Toggle navigation
Group Policy Home
Windows 7 and Windows Server 2008 R2
(current)
中文(香港特別行政區)
Arabic (Saudi Arabia)
العربية (المملكة العربية السعودية)
Bulgarian (Bulgaria)
български (България)
Catalan (Catalan)
català (català)
Czech (Czech Republic)
čeština (Česká republika)
Welsh (United Kingdom)
Cymraeg (y Deyrnas Unedig)
Danish (Denmark)
dansk (Danmark)
German (Germany)
Deutsch (Deutschland)
Greek (Greece)
Ελληνικά (Ελλάδα)
English (United States)
English (United States)
Spanish (Spain, International Sort)
Español (España, alfabetización internacional)
Estonian (Estonia)
eesti (Eesti)
Basque (Basque)
euskara (euskara)
Persian
فارسى (ایران)
Finnish (Finland)
suomi (Suomi)
French (France)
français (France)
Galician (Galician)
galego (galego)
Hebrew (Israel)
עברית (ישראל)
Hindi (India)
हिंदी (भारत)
Croatian (Croatia)
hrvatski (Hrvatska)
Hungarian (Hungary)
magyar (Magyarország)
Indonesian (Indonesia)
Bahasa Indonesia (Indonesia)
Icelandic (Iceland)
íslenska (Ísland)
Italian (Italy)
italiano (Italia)
Japanese (Japan)
日本語 (日本)
Kazakh (Kazakhstan)
Қазақ (Қазақстан)
Kannada (India)
ಕನ್ನಡ (ಭಾರತ)
Korean (Korea)
한국어 (대한민국)
Lithuanian (Lithuania)
lietuvių (Lietuva)
Latvian (Latvia)
latviešu (Latvija)
Malayalam (India)
മലയാളം (ഭാരതം)
Marathi (India)
मराठी (भारत)
Norwegian, Bokmål (Norway)
norsk, bokmål (Norge)
Dutch (Netherlands)
Nederlands (Nederland)
Norwegian, Nynorsk (Norway)
norsk, nynorsk (Noreg)
Polish (Poland)
polski (Polska)
Portuguese (Brazil)
Português (Brasil)
Portuguese (Portugal)
português (Portugal)
Romanian (Romania)
română (România)
Russian (Russia)
русский (Россия)
Slovak (Slovakia)
slovenčina (Slovenská republika)
Slovenian (Slovenia)
slovenski (Slovenija)
Albanian (Albania)
shqipe (Shqipëria)
Serbian (Cyrillic, Serbia and Montenegro (Former))
српски (Србија и Црна Гора (Претходно))
Serbian (Latin, Serbia and Montenegro (Former))
srpski (Srbija i Crna Gora (Prethodno))
Swedish (Sweden)
svenska (Sverige)
Tamil (India)
தமிழ் (இந்தியா)
Telugu (India)
తెలుగు (భారత దేశం)
Thai (Thailand)
ไทย (ไทย)
Turkish (Turkey)
Türkçe (Türkiye)
Ukrainian (Ukraine)
українська (Україна)
Uzbek (Latin, Uzbekistan)
U'zbek (U'zbekiston Respublikasi)
Vietnamese (Vietnam)
Tiếng Việt (Việt Nam)
Chinese (Simplified, PRC)
中文(中华人民共和国)
Chinese (Traditional, Hong Kong S.A.R.)
中文(香港特別行政區)
Chinese (Traditional, Taiwan)
中文(台灣)
Search
AutoComplete_2
支援的作業系統:
至少需要 Windows Vista
Registry Hive
HKEY_LOCAL_MACHINE
Registry Path
software\policies\microsoft\TabletTip\1.7
Value Name
DisableACIntegration
Value Type
REG_DWORD
Enabled Value
1
Disabled Value
0
tabletpcinputpanel.admx
系統管理範本 (電腦)
Control Panel
Regional and Language Options
Force selected system UI language to overwrite the user UI language
Restricts the UI language Windows uses for all logged users
使用者帳戶
將預設的帳戶圖片套用到所有使用者
Network
Background Intelligent Transfer Service (BITS)
Allow BITS Peercaching
Do not allow the BITS client to use Windows Branch Cache
Do not allow the computer to act as a BITS Peercaching client
Do not allow the computer to act as a BITS Peercaching server
Limit the age of files in the BITS Peercache
Limit the BITS Peercache size
Limit the maximum BITS job download time
Limit the maximum network bandwidth for BITS background transfers
Limit the maximum network bandwidth used for Peercaching
Limit the maximum number of BITS jobs for each user
Limit the maximum number of BITS jobs for this computer
Limit the maximum number of files allowed in a BITS job
Limit the maximum number of ranges that can be added to the file in a BITS job
Set up a maintenance schedule to limit the maximum network bandwidth used for BITS background transfers
Set up a work schedule to limit the maximum network bandwidth used for BITS background transfers
Timeout for inactive BITS jobs
BranchCache
Configure BranchCache for network files
Set BranchCache Distributed Cache mode
Set BranchCache Hosted Cache mode
Set percentage of disk space used for client computer cache
Turn on BranchCache
DNS Client
Allow DNS Suffix Appending to Unqualified Multi-Label Name Queries
Connection-Specific DNS Suffix
DNS Servers
DNS Suffix Search List
Dynamic Update
Primary DNS Suffix Devolution Level
Primary DNS Suffix Devolution
Primary DNS Suffix
Register DNS records with connection-specific DNS suffix
Register PTR Records
Registration Refresh Interval
Replace Addresses In Conflicts
TTL Set in the A and PTR records
Turn off Multicast Name Resolution
Update Security Level
Update Top Level Domain Zones
Lanman Server
Hash Publication for BranchCache
Microsoft 對等網路服務
對等名稱解析通訊協定
全域定域機組
將 PNRP 定域機組設定為僅解析
設定種子伺服器
關閉 PNRP 定域機組建立
關閉多點傳送啟動載入
站台-本機定域機組
將 PNRP 定域機組設定為僅解析
設定種子伺服器
關閉 PNRP 定域機組建立
關閉多點傳送啟動載入
連結-本機定域機組
將 PNRP 定域機組設定為僅解析
設定種子伺服器
關閉 PNRP 定域機組建立
關閉多點傳送啟動載入
停用對等群組的密碼強度驗證
關閉 Microsoft 對等網路服務
Network Connectivity Status Indicator
Corporate DNS Probe Host Address
Corporate DNS Probe Host Name
Corporate Site Prefix List
Corporate Website Probe URL
Domain Location Determination URL
Offline Files
Action on server disconnect
Administratively assigned offline files
Allow or Disallow use of the Offline Files feature
At logoff, delete local copy of user's offline files
Configure Background Sync
Configure slow-link mode
Configure Slow link speed
Default cache size
Enable Transparent Caching
Encrypt the Offline Files cache
Event logging level
Exclude files from being cached
Files not cached
Initial reminder balloon lifetime
Limit disk space used by offline files
Non-default server disconnect actions
Prevent use of Offline Files folder
Prohibit 'Make Available Offline' for these file and folders
Prohibit user configuration of Offline Files
Reminder balloon frequency
Reminder balloon lifetime
Remove 'Make Available Offline'
Subfolders always available offline
Synchronize all offline files before logging off
Synchronize all offline files when logging on
Synchronize offline files before suspend
Turn off reminder balloons
Turn on economical application of administratively assigned Offline Files
QoS 封包排程器
不合格封包的 DSCP 數值
保證服務類型
性質服務類型
控制載入服務類型
最佳成就服務類型
網路控制服務類型
合格封包的 DSCP 數值
保證服務類型
性質服務類型
控制載入服務類型
最佳成就服務類型
網路控制服務類型
層級-2 優先順序值
不合格的封包
保證服務類型
性質服務類型
控制載入服務類型
最佳成就服務類型
網路控制服務類型
設定計時器解析
限制可保留的頻寬
限制未送的封包
SNMP
指定公用群體設陷
指定群體
指定許可的管理員
SSL 組態設定
SSL 加密套件順序
TCPIP Settings
IPv6 Transition Technologies
6to4 Relay Name
6to4 Relay Name Resolution Interval
6to4 State
IP-HTTPS State
ISATAP Router Name
ISATAP State
Teredo Client Port
Teredo Default Qualified
Teredo Refresh Rate
Teredo Server Name
Teredo State
Parameters
Windows Scaling Heuristics State
Windows Connect Now
使用 Windows Connect Now 進行無線設定
禁止存取 Windows Connect Now 精靈
網路連線
Windows 防火牆
標準設定檔
Windows 防火牆:不允許例外
Windows 防火牆:保護所有網路連線
Windows 防火牆:允許 ICMP 例外
Windows 防火牆:允許本機程式例外
Windows 防火牆:允許本機連接埠例外
Windows 防火牆:允許記錄
Windows 防火牆:允許輸入的 UPnP 架構例外
Windows 防火牆:允許輸入的檔案和印表機共用例外
Windows 防火牆:允許輸入的遠端桌面例外
Windows 防火牆:允許輸入的遠端系統管理例外
Windows 防火牆:定義輸入的程式例外
Windows 防火牆:定義輸入的連接埠例外
Windows 防火牆:禁止單點傳送回應到多點傳送或廣播要求
Windows 防火牆:禁止通知
網域設定檔
Windows 防火牆:不允許例外
Windows 防火牆:保護所有網路連線
Windows 防火牆:允許 ICMP 例外
Windows 防火牆:允許本機程式例外
Windows 防火牆:允許本機連接埠例外
Windows 防火牆:允許記錄
Windows 防火牆:允許輸入的 UPnP 架構例外
Windows 防火牆:允許輸入的檔案和印表機共用例外
Windows 防火牆:允許輸入的遠端桌面例外
Windows 防火牆:允許輸入的遠端系統管理例外
Windows 防火牆:定義輸入的程式例外
Windows 防火牆:定義輸入的連接埠例外
Windows 防火牆:禁止單點傳送回應到多點傳送或廣播要求
Windows 防火牆:禁止通知
Windows 防火牆:允許經過驗證的 IPSec 繞道
不顯示 [僅本機存取] 網路圖示
禁止在您的 DNS 網域網路上安裝、設定及使用網路橋接
禁止在您的 DNS 網域網路中使用網際網路連線共用
禁止在您的 DNS 網域網路中使用網際網路連線防火牆
要求網域使用者在設定網路的位置時必須提升權限
透過內部網路路由傳送所有流量
連結階層拓樸搜索
開啟 Mapper I/O (LLTDIO) 驅動程式
開啟 Responder (RSPNDR) 驅動程式
設定 DFS 用戶端搜尋網域控制站的頻率
Printers
Add Printer wizard - Network scan page (Managed network)
Add Printer wizard - Network scan page (Unmanaged network)
Allow printers to be published
Allow Print Spooler to accept client connections
Allow pruning of published printers
Always render print jobs on the server
Automatically publish new printers in Active Directory
Check published state
Computer location
Custom support URL in the Printers folder's left pane
Directory pruning interval
Directory pruning priority
Directory pruning retry
Disallow installation of printers using kernel-mode drivers
Execute print drivers in isolated processes
Extend Point and Print connection to search Windows Update
Log directory pruning retry events
Only use Package Point and print
Override print driver execution compatibility setting reported by print driver
Package Point and print - Approved servers
Point and Print Restrictions
Pre-populate printer search location text
Printer browsing
Prune printers that are not automatically republished
Web-based printing
System
Credentials Delegation
Allow Delegating Default Credentials
Allow Delegating Default Credentials with NTLM-only Server Authentication
Allow Delegating Fresh Credentials
Allow Delegating Fresh Credentials with NTLM-only Server Authentication
Allow Delegating Saved Credentials
Allow Delegating Saved Credentials with NTLM-only Server Authentication
Deny Delegating Default Credentials
Deny Delegating Fresh Credentials
Deny Delegating Saved Credentials
Device Installation
Device Installation Restrictions
Allow administrators to override Device Installation Restriction policies
Allow installation of devices that match any of these device IDs
Allow installation of devices using drivers that match these device setup classes
Display a custom message title when device installation is prevented by a policy setting
Display a custom message when installation is prevented by a policy setting
Prevent installation of devices not described by other policy settings
Prevent installation of devices that match any of these device IDs
Prevent installation of devices using drivers that match these device setup classes
Prevent installation of removable devices
Time (in seconds) to force reboot when required for policy changes to take effect
Allow remote access to the Plug and Play interface
Configure device installation time-out
Do not send a Windows error report when a generic driver is installed on a device
Prevent creation of a system restore point during device activity that would normally prompt creation of a restore point
Prevent device metadata retrieval from the Internet
Prevent Windows from sending an error report when a device driver requests additional software during installation
Prioritize all digitally signed drivers equally during the driver ranking and selection process
Specify search order for device driver source locations
Turn off "Found New Hardware" balloons during device installation
Driver Installation
Allow non-administrators to install drivers for these device setup classes
Turn off Windows Update device driver search prompt
Enhanced Storage Access
Allow Enhanced Storage certificate provisioning
Allow only USB root hub connected Enhanced Storage devices
Configure list of Enhanced Storage devices usable on your computer
Configure list of IEEE 1667 silos usable on your computer
Do not allow non-Enhanced Storage removable devices
Do not allow password authentication of Enhanced Storage devices
Lock Enhanced Storage when the computer is locked
Filesystem
NTFS
Do not allow compression on all NTFS volumes
Do not allow encryption on all NTFS volumes
Enable NTFS pagefile encryption
Short name creation options
Disable delete notifications on all volumes
Selectively allow the evaluation of a symbolic link
Folder Redirection
Use localized subfolder names when redirecting Start Menu and My Documents
Group Policy
記錄和追蹤
設定 Ini 檔案喜好設定記錄與追蹤
設定印表機喜好設定記錄與追蹤
設定地區選項喜好設定記錄與追蹤
設定應用程式喜好設定記錄與追蹤
設定捷徑喜好設定記錄與追蹤
設定排定的工作喜好設定記錄與追蹤
設定服務喜好設定記錄與追蹤
設定本機使用者和群組喜好設定記錄與追蹤
設定檔案喜好設定記錄與追蹤
設定環境喜好設定記錄與追蹤
設定登錄喜好設定記錄與追蹤
設定磁碟機對應喜好設定記錄與追蹤
設定網路共用喜好設定記錄與追蹤
設定網路選項喜好設定記錄與追蹤
設定網際網路設定喜好設定記錄與追蹤
設定裝置喜好設定記錄與追蹤
設定資料來源喜好設定記錄與追蹤
設定資料夾喜好設定記錄與追蹤
設定資料夾選項喜好設定記錄與追蹤
設定開始功能表喜好設定記錄與追蹤
設定電源選項喜好設定記錄與追蹤
Allow Cross-Forest User Policy and Roaming User Profiles
Always use local ADM files for Group Policy Object Editor
Disallow Interactive Users from generating Resultant Set of Policy data
Disk Quota policy processing
EFS recovery policy processing
Folder Redirection policy processing
Group Policy refresh interval for computers
Group Policy refresh interval for domain controllers
Group Policy slow link detection
Internet Explorer Maintenance policy processing
IP Security policy processing
Registry policy processing
Remove users ability to invoke machine policy refresh
Scripts policy processing
Security policy processing
Software Installation policy processing
Startup policy processing wait time
Turn off background refresh of Group Policy
Turn off Local Group Policy objects processing
Turn off Resultant Set of Policy logging
User Group Policy loopback processing mode
Wired policy processing
Wireless policy processing
設定 Ini 檔案喜好設定延伸原則處理
設定印表機喜好設定延伸原則處理
設定地區選項喜好設定延伸原則處理
設定應用程式喜好設定延伸原則處理
設定捷徑喜好設定延伸原則處理
設定排定的工作喜好設定延伸原則處理
設定服務喜好設定延伸原則處理
設定本機使用者和群組喜好設定延伸原則處理
設定檔案喜好設定延伸原則處理
設定環境喜好設定延伸原則處理
設定登錄喜好設定延伸原則處理
設定磁碟機對應喜好設定延伸原則處理
設定網路共用喜好設定延伸原則處理
設定網路選項喜好設定延伸原則處理
設定網際網路設定喜好設定延伸原則處理
設定裝置喜好設定延伸原則處理
設定資料來源喜好設定延伸原則處理
設定資料夾喜好設定延伸原則處理
設定資料夾選項喜好設定延伸原則處理
設定開始功能表喜好設定延伸原則處理
設定電源選項喜好設定延伸原則處理
透過遠端桌面服務登入時,允許非同步使用者群組原則處理
Internet Communication Management
Internet Communication settings
Turn off access to all Windows Update features
Turn off Automatic Root Certificates Update
Turn off downloading of print drivers over HTTP
Turn off Event Viewer "Events.asp" links
Turn off Help and Support Center "Did you know?" content
Turn off Help and Support Center Microsoft Knowledge Base search
Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com
Turn off Internet download for Web publishing and online ordering wizards
Turn off Internet File Association service
Turn off printing over HTTP
Turn off Registration if URL connection is referring to Microsoft.com
Turn off Search Companion content file updates
Turn off the "Order Prints" picture task
Turn off the "Publish to Web" task for files and folders
Turn off the Windows Messenger Customer Experience Improvement Program
Turn off Windows Customer Experience Improvement Program
Turn off Windows Error Reporting
Turn off Windows Network Connectivity Status Indicator active tests
Turn off Windows Update device driver searching
關閉個人化手寫資料共用
關閉手寫辨識錯誤報告
Restrict Internet communication
iSCSI
iSCSI 安全性
不允許未使用 IPSec 的連線
不允許未使用單向 CHAP 的工作階段
不允許未使用相互 CHAP 的工作階段
不允許變更啟動器 CHAP 密碼
iSCSI 目標搜索
不允許手動設定 iSNS 伺服器
不允許手動設定找到的目標
不允許手動設定目標入口網站
不允許透過手動設定新增目標
一般 iSCSI
不允許其他工作階段登入
不允許變更啟動器 iqn 名稱
KDC
Provide information about previous logons to client computers
Use forest search order
Kerberos
Define host name-to-Kerberos realm mappings
Define interoperable Kerberos V5 realm settings
Require strict KDC validation
Require strict target SPN match on remote procedure calls
Use forest search order
Locale Services
Disallow changing of geographic location
Disallow selection of Custom Locales
Disallow user override of locale settings
Restrict system locales
Restrict user locales
Logon
Always use classic logon
Always use custom logon background
Always wait for the network at computer startup and logon
Assign a default domain for logon
Don't display the Getting Started welcome screen at logon
Do not process the legacy run list
Do not process the run once list
Exclude credential providers
Hide entry points for Fast User Switching
Run these programs at user logon
Turn off Windows Startup Sound
Net Logon
DC Locator DNS Records
Automated Site Coverage by the DC Locator DNS SRV Records
DC Locator DNS records not registered by the DCs
Domain Controller Address Type Returned
Do not process incoming mailslot messages used for domain controller location based on NetBIOS domain names
Dynamic Registration of the DC Locator DNS Records
Force Rediscovery Interval
Location of the DCs hosting a domain with single label DNS name
Priority Set in the DC Locator DNS SRV Records
Refresh Interval of the DC Locator DNS Records
Sites Covered by the Application Directory Partition Locator DNS SRV Records
Sites Covered by the DC Locator DNS SRV Records
Sites Covered by the GC Locator DNS SRV Records
Try Next Closest Site
TTL Set in the DC Locator DNS Records
Weight Set in the DC Locator DNS SRV Records
Allow cryptography algorithms compatible with Windows NT 4.0
Contact PDC on logon failure
Expected dial-up delay on logon
Final DC Discovery Retry Setting for Background Callers
Initial DC Discovery Retry Setting for Background Callers
Log File Debug Output Level
Maximum DC Discovery Retry Interval Setting for Background Callers
Maximum Log File Size
Negative DC Discovery Cache Setting
Netlogon share compatibility
Positive Periodic DC Cache Refresh for Background Callers
Positive Periodic DC Cache Refresh for Non-Background Callers
Scavenge Interval
Site Name
Sysvol share compatibility
Performance Control Panel
Turn off access to the OEM and Microsoft branding section
Turn off access to the performance center core section
Turn off access to the solutions to performance problems section
Recovery
Allow restore of system to default state
Server Manager
Configure the refresh interval for Server Manager
Do not display Initial Configuration Tasks window automatically at logon
Do not display Server Manager automatically at logon
Troubleshooting and Diagnostics
Application Compatibility Diagnostics
Detect application failures caused by deprecated COM objects
Detect application failures caused by deprecated Windows DLLs
Detect application installers that need to be run as administrator
Detect application install failures
Detect applications unable to launch installers under UAC
Notify blocked drivers
Microsoft 支援服務診斷工具
Microsoft 支援服務診斷工具: 設定執行層級
Microsoft 支援服務診斷工具: 開啟 MSDT 與支援提供者的互動式通訊
Microsoft 支援服務診斷工具: 限制工具下載
MSI 損毀檔案修復
設定 MSI 損毀檔案修復行為
Windows 待命/繼續效能診斷
設定狀況執行層級
Windows 效能 PerfTrack
啟用/停用 PerfTrack
Windows 系統回應效能診斷
設定狀況執行層級
Windows 記憶體遺漏診斷
設定狀況執行層級
Windows 資源耗損偵測與解析
設定狀況執行層級
Windows 開機效能診斷
設定狀況執行層級
Windows 關機效能診斷
設定狀況執行層級
執行指令的診斷
為執行指令的診斷設定安全性原則
疑難排解: 允許使用者存取和執行疑難排解精靈
疑難排解: 允許使用者從 [疑難排解控制台] 存取 Microsoft 伺服器上的線上疑難排解內容 (經由 Windows 線上疑難排解服務 - WOTS)
容錯堆積
設定狀況執行層級
排程維護
設定排程維護行為
損毀檔案修復
設定損毀檔案修復行為
磁碟診斷
磁碟診斷: 設定執行層級
磁碟診斷: 設定自訂警訊文字
診斷: 設定狀況保留
診斷: 設定狀況執行層級
Trusted Platform Module Services
Configure the list of blocked TPM commands
Ignore the default list of blocked TPM commands
Ignore the local list of blocked TPM commands
Turn on TPM backup to Active Directory Domain Services
User Profiles
Add the Administrators security group to roaming user profiles
Background upload of a roaming user profile's registry file while user is logged on
Delete cached copies of roaming profiles
Delete user profiles older than a specified number of days on system restart
Do not check for user ownership of Roaming Profile Folders
Do not detect slow network connections
Do not forcefully unload the users registry at user logoff
Do not log users on with temporary profiles
Leave Windows Installer and Group Policy Software Installation Data
Maximum retries to unload and update user profile
Only allow local user profiles
Prevent Roaming Profile changes from propagating to the server
Prompt user when a slow network connection is detected
Set maximum wait time for the network if a user has a roaming user profile or remote home directory
Set roaming profile path for all users logging onto this computer
Slow network connection timeout for user profiles
Timeout for dialog boxes
Wait for remote user profile
Windows HotStart
Turn off Windows HotStart
Windows Time Service
Time Providers
Configure Windows NTP Client
Enable Windows NTP Client
Enable Windows NTP Server
Global Configuration Settings
Windows 檔案保護
指定 Windows 檔案保護的快取位置
設定 Windows 檔案保護掃描
限制 Windows 檔案保護快取大小
隱藏檔案掃描進度視窗
分散式 COM
應用程式相容性設定
允許本機啟動安全性檢查豁免
定義啟動安全性檢查豁免
抽取式存放裝置存取權
CD 與 DVD: 拒絕執行存取權
CD 與 DVD: 拒絕寫入存取權
CD 與 DVD: 拒絕讀取存取權
WPD 裝置: 拒絕寫入存取權
WPD 裝置: 拒絕讀取存取權
所有抽取式儲存裝置: 允許在遠端工作階段中直接存取
所有抽取式儲存裝置類別: 拒絕所有存取
抽取式磁碟: 拒絕執行存取權
抽取式磁碟: 拒絕寫入存取權
抽取式磁碟: 拒絕讀取存取權
磁帶機: 拒絕執行存取權
磁帶機: 拒絕寫入存取權
磁帶機: 拒絕讀取存取權
自訂類別: 拒絕寫入存取權
自訂類別: 拒絕讀取存取權
設定強制重新開機的時間 (秒)
軟碟機: 拒絕執行存取權
軟碟機: 拒絕寫入存取權
軟碟機: 拒絕讀取存取權
指令碼
使用者登入、登出時先執行 Windows PowerShell 指令碼
停用 NetBIOS 或 WINS 時允許登入指令碼
同步執行登入指令檔
執行啟動指令碼時顯示其中的指示。
執行關機指令碼時顯示其中的指示。
指定群組原則指令碼的最長等待時間
電腦啟動、關機時先執行 Windows PowerShell 指令碼
非同步執行啟動指令碼
磁碟 NV 快取
關閉固態模式
關閉快取電源模式
關閉開機和繼續最佳化
關閉靜態快取功能
磁碟配額
啟用磁碟配額
套用原則到抽取式媒體
強制執行磁碟配額限制
指定預設配額限制和警告等級
當超過配額警告等級時記錄事件
當超過配額限制時記錄事件
系統還原
關閉系統還原
關閉設定
裝置重新導向
裝置重新導向限制
防止 USB 裝置重新導向
防止重新導向符合下列任何裝置識別碼的裝置
遠端協助
僅允許 Windows Vista 或更新版本的連線
自訂警告訊息
設定提供遠端協助
設定請求遠端協助
開啟工作階段記錄
開啟頻寬最佳化
遠端程序呼叫
傳播延伸錯誤的資訊
啟用 RPC 端點對應程式用戶端驗證
略過委派失敗
維護 RPC 疑難排解狀態資訊
設定 RPC/HTTP 連線的閒置連線等候逾時最小值
限制未經驗證的 RPC 用戶端
關機選項
關閉會封鎖或取消關機之應用程式的自動終止
電源管理
按鈕設定
選取睡眠按鈕動作 (一般電源)
選取睡眠按鈕動作 (使用電池)
選取螢幕切換動作 (一般電源)
選取螢幕切換動作 (使用電池)
選取開始功能表電源按鈕動作 (一般電源)
選取開始功能表電源按鈕動作 (使用電池)
選取電源按鈕動作 (一般電源)
選取電源按鈕動作 (使用電池)
睡眠設定
允許應用程式防止自動睡眠 (一般電源)
允許應用程式防止自動睡眠 (使用電池)
允許開啟網路檔案時自動睡眠 (一般電源)
允許開啟網路檔案時自動睡眠 (使用電池)
喚醒電腦時必須使用密碼 (一般電源)
喚醒電腦時必須使用密碼 (使用電池)
指定系統休眠逾時 (一般電源)
指定系統休眠逾時 (使用電池)
指定系統睡眠逾時 (一般電源)
指定系統睡眠逾時 (使用電池)
指定自動睡眠逾時 (一般電源)
指定自動睡眠逾時 (使用電池)
睡眠時允許待命狀態 (S1-S3) (一般電源)
睡眠時允許待命狀態 (S1-S3) (使用電池)
開啟應用程式以防止睡眠轉換 (一般電源)
開啟應用程式防止睡眠轉換的能力 (使用電池)
關閉交互式睡眠 (一般電源)
關閉交互式睡眠 (使用電池)
硬碟設定
關閉硬碟 (一般電源)
關閉硬碟 (使用電池)
視訊與顯示設定
指定顯示器變暗亮度 (一般電源)
指定顯示器變暗亮度 (使用電池)
開啟桌面背景投影片放映 (一般電源)
開啟桌面背景投影片放映 (使用電池)
關閉彈性顯示器逾時 (一般電源)
關閉彈性顯示器逾時 (使用電池)
關閉顯示器 (一般電源)
關閉顯示器 (使用電池)
降低顯示器亮度 (一般電源)
降低顯示器亮度 (使用電池)
通知設定值
保留剩餘電力通知等級
關閉電力偏低使用者通知
電力不足通知動作
電力不足通知等級
電力偏低通知動作
電力偏低通知等級
指定自訂使用中電源計劃
選取使用中電源計劃
Do not display Manage Your Server page at logon
Remove Boot / Shutdown / Logon / Logoff status messages
Verbose vs normal status messages
下載遺失的 COM 元件
不要將移到已加密資料夾中的檔案自動加密
允許散佈式連結追蹤用戶端使用網域資源
啟動關機事件追蹤器系統狀態資料功能
啟用持續的時間戳記
在發生 Windows 系統關機後不要關閉系統電源。
將可能不安全的 HTML 說明功能限制於指定的資料夾
指定 Windows Service Pack 安裝檔案位置
指定 Windows 安裝檔案的位置
關閉 HTML Help 可執行檔的資料執行防止
限制這些程式從說明中啟動
顯示關機事件追蹤器
Windows Components
Active Directory Federation Services
Turn off Federation Service
ActiveX Installer 服務
ActiveX 控制項的認可安裝網站
建立信任區域中網站的 ActiveX 安裝原則
Application Compatibility
Prevent access to 16-bit applications
Remove Program Compatibility Property Page
Turn off Application Compatibility Engine
Turn off Application Telemetry
Turn off Problem Steps Recorder
Turn off Program Compatibility Assistant
Turn off Program Inventory
Turn off SwitchBack Compatibility Engine
Backup
Client
Prevent backing up to local disks
Prevent backing up to network location
Prevent backing up to optical media (CD/DVD)
Prevent the user from running the Backup Status and Configuration program
Turn off restore functionality
Turn off the ability to back up data files
Turn off the ability to create a system image
伺服器
不允許只執行一次的備份
不允許將光學媒體為備份目標
不允許將本機連接的儲存裝置做為備份目標
不允許將網路做為備份目標
僅允許系統備份
BitLocker Drive Encryption
Fixed Data Drives
Allow access to BitLocker-protected fixed data drives from earlier versions of Windows
Choose how BitLocker-protected fixed drives can be recovered
Configure use of passwords for fixed data drives
Configure use of smart cards on fixed data drives
Deny write access to fixed drives not protected by BitLocker
Operating System Drives
Allow enhanced PINs for startup
Choose how BitLocker-protected operating system drives can be recovered
Configure minimum PIN length for startup
Configure TPM platform validation profile
Require additional authentication at startup (Windows Server 2008 and Windows Vista)
Require additional authentication at startup
Removable Data Drives
Allow access to BitLocker-protected removable data drives from earlier versions of Windows
Choose how BitLocker-protected removable drives can be recovered
Configure use of passwords for removable data drives
Configure use of smart cards on removable data drives
Control use of BitLocker on removable drives
Deny write access to removable drives not protected by BitLocker
Choose default folder for recovery password
Choose drive encryption method and cipher strength
Choose how users can recover BitLocker-protected drives (Windows Server 2008 and Windows Vista)
Prevent memory overwrite on restart
Provide the unique identifiers for your organization
Store BitLocker recovery information in Active Directory Domain Services(Windows Server 2008 and Windows Vista)
Validate smart card certificate usage rule compliance
Credential User Interface
Enumerate administrator accounts on elevation
Require trusted path for credential entry.
Desktop Gadgets
Override the More Gadgets link
Restrict unpacking and installation of gadgets that are not digitally signed.
Turn off desktop gadgets
Turn Off user-installed desktop gadgets
Desktop Window Manager
Window Frame Coloring
Do not allow color changes
Specify a default color
Do not allow desktop composition
Do not allow Flip3D invocation
Do not allow window animations
HomeGroup
防止電腦加入家用群組
Internet Explorer
Accelerators
Deploy default Accelerators
Deploy non-default Accelerators
Turn off Accelerators
Use Policy Accelerators
Application Compatibility
Enable cut, copy or paste operations from the clipboard if URLACTION_SCRIPT_PASTE is set to Prompt
All Processes
Internet Explorer Processes
Process List
Compatibility View
Include updated Web site lists from Microsoft
Turn off Compatibility View button
Turn off Compatibility View
Turn on Internet Explorer 7 Standards Mode
Turn on Internet Explorer Standards Mode for Local Intranet
Use Policy List of Internet Explorer 7 sites
Corporate Settings
Code Download
Prevent setting of the code download path for each machine
Delete Browsing History
Configure Delete Browsing History on exit
Disable "Configuring History"
Prevent Deleting Cookies
Prevent Deleting Favorites Site Data
Prevent Deleting Form Data
Prevent Deleting InPrivate Filtering data
Prevent Deleting Passwords
Prevent Deleting Temporary Internet Files
Prevent Deleting Web sites that the User has Visited
Prevent the deletion of temporary Internet files and cookies
Turn off "Delete Browsing History" functionality
InPrivate
Disable toolbars and extensions when InPrivate Browsing starts
Do not collect InPrivate Filtering data
InPrivate Filtering Threshold
Turn off InPrivate Browsing
Turn off InPrivate Filtering
Internet Control Panel
Advanced Page
Allow active content from CDs to run on user machines
Allow Install On Demand (except Internet Explorer)
Allow Install On Demand (Internet Explorer)
Allow software to run or install even if the signature is invalid
Allow third-party browser extensions
Automatically check for Internet Explorer updates
Check for server certificate revocation
Check for signatures on downloaded programs
Do not allow resetting Internet Explorer settings
Do not save encrypted pages to disk
Empty Temporary Internet Files folder when browser is closed
Play animations in web pages
Play sounds in web pages
Play videos in web pages
Turn off ClearType
Turn off Encryption Support
Turn off Profile Assistant
Turn on Caret Browsing support
Use HTTP 1.1 through proxy connections
Use HTTP 1.1
Security Page
Internet Zone
Access data sources across domains
Allow active content over restricted protocols to access my computer
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow META REFRESH
Allow OpenSearch queries in Windows Explorer
Allow previewing and custom thumbnails of OpenSearch query results in Windows Explorer
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer web browser control
Allow Scriptlets
Allow status bar updates via script
Allow video and animation on a Web page that uses a legacy media player
Allow websites to open windows without address or status bars
Allow websites to prompt for information using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Disable .NET Framework Setup
Display mixed content
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Include local directory path when uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Launching programs and unsafe files
Logon options
Loose XAML files
Navigate windows and frames across different domains
Only allow approved domains to use ActiveX controls without prompt
Open files based on content, not file extension
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Software channel permissions
Submit non-encrypted form data
Turn Off First-Run Opt-In
Turn on Cross-Site Scripting (XSS) Filter
Turn on Protected Mode
Use Pop-up Blocker
Userdata persistence
Use SmartScreen Filter
Web sites in less privileged Web content zones can navigate into this zone
XAML browser applications
XPS documents
Intranet Zone
Access data sources across domains
Allow active content over restricted protocols to access my computer
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow META REFRESH
Allow OpenSearch queries in Windows Explorer
Allow previewing and custom thumbnails of OpenSearch query results in Windows Explorer
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer web browser control
Allow Scriptlets
Allow status bar updates via script
Allow video and animation on a Web page that uses a legacy media player
Allow websites to open windows without address or status bars
Allow websites to prompt for information using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Disable .NET Framework Setup
Display mixed content
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Include local directory path when uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Launching programs and unsafe files
Logon options
Loose XAML files
Navigate windows and frames across different domains
Only allow approved domains to use ActiveX controls without prompt
Open files based on content, not file extension
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Software channel permissions
Submit non-encrypted form data
Turn Off First-Run Opt-In
Turn on Cross-Site Scripting (XSS) Filter
Turn on Protected Mode
Use Pop-up Blocker
Userdata persistence
Use SmartScreen Filter
Web sites in less privileged Web content zones can navigate into this zone
XAML browser applications
XPS documents
Local Machine Zone
Access data sources across domains
Allow active content over restricted protocols to access my computer
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow META REFRESH
Allow OpenSearch queries in Windows Explorer
Allow previewing and custom thumbnails of OpenSearch query results in Windows Explorer
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer web browser control
Allow Scriptlets
Allow status bar updates via script
Allow video and animation on a Web page that uses a legacy media player
Allow websites to open windows without address or status bars
Allow websites to prompt for information using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Disable .NET Framework Setup
Display mixed content
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Include local directory path when uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Launching programs and unsafe files
Logon options
Loose XAML files
Navigate windows and frames across different domains
Only allow approved domains to use ActiveX controls without prompt
Open files based on content, not file extension
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Software channel permissions
Submit non-encrypted form data
Turn Off First-Run Opt-In
Turn on Cross-Site Scripting (XSS) Filter
Turn on Protected Mode
Use Pop-up Blocker
Userdata persistence
Use SmartScreen Filter
Web sites in less privileged Web content zones can navigate into this zone
XAML browser applications
XPS documents
Locked-Down Internet Zone
Access data sources across domains
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow META REFRESH
Allow OpenSearch queries in Windows Explorer
Allow previewing and custom thumbnails of OpenSearch query results in Windows Explorer
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer web browser control
Allow Scriptlets
Allow status bar updates via script
Allow video and animation on a Web page that uses a legacy media player
Allow websites to open windows without address or status bars
Allow websites to prompt for information using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Disable .NET Framework Setup
Display mixed content
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Include local directory path when uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Launching programs and unsafe files
Logon options
Loose XAML files
Navigate windows and frames across different domains
Only allow approved domains to use ActiveX controls without prompt
Open files based on content, not file extension
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Software channel permissions
Submit non-encrypted form data
Turn Off First-Run Opt-In
Turn on Cross-Site Scripting (XSS) Filter
Turn on Protected Mode
Use Pop-up Blocker
Userdata persistence
Use SmartScreen Filter
Web sites in less privileged Web content zones can navigate into this zone
XAML browser applications
XPS documents
Locked-Down Intranet Zone
Access data sources across domains
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow META REFRESH
Allow OpenSearch queries in Windows Explorer
Allow previewing and custom thumbnails of OpenSearch query results in Windows Explorer
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer web browser control
Allow Scriptlets
Allow status bar updates via script
Allow video and animation on a Web page that uses a legacy media player
Allow websites to open windows without address or status bars
Allow websites to prompt for information using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Disable .NET Framework Setup
Display mixed content
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Include local directory path when uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Launching programs and unsafe files
Logon options
Loose XAML files
Navigate windows and frames across different domains
Only allow approved domains to use ActiveX controls without prompt
Open files based on content, not file extension
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Software channel permissions
Submit non-encrypted form data
Turn Off First-Run Opt-In
Turn on Cross-Site Scripting (XSS) Filter
Turn on Protected Mode
Use Pop-up Blocker
Userdata persistence
Use SmartScreen Filter
Web sites in less privileged Web content zones can navigate into this zone
XAML browser applications
XPS documents
Locked-Down Local Machine Zone
Access data sources across domains
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow META REFRESH
Allow OpenSearch queries in Windows Explorer
Allow previewing and custom thumbnails of OpenSearch query results in Windows Explorer
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer web browser control
Allow Scriptlets
Allow status bar updates via script
Allow video and animation on a Web page that uses a legacy media player
Allow websites to open windows without address or status bars
Allow websites to prompt for information using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Disable .NET Framework Setup
Display mixed content
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Include local directory path when uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Launching programs and unsafe files
Logon options
Loose XAML files
Navigate windows and frames across different domains
Only allow approved domains to use ActiveX controls without prompt
Open files based on content, not file extension
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Software channel permissions
Submit non-encrypted form data
Turn Off First-Run Opt-In
Turn on Cross-Site Scripting (XSS) Filter
Turn on Protected Mode
Use Pop-up Blocker
Userdata persistence
Use SmartScreen Filter
Web sites in less privileged Web content zones can navigate into this zone
XAML browser applications
XPS documents
Locked-Down Restricted Sites Zone
Access data sources across domains
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow META REFRESH
Allow OpenSearch queries in Windows Explorer
Allow previewing and custom thumbnails of OpenSearch query results in Windows Explorer
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer web browser control
Allow Scriptlets
Allow status bar updates via script
Allow video and animation on a Web page that uses a legacy media player
Allow websites to open windows without address or status bars
Allow websites to prompt for information using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Disable .NET Framework Setup
Display mixed content
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Include local directory path when uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Launching programs and unsafe files
Logon options
Loose XAML files
Navigate windows and frames across different domains
Only allow approved domains to use ActiveX controls without prompt
Open files based on content, not file extension
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Software channel permissions
Submit non-encrypted form data
Turn Off First-Run Opt-In
Turn on Cross-Site Scripting (XSS) Filter
Turn on Protected Mode
Use Pop-up Blocker
Userdata persistence
Use SmartScreen Filter
Web sites in less privileged Web content zones can navigate into this zone
XAML browser applications
XPS documents
Locked-Down Trusted Sites Zone
Access data sources across domains
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow META REFRESH
Allow OpenSearch queries in Windows Explorer
Allow previewing and custom thumbnails of OpenSearch query results in Windows Explorer
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer web browser control
Allow Scriptlets
Allow status bar updates via script
Allow video and animation on a Web page that uses a legacy media player
Allow websites to open windows without address or status bars
Allow websites to prompt for information using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Disable .NET Framework Setup
Display mixed content
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Include local directory path when uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Launching programs and unsafe files
Logon options
Loose XAML files
Navigate windows and frames across different domains
Only allow approved domains to use ActiveX controls without prompt
Open files based on content, not file extension
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Software channel permissions
Submit non-encrypted form data
Turn Off First-Run Opt-In
Turn on Cross-Site Scripting (XSS) Filter
Turn on Protected Mode
Use Pop-up Blocker
Userdata persistence
Use SmartScreen Filter
Web sites in less privileged Web content zones can navigate into this zone
XAML browser applications
XPS documents
Restricted Sites Zone
Access data sources across domains
Allow active content over restricted protocols to access my computer
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow META REFRESH
Allow OpenSearch queries in Windows Explorer
Allow previewing and custom thumbnails of OpenSearch query results in Windows Explorer
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer web browser control
Allow Scriptlets
Allow status bar updates via script
Allow video and animation on a Web page that uses a legacy media player
Allow websites to open windows without address or status bars
Allow websites to prompt for information using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Disable .NET Framework Setup
Display mixed content
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Include local directory path when uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Launching programs and unsafe files
Logon options
Loose XAML files
Navigate windows and frames across different domains
Only allow approved domains to use ActiveX controls without prompt
Open files based on content, not file extension
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Software channel permissions
Submit non-encrypted form data
Turn Off First-Run Opt-In
Turn on Cross-Site Scripting (XSS) Filter
Turn on Protected Mode
Use Pop-up Blocker
Userdata persistence
Use SmartScreen Filter
Web sites in less privileged Web content zones can navigate into this zone
XAML browser applications
XPS documents
Trusted Sites Zone
Access data sources across domains
Allow active content over restricted protocols to access my computer
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow META REFRESH
Allow OpenSearch queries in Windows Explorer
Allow previewing and custom thumbnails of OpenSearch query results in Windows Explorer
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer web browser control
Allow Scriptlets
Allow status bar updates via script
Allow video and animation on a Web page that uses a legacy media player
Allow websites to open windows without address or status bars
Allow websites to prompt for information using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Disable .NET Framework Setup
Display mixed content
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Include local directory path when uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Launching programs and unsafe files
Logon options
Loose XAML files
Navigate windows and frames across different domains
Only allow approved domains to use ActiveX controls without prompt
Open files based on content, not file extension
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Software channel permissions
Submit non-encrypted form data
Turn Off First-Run Opt-In
Turn on Cross-Site Scripting (XSS) Filter
Turn on Protected Mode
Use Pop-up Blocker
Userdata persistence
Use SmartScreen Filter
Web sites in less privileged Web content zones can navigate into this zone
XAML browser applications
XPS documents
Internet Zone Template
Intranet Sites: Include all local (intranet) sites not listed in other zones
Intranet Sites: Include all network paths (UNCs)
Intranet Sites: Include all sites that bypass the proxy server
Intranet Zone Template
Local Machine Zone Template
Locked-Down Internet Zone Template
Locked-Down Intranet Zone Template
Locked-Down Local Machine Zone Template
Locked-Down Restricted Sites Zone Template
Locked-Down Trusted Sites Zone Template
Restricted Sites Zone Template
Site to Zone Assignment List
Trusted Sites Zone Template
Turn on automatic detection of the intranet
Turn on Information bar notification for intranet content
Turn on Warn about Certificate Address Mismatch
Disable the Advanced page
Disable the Connections page
Disable the Content page
Disable the General page
Disable the Privacy page
Disable the Programs page
Disable the Security page
Prevent ignoring certificate errors
Send internationalized domain names
Use UTF-8 for mailto links
Internet Settings
AutoComplete
Turn off Windows Search AutoComplete
Component Updates
Help Menu > About Internet Explorer
Prevent the configuration of cipher strength update information URLs
Periodic check for updates to Internet Explorer and Internet Tools
Turn off changing the URL to be displayed for checking updates to Internet Explorer and Internet Tools
Turn off configuring the update check interval (in days)
Security Features
Add-on Management
Add-on List
All Processes
Deny all add-ons unless specifically allowed in the Add-on List
Process List
AJAX
Enable Native XMLHttpRequest Support
Maximum number of connections per server (HTTP 1.0)
Maximum number of connections per server (HTTP 1.1)
Turn off Cross Document Messaging
Turn off the XDomainRequest Object
Binary Behavior Security Restriction
Admin-approved behaviors
All Processes
Install binaries signed by MD2 and MD4 signing technologies
Internet Explorer Processes
Process List
Consistent Mime Handling
All Processes
Internet Explorer Processes
Process List
Information Bar
All Processes
Internet Explorer Processes
Process List
Local Machine Zone Lockdown Security
All Processes
Internet Explorer Processes
Process List
Mime Sniffing Safety Feature
All Processes
Internet Explorer Processes
Process List
MK Protocol Security Restriction
All Processes
Internet Explorer Processes
Process List
Network Protocol Lockdown
Restricted Protocols Per Security Zone
Internet Zone Restricted Protocols
Intranet Zone Restricted Protocols
Local Machine Zone Restricted Protocols
Restricted Sites Zone Restricted Protocols
Trusted Sites Zone Restricted Protocols
All Processes
Internet Explorer Processes
Process List
Object Caching Protection
All Processes
Internet Explorer Processes
Process List
Protection From Zone Elevation
All Processes
Internet Explorer Processes
Process List
Restrict ActiveX Install
All Processes
Internet Explorer Processes
Process List
Restrict File Download
All Processes
Internet Explorer Processes
Process List
Scripted Window Security Restrictions
All Processes
Internet Explorer Processes
Process List
Turn off Data Execution Prevention
Turn off Data URI Support
Toolbars
Auto-hide the Toolbars
Customize Command Labels
Hide the Command Bar
Hide the Status Bar
Lock all Toolbars
Set location of Stop and Refresh buttons
Turn off Developer Tools
Turn off toolbar upgrade tool
Use large Icons for Command Buttons
Add a specific list of search providers to the user's search provider list
Configure new tab page default behavior
Customize User Agent String
Disable Automatic Install of Internet Explorer components
Disable changing Automatic Configuration settings
Disable changing connection settings
Disable changing proxy settings
Disable Per-User Installation of ActiveX Controls
Disable Periodic Check for Internet Explorer software updates
Disable showing the splash screen
Disable software update shell notifications on program launch
Do not allow users to enable or disable add-ons
Enforce Full Screen Mode
Make proxy settings per-machine (rather than per-user)
Only use the ActiveX Installer Service for installation of ActiveX Controls
Pop-up allow list
Prevent "Fix settings" functionality
Prevent Bypassing SmartScreen Filter Warnings
Prevent Internet Explorer Search box from displaying
Prevent participation in the Customer Experience Improvement Program
Prevent performance of First Run Customize settings
Restrict changing the default search provider
Restrict search providers to a specific list of providers
Security Zones: Do not allow users to add/delete sites
Security Zones: Do not allow users to change policies
Security Zones: Use only machine settings
Set tab process growth
Turn off ActiveX opt-in prompt
Turn off Automatic Crash Recovery Prompt
Turn off configuration of default behavior of new tab creation
Turn off configuration of tabbed browsing pop-up behavior
Turn off configuration of window reuse
Turn off Crash Detection
Turn off displaying the Internet Explorer Help Menu
Turn off Favorites bar
Turn off Managing Phishing filter
Turn off Managing Pop-up Allow list
Turn off managing Pop-up filter level
Turn off Managing SmartScreen Filter
Turn off page zooming functionality
Turn off pop-up management
Turn off Quick Tabs functionality
Turn off Reopen Last Browsing Session
Turn off suggestions for all user-installed providers
Turn off tabbed browsing
Turn off the activation of the quick pick menu
Turn off the auto-complete feature for web addresses
Turn off the Security Settings Check feature
Turn on Compatibility Logging
Turn on menu bar by default
Internet Information Services
避免安裝 IIS
NetMeeting
停用遠端桌面共用
Password Synchronization
Set the interval between synchronization retries for Password Synchronization
Set the number of synchronization retries for servers running Password Synchronization
Turn on extensive logging for Password Synchronization
Turn on the Windows to NIS password synchronization for users that have been migrated to Active Directory
Remote Desktop Services
RD Licensing
License server security group
Prevent license upgrade
Remote Desktop Connection Client
RemoteFX USB Device Redirection
Allow RDP redirection of other supported RemoteFX USB devices from this computer
Allow .rdp files from unknown publishers
Allow .rdp files from valid publishers and user's default .rdp settings
Configure server authentication for client
Do not allow passwords to be saved
Prompt for credentials on the client computer
Specify SHA1 thumbprints of certificates representing trusted .rdp publishers
關閉用戶端的 UDP
Remote Desktop Session Host
Application Compatibility
Do not use Remote Desktop Session Host server IP address when virtual IP address is not available
Select the network adapter to be used for Remote Desktop IP Virtualization
Turn off Windows Installer RDS Compatibility
Turn on Remote Desktop IP Virtualization
Connections
Allow remote start of unlisted programs
Allow users to connect remotely using Remote Desktop Services
Automatic reconnection
Configure keep-alive connection interval
Deny logoff of an administrator logged in to the console session
Limit number of connections
Restrict Remote Desktop Services users to a single Remote Desktop Services session
Set rules for remote control of Remote Desktop Services user sessions
Turn off Fair Share CPU Scheduling
選取 RDP 傳輸通訊協定
選取伺服器上的網路偵測
Device and Resource Redirection
Allow audio and video playback redirection
Allow audio recording redirection
Allow time zone redirection
Do not allow clipboard redirection
Do not allow COM port redirection
Do not allow drive redirection
Do not allow LPT port redirection
Do not allow smart card device redirection
Do not allow supported Plug and Play device redirection
Limit audio playback quality
Licensing
Hide notifications about RD Licensing problems that affect the RD Session Host server
Set the Remote Desktop licensing mode
Use the specified Remote Desktop license servers
Printer Redirection
Do not allow client printer redirection
Do not set default client printer to be default printer in a session
Redirect only the default client printer
Specify RD Session Host server fallback printer driver behavior
Use Remote Desktop Easy Print printer driver first
Profiles
Limit the size of the entire roaming user profile cache
Set path for Remote Desktop Services Roaming User Profile
Set Remote Desktop Services User Home Directory
Use mandatory profiles on the RD Session Host server
RD Connection Broker
Configure RD Connection Broker farm name
Configure RD Connection Broker server name
Join RD Connection Broker
Use IP Address Redirection
Use RD Connection Broker load balancing
Remote Session Environment
Allow desktop composition for remote desktop sessions
Always show desktop on connection
Configure RemoteFX
Do not allow font smoothing
Enforce Removal of Remote Desktop Wallpaper
Limit maximum color depth
Limit maximum display resolution
Limit maximum number of monitors
Optimize visual experience for Remote Desktop Services sessions
Optimize visual experience when using RemoteFX
Remove "Disconnect" option from Shut Down dialog
Remove Windows Security item from Start menu
Set compression algorithm for RDP data
Start a program on connection
啟用遠端桌面通訊協定 8.0
設定 RemoteFX Adaptive Graphics 的影像品質
設定 RemoteFX 彈性圖形
Security
Always prompt for password upon connection
Do not allow local administrators to customize permissions
Require secure RPC communication
Require use of specific security layer for remote (RDP) connections
Require user authentication for remote connections by using Network Level Authentication
Server Authentication Certificate Template
Set client connection encryption level
Session Time Limits
Set time limit for active but idle Remote Desktop Services sessions
Set time limit for active Remote Desktop Services sessions
Set time limit for disconnected sessions
Set time limit for logoff of RemoteApp sessions
Terminate session when time limits are reached
Temporary folders
Do not delete temp folder upon exit
Do not use temporary folders per session
RSS Feeds
Turn off addition and removal of feeds and Web Slices
Turn off background sync for feeds and Web Slices
Turn off downloading of enclosures
Turn off feed and Web Slices discovery
Turn off the feed list
Turn on Basic feed authentication over HTTP
Server for NIS
Set the map update interval for NIS subordinate servers
Turn on extensive logging for Active Directory Domain Services domain controllers that are running Server for NIS
Shutdown Options
Timeout for hung logon sessions during shutdown
Turn off legacy remote shutdown interface
Tablet PC
Handwriting personalization
Turn off automatic learning
Input Panel
Disable text prediction
For tablet pen input, don't show the Input Panel icon
For touch input, don't show the Input Panel icon
Include rarely used Chinese, Kanji, or Hanja characters
Prevent Input Panel tab from appearing
Switch to the Simplified Chinese (PRC) gestures
Turn off AutoComplete integration with Input Panel
Turn off password security in Input Panel
Turn off tolerant and Z-shaped scratch-out gestures
Tablet PC 畫筆訓練
關閉 Tablet PC 畫筆訓練
敏銳筆觸學習
防止筆觸學習模式
游標
關閉畫筆回饋
畫筆 UX 行為
防止筆觸
硬體按鈕
關閉硬體按鈕
防止 Back-ESC 對應
防止啟動應用程式
防止按住不放
觸控輸入
關閉 Tablet PC 觸控輸入
關閉觸控平移
附屬應用程式
不允許列印到筆記本便箋書寫器
不允許執行 Windows 筆記本
不允許執行剪取工具
不允許執行筆跡球
Windows Defender
Check for New Signatures Before Scheduled Scans
Configure Microsoft SpyNet Reporting
Turn off Real-Time Monitoring
Turn off Routinely Taking Action
Turn off Windows Defender
Turn on definition updates through both WSUS and the Microsoft Malware Protection Center
Turn on definition updates through both WSUS and Windows Update
Windows Error Reporting
Advanced Error Reporting Settings
Configure Corporate Windows Error Reporting
Configure Report Archive
Configure Report Queue
Default application reporting settings
List of applications to always report errors for
List of applications to be excluded
List of applications to never report errors for
Report operating system errors
報告並未計劃的關機事件
Consent
Configure Default consent
Customize consent settings
Ignore custom consent settings
Configure Error Reporting
Disable Logging
Disable Windows Error Reporting
Display Error Notification
Do not send additional data
Prevent display of the user interface for critical errors
Windows Explorer
Previous Versions
Hide previous versions list for local files
Hide previous versions list for remote files
Hide previous versions of files on backup location
Prevent restoring local previous versions
Prevent restoring previous versions from backups
Prevent restoring remote previous versions
Disable binding directly to IPropertySetStorage without intermediate layers.
Turn off numerical sorting in Windows Explorer
Turn off shell protocol protected mode
Verify old and new Folder Redirection targets point to the same share before redirecting
損毀時關閉終止堆集
設定支援網頁連結
關閉檔案總管的資料執行防止
Windows Installer
Allow admin to install from Remote Desktop Services session
Always install with elevated privileges
Baseline file cache maximum size
Cache transforms in secure location on workstation
Disable IE security prompt for Windows Installer scripts
Disable logging via package settings
Disable Windows Installer
Enable user control over installs
Enable user to browse for source while elevated
Enable user to patch elevated products
Enable user to use media source while elevated
Enforce upgrade component rules
Logging
Prohibit Flyweight Patching
Prohibit non-administrators from applying vendor signed updates
Prohibit patching
Prohibit removal of updates
Prohibit rollback
Prohibit Use of Restart Manager
Prohibit User Installs
Remove browse dialog box for new source
Turn off creation of System Restore Checkpoints
Windows Logon Options
Disable or enable software Secure Attention Sequence
Display information about previous logons during user logon
Report when logon server was not available during user logon
Windows Media Center
不允許執行 Windows Media Center
Windows Media Digital Rights Management
防止 Windows Media DRM 網際網路存取
Windows Media Player
不要顯示 [安裝第一次使用] 對話方塊
防止媒體共用
防止建立 [快速啟動] 工具列捷徑
防止建立桌面捷徑
防止自動更新
防止視訊品質平滑化
Windows Messenger
不允許執行 Windows Messenger
不要一開始就自動啟動 Windows Messenger
Windows Remote Management (WinRM)
WinRM Client
Allow Basic authentication
Allow CredSSP authentication
Allow unencrypted traffic
Disallow Digest authentication
Disallow Kerberos authentication
Disallow Negotiate authentication
Trusted Hosts
WinRM Service
Allow automatic configuration of listeners
Allow Basic authentication
Allow CredSSP authentication
Allow unencrypted traffic
Disallow Kerberos authentication
Disallow Negotiate authentication
Specify channel binding token hardening level
Turn On Compatibility HTTP Listener
Turn On Compatibility HTTPS Listener
Windows SideShow
Delete data from devices running Microsoft firmware when a user logs off from the computer.
Require a PIN to access data on devices running Microsoft firmware
Turn off automatic wake
Turn off Windows SideShow
Windows System Resource Manager
Set the Email IDs to which notifications are to be sent
Set the SMTP Server used to send notifications
Set the Time interval in minutes for logging accounting data
Turn on Accounting for WSRM
Windows Update
Allow Automatic Updates immediate installation
Allow non-administrators to receive update notifications
Allow signed updates from an intranet Microsoft update service location
Automatic Updates detection frequency
Configure Automatic Updates
Delay Restart for scheduled installations
Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box
Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box
Enable client-side targeting
Enabling Windows Update Power Management to automatically wake up the system to install scheduled updates
No auto-restart with logged on users for scheduled automatic updates installations
Re-prompt for restart with scheduled installations
Reschedule Automatic Updates scheduled installations
Specify intranet Microsoft update service location
Turn on recommended updates via Automatic Updates
Turn on Software Notifications
Windows 可靠性分析
設定可靠性 WMI 提供者
Windows 客戶經驗改進計畫
使用研究識別元標記 Windows 客戶經驗改進計畫資料
允許公司重新導向客戶經驗改進上傳
Windows 色彩系統
禁止安裝或解除安裝色彩設定檔
Windows 行事曆
關閉 Windows 行事曆
Windows 行動中心
關閉 Windows 行動中心
Windows 遠端殼層
MaxConcurrentUsers
允許遠端殼層存取
指定殼層逾時
指定每個使用者的最大遠端殼層數目
指定每個殼層的最大處理程序數目
指定每個殼層的記憶體數量上限 (MB)
指定閒置逾時
Windows 郵件
關閉 Windows 郵件應用程式
關閉社群功能
事件檢視器
events.asp URL
events.asp 程式
events.asp 程式命令列參數
事件記錄服務
安全性
指定記錄檔大小上限 (KB)
控制記錄檔的位置
控制記錄檔達到其大小上限時的事件記錄檔行為
記錄檔已滿時自動備份
設定記錄檔存取
安裝
指定記錄檔大小上限 (KB)
控制記錄檔的位置
控制記錄檔達到其大小上限時的事件記錄檔行為
記錄檔已滿時自動備份
設定記錄檔存取
開啟記錄
應用程式
指定記錄檔大小上限 (KB)
控制記錄檔的位置
控制記錄檔達到其大小上限時的事件記錄檔行為
記錄檔已滿時自動備份
設定記錄檔存取
系統
指定記錄檔大小上限 (KB)
控制記錄檔的位置
控制記錄檔達到其大小上限時的事件記錄檔行為
記錄檔已滿時自動備份
設定記錄檔存取
事件轉寄
設定目標訂閱管理員
設定轉寄站資源使用量
定位和感應器
關閉位置指令碼
關閉定位
關閉感應器
家長監護服務
在網域上顯示 [家長監護服務] 控制台
工作排程器
禁止工作刪除
禁止建立新工作
禁止拖放功能
禁止瀏覽
防止工作執行或結束
隱藏內容頁
隱藏新增排程工作精靈中的進階內容核取方塊
搜尋
OCR
Force TIFF IFilter to perform OCR for every page in a TIFF document
Select OCR languages from a code page
不允許 Web 搜尋
以電池電力執行時防止編製索引以節省電池電力
停用索引子降速功能
允許使用變音符號
允許加密檔案索引
啟用為未快取之 Exchange 資料夾編製索引的功能
啟用為線上委派信箱編製索引的功能
啟用線上郵件索引編製的速度調節功能
控制各種附件的預覽功能
新增主要內部網路搜尋位置
新增次要內部網路搜尋位置
磁碟空間不足時停止編製索引
索引子資料位置
設定 Desktop Search 結果中的大型或小型圖示檢視
防止使用不在清單中的 iFilter 與通訊協定處理程式
防止對 Microsoft Office Outlook 編製索引
防止對公用資料夾編製索引
防止對離線檔案快取中的檔案編製索引
防止對電子郵件的附件編製索引
防止從控制台新增 UNC 位置到索引
防止新增使用者指定的位置到 [所有位置] 功能表
防止為特定檔案類型編製索引
防止為特定路徑編製索引
防止用戶端從遠端查詢索引
防止自動新增共用資料夾到索引
防止自訂控制台中的已索引位置
防止顯示控制台中的進階索引選項
預覽窗格位置
預設的已排除路徑
預設的已索引路徑
數位購物服務區
不允許執行數位購物服務區
新增功能到 Windows 8.1
防止精靈執行。
智慧卡
允許不含擴充金鑰使用方法憑證屬性的憑證
允許使用者名稱提示
允許時間無效的憑證
允許登入和驗證時使用 ECC 憑證
允許登入時使用有效簽章金鑰
允許登入時顯示整合式解除封鎖畫面
強制從智慧卡讀取所有憑證
當智慧卡遭到封鎖時顯示字串
篩選重複的登入憑證
設定根憑證清理
通知使用者已成功安裝智慧卡驅動程式
開啟智慧卡的憑證傳播
開啟智慧卡的根憑證傳播
開啟智慧卡隨插即用服務
防止認證管理員傳回純文字 PIN
顯示時反轉憑證中所儲存的主體名稱
生物識別技術
允許使用生物識別
允許使用者使用生物識別登入
允許網域使用者使用生物識別登入
指定快速切換使用者事件的逾時
簡報設定
關閉 Windows 簡報設定
網路存取保護
允許網路存取保護用戶端支援 802.1x 強制用戶端元件
網路投影機
網路投影機連接埠設定
關閉連線到網路投影機
線上協助
關閉主動式說明
自動播放原則
不允許非磁碟區裝置的自動播放
設定 AutoRun 的預設行為
關閉自動播放
防止自動播放記住使用者的選擇。
資訊安全中心
開啟資訊安全中心 (僅網域 PC)
遊戲總管
關閉 [遊戲] 資料夾中追蹤最後一次執行遊戲時間的功能
關閉遊戲更新
關閉遊戲資訊下載
錄音機
不允許執行錄音機
系統管理範本 (使用者)
Control Panel
Display
Disable the Display Control Panel
Hide Settings tab
Personalization
Enable screen saver
Force a specific visual style file or force Windows Classic
Force specific screen saver
Load a specific theme
Password protect the screen saver
Prevent changing color scheme
Prevent changing desktop background
Prevent changing desktop icons
Prevent changing mouse pointers
Prevent changing screen saver
Prevent changing sounds
Prevent changing theme
Prevent changing visual style for windows and buttons
Prevent changing window color and appearance
Prohibit selection of visual style font size
Screen saver timeout
Printers
Browse a common web site to find printers
Browse the network to find printers
Default Active Directory path when searching for printers
Only use Package Point and print
Package Point and print - Approved servers
Point and Print Restrictions
Prevent addition of printers
Prevent deletion of printers
Regional and Language Options
Hide Regional and Language Options administrative options
Hide the geographic location option
Hide the select language group options
Hide user locale selection and customization options
Restrict selection of Windows menus and dialogs language
Restricts the UI languages Windows should use for the selected user
新增或移除程式
指定 [新增程式] 的預設類別目錄
直接到元件精靈
移除 [新增或移除程式]
移除支援資訊
隱藏 [從 CD-ROM 或磁片新增程式] 選項
隱藏 [從 Microsoft 新增程式] 選項
隱藏 [從您的網路新增程式] 選項
隱藏 [新增/移除 Windows 元件] 畫面
隱藏 [新增程式] 畫面
隱藏 [設定程式存取及預設值] 畫面
隱藏 [變更或移除程式] 畫面
程式集
隱藏 Windows Marketplace
隱藏 Windows 功能
隱藏取得程式頁
隱藏已安裝的更新頁
隱藏程式和功能頁
隱藏程式集控制台
隱藏設定程式存取和電腦預設值頁
只顯示指定的控制台項目
禁止存取 [控制台] 和電腦設定
開啟 [控制台] 時永遠開啟 [所有控制台項目]
隱藏指定的控制台項目
Desktop
Active Directory
Enable filter in Find dialog box
Hide Active Directory folder
Maximum size of Active Directory searches
Desktop
Add/Delete items
Allow only bitmapped wallpaper
Desktop Wallpaper
Disable Active Desktop
Disable all items
Enable Active Desktop
Prohibit adding items
Prohibit changes
Prohibit closing items
Prohibit deleting items
Prohibit editing items
Don't save settings at exit
Do not add shares of recently opened documents to Network Locations
Hide and disable all items on the desktop
Hide Internet Explorer icon on desktop
Hide Network Locations icon on desktop
Prevent adding, dragging, dropping and closing the Taskbar's toolbars
Prohibit adjusting desktop toolbars
Prohibit User from manually redirecting Profile Folders
Remove Computer icon on the desktop
Remove My Documents icon on the desktop
Remove Properties from the Computer icon context menu
Remove Properties from the Documents icon context menu
Remove Properties from the Recycle Bin context menu
Remove Recycle Bin icon from desktop
Remove the Desktop Cleanup Wizard
Turn off Aero Shake window minimizing mouse gesture
Network
Offline Files
Action on server disconnect
Administratively assigned offline files
Event logging level
Initial reminder balloon lifetime
Non-default server disconnect actions
Prevent use of Offline Files folder
Prohibit 'Make Available Offline' for these file and folders
Prohibit user configuration of Offline Files
Reminder balloon frequency
Reminder balloon lifetime
Remove 'Make Available Offline'
Synchronize all offline files before logging off
Synchronize all offline files when logging on
Synchronize offline files before suspend
Turn off reminder balloons
Windows Connect Now
禁止存取 Windows Connect Now 精靈
網路連線
可以刪除使用者開放遠端存取連線
可以啟用或停用區域網路連線
可以變更所有使用者遠端存取連線的內容
可以重新命名區域網路連線
可以重新命名所有使用者遠端存取連線
在只有有限的連線或無連線能力時關閉通知
所有的使用者都可以重新命名區域連線或遠端存取連線
禁止使用 TCP/IP 進階設定
禁止刪除遠端存取連線
禁止啟用或停用區域網路連線的元件
禁止存取 [進階] 功能表中的 [進階設定]
禁止存取 [進階] 功能表中的遠端存取喜好設定
禁止存取區域網路連線的屬性
禁止存取區域連線的元件屬性
禁止存取新增連線精靈
禁止存取遠端存取連線的元件屬性
禁止建立及中斷遠端存取連線
禁止新增及移除區域網路或遠端存取連線的元件
禁止檢視使用中連線的狀態
禁止變更私人遠端存取連線的屬性
禁止重新命名私人遠端存取連線
系統管理員可以進行 Windows 2000 網路連線設定
Shared Folders
允許發佈共用資料夾
允許發佈分散式檔案系統根目錄
Start Menu and Taskbar
Add "Run in Separate Memory Space" check box to Run dialog box
Add Logoff to the Start Menu
Add Search Internet link to Start Menu
Add the Run command to the Start Menu
Change Start Menu power button
Clear history of recently opened documents on exit
Clear the recent programs list for new users
Do not allow pinning items in Jump Lists
Do not allow pinning programs to the Taskbar
Do not display any custom toolbars in the taskbar
Do not display or track items in Jump Lists from remote locations
Do not keep history of recently opened documents
Do not search communications
Do not search for files
Do not search Internet
Do not search programs and Control Panel items
Do not use the search-based method when resolving shell shortcuts
Do not use the tracking-based method when resolving shell shortcuts
Force classic Start Menu
Gray unavailable Windows Installer programs Start Menu shortcuts
Hide the notification area
Lock all taskbar settings
Lock the Taskbar
Prevent changes to Taskbar and Start Menu Settings
Prevent grouping of taskbar items
Prevent users from adding or removing toolbars
Prevent users from moving taskbar to another screen dock location
Prevent users from rearranging toolbars
Prevent users from resizing the taskbar
Remove access to the context menus for the taskbar
Remove All Programs list from the Start menu
Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands
Remove Balloon Tips on Start Menu items
Remove Clock from the system notification area
Remove common program groups from Start Menu
Remove Default Programs link from the Start menu.
Remove Documents icon from Start Menu
Remove Downloads link from Start Menu
Remove drag-and-drop and context menus on the Start Menu
Remove Favorites menu from Start Menu
Remove frequent programs list from the Start Menu
Remove Games link from Start Menu
Remove Help menu from Start Menu
Remove Homegroup link from Start Menu
Remove links and access to Windows Update
Remove Logoff on the Start Menu
Remove Music icon from Start Menu
Remove Network Connections from Start Menu
Remove Network icon from Start Menu
Remove Pictures icon from Start Menu
Remove pinned programs from the Taskbar
Remove pinned programs list from the Start Menu
Remove programs on Settings menu
Remove Recent Items menu from Start Menu
Remove Recorded TV link from Start Menu
Remove Run menu from Start Menu
Remove Search Computer link
Remove Search link from Start Menu
Remove See More Results / Search Everywhere link
Remove the "Undock PC" button from the Start Menu
Remove the Action Center icon
Remove the battery meter
Remove the networking icon
Remove the volume control icon
Remove user's folders from the Start Menu
Remove user folder link from Start Menu
Remove user name from Start Menu
Remove Videos link from Start Menu
Show QuickLaunch on Taskbar
Turn off all balloon notifications
Turn off automatic promotion of notification icons to the taskbar
Turn off feature advertisement balloon notifications
Turn off notification area cleanup
Turn off personalized menus
Turn off taskbar thumbnails
Turn off user tracking
System
Ctrl+Alt+Del 選項
移除工作管理員
移除登出
移除變更密碼
移除鎖定電腦
Driver Installation
Code signing for device drivers
Configure driver search locations
Turn off Windows Update device driver search prompt
Folder Redirection
Do not automatically make redirected folders available offline
Use localized subfolder names when redirecting Start Menu and My Documents
Group Policy
Create new Group Policy object links disabled by default
Default name for new Group Policy objects
Disallow Interactive Users from generating Resultant Set of Policy data
Enforce Show Policies Only
Group Policy domain controller selection
Group Policy refresh interval for users
Group Policy slow link detection
Turn off automatic update of ADM files
Internet Communication Management
Internet Communication settings
Turn off downloading of print drivers over HTTP
Turn off Internet download for Web publishing and online ordering wizards
Turn off Internet File Association service
Turn off printing over HTTP
Turn off the "Order Prints" picture task
Turn off the "Publish to Web" task for files and folders
Turn off the Windows Messenger Customer Experience Improvement Program
關閉 Windows 線上
關閉個人化手寫資料共用
關閉手寫辨識錯誤報告
關閉說明使用經驗改進計畫
關閉說明分級
Restrict Internet communication
Locale Services
Disallow changing of geographic location
Disallow selection of Custom Locales
Disallow user override of locale settings
Restrict user locales
Logon
Do not process the legacy run list
Do not process the run once list
Run these programs at user logon
Performance Control Panel
Turn off access to the OEM and Microsoft branding section
Turn off access to the performance center core section
Turn off access to the solutions to performance problems section
User Profiles
Connect home directory to root of the share
Exclude directories in roaming profile
Limit profile size
Network directories to sync at Logon/Logoff time only
Windows HotStart
Turn off Windows HotStart
抽取式存放裝置存取權
CD 與 DVD: 拒絕寫入存取權
CD 與 DVD: 拒絕讀取存取權
WPD 裝置: 拒絕寫入存取權
WPD 裝置: 拒絕讀取存取權
所有抽取式儲存裝置類別: 拒絕所有存取
抽取式磁碟: 拒絕寫入存取權
抽取式磁碟: 拒絕讀取存取權
磁帶機: 拒絕寫入存取權
磁帶機: 拒絕讀取存取權
自訂類別: 拒絕寫入存取權
自訂類別: 拒絕讀取存取權
設定強制重新開機的時間 (秒)
軟碟機: 拒絕寫入存取權
軟碟機: 拒絕讀取存取權
指令碼
使用者登入、登出時先執行 Windows PowerShell 指令碼
同步執行登入指令檔
執行登入指令碼時顯示其中的指示
執行登出指令碼時顯示其中的指示
隱藏前版指令碼的執行狀態
電源管理
中止休眠/暫停狀態並恢復執行時必須輸入密碼
Century interpretation for Year 2000
Custom User Interface
Don't display the Getting Started welcome screen at logon
Windows Automatic Updates
下載遺失的 COM 元件
不要執行已指定的 Windows 應用程式
只執行指定的 Windows 應用程式
防止存取命令提示字元
防止存取登錄編輯工具
限制這些程式從說明中啟動
Windows Components
Application Compatibility
Prevent access to 16-bit applications
Turn off Program Compatibility Assistant
Backup
Client
Prevent backing up to local disks
Prevent backing up to network location
Prevent backing up to optical media (CD/DVD)
Prevent the user from running the Backup Status and Configuration program
Turn off restore functionality
Turn off the ability to back up data files
Turn off the ability to create a system image
Desktop Gadgets
Override the More Gadgets link
Restrict unpacking and installation of gadgets that are not digitally signed.
Turn off desktop gadgets
Turn Off user-installed desktop gadgets
Desktop Window Manager
Window Frame Coloring
Do not allow color changes
Specify a default color
Do not allow desktop composition
Do not allow Flip3D invocation
Do not allow window animations
Internet Explorer
Accelerators
Deploy default Accelerators
Deploy non-default Accelerators
Turn off Accelerators
Use Policy Accelerators
Administrator Approved Controls
Audio/Video Player
Carpoint
DHTML Edit Control
Investor
Menu Controls
Microsoft Agent
Microsoft Chat
Microsoft Scriptlet Component
Microsoft Survey Control
MSNBC
NetShow File Transfer Control
Shockwave Flash
Application Compatibility
Enable cut, copy or paste operations from the clipboard if URLACTION_SCRIPT_PASTE is set to Prompt
All Processes
Internet Explorer Processes
Process List
Browser menus
Disable Context menu
Disable Open in New Window menu option
Disable Save this program to disk option
File menu: Disable closing the browser and Explorer windows
File menu: Disable New menu option
File menu: Disable Open menu option
File menu: Disable Save As... menu option
File menu: Disable Save As Web Page Complete
Help menu: Remove 'For Netscape Users' menu option
Help menu: Remove 'Send Feedback' menu option
Help menu: Remove 'Tip of the Day' menu option
Help menu: Remove 'Tour' menu option
Hide Favorites menu
Tools menu: Disable Internet Options... menu option
Turn off Print Menu
View menu: Disable Full Screen menu option
View menu: Disable Source menu option
Compatibility View
Include updated Web site lists from Microsoft
Turn off Compatibility View button
Turn off Compatibility View
Turn on Internet Explorer 7 Standards Mode
Turn on Internet Explorer Standards Mode for Local Intranet
Use Policy List of Internet Explorer 7 sites
Delete Browsing History
Configure Delete Browsing History on exit
Disable "Configuring History"
Prevent Deleting Cookies
Prevent Deleting Favorites Site Data
Prevent Deleting Form Data
Prevent Deleting InPrivate Filtering data
Prevent Deleting Passwords
Prevent Deleting Temporary Internet Files
Prevent Deleting Web sites that the User has Visited
Prevent the deletion of temporary Internet files and cookies
Turn off "Delete Browsing History" functionality
InPrivate
Disable toolbars and extensions when InPrivate Browsing starts
Do not collect InPrivate Filtering data
InPrivate Filtering Threshold
Turn off InPrivate Browsing
Turn off InPrivate Filtering
Internet Control Panel
Advanced Page
Allow active content from CDs to run on user machines
Allow Install On Demand (except Internet Explorer)
Allow Install On Demand (Internet Explorer)
Allow software to run or install even if the signature is invalid
Allow third-party browser extensions
Automatically check for Internet Explorer updates
Check for server certificate revocation
Check for signatures on downloaded programs
Do not allow resetting Internet Explorer settings
Do not save encrypted pages to disk
Empty Temporary Internet Files folder when browser is closed
Play animations in web pages
Play sounds in web pages
Play videos in web pages
Turn off ClearType
Turn off Encryption Support
Turn off Profile Assistant
Turn on Caret Browsing support
Use HTTP 1.1 through proxy connections
Use HTTP 1.1
Security Page
Internet Zone
Access data sources across domains
Allow active content over restricted protocols to access my computer
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow META REFRESH
Allow OpenSearch queries in Windows Explorer
Allow previewing and custom thumbnails of OpenSearch query results in Windows Explorer
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer web browser control
Allow Scriptlets
Allow status bar updates via script
Allow video and animation on a Web page that uses a legacy media player
Allow websites to open windows without address or status bars
Allow websites to prompt for information using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Disable .NET Framework Setup
Display mixed content
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Include local directory path when uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Launching programs and unsafe files
Logon options
Loose XAML files
Navigate windows and frames across different domains
Only allow approved domains to use ActiveX controls without prompt
Open files based on content, not file extension
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Software channel permissions
Submit non-encrypted form data
Turn Off First-Run Opt-In
Turn on Cross-Site Scripting (XSS) Filter
Turn on Protected Mode
Use Pop-up Blocker
Userdata persistence
Use SmartScreen Filter
Web sites in less privileged Web content zones can navigate into this zone
XAML browser applications
XPS documents
Intranet Zone
Access data sources across domains
Allow active content over restricted protocols to access my computer
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow META REFRESH
Allow OpenSearch queries in Windows Explorer
Allow previewing and custom thumbnails of OpenSearch query results in Windows Explorer
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer web browser control
Allow Scriptlets
Allow status bar updates via script
Allow video and animation on a Web page that uses a legacy media player
Allow websites to open windows without address or status bars
Allow websites to prompt for information using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Disable .NET Framework Setup
Display mixed content
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Include local directory path when uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Launching programs and unsafe files
Logon options
Loose XAML files
Navigate windows and frames across different domains
Only allow approved domains to use ActiveX controls without prompt
Open files based on content, not file extension
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Software channel permissions
Submit non-encrypted form data
Turn Off First-Run Opt-In
Turn on Cross-Site Scripting (XSS) Filter
Turn on Protected Mode
Use Pop-up Blocker
Userdata persistence
Use SmartScreen Filter
Web sites in less privileged Web content zones can navigate into this zone
XAML browser applications
XPS documents
Local Machine Zone
Access data sources across domains
Allow active content over restricted protocols to access my computer
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow META REFRESH
Allow OpenSearch queries in Windows Explorer
Allow previewing and custom thumbnails of OpenSearch query results in Windows Explorer
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer web browser control
Allow Scriptlets
Allow status bar updates via script
Allow video and animation on a Web page that uses a legacy media player
Allow websites to open windows without address or status bars
Allow websites to prompt for information using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Disable .NET Framework Setup
Display mixed content
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Include local directory path when uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Launching programs and unsafe files
Logon options
Loose XAML files
Navigate windows and frames across different domains
Only allow approved domains to use ActiveX controls without prompt
Open files based on content, not file extension
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Software channel permissions
Submit non-encrypted form data
Turn Off First-Run Opt-In
Turn on Cross-Site Scripting (XSS) Filter
Turn on Protected Mode
Use Pop-up Blocker
Userdata persistence
Use SmartScreen Filter
Web sites in less privileged Web content zones can navigate into this zone
XAML browser applications
XPS documents
Locked-Down Internet Zone
Access data sources across domains
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow META REFRESH
Allow OpenSearch queries in Windows Explorer
Allow previewing and custom thumbnails of OpenSearch query results in Windows Explorer
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer web browser control
Allow Scriptlets
Allow status bar updates via script
Allow video and animation on a Web page that uses a legacy media player
Allow websites to open windows without address or status bars
Allow websites to prompt for information using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Disable .NET Framework Setup
Display mixed content
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Include local directory path when uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Launching programs and unsafe files
Logon options
Loose XAML files
Navigate windows and frames across different domains
Only allow approved domains to use ActiveX controls without prompt
Open files based on content, not file extension
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Software channel permissions
Submit non-encrypted form data
Turn Off First-Run Opt-In
Turn on Cross-Site Scripting (XSS) Filter
Turn on Protected Mode
Use Pop-up Blocker
Userdata persistence
Use SmartScreen Filter
Web sites in less privileged Web content zones can navigate into this zone
XAML browser applications
XPS documents
Locked-Down Intranet Zone
Access data sources across domains
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow META REFRESH
Allow OpenSearch queries in Windows Explorer
Allow previewing and custom thumbnails of OpenSearch query results in Windows Explorer
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer web browser control
Allow Scriptlets
Allow status bar updates via script
Allow video and animation on a Web page that uses a legacy media player
Allow websites to open windows without address or status bars
Allow websites to prompt for information using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Disable .NET Framework Setup
Display mixed content
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Include local directory path when uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Launching programs and unsafe files
Logon options
Loose XAML files
Navigate windows and frames across different domains
Only allow approved domains to use ActiveX controls without prompt
Open files based on content, not file extension
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Software channel permissions
Submit non-encrypted form data
Turn Off First-Run Opt-In
Turn on Cross-Site Scripting (XSS) Filter
Turn on Protected Mode
Use Pop-up Blocker
Userdata persistence
Use SmartScreen Filter
Web sites in less privileged Web content zones can navigate into this zone
XAML browser applications
XPS documents
Locked-Down Local Machine Zone
Access data sources across domains
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow META REFRESH
Allow OpenSearch queries in Windows Explorer
Allow previewing and custom thumbnails of OpenSearch query results in Windows Explorer
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer web browser control
Allow Scriptlets
Allow status bar updates via script
Allow video and animation on a Web page that uses a legacy media player
Allow websites to open windows without address or status bars
Allow websites to prompt for information using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Disable .NET Framework Setup
Display mixed content
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Include local directory path when uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Launching programs and unsafe files
Logon options
Loose XAML files
Navigate windows and frames across different domains
Only allow approved domains to use ActiveX controls without prompt
Open files based on content, not file extension
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Software channel permissions
Submit non-encrypted form data
Turn Off First-Run Opt-In
Turn on Cross-Site Scripting (XSS) Filter
Turn on Protected Mode
Use Pop-up Blocker
Userdata persistence
Use SmartScreen Filter
Web sites in less privileged Web content zones can navigate into this zone
XAML browser applications
XPS documents
Locked-Down Restricted Sites Zone
Access data sources across domains
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow META REFRESH
Allow OpenSearch queries in Windows Explorer
Allow previewing and custom thumbnails of OpenSearch query results in Windows Explorer
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer web browser control
Allow Scriptlets
Allow status bar updates via script
Allow video and animation on a Web page that uses a legacy media player
Allow websites to open windows without address or status bars
Allow websites to prompt for information using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Disable .NET Framework Setup
Display mixed content
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Include local directory path when uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Launching programs and unsafe files
Logon options
Loose XAML files
Navigate windows and frames across different domains
Only allow approved domains to use ActiveX controls without prompt
Open files based on content, not file extension
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Software channel permissions
Submit non-encrypted form data
Turn Off First-Run Opt-In
Turn on Cross-Site Scripting (XSS) Filter
Turn on Protected Mode
Use Pop-up Blocker
Userdata persistence
Use SmartScreen Filter
Web sites in less privileged Web content zones can navigate into this zone
XAML browser applications
XPS documents
Locked-Down Trusted Sites Zone
Access data sources across domains
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow META REFRESH
Allow OpenSearch queries in Windows Explorer
Allow previewing and custom thumbnails of OpenSearch query results in Windows Explorer
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer web browser control
Allow Scriptlets
Allow status bar updates via script
Allow video and animation on a Web page that uses a legacy media player
Allow websites to open windows without address or status bars
Allow websites to prompt for information using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Disable .NET Framework Setup
Display mixed content
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Include local directory path when uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Launching programs and unsafe files
Logon options
Loose XAML files
Navigate windows and frames across different domains
Only allow approved domains to use ActiveX controls without prompt
Open files based on content, not file extension
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Software channel permissions
Submit non-encrypted form data
Turn Off First-Run Opt-In
Turn on Cross-Site Scripting (XSS) Filter
Turn on Protected Mode
Use Pop-up Blocker
Userdata persistence
Use SmartScreen Filter
Web sites in less privileged Web content zones can navigate into this zone
XAML browser applications
XPS documents
Restricted Sites Zone
Access data sources across domains
Allow active content over restricted protocols to access my computer
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow META REFRESH
Allow OpenSearch queries in Windows Explorer
Allow previewing and custom thumbnails of OpenSearch query results in Windows Explorer
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer web browser control
Allow Scriptlets
Allow status bar updates via script
Allow video and animation on a Web page that uses a legacy media player
Allow websites to open windows without address or status bars
Allow websites to prompt for information using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Disable .NET Framework Setup
Display mixed content
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Include local directory path when uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Launching programs and unsafe files
Logon options
Loose XAML files
Navigate windows and frames across different domains
Only allow approved domains to use ActiveX controls without prompt
Open files based on content, not file extension
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Software channel permissions
Submit non-encrypted form data
Turn Off First-Run Opt-In
Turn on Cross-Site Scripting (XSS) Filter
Turn on Protected Mode
Use Pop-up Blocker
Userdata persistence
Use SmartScreen Filter
Web sites in less privileged Web content zones can navigate into this zone
XAML browser applications
XPS documents
Trusted Sites Zone
Access data sources across domains
Allow active content over restricted protocols to access my computer
Allow active scripting
Allow binary and script behaviors
Allow cut, copy or paste operations from the clipboard via script
Allow drag and drop or copy and paste files
Allow file downloads
Allow font downloads
Allow installation of desktop items
Allow META REFRESH
Allow OpenSearch queries in Windows Explorer
Allow previewing and custom thumbnails of OpenSearch query results in Windows Explorer
Allow script-initiated windows without size or position constraints
Allow scripting of Internet Explorer web browser control
Allow Scriptlets
Allow status bar updates via script
Allow video and animation on a Web page that uses a legacy media player
Allow websites to open windows without address or status bars
Allow websites to prompt for information using scripted windows
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Disable .NET Framework Setup
Display mixed content
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Download signed ActiveX controls
Download unsigned ActiveX controls
Include local directory path when uploading files to a server
Initialize and script ActiveX controls not marked as safe
Java permissions
Launching applications and files in an IFRAME
Launching programs and unsafe files
Logon options
Loose XAML files
Navigate windows and frames across different domains
Only allow approved domains to use ActiveX controls without prompt
Open files based on content, not file extension
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Scripting of Java applets
Software channel permissions
Submit non-encrypted form data
Turn Off First-Run Opt-In
Turn on Cross-Site Scripting (XSS) Filter
Turn on Protected Mode
Use Pop-up Blocker
Userdata persistence
Use SmartScreen Filter
Web sites in less privileged Web content zones can navigate into this zone
XAML browser applications
XPS documents
Internet Zone Template
Intranet Sites: Include all local (intranet) sites not listed in other zones
Intranet Sites: Include all network paths (UNCs)
Intranet Sites: Include all sites that bypass the proxy server
Intranet Zone Template
Local Machine Zone Template
Locked-Down Internet Zone Template
Locked-Down Intranet Zone Template
Locked-Down Local Machine Zone Template
Locked-Down Restricted Sites Zone Template
Locked-Down Trusted Sites Zone Template
Restricted Sites Zone Template
Site to Zone Assignment List
Trusted Sites Zone Template
Turn on automatic detection of the intranet
Turn on Information bar notification for intranet content
Turn on Warn about Certificate Address Mismatch
Disable the Advanced page
Disable the Connections page
Disable the Content page
Disable the General page
Disable the Privacy page
Disable the Programs page
Disable the Security page
Prevent ignoring certificate errors
Send internationalized domain names
Use UTF-8 for mailto links
Internet Settings
Advanced settings
Browsing
Turn off configuring underline links
Turn off friendly http error messages
Turn off page transitions
Turn off smooth scrolling
Turn on script debugging
Turn on the display of a notification about every script error
Internet Connection Wizard Settings
Turn on the Internet Connection Wizard Auto Detect
Multimedia
Allow the display of image download placeholders
Turn off automatic image resizing
Turn off picture display
Turn off smart image dithering
Printing
Allow the printing of background colors and images
Searching
Prevent configuration of search from the Address bar
Signup Settings
Turn on Automatic Signup
AutoComplete
Turn off inline AutoComplete in Windows Explorer
Turn off Windows Search AutoComplete
Turn on inline AutoComplete for Web addresses
Display settings
General Colors
Prevent the use of Windows colors
Prevent users from configuring background color
Prevent users from configuring text color
Link Colors
Prevent users from configuring the color of links that have already been clicked
Prevent users from configuring the color of links that have not yet been clicked
Prevent users from configuring the hover color
Turn on the hover color option
Prevent users from choosing default text size
URL Encoding
Turn off sending URLs as UTF-8 (requires restart)
Offline Pages
Disable adding channels
Disable adding schedules for offline pages
Disable all scheduled offline pages
Disable channel user interface completely
Disable downloading of site subscription content
Disable editing and creating of schedule groups
Disable editing schedules for offline pages
Disable offline page hit logging
Disable removing channels
Disable removing schedules for offline pages
Subscription Limits
Persistence Behavior
File size limits for Internet zone
File size limits for Intranet zone
File size limits for Local Machine zone
File size limits for Restricted Sites zone
File size limits for Trusted Sites zone
Security Features
Add-on Management
Add-on List
All Processes
Deny all add-ons unless specifically allowed in the Add-on List
Process List
AJAX
Enable Native XMLHttpRequest Support
Maximum number of connections per server (HTTP 1.0)
Maximum number of connections per server (HTTP 1.1)
Turn off Cross Document Messaging
Turn off the XDomainRequest Object
Binary Behavior Security Restriction
Admin-approved behaviors
All Processes
Install binaries signed by MD2 and MD4 signing technologies
Internet Explorer Processes
Process List
Consistent Mime Handling
All Processes
Internet Explorer Processes
Process List
Information Bar
All Processes
Internet Explorer Processes
Process List
Local Machine Zone Lockdown Security
All Processes
Internet Explorer Processes
Process List
Mime Sniffing Safety Feature
All Processes
Internet Explorer Processes
Process List
MK Protocol Security Restriction
All Processes
Internet Explorer Processes
Process List
Network Protocol Lockdown
Restricted Protocols Per Security Zone
Internet Zone Restricted Protocols
Intranet Zone Restricted Protocols
Local Machine Zone Restricted Protocols
Restricted Sites Zone Restricted Protocols
Trusted Sites Zone Restricted Protocols
All Processes
Internet Explorer Processes
Process List
Object Caching Protection
All Processes
Internet Explorer Processes
Process List
Protection From Zone Elevation
All Processes
Internet Explorer Processes
Process List
Restrict ActiveX Install
All Processes
Internet Explorer Processes
Process List
Restrict File Download
All Processes
Internet Explorer Processes
Process List
Scripted Window Security Restrictions
All Processes
Internet Explorer Processes
Process List
Turn off Data URI Support
Toolbars
Auto-hide the Toolbars
Configure Toolbar Buttons
Customize Command Labels
Disable customizing browser toolbar buttons
Disable customizing browser toolbars
Hide the Command Bar
Hide the Status Bar
Lock all Toolbars
Set location of Stop and Refresh buttons
Turn off Developer Tools
Turn off toolbar upgrade tool
Use large Icons for Command Buttons
Add a specific list of search providers to the user's search provider list
Configure Media Explorer Bar
Configure new tab page default behavior
Configure Outlook Express
Customize User Agent String
Disable AutoComplete for forms
Disable caching of Auto-Proxy scripts
Disable changing accessibility settings
Disable changing Advanced page settings
Disable changing Automatic Configuration settings
Disable changing Calendar and Contact settings
Disable changing certificate settings
Disable changing color settings
Disable changing connection settings
Disable changing default browser check
Disable changing font settings
Disable changing home page settings
Disable changing language settings
Disable changing link color settings
Disable changing Messaging settings
Disable changing Profile Assistant settings
Disable changing proxy settings
Disable changing ratings settings
Disable changing secondary home page settings
Disable changing Temporary Internet files settings
Disable external branding of Internet Explorer
Disable Import/Export Settings wizard
Disable Internet Connection wizard
Disable Per-User Installation of ActiveX Controls
Disable the Reset Web Settings feature
Display error message on proxy script download failure
Do not allow users to enable or disable add-ons
Enforce Full Screen Mode
Identity Manager: Prevent users from using Identities
Moving the menu bar above the navigation bar
Only use the ActiveX Installer Service for installation of ActiveX Controls
Pop-up allow list
Prevent "Fix settings" functionality
Prevent Bypassing SmartScreen Filter Warnings
Prevent Internet Explorer Search box from displaying
Prevent participation in the Customer Experience Improvement Program
Prevent performance of First Run Customize settings
Restrict changing the default search provider
Restrict search providers to a specific list of providers
Search: Disable Find Files via F3 within the browser
Search: Disable Search Customization
Set tab process growth
Turn off ActiveX opt-in prompt
Turn off Automatic Crash Recovery Prompt
Turn off configuration of default behavior of new tab creation
Turn off configuration of tabbed browsing pop-up behavior
Turn off configuration of window reuse
Turn off Crash Detection
Turn off displaying the Internet Explorer Help Menu
Turn off Favorites bar
Turn off Managing Phishing filter
Turn off Managing Pop-up Allow list
Turn off managing Pop-up filter level
Turn off Managing SmartScreen Filter
Turn off page zooming functionality
Turn off pop-up management
Turn off Quick Tabs functionality
Turn off Reopen Last Browsing Session
Turn off suggestions for all user-installed providers
Turn off tabbed browsing
Turn off Tab Grouping
Turn off the activation of the quick pick menu
Turn off the auto-complete feature for web addresses
Turn off the Security Settings Check feature
Turn on Compatibility Logging
Turn on menu bar by default
Turn on Suggested Sites
Turn on the auto-complete feature for user names and passwords on forms
Use Automatic Detection for dial-up connections
Microsoft Management Console
限制的/許可的嵌入式管理單元
延伸嵌入式管理單元
AppleTalk 路由
DCOM 設定延伸
DFS 管理延伸
DHCP 轉接管理
IAS 記錄
IGMP 路由
IPX RIP 路由
IPX SAP 路由
IPX 路由
IP 路由
OSPF 路由
RAS 撥入 - 使用者節點
RIP 路由
SAN 存放管理員延伸
SMTP 通訊協定
SNMP
事件檢視器 (Windows Vista)
事件檢視器
傳送主控台訊息
公開金鑰原則
共用與存放管理延伸
共用資料夾延伸
延伸檢視 (網頁檢視)
憑證授權單位原則設定
抽取式存放裝置
授權管理員
服務依存性
檔案伺服器資源管理員延伸
磁碟管理延伸
系統內容
裝置管理員
路由
連線共用 (NAT)
遠端存取
邏輯和對應磁碟機
群組原則
原則結果組嵌入式管理單元延伸
Internet Explorer 維護
安全性設定
指令碼 (啟動/關機)
指令碼 (登入/登出)
系統管理範本 (使用者)
系統管理範本 (電腦)
資料夾重新導向
軟體安裝 (使用者)
軟體安裝 (電腦)
喜好設定嵌入式管理單元延伸
允許使用 Ini 檔案喜好設定延伸
允許使用 [喜好設定] 索引標籤
允許使用印表機喜好設定延伸
允許使用地區選項喜好設定延伸
允許使用應用程式喜好設定延伸
允許使用應用程式嵌入式管理單元
允許使用捷徑喜好設定延伸
允許使用排定的工作喜好設定延伸
允許使用控制台設定 (使用者)
允許使用控制台設定 (電腦)
允許使用服務喜好設定延伸
允許使用本機使用者和群組喜好設定延伸
允許使用檔案喜好設定延伸
允許使用環境喜好設定延伸
允許使用登錄喜好設定延伸
允許使用磁碟機對應喜好設定延伸
允許使用網路共用喜好設定延伸
允許使用網路選項喜好設定延伸
允許使用網際網路設定喜好設定延伸
允許使用裝置喜好設定延伸
允許使用資料來源喜好設定延伸
允許使用資料夾喜好設定延伸
允許使用資料夾選項喜好設定延伸
允許使用開始功能表喜好設定延伸
允許使用電源選項喜好設定延伸
群組原則嵌入式管理單元延伸
Internet Explorer 維護
IP 安全性原則管理
NAP 用戶端設定
具有進階安全性的 Windows 防火牆
安全性設定
指令碼 (啟動/關機)
指令碼 (登入/登出)
有線網路 (IEEE 802.3) 原則
無線網路 (IEEE 802.11) 原則
系統管理範本 (使用者)
系統管理範本 (電腦)
資料夾重新導向
軟體安裝 (使用者)
軟體安裝 (電腦)
遠端安裝服務
Active Directory 工具的群組原則索引標籤
原則結果組嵌入式管理單元
群組原則入門 GPO 編輯器
群組原則物件編輯器
群組原則管理
群組原則管理編輯器
.Net Framework 組態
Active Directory 使用者和電腦
Active Directory 站台及服務
Active Directory 網域及信任
ActiveX 控制項
ADSI 編輯
DFS 管理
Enterprise PKI
FrontPage 伺服器延伸
IP 安全性原則管理
IP 安全性監視器
NAP 用戶端設定
QoS 許可控制
SAN 存放管理員
TPM 管理
WMI 控制
事件檢視器 (Windows Vista)
事件檢視器
伺服器管理員
健康情況登錄授權單位 (HRA)
傳真服務
元件服務
共用與存放管理
共用資料夾
具有進階安全性的 Windows 防火牆
分散式檔案系統
安全性範本
安全性設定及分析
容錯移轉叢集管理員
憑證
憑證授權單位
憑證範本
抽取式存放裝置管理
效能記錄及警示
服務
本機使用者和群組
檔案伺服器資源管理員
無線監視器
磁碟管理
磁碟重組工具
系統資訊
索引服務
網址連結
網路原則伺服器 (NPS)
網際網路資訊服務
網際網路驗證服務 (IAS)
線上回應
裝置管理員
路由及遠端存取
遠端桌面
遠端桌面服務設定
電腦管理
電話語音
限制使用者只能使用明確許可的嵌入式管理單元清單
限制使用者進入作者模式
NetMeeting
[選項] 畫面
停用 [進階呼叫] 按鈕
隱藏 [一般] 畫面
隱藏 [安全性] 畫面
隱藏 [視訊] 畫面
隱藏 [音訊] 畫面
應用程式共用
停用應用程式共用
防止共用
防止共用命令提示字元
防止共用檔案總管視窗
防止應用程式以全彩模式共用
防止控制
防止桌面共用
音訊及視訊
停用全雙工音訊
停用音訊
防止傳送視訊
防止接收視訊
防止變更 DirectSound 音訊設定
限制音訊和視訊的頻寬
停用 NetMeeting 2.x 電子白板
停用目錄服務
停用聊天功能
停用電子白板
允許持續性自動接受呼叫
啟用自動設定
設定內部網路支援網頁
設定呼叫安全性選項
防止傳送檔案
防止接收檔案
防止新增目錄伺服器
防止檢視網站目錄
防止自動接受呼叫
防止變更進行呼叫的方式
限制傳送檔案的大小
Remote Desktop Services
RD Gateway
Enable connection through RD Gateway
Set RD Gateway authentication method
Set RD Gateway server address
Remote Desktop Connection Client
Allow .rdp files from unknown publishers
Allow .rdp files from valid publishers and user's default .rdp settings
Do not allow passwords to be saved
Specify SHA1 thumbprints of certificates representing trusted .rdp publishers
Remote Desktop Session Host
Connections
Set rules for remote control of Remote Desktop Services user sessions
Device and Resource Redirection
Allow time zone redirection
Do not allow clipboard redirection
Printer Redirection
Redirect only the default client printer
Use Remote Desktop Easy Print printer driver first
Remote Session Environment
Always show desktop on connection
Remove remote desktop wallpaper
Start a program on connection
Session Time Limits
Set time limit for active but idle Remote Desktop Services sessions
Set time limit for active Remote Desktop Services sessions
Set time limit for disconnected sessions
Set time limit for logoff of RemoteApp sessions
Terminate session when time limits are reached
RSS Feeds
Turn off addition and removal of feeds and Web Slices
Turn off background sync for feeds and Web Slices
Turn off downloading of enclosures
Turn off feed and Web Slices discovery
Turn off the feed list
Turn on Basic feed authentication over HTTP
Tablet PC
Handwriting personalization
Turn off automatic learning
Input Panel
Disable text prediction
For tablet pen input, don't show the Input Panel icon
For touch input, don't show the Input Panel icon
Include rarely used Chinese, Kanji, or Hanja characters
Prevent Input Panel tab from appearing
Switch to the Simplified Chinese (PRC) gestures
Turn off AutoComplete integration with Input Panel
Turn off password security in Input Panel
Turn off tolerant and Z-shaped scratch-out gestures
Tablet PC 畫筆訓練
關閉 Tablet PC 畫筆訓練
敏銳筆觸學習
防止筆觸學習模式
游標
關閉畫筆回饋
畫筆 UX 行為
防止筆觸
硬體按鈕
關閉硬體按鈕
防止 Back-ESC 對應
防止啟動應用程式
防止按住不放
觸控輸入
關閉 Tablet PC 觸控輸入
關閉觸控平移
附屬應用程式
不允許列印到筆記本便箋書寫器
不允許執行 Windows 筆記本
不允許執行剪取工具
不允許執行筆跡球
Windows Error Reporting
Advanced Error Reporting Settings
Configure Report Archive
Configure Report Queue
List of applications to be excluded
Consent
Configure Default consent
Customize consent settings
Ignore custom consent settings
Disable Logging
Disable Windows Error Reporting
Do not send additional data
Windows Explorer
Common Open File Dialog
Hide the common dialog back button
Hide the common dialog places bar
Hide the dropdown list of recent files
Items displayed in Places Bar
Explorer Frame Pane
Turn off Details Pane
Turn off Preview Pane
Previous Versions
Hide previous versions list for local files
Hide previous versions list for remote files
Hide previous versions of files on backup location
Prevent restoring local previous versions
Prevent restoring previous versions from backups
Prevent restoring remote previous versions
Allow only per user or approved shell extensions
Disable binding directly to IPropertySetStorage without intermediate layers.
Disable Known Folders
Display confirmation dialog when deleting files
Do not move deleted files to the Recycle Bin
Do not request alternate credentials
Do not track Shell shortcuts during roaming
Hides the Manage item on the Windows Explorer context menu
Hide these specified drives in My Computer
Maximum allowed Recycle Bin size
Maximum number of recent documents
No Computers Near Me in Network Locations
No Entire Network in Network Locations
Pin Internet search sites to the "Search again" links and the Start menu
Pin Libraries or Search Connectors to the "Search again" links and the Start menu
Prevent access to drives from My Computer
Remove "Map Network Drive" and "Disconnect Network Drive"
Remove CD Burning features
Remove DFS tab
Remove File menu from Windows Explorer
Remove Hardware tab
Remove Search button from Windows Explorer
Remove Security tab
Remove Shared Documents from My Computer
Removes the Folder Options menu item from the Tools menu
Remove the Search the Internet "Search again" link
Remove UI to change keyboard navigation indicator setting
Remove UI to change menu animation setting
Remove Windows Explorer's default context menu
Request credentials for network installations
Turn off caching of thumbnail pictures
Turn off display of recent search entries in the Windows Explorer search box
Turn off numerical sorting in Windows Explorer
Turn off shell protocol protected mode
Turn off the display of snippets in Content view mode
Turn off Windows+X hotkeys
Turn off Windows Libraries features that rely on indexed file data
Turn on Classic Shell
使用者登入時不要顯示 [歡迎中心]
關閉一般控制項與視窗動畫
關閉在隱藏的 thumbs.db 檔案中快取縮圖
關閉網路資料夾上的縮圖顯示,僅顯示圖示
關閉縮圖顯示,僅顯示圖示。
防止使用者新增檔案至其 [使用者檔案] 資料夾的根目錄中。
顯示 [檔案總管] 中的功能表列
Windows Installer
Always install with elevated privileges
Prevent removable media source for any install
Prohibit rollback
Search order
Windows Logon Options
Remove logon hours expiration warnings
Report when logon server was not available during user logon
Set action to take when logon hours expire
Windows Media Center
不允許執行 Windows Media Center
Windows Media Player
使用者介面
設定並鎖定面板
請勿顯示錨定
隱藏 [安全性] 索引標籤
隱藏 [隱私權] 索引標籤
播放
允許使用螢幕保護裝置
防止轉碼器下載
網路功能
串流處理媒體通訊協定
設定 HTTP Proxy
設定 MMS Proxy
設定 RTSP Proxy
設定網路緩衝處理
隱藏 [網路] 索引標籤
防止擷取 CD 和 DVD 媒體資訊
防止擷取音樂檔媒體資訊
防止擷取預設的廣播電台
Windows Messenger
不允許執行 Windows Messenger
不要一開始就自動啟動 Windows Messenger
Windows SideShow
Delete data from devices running Microsoft firmware when a user logs off from the computer.
Require a PIN to access data on devices running Microsoft firmware
Turn off automatic wake
Turn off Windows SideShow
Windows Update
Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box
Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box
Remove access to use all Windows Update features
Windows 色彩系統
禁止安裝或解除安裝色彩設定檔
Windows 行事曆
關閉 Windows 行事曆
Windows 行動中心
關閉 Windows 行動中心
Windows 郵件
關閉 Windows 郵件應用程式
關閉社群功能
定位和感應器
關閉位置指令碼
關閉定位
關閉感應器
工作排程器
禁止工作刪除
禁止建立新工作
禁止拖放功能
禁止瀏覽
防止工作執行或結束
隱藏內容頁
隱藏新增排程工作精靈中的進階內容核取方塊
搜尋
防止從控制台新增 UNC 位置到索引
防止為特定路徑編製索引
防止自訂控制台中的已索引位置
預設的已排除路徑
預設的已索引路徑
數位購物服務區
不允許執行數位購物服務區
新增功能到 Windows 8.1
防止精靈執行。
立即搜尋
自訂立即搜尋網際網路搜尋提供者
簡報設定
關閉 Windows 簡報設定
網路共用
防止使用者共用其設定檔內的檔案。
網路投影機
關閉連線到網路投影機
自動播放原則
不允許非磁碟區裝置的自動播放
設定 AutoRun 的預設行為
關閉自動播放
防止自動播放記住使用者的選擇。
錄音機
不允許執行錄音機
附件管理員
不要保留檔案附件的區域資訊
中度風險檔案類型的包含清單
低度風險檔案類型的包含清單
檔案附件的信任邏輯
檔案附件的預設風險層級
開啟附件時通知防毒程式
隱藏移除區域資訊的機制
高度風險檔案類型的包含清單
×
Search in Group Policy Administrative Templates