具有進階安全性的 Windows 防火牆
分散式檔案系統
安全性範本
安全性設定及分析
容錯移轉叢集管理員
憑證
憑證授權單位
憑證範本
抽取式存放裝置管理
效能記錄及警示
服務
本機使用者和群組
檔案伺服器資源管理員
無線監視器
磁碟管理
磁碟重組工具
系統資訊
索引服務
網址連結
網路原則伺服器 (NPS)
網際網路資訊服務
網際網路驗證服務 (IAS)
線上回應
裝置管理員
路由及遠端存取
遠端桌面
遠端桌面服務設定
電腦管理
電話語音
限制使用者只能使用明確許可的嵌入式管理單元清單
限制使用者進入作者模式
Microsoft Passport for Work
Use certificate for on-premises authentication
使用 Microsoft Passport for Work
Microsoft User Experience Virtualization
Applications
Access 2013 backup only
Access 2016 backup only
Calculator
Common 2013 backup only
Common 2016 backup only
Excel 2013 backup only
Excel 2016 backup only
InfoPath 2013 backup only
Internet Explorer 8
Internet Explorer 9
Internet Explorer 10
Internet Explorer 11
Internet Explorer Common Settings
Lync 2013 backup only
Lync 2016 backup only
Microsoft Access 2010
Microsoft Access 2013
Microsoft Access 2016
Microsoft Excel 2010
Microsoft Excel 2013
Microsoft Excel 2016
Microsoft InfoPath 2010
Microsoft InfoPath 2013
Microsoft Lync 2010
Microsoft Lync 2013
Microsoft Lync 2016
Microsoft Office 365 Access 2013
Microsoft Office 365 Access 2016
Microsoft Office 365 Common 2013
Microsoft Office 365 Common 2016
Microsoft Office 365 Excel 2013
Microsoft Office 365 Excel 2016
Microsoft Office 365 InfoPath 2013
Microsoft Office 365 Lync 2013
Microsoft Office 365 Lync 2016
Microsoft Office 365 OneNote 2013
Microsoft Office 365 OneNote 2016
Microsoft Office 365 Outlook 2013
Microsoft Office 365 Outlook 2016
Microsoft Office 365 PowerPoint 2013
Microsoft Office 365 PowerPoint 2016
Microsoft Office 365 Project 2013
Microsoft Office 365 Project 2016
Microsoft Office 365 Publisher 2013
Microsoft Office 365 Publisher 2016
Microsoft Office 365 SharePoint Designer 2013
Microsoft Office 365 Visio 2013
Microsoft Office 365 Visio 2016
Microsoft Office 365 Word 2013
Microsoft Office 365 Word 2016
Microsoft Office 2010 Common Settings
Microsoft Office 2013 Common Settings
Microsoft Office 2013 Upload Center
Microsoft Office 2016 Common Settings
Microsoft Office 2016 Upload Center
Microsoft OneDrive for Business 2013
Microsoft OneDrive for Business 2016
Microsoft OneNote 2010
Microsoft OneNote 2013
Microsoft OneNote 2016
Microsoft Outlook 2010
Microsoft Outlook 2013
Microsoft Outlook 2016
Microsoft PowerPoint 2010
Microsoft PowerPoint 2013
Microsoft PowerPoint 2016
Microsoft Project 2010
Microsoft Project 2013
Microsoft Project 2016
Microsoft Publisher 2010
Microsoft Publisher 2013
Microsoft Publisher 2016
Microsoft SharePoint Designer 2010
Microsoft SharePoint Designer 2013
Microsoft SharePoint Workspace 2010
Microsoft Visio 2010
Microsoft Visio 2013
Microsoft Visio 2016
Microsoft Word 2010
Microsoft Word 2013
Microsoft Word 2016
Notepad
OneNote 2013 backup only
OneNote 2016 backup only
Outlook 2013 backup only
Outlook 2016 backup only
PowerPoint 2013 backup only
PowerPoint 2016 backup only
Project 2013 backup only
Project 2016 backup only
Publisher 2013 backup only
Publisher 2016 backup only
SharePoint Designer 2013 backup only
Visio 2013 backup only
Visio 2016 backup only
Word 2013 backup only
Word 2016 backup only
WordPad
Windows Apps
Finance
Games
Maps
Music
News
Reader
Sports
Travel
Video
Weather
Configure Sync Method
Do not synchronize Windows Apps
Ping the settings storage location before sync
Settings package size warning threshold
Settings storage path
Synchronization timeout
Synchronize Windows settings
Sync settings over metered connections even when roaming
Sync settings over metered connections
Use User Experience Virtualization (UE-V)
VDI Configuration
Multitasking
Configure the inclusion of Microsoft Edge tabs into Alt-Tab
NetMeeting
[選項] 畫面
停用 [進階呼叫] 按鈕
隱藏 [一般] 畫面
隱藏 [安全性] 畫面
隱藏 [視訊] 畫面
隱藏 [音訊] 畫面
應用程式共用
停用應用程式共用
防止共用
防止共用命令提示字元
防止共用檔案總管視窗
防止應用程式以全彩模式共用
防止控制
防止桌面共用
音訊及視訊
停用全雙工音訊
停用音訊
防止傳送視訊
防止接收視訊
防止變更 DirectSound 音訊設定
限制音訊和視訊的頻寬
停用 NetMeeting 2.x 電子白板
停用目錄服務
停用聊天功能
停用電子白板
允許持續性自動接受呼叫
啟用自動設定
設定內部網路支援網頁
設定呼叫安全性選項
防止傳送檔案
防止接收檔案
防止新增目錄伺服器
防止檢視網站目錄
防止自動接受呼叫
防止變更進行呼叫的方式
限制傳送檔案的大小
OOBE
Don't launch privacy settings experience on user logon
Remote Desktop Services
RD Gateway
Enable connection through RD Gateway
Set RD Gateway authentication method
Set RD Gateway server address
RemoteApp and Desktop Connections
Specify default connection URL
Remote Desktop Connection Client
Allow .rdp files from unknown publishers
Allow .rdp files from valid publishers and user's default .rdp settings
Do not allow passwords to be saved
Specify SHA1 thumbprints of certificates representing trusted .rdp publishers
Remote Desktop Session Host
Connections
Set rules for remote control of Remote Desktop Services user sessions
Device and Resource Redirection
不允許剪貼簿重新導向
允許時區重新導向
Printer Redirection
Use Remote Desktop Easy Print printer driver first
只重新導向預設用戶端印表機
Remote Session Environment
Start a program on connection
移除遠端桌面底色圖案
連線時永遠顯示桌面
Session Time Limits
End session when time limits are reached
Set time limit for active but idle Remote Desktop Services sessions
Set time limit for active Remote Desktop Services sessions
Set time limit for disconnected sessions
設定登出 RemoteApp 工作階段的時間限制
RSS Feeds
Prevent access to feed list
Prevent automatic discovery of feeds and Web Slices
Prevent downloading of enclosures
Prevent subscribing to or deleting a feed or a Web Slice
Turn off background synchronization for feeds and Web Slices
Turn on Basic feed authentication over HTTP
Tablet PC
Tablet PC 畫筆訓練
關閉 Tablet PC 畫筆訓練
敏銳筆觸學習
防止筆觸學習模式
游標
關閉畫筆回饋
畫筆 UX 行為
防止筆觸
硬體按鈕
關閉硬體按鈕
防止 Back-ESC 對應
防止啟動應用程式
防止按住不放
觸控輸入
關閉 Tablet PC 觸控輸入
關閉觸控平移
輸入面板
停用文字預測
包含其他如香港特有字元的中文、漢字字元
在輸入面板中關閉密碼安全性
若為 Tablet 手寫筆輸入,則不顯示 [輸入面板] 圖示
若為觸控輸入,則不顯示 [輸入面板] 圖示
關閉寬容與 Z 型刪除筆勢
關閉與輸入面板的自動完成整合
防止輸入面板索引標籤出現
附屬應用程式
不允許列印到筆記本便箋書寫器
不允許執行 Windows 筆記本
不允許執行剪取工具
不允許執行筆跡球
Windows Defender SmartScreen
Microsoft Edge
Configure Windows Defender SmartScreen
Prevent bypassing Windows Defender SmartScreen prompts for sites
Windows Installer
指定 Windows Installer 搜尋安裝檔案的順序
永遠以較高的特殊權限安裝
禁止復原
防止以抽取式媒體來源執行任何安裝
Windows Media Player
使用者介面
設定並鎖定面板
請勿顯示錨定
隱藏 [安全性] 索引標籤
隱藏 [隱私權] 索引標籤
播放
允許使用螢幕保護裝置
防止轉碼器下載
網路功能
串流處理媒體通訊協定
設定 HTTP Proxy
設定 MMS Proxy
設定 RTSP Proxy
設定網路緩衝處理
隱藏 [網路] 索引標籤
防止擷取 CD 和 DVD 媒體資訊
防止擷取音樂檔媒體資訊
防止擷取預設的廣播電台
Windows Messenger
不允許執行 Windows Messenger
不要一開始就自動啟動 Windows Messenger
Windows PowerShell
打開 PowerShell 指令碼區塊記錄
打開 PowerShell 轉譯
設定 Update-Help 的預設來源路徑
開啟指令碼執行
開啟模組記錄
Windows Update
Legacy Policies
Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box
Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box
Manage updates offered from Windows Server Update Service
Remove access to use all Windows Update features
Windows 登入選項
於使用者登入期間,報告登入伺服器無法使用
移除登入時數到期警告
設定登入時數到期時要採取的動作
Windows 色彩系統
禁止安裝或解除安裝色彩設定檔
Windows 行事曆
關閉 Windows 行事曆
Windows 行動中心
關閉 Windows 行動中心
Windows 錯誤報告
同意
略過自訂同意設定
自訂同意設定
設定預設同意
進階錯誤報告設定
要排除的應用程式清單
設定報告佇列
設定報告保存
不傳送其他資料
不調節其他資料
使用電池電力時傳送其他資料
停用 Windows 錯誤報告
停用記錄
自動傳送 OS 產生的錯誤報告的記憶體傾印
連線到受限/成本已評估網路時傳送資料
Work Folders
Enables the use of Token Broker for AD FS authentication
指定 Work Folders 設定
定位和感應器
關閉位置指令碼
關閉定位
關閉感應器
工作排程器
禁止工作刪除
禁止建立新工作
禁止拖放功能
禁止瀏覽
防止工作執行或結束
隱藏內容頁
隱藏新增排程工作精靈中的進階內容核取方塊
市集
Only display the private store within the Microsoft Store
關閉市集應用程式
關閉更新至最新版 Windows 的服務
應用程式執行階段
封鎖啟動與 URI 配置關聯的傳統型應用程式
封鎖啟動與檔案關聯的傳統型應用程式。
應用程式相容性
關閉程式相容性助理
搜尋
關閉搜尋歷程記錄的儲存和顯示
防止從控制台新增 UNC 位置到索引
防止為特定路徑編製索引
防止自訂控制台中的已索引位置
預設的已排除路徑
預設的已索引路徑
數位購物服務區
不允許執行數位購物服務區
新增功能到 Windows 8.1
防止精靈執行。
桌面小工具
關閉使用者安裝的桌面小工具
關閉桌面小工具
限制解壓縮和安裝未經過數位簽署的小工具。
桌面視窗管理員
視窗框架色彩設定
不允許色彩變更
指定預設色彩
不允許呼叫 Flip3D
不允許視窗動畫
檔案撤銷
允許 Windows 執行階段應用程式撤銷企業資料
立即搜尋
自訂立即搜尋網際網路搜尋提供者
簡報設定
關閉 Windows 簡報設定
網路共用
防止使用者共用其設定檔內的檔案。
自動播放原則
不允許非磁碟區裝置的自動播放
設定 AutoRun 的預設行為
關閉自動播放
防止自動播放記住使用者的選擇。
認證使用者介面
不要顯示密碼顯示按鈕
邊緣 UI
Allow edge swipe
停用說明秘訣
當使用者用滑鼠右鍵按一下左下角或按 Windows 標誌鍵+X 時,防止使用者在看到的功能表中以 Windows PowerShell 取代命令提示字元
當滑鼠指到螢幕右上角時,不要顯示 [搜尋]、[分享]、[開始]、[裝置] 及 [設定]
當滑鼠指到螢幕左上角時,不要顯示最近使用的應用程式
關閉在最近使用的應用程式之間切換
關閉追蹤應用程式使用量
錄音機
不允許執行錄音機
附件管理員
不要保留檔案附件的區域資訊
中度風險檔案類型的包含清單
低度風險檔案類型的包含清單
檔案附件的信任邏輯
檔案附件的預設風險層級
開啟附件時通知防毒程式
隱藏移除區域資訊的機制
高度風險檔案類型的包含清單
雲端內容
Configure Windows spotlight on lock screen
Do not suggest third-party content in Windows spotlight
Do not use diagnostic data for tailored experiences
Turn off all Windows spotlight features
Turn off Spotlight collection on Desktop
Turn off the Windows Welcome Experience
Turn off Windows Spotlight on Action Center
Turn off Windows Spotlight on Settings
Enable auto-subscription
×
Search in Group Policy Administrative Templates