Computer step by step
 Make your Pc better
Computer Configuration
                Administrative Templates
Back
Administrative Templates

Control Panel  

Regional and Language Options  



User Accounts


Network  

Background Intelligent Transfer Service (BITS)  

















BranchCache  






DNS Client

















Lanman Server  


Link-Layer Topology Discovery  



Microsoft Peer-to-Peer Networking Services  

Peer Name Resolution Protocol  

Global Clouds  





Link-Local Clouds  





Site-Local Clouds







Network Connections  

Windows Firewall  

Domain Profile  






Windows Firewall: Allow ICMP exceptions

Windows Firewall: Allow logging

Windows Firewall: Prohibit notifications

Windows Firewall: Allow local port exceptions

Windows Firewall: Define inbound port exceptions

Windows Firewall: Allow inbound remote administration
exception

Windows Firewall: Allow inbound Remote Desktop exceptions

Windows Firewall: Prohibit unicast response to multicast or
broadcast requests

Windows Firewall: Allow inbound UPnP framework exceptions

Standard Profile  

Windows Firewall: Allow local program exceptions

Windows Firewall: Define inbound program exceptions

Windows Firewall: Protect all network connections

Windows Firewall: Do not allow exceptions

Windows Firewall: Allow inbound file and printer sharing
exception

Windows Firewall: Allow ICMP exceptions

Windows Firewall: Allow logging

Windows Firewall: Prohibit notifications

Windows Firewall: Allow local port exceptions

Windows Firewall: Define inbound port exceptions

Windows Firewall: Allow inbound remote administration
exception

Windows Firewall: Allow inbound Remote Desktop exceptions

Windows Firewall: Prohibit unicast response to multicast or
broadcast requests

Windows Firewall: Allow inbound UPnP framework exceptions

Windows Firewall: Allow authenticated IPsec bypass

Prohibit installation and configuration of Network Bridge on your DNS domain
network

Do not show the "local access only" network icon

Route all traffic through the internal network

Prohibit use of Internet Connection Firewall on your DNS domain network

Prohibit use of Internet Connection Sharing on your DNS domain network

Require domain users to elevate when setting a network's location

Network Connectivity Status Indicator  

Corporate DNS Probe Host Address

Corporate DNS Probe Host Name

Corporate Site Prefix List

Corporate Website Probe URL

Domain Location Determination URL

Offline Files  

Subfolders always available offline

Administratively assigned offline files

Configure Background Sync

Limit disk space used by offline files

Non-default server disconnect actions

Default cache size

Allow or Disallow use of the Offline Files feature

Encrypt the Offline Files cache

Event logging level

Exclude files from being cached

Files not cached

Action on server disconnect

Prevent use of Offline Files folder

Prohibit user configuration of Offline Files

Remove 'Make Available Offline'

Prohibit 'Make Available Offline' for these file and folders

Turn off reminder balloons

Enable Transparent Caching

At logoff, delete local copy of user’s offline files

Turn on economical application of administratively assigned Offline Files

Reminder balloon frequency

Initial reminder balloon lifetime

Reminder balloon lifetime

Configure slow-link mode

Configure Slow link speed

Synchronize all offline files before logging off

Synchronize all offline files when logging on

Synchronize offline files before suspend

QoS Packet Scheduler  

DSCP value of conforming packets  

Best effort service type

Controlled load service type

Guaranteed service type

Network control service type

Qualitative service type

DSCP value of non-conforming packets  

Best effort service type

Controlled load service type

Guaranteed service type

Network control service type

Qualitative service type

Layer-2 priority value  

Best effort service type

Controlled load service type

Guaranteed service type

Network control service type

Non-conforming packets

Qualitative service type

Limit outstanding packets Not configured No

Limit reservable bandwidth Not configured No

Set timer resolution Not configured No

SNMP  

Communities

Permitted Managers

Traps for public community

SSL Configuration Settings  

SSL Cipher Suite Order

TCPIP Settings  

IPv6 Transition Technologies  

6to4 Relay Name

6to4 Relay Name Resolution Interval

6to4 State

IP-HTTPS State

ISATAP Router Name

ISATAP State

Teredo Client Port

Teredo Default Qualified

Teredo Refresh Rate

Teredo Server Name

Teredo State

Parameters

Set IP Stateless Autoconfiguration Limits State

Windows Scaling Heuristics State

Windows Connect Now  

Prohibit Access of the Windows Connect Now wizards

Configuration of wireless settings using Windows Connect Now

Sets how often a DFS Client discovers DC's

Printers  

Web-based printing

Automatically publish new printers in Active Directory

Custom support URL in the Printers folder's left pane

Extend Point and Print connection to search Windows Update

Add Printer wizard - Network scan page (Managed network)

Always render print jobs on the server

Allow pruning of published printers

Disallow installation of printers using kernel-mode drivers

Add Printer wizard - Network scan page (Unmanaged network)

Only use Package Point and print

Package Point and print - Approved servers

Computer location

Pre-populate printer search location text

Point and Print Restrictions

Execute print drivers in isolated processes

Override print driver execution compatibility setting reported by print driver

Printer browsing

Prune printers that are not automatically republished

Directory pruning interval

Directory pruning priority

Directory pruning retry

Log directory pruning retry events

Allow printers to be published

Allow Print Spooler to accept client connections

Check published state

System  

Credentials Delegation  

Allow Delegating Default Credentials with NTLM-only Server Authentication

Allow Delegating Default Credentials

Allow Delegating Fresh Credentials

Allow Delegating Fresh Credentials with NTLM-only Server Authentication

Allow Delegating Saved Credentials

Allow Delegating Saved Credentials with NTLM-only Server Authentication

Deny Delegating Default Credentials

Deny Delegating Fresh Credentials

Deny Delegating Saved Credentials

Device Installation  

Device Installation Restrictions  

Allow administrators to override Device Installation Restriction policies

Allow installation of devices using drivers that match these device
setup classes

Prevent installation of devices using drivers that match these device
setup classes

Display a custom message when installation is prevented by a policy
setting

Display a custom message title when device installation is prevented
by a policy setting

Allow installation of devices that match any of these device IDs

Prevent installation of devices that match any of these device IDs

Time (in seconds) to force reboot when required for policy changes to
take effect

Prevent installation of removable devices

Prevent installation of devices not described by other policy settings

Prioritize all digitally signed drivers equally during the driver ranking and
selection process

Turn off "Found New Hardware" balloons during device installation

Do not send a Windows error report when a generic driver is installed on a
device

Configure device installation time-out

Prevent Windows from sending an error report when a device driver requests
additional software during installation

Prevent creation of a system restore point during device activity that would
normally prompt creation of a restore point

Allow remote access to the Plug and Play interface

Prevent device metadata retrieval from the Internet

Specify search order for device driver source locations

Device Redirection  

Device Redirection Restrictions

Prevent redirection of devices that match any of these device Ids

Prevent redirection of USB devices

Disk NV Cache  

Turn Off Boot and Resume Optimizations

Turn Off Cache Power Mode

Turn Off Non Volatile Cache Feature

Turn Off Solid State Mode

Disk Quotas  

Enable disk quotas

Enforce disk quota limit

Default quota limit and warning level

Log event when quota limit exceeded

Log event when quota warning level exceeded

Apply policy to removable media

Distributed COM  

Application Compatibility Settings

Allow local activation security check exemptions

Define Activation Security Check exemptions

Driver Installation  

Allow non-administrators to install drivers for these device setup classes

Turn off Windows Update device driver search prompt

Enhanced Storage Access  

Allow Enhanced Storage certificate provisioning

Configure list of Enhanced Storage devices usable on your computer

Configure list of IEEE 1667 silos usable on your computer

Do not allow password authentication of Enhanced Storage devices

Do not allow non-Enhanced Storage removable devices

Lock Enhanced Storage when the computer is locked

Allow only USB root hub connected Enhanced Storage devices

Filesystem  

NTFS  

Do not allow compression on all NTFS volumes

Do not allow encryption on all NTFS volumes

Enable NTFS pagefile encryption

Short name creation options

Disable delete notifications on all volumes

Selectively allow the evaluation of a symbolic link

Folder Redirection  

Use localized subfolder names when redirecting Start Menu and My Documents

Group Policy  

Allow Cross-Forest User Policy and Roaming User Profiles

Software Installation policy processing

Disk Quota policy processing

EFS recovery policy processing

Folder Redirection policy processing

Internet Explorer Maintenance policy processing

IP Security policy processing

Registry policy processing

Scripts policy processing

Security policy processing

Wired policy processing

Wireless policy processing

Disallow Interactive Users from generating Resultant Set of Policy data

Turn off background refresh of Group Policy

Turn off Local Group Policy objects processing

Remove users ability to invoke machine policy refresh

Group Policy slow link detection

Group Policy refresh interval for computers

Group Policy refresh interval for domain controllers

Always use local ADM files for Group Policy Object Editor

Turn off Resultant Set of Policy logging

Startup policy processing wait time

User Group Policy loopback processing mode

Internet Communication Management  

Internet Communication settings  

Turn off handwriting recognition error reporting

Turn off Windows Customer Experience Improvement Program

Turn off Automatic Root Certificates Update

Turn off printing over HTTP

Turn off downloading of print drivers over HTTP

Turn off Windows Update device driver searching

Turn off Event Viewer "Events.asp" links

Turn off Help and Support Center "Did you know?" content

Turn off Help and Support Center Microsoft Knowledge Base search

Turn off Internet Connection Wizard if URL connection is referring to
Microsoft.com

Turn off Registration if URL connection is referring to Microsoft.com

Turn off Windows Network Connectivity Status Indicator active tests

Turn off Windows Error Reporting

Turn off access to all Windows Update features

Turn off Search Companion content file updates

Turn off Internet File Association service

Turn off Internet download for Web publishing and online ordering
wizards

Turn off the "Order Prints" picture task

Turn off the "Publish to Web" task for files and folders

Turn off the Windows Messenger Customer Experience Improvement
Program

Turn off handwriting personalization data sharing

Restrict Internet communication

ISCSI  

General iSCSI  

Do not allow changes to initiator iqn name

Do not allow additional session logins

iSCSI Security  

Do not allow changes to initiator CHAP secret

Do not allow connections without IPSec

Do not allow sessions without mutual CHAP

Do not allow sessions without one way CHAP

iSCSI Target Discovery

Do not allow manual configuration of target portals

Do not allow manual configuration of discovered targets

Do not allow manual configuration of iSNS servers

Do not allow adding new targets via manual configuration

Kerberos  

Use forest search order

Define host name-to-Kerberos realm mappings

Define interoperable Kerberos V5 realm settings

Require strict target SPN match on remote procedure calls

Require strict KDC validation

Locale Services  

Disallow selection of Custom Locales

Restrict system locales

Restrict user locales

Disallow changing of geographic location

Disallow user override of locale settings

Logon  

Assign a default domain for logon

Exclude credential providers

Do not process the legacy run list

Do not process the run once list

Turn off Windows Startup Sound

Hide entry points for Fast User Switching

Always use classic logon

Don't display the Getting Started welcome screen at logon

Run these programs at user logon

Always wait for the network at computer startup and logon

Always use custom logon background

Net Logon  

DC Locator DNS Records  

Domain Controller Address Type Returned

Location of the DCs hosting a domain with single label DNS name

Automated Site Coverage by the DC Locator DNS SRV Records

DC Locator DNS records not registered by the DCs

Refresh Interval of the DC Locator DNS Records

TTL Set in the DC Locator DNS Records

Force Rediscovery Interval

Sites Covered by the GC Locator DNS SRV Records

Do not process incoming mailslot messages used for domain controller
location based on NetBIOS domain names

Priority Set in the DC Locator DNS SRV Records

Weight Set in the DC Locator DNS SRV Records

Sites Covered by the Application Directory Partition Locator DNS SRV
Records

Sites Covered by the DC Locator DNS SRV Records

Try Next Closest Site

Dynamic Registration of the DC Locator DNS Records

Allow cryptography algorithms compatible with Windows NT 4.0

Contact PDC on logon failure

Initial DC Discovery Retry Setting for Background Callers

Maximum DC Discovery Retry Interval Setting for Background Callers

Final DC Discovery Retry Setting for Background Callers

Positive Periodic DC Cache Refresh for Background Callers

Log File Debug Output Level

Expected dial-up delay on logon

Maximum Log File Size

Negative DC Discovery Cache Setting

Netlogon share compatibility

Positive Periodic DC Cache Refresh for Non-Background Callers

Scavenge Interval

Site Name

Sysvol share compatibility

Performance Control Panel  

Turn off access to the performance center core section

Turn off access to the solutions to performance problems section

Turn off access to the OEM and Microsoft branding section

Power Management  

Button Settings  

Select the Power Button Action (Plugged In)

Select the Sleep Button Action (Plugged In)

Select the Start Menu Power Button Action (Plugged In)

Select the Lid Switch Action (Plugged In)

Select the Power Button Action (On Battery)

Select the Sleep Button Action (On Battery)

Select the Start Menu Power Button Action (On Battery)

Select the Lid Switch Action (On Battery)

Hard Disk Settings  

Turn Off the Hard Disk (Plugged In)

Turn Off the Hard Disk (On Battery)

Notification Settings  

Critical Battery Notification Action

Low Battery Notification Action

Critical Battery Notification Level

Turn Off Low Battery User Notification

Low Battery Notification Level

Reserve Battery Notification Level

Sleep Settings  

Turn on the Ability for Applications to Prevent Sleep Transitions
(Plugged In)

Specify the System Hibernate Timeout (Plugged In)

Require a Password When a Computer Wakes (Plugged In)

Specify the System Sleep Timeout (Plugged In)

Turn Off Hybrid Sleep (Plugged In)

Allow Standby States (S1-S3) When Sleeping (Plugged In)

Allow Standby States (S1-S3) When Sleeping (On Battery)

Allow Applications to Prevent Automatic Sleep (Plugged In)

Allow Applications to Prevent Automatic Sleep (On Battery)

Allow Automatic Sleep with Open Network Files (Plugged In)

Allow Automatic Sleep with Open Network Files (On Battery)

Turn on the Ability for Applications to Prevent Sleep Transitions
 (On Battery)

Specify the System Hibernate Timeout (On Battery)

Require a Password When a Computer Wakes (On Battery)

Specify the System Sleep Timeout (On Battery)

Turn Off Hybrid Sleep (On Battery)

Specify the Unattended Sleep Timeout (Plugged In)

Specify the Unattended Sleep Timeout (On Battery)

Video and Display Settings  

Specify the Display Dim Brightness (Plugged In)

Specify the Display Dim Brightness (On Battery)

Reduce Display Brightness (Plugged In)

Reduce Display Brightness (On Battery)

Turn On Desktop Background Slideshow (Plugged In)

Turn On Desktop Background Slideshow (On Battery)

Turn Off Adaptive Display Timeout (Plugged In)

Turn Off Adaptive Display Timeout (On Battery)

Turn Off the Display (Plugged In)

Turn Off the Display (On Battery)

Specify a Custom Active Power Plan

Select an Active Power Plan

Recovery  

Allow restore of system to default state

Remote Assistance  

Allow only Vista or later connections

Turn on session logging

Turn on bandwidth optimization

Customize Warning Messages

Solicited Remote Assistance

Offer Remote Assistance

Remote Procedure Call  

RPC Endpoint Mapper Client Authentication

Propagation of extended error information

Ignore Delegation Failure

Minimum Idle Connection Timeout for RPC/HTTP connections

Restrictions for Unauthenticated RPC clients

RPC Troubleshooting State Information

Removable Storage Access  

Time (in seconds) to force reboot

CD and DVD: Deny execute access

CD and DVD: Deny read access

CD and DVD: Deny write access

Custom Classes: Deny read access

Custom Classes: Deny write access

Floppy Drives: Deny execute access

Floppy Drives: Deny read access

Floppy Drives: Deny write access

Removable Disks: Deny execute access

Removable Disks: Deny read access

Removable Disks: Deny write access

All Removable Storage classes: Deny all access

All Removable Storage: Allow direct access in remote sessions

Tape Drives: Deny execute access

Tape Drives: Deny read access

Tape Drives: Deny write access

WPD Devices: Deny read access

WPD Devices: Deny write access

Scripts  

Allow logon scripts when NetBIOS or WINS is disabled

Maximum wait time for Group Policy scripts

Run Windows PowerShell scripts first at computer startup, shutdown

Run logon scripts synchronously

Run shutdown scripts visible

Run startup scripts asynchronously

Run startup scripts visible

Run Windows PowerShell scripts first at user logon, logoff

Shutdown Options  

Turn off automatic termination of applications that block or cancel shutdown

System Restore  

Turn off Configuration

Turn off System Restore

Troubleshooting and Diagnostics  

Application Compatibility Diagnostics  

Notify blocked drivers

Detect application failures caused by deprecated COM objects

Detect application failures caused by deprecated Windows DLLs

Detect application install failures

Detect application installers that need to be run as administrator

Detect applications unable to launch installers under UAC

Corrupted File Recovery  

Configure Corrupted File Recovery Behavior

Disk Diagnostic  

Disk Diagnostic: Configure custom alert text

Disk Diagnostic: Configure execution level

Fault Tolerant Heap  

Configure Scenario Execution Level

Microsoft Support Diagnostic Tool  

Microsoft Support Diagnostic Tool: Turn on MSDT interactive
communication with Support Provider

Microsoft Support Diagnostic Tool: Restrict tool download

Microsoft Support Diagnostic Tool: Configure execution level

MSI Corrupted File Recovery  

Configure MSI Corrupted File Recovery Behavior

Scheduled Maintenance  

Configure Scheduled Maintenance Behavior

Scripted Diagnostics  

Troubleshooting: Allow users to access online troubleshooting content
on Microsoft servers from the Troubleshooting Control Panel (via the
Windows Online Troubleshooting Service - WOTS)

Troubleshooting: Allow users to access and run Troubleshooting
Wizards

Configure Security Policy for Scripted Diagnostics

Windows Boot Performance Diagnostics  

Configure Scenario Execution Level

Windows Memory Leak Diagnosis  

Configure Scenario Execution Level

Windows Performance PerfTrack  

Enable/Disable PerfTrack

Windows Resource Exhaustion Detection and Resolution  

Configure Scenario Execution Level

Windows Shutdown Performance Diagnostics  

Configure Scenario Execution Level

Windows Standby/Resume Performance Diagnostics  

Configure Scenario Execution Level

Windows System Responsiveness Performance Diagnostics  

Configure Scenario Execution Level

Diagnostics: Configure scenario retention

Diagnostics: Configure scenario execution level

Trusted Platform Module Services  

Turn on TPM backup to Active Directory Domain Services

Configure the list of blocked TPM commands

Ignore the default list of blocked TPM commands

Ignore the local list of blocked TPM commands

User Profiles  

Add the Administrators security group to roaming user profiles

Delete user profiles older than a specified number of days on system restart

Do not check for user ownership of Roaming Profile Folders

Delete cached copies of roaming profiles

Do not forcefully unload the users registry at user logoff

Do not detect slow network connections

Prompt user when a slow network connection is detected

Leave Windows Installer and Group Policy Software Installation Data

Only allow local user profiles

Set roaming profile path for all users logging onto this computer

Timeout for dialog boxes

Do not log users on with temporary profiles

Maximum retries to unload and update user profile

Prevent Roaming Profile changes from propagating to the server

Wait for remote user profile

Slow network connection timeout for user profiles

Background upload of a roaming user profile's registry file while user is
logged on

Set maximum wait time for the network if a user has a roaming user profile or
remote home directory

Windows File Protection  

Specify Windows File Protection cache location

Limit Windows File Protection cache size

Set Windows File Protection scanning

Hide the file scan progress window

Windows HotStart  

Turn off Windows HotStart

Windows Time Service  

Time Providers  

Configure Windows NTP Client

Enable Windows NTP Client

Enable Windows NTP Server

Global Configuration Settings

Download missing COM components

Allow Distributed Link Tracking clients to use domain resources

Do not automatically encrypt files moved to encrypted folders

Do not turn off system power after a Windows system shutdown has occurred.

Enable Persistent Time Stamp

Activate Shutdown Event Tracker System State Data feature

Display Shutdown Event Tracker

Turn off Data Execution Prevention for HTML Help Executible

Restrict potentially unsafe HTML Help functions to specified folders

Restrict these programs from being launched from Help

Remove Boot / Shutdown / Logon / Logoff status messages

Verbose vs normal status messages

Specify Windows Service Pack installation file location

Specify Windows installation file location

Windows Components

ActiveX Installer Service  

Approved Installation Sites for ActiveX Controls

ActiveX installation policy for sites in Trusted zones

Application Compatibility  

Prevent access to 16-bit applications

Remove Program Compatibility Property Page

Turn off Application Telemetry

Turn off Application Compatibility Engine

Turn off Program Compatibility Assistant

Turn off Program Inventory

Turn off SwitchBack Compatibility Engine

Turn off Problem Steps Recorder

AutoPlay Policies  

Turn off Autoplay

Don't set the always do this checkbox

Turn off Autoplay for non-volume devices

Default behavior for AutoRun

Backup  

Client  

Prevent the user from running the Backup Status and Configuration
program

Prevent backing up to local disks

Prevent backing up to network location

Prevent backing up to optical media (CD/DVD)

Turn off the ability to back up data files

Turn off restore functionality

Turn off the ability to create a system image

Server

Allow only system backup

Disallow locally attached storage as backup target

Disallow network as backup target

Disallow optical media as backup target

Disallow run-once backups

Biometrics  

Allow the use of biometrics

Allow users to log on using biometrics

Allow domain users to log on using biometrics

Timeout for fast user switching events

BitLocker Drive Encryption  

Fixed Data Drives  

Configure use of smart cards on fixed data drives

Deny write access to fixed drives not protected by BitLocker

Allow access to BitLocker-protected fixed data drives from earlier
versions of Windows

Configure use of passwords for fixed data drives

Choose how BitLocker-protected fixed drives can be recovered

Operating System Drives  

Require additional authentication at startup

Require additional authentication at startup (Windows Server 2008
and Windows Vista)

Allow enhanced PINs for startup

Configure minimum PIN length for startup

Choose how BitLocker-protected operating system drives can be
recovered

Configure TPM platform validation profile

Removable Data Drives  

Control use of BitLocker on removable drives

Configure use of smart cards on removable data drives

Deny write access to removable drives not protected by BitLocker

Allow access to BitLocker-protected removable data drives from earlier
versions of Windows

Configure use of passwords for removable data drives

Choose how BitLocker-protected removable drives can be recovered

Store BitLocker recovery information in Active Directory Domain Services
(Windows Server 2008 and Windows Vista)

Choose default folder for recovery password

Choose how users can recover BitLocker-protected drives (Windows Server
2008 and Windows Vista)

Choose drive encryption method and cipher strength

Provide the unique identifiers for your organization

Prevent memory overwrite on restart

Validate smart card certificate usage rule compliance

Credential User Interface  

Require trusted path for credential entry.

Enumerate administrator accounts on elevation

Desktop Gadgets  

Override the More Gadgets link

Turn off desktop gadgets

Restrict unpacking and installation of gadgets that are not digitally signed.

Turn Off user-installed desktop gadgets

Desktop Window Manager  

Window Frame Coloring  

Specify a default color

Do not allow color changes

Do not allow window animations

Do not allow desktop composition

Do not allow Flip3D invocation

Digital Locker  

Do not allow Digital Locker to run

Event Forwarding  

ForwarderResourceUsage

Configure the server address, refresh interval, and issuer certificate authority
of a target Subscription Manager

Event Log Service  

Application  

Log File Path

Maximum Log Size (KB)

Backup log automatically when full

Log Access

Retain old events

Security  

Log File Path

Maximum Log Size (KB)

Backup log automatically when full

Log Access

Retain old events

Setup  

Turn on logging

Log File Path

Maximum Log Size (KB)

Backup log automatically when full

Log Access

Retain old events

System

Log File Path

Maximum Log Size (KB)

Backup log automatically when full

Log Access

Retain old events

Event Viewer  

Events.asp program

Events.asp program command line parameters

Events.asp URL

Game Explorer  

Turn off downloading of game information

Turn off game updates

Turn off tracking of last play time of games in the Games folder

HomeGroup  

Prevent the computer from joining a homegroup

Internet Explorer  

Accelerators  

Add non-default Accelerators

Add default Accelerators

Turn off Accelerators

Restrict Accelerators to those deployed through Group Policy

Application Compatibility  

Clipboard access

Bypass prompting for Clipboard access for scripts running in any
process

Bypass prompting for Clipboard access for scripts running in the
Internet Explorer process

Define applications and processes that can access the Clipboard
without prompting

Browser menus  

Turn off Print Menu

Compatibility View  

Turn on Internet Explorer 7 Standards Mode

Turn off Compatibility View

Turn on Internet Explorer Standards Mode for local intranet

Turn off Compatibility View button

Include updated website lists from Microsoft

Use Policy List of Internet Explorer 7 sites

Use Policy List of Quirks Mode sites

Corporate Settings  

Code Download

Prevent specifying the code download path for each computer

Delete Browsing History  

Prevent deleting cookies

Prevent deleting download history

Prevent deleting websites that the user has visited

Prevent deleting InPrivate Filtering data

Prevent deleting ActiveX Filtering and Tracking Protection data

Allow deleting browsing history on exit

Prevent deleting temporary Internet files

Prevent deleting favorites site data

Prevent access to Delete Browsing History

Prevent deleting form data

Prevent deleting passwords

Disable "Configuring History"

Prevent the deletion of temporary Internet files and cookies

Internet Control Panel  

Advanced Page  

Always send Do Not Track header

Allow active content from CDs to run on user machines

Check for server certificate revocation

Turn off ClearType

Do not allow ActiveX controls to run in Protected Mode when
Enhanced Protected Mode is enabled

Turn off flip ahead feature

Do not allow resetting Internet Explorer settings

Check for signatures on downloaded programs

Allow third-party browser extensions

Turn on Caret Browsing support

Turn on Enhanced Protected Mode

Use HTTP 1.1

Allow Install On Demand (Internet Explorer)

Allow Install On Demand (except Internet Explorer)

Automatically check for Internet Explorer updates

Allow software to run or install even if the signature is invalid

Play animations in web pages

Play sounds in web pages

Play videos in web pages

Turn off Profile Assistant

Use HTTP 1.1 through proxy connections

Do not save encrypted pages to disk

Turn off encryption support

Empty Temporary Internet Files folder when browser is closed

Content Page  

Show Content Advisor on Internet Options

General Page  

Browsing History  

Allow websites to store application caches on client
computers

Set application caches expiration time limit for individual
domains

Set maximum application cache resource list size

Set maximum application cache individual resource size

Set application cache storage limits for individual
domains

Set maximum application caches storage limit for all
domains

Set default storage limits for websites

Allow websites to store indexed databases on client
computers

Set indexed database storage limits for individual
domains

Set maximum indexed database storage limit for all
domains

Start Internet Explorer with tabs from last browsing session

Security Page  

Internet Zone  

Access data sources across domains

Allow active scripting

Allow META REFRESH

Allow cut, copy or paste operations from the clipboard
via script

Allow binary and script behaviors

Use Pop-up Blocker

Display mixed content

Download signed ActiveX controls

Download unsigned ActiveX controls

Enable dragging of content from different domains
across windows

Enable dragging of content from different domains
within a window

Allow drag and drop or copy and paste files

Allow file downloads

Allow font downloads

Allow installation of desktop items Not configured No

Java permissions

Launching applications and files in an IFRAME

Logon options

Enable MIME Sniffing

Navigate windows and frames across different domains

Allow active content over restricted protocols to access
my computer

Do not prompt for client certificate selection when no
certificates or only one certificate exists.

Automatic prompting for ActiveX controls

Automatic prompting for file downloads

Allow only approved domains to use ActiveX controls
without prompt

Render legacy filters

Run ActiveX controls and plugins

Script ActiveX controls marked safe for scripting

Initialize and script ActiveX controls not marked as safe

Scripting of Java applets

Run .NET Framework-reliant components signed with
Authenticode

Software channel permissions

Submit non-encrypted form data

Turn on Cross-Site Scripting Filter

Run .NET Framework-reliant components not signed
with Authenticode

Userdata persistence

Allow script-initiated windows without size or position
constraints

Web sites in less privileged Web content zones can
navigate into this zone

Allow websites to open windows without status bar or
Address bar

Allow video and animation on a webpage that uses an
older media player

Allow scriptlets

Turn off first-run prompt

Include local path when user is uploading files to a
server

Turn on SmartScreen Filter scan

Allow websites to prompt for information by using
scripted windows

Allow updates to status bar via script

Turn on Protected Mode

Show security warning for potentially unsafe files

Allow loading of XAML Browser Applications

Allow scripting of Internet Explorer WebBrowser controls

Turn off .NET Framework Setup

Allow loading of XAML files

Allow loading of XPS files

Allow previewing and custom thumbnails of OpenSearch
query results in Windows Explorer

Allow OpenSearch queries in Windows Explorer

Intranet Zone  

Access data sources across domains

Allow active scripting

Allow META REFRESH

Allow cut, copy or paste operations from the clipboard
via script

Allow binary and script behaviors

Use Pop-up Blocker

Display mixed content

Download signed ActiveX controls

Download unsigned ActiveX controls

Enable dragging of content from different domains
across windows

Enable dragging of content from different domains
within a window

Allow drag and drop or copy and paste files

Allow file downloads

Allow font downloads

Allow installation of desktop items

Java permissions

Launching applications and files in an IFRAME

Logon options

Enable MIME Sniffing

Navigate windows and frames across different domains

Allow active content over restricted protocols to access
my computer

Do not prompt for client certificate selection when no
certificates or only one certificate exists.

Automatic prompting for ActiveX controls

Automatic prompting for file downloads

Allow only approved domains to use ActiveX controls
without prompt

Render legacy filters

Run ActiveX controls and plugins

Script ActiveX controls marked safe for scripting

Initialize and script ActiveX controls not marked as safe

Scripting of Java applets

Run .NET Framework-reliant components signed with
Authenticode

Software channel permissions

Submit non-encrypted form data

Turn on Cross-Site Scripting Filter

Run .NET Framework-reliant components not signed
with Authenticode

Userdata persistence

Allow script-initiated windows without size or position
constraints

Web sites in less privileged Web content zones can
navigate into this zone

Allow websites to open windows without status bar or
Address bar

Allow video and animation on a webpage that uses an
older media player

Allow scriptlets

Turn off first-run prompt

Include local path when user is uploading files to a
server

Turn on SmartScreen Filter scan

Allow websites to prompt for information by using
scripted windows

Allow updates to status bar via script

Turn on Protected Mode

Show security warning for potentially unsafe files

Allow loading of XAML Browser Applications

Allow scripting of Internet Explorer WebBrowser controls

Turn off .NET Framework Setup

Allow loading of XAML files

Allow loading of XPS files

Allow previewing and custom thumbnails of OpenSearch
query results in Windows Explorer

Allow OpenSearch queries in Windows Explorer

Local Machine Zone  

Access data sources across domains

Allow active scripting

Allow META REFRESH

Allow cut, copy or paste operations from the clipboard
via script

Allow binary and script behaviors

Use Pop-up Blocker

Display mixed content

Download signed ActiveX controls

Download unsigned ActiveX controls

Enable dragging of content from different domains
across windows

Enable dragging of content from different domains
within a window

Allow drag and drop or copy and paste files

Allow file downloads

Allow font downloads

Allow installation of desktop items

Java permissions

Launching applications and files in an IFRAME

Logon options

Enable MIME Sniffing

Navigate windows and frames across different domains

Allow active content over restricted protocols to access
my computer

Do not prompt for client certificate selection when no
certificates or only one certificate exists.

Automatic prompting for ActiveX controls

Automatic prompting for file downloads

Allow only approved domains to use ActiveX controls
without prompt

Render legacy filters

Run ActiveX controls and plugins

Script ActiveX controls marked safe for scripting

Initialize and script ActiveX controls not marked as safe

Scripting of Java applets

Run .NET Framework-reliant components signed with
Authenticode

Software channel permissions

Submit non-encrypted form data

Turn on Cross-Site Scripting Filter

Run .NET Framework-reliant components not signed
with Authenticode

Userdata persistence

Allow script-initiated windows without size or position
constraints

Web sites in less privileged Web content zones can
navigate into this zone

Allow websites to open windows without status bar or
Address bar

Allow video and animation on a webpage that uses an
older media player

Allow scriptlets

Turn off first-run prompt

Include local path when user is uploading files to a server

Turn on SmartScreen Filter scan

Allow websites to prompt for information by using
scripted windows

Allow updates to status bar via script

Turn on Protected Mode

Show security warning for potentially unsafe files

Allow loading of XAML Browser Applications

Allow scripting of Internet Explorer WebBrowser controls

Turn off .NET Framework Setup

Allow loading of XAML files

Allow loading of XPS files

Allow previewing and custom thumbnails of OpenSearch
query results in Windows Explorer

Allow OpenSearch queries in Windows Explorer

Locked-Down Internet Zone  

Access data sources across domains

Allow active scripting

Allow META REFRESH

Allow cut, copy or paste operations from the clipboard
via script

Allow binary and script behaviors

Use Pop-up Blocker

Display mixed content

Download signed ActiveX controls

Download unsigned ActiveX controls

Enable dragging of content from different domains
across windows

Enable dragging of content from different domains
within a window

Allow drag and drop or copy and paste files

Allow file downloads

Allow font downloads

Allow installation of desktop items

Java permissions

Launching applications and files in an IFRAME

Logon options

Enable MIME Sniffing

Navigate windows and frames across different domains

Do not prompt for client certificate selection when no
certificates or only one certificate exists.

Automatic prompting for ActiveX controls

Automatic prompting for file downloads

Allow only approved domains to use ActiveX controls
without prompt

Render legacy filters

Run ActiveX controls and plugins

Script ActiveX controls marked safe for scripting

Initialize and script ActiveX controls not marked as safe

Scripting of Java applets

Run .NET Framework-reliant components signed with
Authenticode

Software channel permissions

Submit non-encrypted form data

Turn on Cross-Site Scripting Filter

Run .NET Framework-reliant components not signed
with Authenticode

Userdata persistence

Allow script-initiated windows without size or position
constraints

Web sites in less privileged Web content zones can
navigate into this zone

Allow websites to open windows without status bar or
Address bar

Allow video and animation on a webpage that uses an
older media player

Allow scriptlets

Turn off first-run prompt

Include local path when user is uploading files to a
server

Turn on SmartScreen Filter scan

Allow websites to prompt for information by using
scripted windows

Allow updates to status bar via script

Turn on Protected Mode

Show security warning for potentially unsafe files

Allow loading of XAML Browser Applications

Allow scripting of Internet Explorer WebBrowser controls

Turn off .NET Framework Setup

Allow loading of XAML files

Allow loading of XPS files

Allow previewing and custom thumbnails of OpenSearch
query results in Windows Explorer

Allow OpenSearch queries in Windows Explorer

Locked-Down Intranet Zone  

Access data sources across domains

Allow active scripting

Allow META REFRESH

Allow cut, copy or paste operations from the clipboard
via script

Allow binary and script behaviors

Use Pop-up Blocker

Display mixed content

Download signed ActiveX controls

Download unsigned ActiveX controls

Enable dragging of content from different domains
across windows

Enable dragging of content from different domains
within a window

Allow drag and drop or copy and paste files

Allow file downloads

Allow font downloads

Allow installation of desktop items

Java permissions

Launching applications and files in an IFRAME

Logon options

Enable MIME Sniffing

Navigate windows and frames across different domains

Do not prompt for client certificate selection when no
certificates or only one certificate exists.

Automatic prompting for ActiveX controls

Automatic prompting for file downloads

Allow only approved domains to use ActiveX controls
without prompt

Render legacy filters

Run ActiveX controls and plugins

Script ActiveX controls marked safe for scripting

Initialize and script ActiveX controls not marked as safe

Scripting of Java applets

Run .NET Framework-reliant components signed with
Authenticode

Software channel permissions

Submit non-encrypted form data

Turn on Cross-Site Scripting Filter

Run .NET Framework-reliant components not signed
with Authenticode

Userdata persistence

Allow script-initiated windows without size or position
constraints

Web sites in less privileged Web content zones can
navigate into this zone

Allow websites to open windows without status bar or
Address bar

Allow video and animation on a webpage that uses an
older media player

Allow scriptlets

Turn off first-run prompt

Include local path when user is uploading files to a
server

Turn on SmartScreen Filter scan

Allow websites to prompt for information by using
scripted windows

Allow updates to status bar via script

Turn on Protected Mode

Show security warning for potentially unsafe files

Allow loading of XAML Browser Applications

Allow scripting of Internet Explorer WebBrowser controls

Turn off .NET Framework Setup

Allow loading of XAML files

Allow loading of XPS files

Allow previewing and custom thumbnails of OpenSearch
query results in Windows Explorer

Allow OpenSearch queries in Windows Explorer

Locked-Down Local Machine Zone  

Access data sources across domains

Allow active scripting

Allow META REFRESH

Allow cut, copy or paste operations from the clipboard
via script

Allow binary and script behaviors

Use Pop-up Blocker

Display mixed content

Download signed ActiveX controls

Download unsigned ActiveX controls

Enable dragging of content from different domains
across windows

Enable dragging of content from different domains
within a window

Allow drag and drop or copy and paste files

Allow file downloads

Allow font downloads

Allow installation of desktop items

Java permissions

Launching applications and files in an IFRAME

Logon options

Enable MIME Sniffing

Navigate windows and frames across different domains

Do not prompt for client certificate selection when no
certificates or only one certificate exists.

Automatic prompting for ActiveX controls

Automatic prompting for file downloads

Allow only approved domains to use ActiveX controls
without prompt

Render legacy filters

Run ActiveX controls and plugins

Script ActiveX controls marked safe for scripting

Initialize and script ActiveX controls not marked as safe

Scripting of Java applets

Run .NET Framework-reliant components signed with
Authenticode

Software channel permissions

Submit non-encrypted form data

Turn on Cross-Site Scripting Filter

Run .NET Framework-reliant components not signed
with Authenticode

Userdata persistence

Allow script-initiated windows without size or position
constraints

Web sites in less privileged Web content zones can
navigate into this zone

Allow websites to open windows without status bar or
Address bar

Allow video and animation on a webpage that uses an
older media player

Allow scriptlets

Turn off first-run prompt

Include local path when user is uploading files to a
server

Turn on SmartScreen Filter scan

Allow websites to prompt for information by using
scripted windows

Allow updates to status bar via script

Turn on Protected Mode

Show security warning for potentially unsafe files

Allow loading of XAML Browser Applications

Allow scripting of Internet Explorer WebBrowser controls

Turn off .NET Framework Setup

Allow loading of XAML files

Allow loading of XPS files

Allow previewing and custom thumbnails of OpenSearch
query results in Windows Explorer

Allow OpenSearch queries in Windows Explorer

Locked-Down Restricted Sites Zone  

Access data sources across domains

Allow active scripting

Allow META REFRESH

Allow cut, copy or paste operations from the clipboard
via script

Allow binary and script behaviors

Use Pop-up Blocker

Display mixed content

Download signed ActiveX controls

Download unsigned ActiveX controls

Enable dragging of content from different domains
across windows

Enable dragging of content from different domains
within a window

Allow drag and drop or copy and paste files

Allow file downloads

Allow font downloads

Allow installation of desktop items

Java permissions

Launching applications and files in an IFRAME

Logon options

Enable MIME Sniffing

Navigate windows and frames across different domains

Do not prompt for client certificate selection when no
certificates or only one certificate exists.

Automatic prompting for ActiveX controls

Automatic prompting for file downloads

Allow only approved domains to use ActiveX controls
without prompt

Render legacy filters

Run ActiveX controls and plugins

Script ActiveX controls marked safe for scripting

Initialize and script ActiveX controls not marked as safe

Scripting of Java applets

Run .NET Framework-reliant components signed with
Authenticode

Software channel permissions

Submit non-encrypted form data

Turn on Cross-Site Scripting Filter

Run .NET Framework-reliant components not signed
with Authenticode

Userdata persistence

Allow script-initiated windows without size or position
constraints

Web sites in less privileged Web content zones can
navigate into this zone

Allow websites to open windows without status bar or
Address bar

Allow video and animation on a webpage that uses an
older media player

Allow scriptlets

Turn off first-run prompt

Include local path when user is uploading files to a
server

Turn on SmartScreen Filter scan

Allow websites to prompt for information by using
scripted windows

Allow updates to status bar via script

Turn on Protected Mode

Show security warning for potentially unsafe files

Allow loading of XAML Browser Applications

Allow scripting of Internet Explorer WebBrowser controls

Turn off .NET Framework Setup

Allow loading of XAML files

Allow loading of XPS files

Allow previewing and custom thumbnails of OpenSearch
query results in Windows Explorer

Allow OpenSearch queries in Windows Explorer

Locked-Down Trusted Sites Zone  

Access data sources across domains

Allow active scripting

Allow META REFRESH

Allow cut, copy or paste operations from the clipboard
via script

Allow binary and script behaviors

Use Pop-up Blocker

Display mixed content

Download signed ActiveX controls

Download unsigned ActiveX controls

Enable dragging of content from different domains
across windows

Enable dragging of content from different domains
within a window

Allow drag and drop or copy and paste files

Allow file downloads

Allow font downloads

Allow installation of desktop items

Java permissions

Launching applications and files in an IFRAME

Logon options

Enable MIME Sniffing

Navigate windows and frames across different domains

Do not prompt for client certificate selection when no
certificates or only one certificate exists.

Automatic prompting for ActiveX controls

Automatic prompting for file downloads

Allow only approved domains to use ActiveX controls
without prompt

Render legacy filters

Run ActiveX controls and plugins

Script ActiveX controls marked safe for scripting

Initialize and script ActiveX controls not marked as safe

Scripting of Java applets

Run .NET Framework-reliant components signed with
Authenticode

Software channel permissions

Submit non-encrypted form data

Turn on Cross-Site Scripting Filter

Run .NET Framework-reliant components not signed
with Authenticode

Userdata persistence

Allow script-initiated windows without size or position
constraints

Web sites in less privileged Web content zones can
navigate into this zone

Allow websites to open windows without status bar or
Address bar

Allow video and animation on a webpage that uses an
older media player

Allow scriptlets

Turn off first-run prompt

Include local path when user is uploading files to a
server

Turn on SmartScreen Filter scan

Allow websites to prompt for information by using
scripted windows

Allow updates to status bar via script

Turn on Protected Mode

Show security warning for potentially unsafe files

Allow loading of XAML Browser Applications

Allow scripting of Internet Explorer WebBrowser controls

Turn off .NET Framework Setup

Allow loading of XAML files

Allow loading of XPS files

Allow previewing and custom thumbnails of OpenSearch
query results in Windows Explorer

Allow OpenSearch queries in Windows Explorer

Restricted Sites Zone  

Access data sources across domains

Allow active scripting

Allow META REFRESH

Allow cut, copy or paste operations from the clipboard
via script

Allow binary and script behaviors

Use Pop-up Blocker

Display mixed content

Download signed ActiveX controls

Download unsigned ActiveX controls

Enable dragging of content from different domains
across windows

Enable dragging of content from different domains
within a window

Allow drag and drop or copy and paste files

Allow file downloads

Allow font downloads

Allow installation of desktop items

Java permissions

Launching applications and files in an IFRAME

Logon options

Enable MIME Sniffing

Navigate windows and frames across different domains

Allow active content over restricted protocols to access
my computer

Do not prompt for client certificate selection when no
certificates or only one certificate exists.

Automatic prompting for ActiveX controls

Automatic prompting for file downloads

Allow only approved domains to use ActiveX controls
without prompt

Render legacy filters

Run ActiveX controls and plugins

Script ActiveX controls marked safe for scripting

Initialize and script ActiveX controls not marked as safe

Scripting of Java applets

Run .NET Framework-reliant components signed with
Authenticode

Software channel permissions

Submit non-encrypted form data

Turn on Cross-Site Scripting Filter

Run .NET Framework-reliant components not signed
with Authenticode

Userdata persistence

Allow script-initiated windows without size or position
constraints

Web sites in less privileged Web content zones can
navigate into this zone

Allow websites to open windows without status bar or
Address bar

Allow video and animation on a webpage that uses an
older media player

Allow scriptlets

Turn off first-run prompt

Include local path when user is uploading files to a
server

Turn on SmartScreen Filter scan

Allow websites to prompt for information by using
scripted windows

Allow updates to status bar via script

Turn on Protected Mode

Show security warning for potentially unsafe files

Allow loading of XAML Browser Applications

Allow scripting of Internet Explorer WebBrowser controls

Turn off .NET Framework Setup

Allow loading of XAML files

Allow loading of XPS files

Allow previewing and custom thumbnails of OpenSearch
query results in Windows Explorer

Allow OpenSearch queries in Windows Explorer

Trusted Sites Zone  

Access data sources across domains

Allow active scripting

Allow META REFRESH

Allow cut, copy or paste operations from the clipboard
via script

Allow binary and script behaviors

Use Pop-up Blocker

Display mixed content

Download signed ActiveX controls

Download unsigned ActiveX controls

Enable dragging of content from different domains
across windows

Enable dragging of content from different domains
within a window

Allow drag and drop or copy and paste files

Allow file downloads

Allow font downloads

Allow installation of desktop items

Java permissions

Launching applications and files in an IFRAME

Logon options

Enable MIME Sniffing

Navigate windows and frames across different domains

Allow active content over restricted protocols to access
my computer

Do not prompt for client certificate selection when no
certificates or only one certificate exists.

Automatic prompting for ActiveX controls

Automatic prompting for file downloads

Allow only approved domains to use ActiveX controls
without prompt

Render legacy filters

Run ActiveX controls and plugins

Script ActiveX controls marked safe for scripting

Initialize and script ActiveX controls not marked as safe

Scripting of Java applets

Run .NET Framework-reliant components signed with
Authenticode

Software channel permissions

Submit non-encrypted form data

Turn on Cross-Site Scripting Filter

Run .NET Framework-reliant components not signed with
Authenticode

Userdata persistence

Allow script-initiated windows without size or position
constraints

Web sites in less privileged Web content zones can navigate
into this zone

Allow websites to open windows without status bar or
Address bar

Allow video and animation on a webpage that uses an older
media player

Allow scriptlets

Turn off first-run prompt

Include local path when user is uploading files to a server

Turn on SmartScreen Filter scan

Allow websites to prompt for information by using scripted
windows

Allow updates to status bar via script

Turn on Protected Mode

Show security warning for potentially unsafe files

Allow loading of XAML Browser Applications

Allow scripting of Internet Explorer WebBrowser controls

Turn off .NET Framework Setup

Allow loading of XAML files

Allow loading of XPS files

Allow previewing and custom thumbnails of OpenSearch
query results in Windows Explorer

Allow OpenSearch queries in Windows Explorer

Intranet Sites: Include all local (intranet) sites not listed in other zones

Locked-Down Internet Zone Template

Internet Zone Template

Locked-Down Intranet Zone Template

Intranet Zone Template

Locked-Down Local Machine Zone Template

Local Machine Zone Template

Locked-Down Restricted Sites Zone Template

Restricted Sites Zone Template

Locked-Down Trusted Sites Zone Template

Trusted Sites Zone Template

Turn on certificate address mismatch warning

Intranet Sites: Include all sites that bypass the proxy server

Intranet Sites: Include all network paths (UNCs)

Site to Zone Assignment List

Turn on automatic detection of intranet

Turn on Notification bar notification for intranet content

Disable the Advanced page

Disable the Connections page

Disable the Content page

Disable the General page

Disable the Privacy page

Disable the Programs page

Disable the Security page

Send internationalized domain names

Use UTF-8 for mailto links

Prevent ignoring certificate errors

Internet Settings  

Advanced settings  

Browsing  

Go to an intranet site for a one-word entry in the Address bar

Multimedia  

Allow Internet Explorer to play media files that use alternative
codecs

Searching

Prevent configuration of top-result search on Address bar

Prevent configuration of search on Address bar

AutoComplete  

Turn off URL Suggestions

Turn off Windows Search AutoComplete

Component Updates  

Help Menu > About Internet Explorer  

Prevent specifying cipher strength update information URLs

Periodic check for updates to Internet Explorer and Internet Tools

Prevent specifying the update check interval (in days)

Prevent changing the URL for checking updates to Internet
Explorer and Internet Tools

Set how links are opened in Internet Explorer

Open Internet Explorer tiles on the desktop

Privacy  

Turn off InPrivate Filtering

Turn off Tracking Protection

Turn off InPrivate Browsing

Turn off collection of InPrivate Filtering data

Prevent the computer from loading toolbars and Browser Helper Objects when
InPrivate Browsing starts

Establish InPrivate Filtering threshold

Establish Tracking Protection threshold

Security Features  

Add-on Management  

Add-on List

Deny all add-ons unless specifically allowed in the Add-on List

Turn off Adobe Flash in Internet Explorer and prevent applications from
using Internet Explorer technology to instantiate Flash objects

All Processes

Process List

AJAX  

Turn off the WebSocket Object

Turn off cross-document messaging

Turn off the XDomainRequest object

Allow native XMLHTTP support

Maximum number of connections per server (HTTP 1.0)

Change the maximum number of connections per
host (HTTP 1.1)

Set the maximum number of WebSocket connections per server

Binary Behavior Security Restriction  

Install binaries signed by MD2 and MD4 signing technologies

All Processes

Internet Explorer Processes

Process List

Admin-approved behaviors

Consistent Mime Handling  

All Processes

Internet Explorer Processes

Process List

Local Machine Zone Lockdown Security  

All Processes Not configured No

Internet Explorer Processes Not configured No

Process List Not configured No

Mime Sniffing Safety Feature  

All Processes

Internet Explorer Processes

Process List

MK Protocol Security Restriction  

All Processes

Internet Explorer Processes

Process List

Network Protocol Lockdown  

Restricted Protocols Per Security Zone  

Internet Zone Restricted Protocols

Intranet Zone Restricted Protocols

Local Machine Zone Restricted Protocols

Restricted Sites Zone Restricted Protocols

Trusted Sites Zone Restricted Protocols

All Processes

Internet Explorer Processes

Process List

Notification bar  

All Processes

Internet Explorer Processes

Process List

Object Caching Protection  

All Processes

Internet Explorer Processes

Process List

Protection From Zone Elevation  

All Processes

Internet Explorer Processes

Process List

Restrict ActiveX Install  

All Processes

Internet Explorer Processes

Process List

Restrict File Download  

All Processes

Internet Explorer Processes

Process List

Scripted Window Security Restrictions  

All Processes

Internet Explorer Processes

Process List

Turn off Data Execution Prevention

Turn off Data URI support

Do not display the reveal password button

Toolbars  

Turn off Developer Tools

Turn off toolbar upgrade tool

Hide the Command bar

Hide the status bar

Lock all toolbars

Lock location of Stop and Refresh buttons

Display tabs on a separate row

Customize command labels

Use large icons for command buttons

Add a specific list of search providers to the user's list of search providers

Turn off add-on performance notifications

Automatically activate newly installed add-ons

Turn off Crash Detection

Do not allow users to enable or disable add-ons

Turn on menu bar by default

Customize user agent string

Turn off Automatic Crash Recovery

Turn off ActiveX Opt-In prompt

Turn off Favorites bar

Prevent per-user installation of ActiveX controls

Prevent changing pop-up filter level

Turn off Reopen Last Browsing Session

Prevent bypassing SmartScreen Filter warnings

Prevent bypassing SmartScreen Filter warnings about files that are not commonly
downloaded from the Internet

Prevent "Fix settings" functionality

Prevent managing the phishing filter

Turn off Managing SmartScreen Filter for Internet Explorer 8

Prevent managing SmartScreen Filter

Turn off the Security Settings Check feature

Install new versions of Internet Explorer automatically

Turn on Suggested Sites

Turn on compatibility logging

Enforce full-screen mode

Allow Internet Explorer 8 shutdown behavior

Disable Import/Export Settings wizard

Turn off page-zooming functionality

Turn off browser geolocation

Specify default behavior for a new tab

Prevent running First Run wizard

Prevent access to Internet Explorer Help

Prevent Internet Explorer Search box from appearing

Disable Automatic Install of Internet Explorer components

Turn off Quick Tabs functionality

Prevent changing the default search provider

Disable showing the splash screen

Turn off configuration of pop-up windows in tabbed browsing

Turn off tabbed browsing

Disable Periodic Check for Internet Explorer software updates

Prevent configuration of how windows open

Specify use of ActiveX Installer Service for installation of ActiveX controls

Pop-up allow list

Disable changing Automatic Configuration settings

Disable changing connection settings

Prevent managing pop-up exception list

Turn off pop-up management

Prevent changing proxy settings

Turn off the auto-complete feature for web addresses

Prevent participation in the Customer Experience Improvement Program

Turn off suggestions for all user-installed providers

Turn off the quick pick menu

Disable changing secondary home page settings

Security Zones: Use only machine settings

Security Zones: Do not allow users to change policies

Security Zones: Do not allow users to add/delete sites

Disable software update shell notifications on program launch

Restrict search providers to a specific list

Prevent configuration of new tab creation

Set tab process growth

Turn off ability to pin sites in Internet Explorer on the desktop

Turn on ActiveX Filtering

Make proxy settings per-machine (rather than per-user)

Internet Information Services  

Prevent IIS installation

Location and Sensors  

Turn off location scripting

Turn off location

Turn off sensors

NetMeeting  

Disable remote Desktop Sharing

Network Projector  

Turn off Connect to a Network Projector

Network Projector Port Setting

Online Assistance  

Turn off Active Help

Parental Controls  

Make Parental Controls control panel visible on a Domain

Presentation Settings  

Turn off Windows presentation settings

Remote Desktop Services  

RD Licensing  

License server security group

Prevent license upgrade

Remote Desktop Connection Client  

RemoteFX USB Device Redirection  

Allow RDP redirection of other supported RemoteFX USB devices
from this computer

Allow .rdp files from valid publishers and user's default .rdp settings

Allow .rdp files from unknown publishers

Do not allow passwords to be saved

Specify SHA1 thumbprints of certificates representing trusted .rdp publishers

Prompt for credentials on the client computer

Configure server authentication for client

Turn Off UDP On Clien

Remote Desktop Session Host

Connections  

Automatic reconnection

Allow users to connect remotely using Remote Desktop Services

Deny logoff of an administrator logged in to the console session

Configure keep-alive connection interval

Limit number of connections

Set rules for remote control of Remote Desktop Services user sessions

Restrict Remote Desktop Services users to a single Remote Desktop
Services session

Select network detection on the server

Select RDP transport protocols

Device and Resource Redirection  

Allow audio and video playback redirection

Allow audio recording redirection

Limit audio playback quality

Do not allow clipboard redirection

Do not allow COM port redirection

Do not allow drive redirection

Do not allow LPT port redirection

Do not allow supported Plug and Play device redirection

Do not allow smart card device redirection

Allow time zone redirection

Licensing  

Use the specified Remote Desktop license servers

Hide notifications about RD Licensing problems that affect the RD
Session Host server

Set the Remote Desktop licensing mode

Printer Redirection  

Do not set default client printer to be default printer in a session

Do not allow client printer redirection

Use Remote Desktop Easy Print printer driver first

Specify RD Session Host server fallback printer driver behavior

Profiles  

Limit the size of the entire roaming user profile cache

Set Remote Desktop Services User Home Directory

Use mandatory profiles on the RD Session Host server

Set path for Remote Desktop Services Roaming User Profile

RD Connection Broker  

Join RD Connection Broker

Configure RD Connection Broker farm name

Use IP Address Redirection

Configure RD Connection Broker server name

Remote Session Environment  

Limit maximum color depth

Enforce Removal of Remote Desktop Wallpaper

Configure RemoteFX

Limit maximum display resolution

Limit maximum number of monitors

Remove "Disconnect" option from Shut Down dialog

Remove Windows Security item from Start menu

Optimize visual experience when using RemoteFX

Set compression algorithm for RDP data

Optimize visual experience for Remote Desktop Services sessions

Start a program on connection

Always show desktop on connection

Enable Remote Desktop Protocol 8.0

Configure image quality for RemoteFX Adaptive Graphics

Configure RemoteFX Adaptive Graphics

Security  

Server Authentication Certificate Template

Set client connection encryption level

Always prompt for password upon connection

Require secure RPC communication

Require use of specific security layer for remote (RDP) connections

Do not allow local administrators to customize permissions

Require user authentication for remote connections by using
Network Level Authentication

Session Time Limits  

Set time limit for disconnected sessions

Set time limit for active but idle Remote Desktop Services sessions

Set time limit for active Remote Desktop Services sessions

Terminate session when time limits are reached

Temporary folders

Do not delete temp folder upon exit

Do not use temporary folders per session

RSS Feeds  

Turn on Basic feed authentication over HTTP

Turn off background synchronization for feeds and Web Slices

Prevent downloading of enclosures

Prevent subscribing to or deleting a feed or a Web Slice

Prevent automatic discovery of feeds and Web Slices

Prevent access to feed list

Search  

Add primary intranet search location

Add secondary intranet search locations

Allow indexing of encrypted files

Allow use of diacritics

Prevent automatically adding shared folders to the index

Indexer data location

Default excluded paths

Default indexed paths

Disable indexer backoff

Do not allow web search

Enable indexing of online delegate mailboxes

Enable throttling for online mail indexing

Prevent indexing of certain file types

Prevent adding user-specified locations to the All Locations menu

Prevent adding UNC locations to index from Control Panel

Prevent indexing when running on battery power to conserve energy

Prevent indexing certain paths

Prevent indexing e-mail attachments

Prevent indexing files in offline files cache

Prevent indexing Microsoft Office Outlook

Prevent indexing public folders

Enable indexing uncached Exchange folders

Prevent customization of indexed locations in Control Panel

Prevent clients from querying the index remotely

Prevent unwanted iFilters and protocol handlers

Prevent displaying advanced indexing options in Control Panel

Preview pane location

Control rich previews for attachments

Set large or small icon view in desktop search results

Stop indexing in the event of limited hard drive space

Security Center  

Turn on Security Center (Domain PCs only)

Shutdown Options  

Turn off legacy remote shutdown interface

Timeout for hung logon sessions during shutdown

Smart Card  

Allow certificates with no extended key usage certificate attribute

Allow Integrated Unblock screen to be displayed at the time of logon

Allow signature keys valid for Logon

Allow time invalid certificates

Turn on certificate propagation from smart card

Configure root certificate clean up

Turn on root certificate propagation from smart card

Prevent plaintext PINs from being returned by Credential Manager

Allow ECC certificates to be used for logon and authentication

Filter duplicate logon certificates

Force the reading of all certificates from the smart card

Display string when smart card is blocked

Reverse the subject name stored in a certificate when displaying

Turn on Smart Card Plug and Play service

Notify user of successful smart card driver installation

Allow user name hint

Sound Recorder  

Do not allow Sound Recorder to run

Tablet PC  

Accessories  

Do not allow Inkball to run

Do not allow Windows Journal to be run

Do not allow printing to Journal Note Writer

Do not allow Snipping Tool to run

Cursors  

Turn off pen feedback

Handwriting personalization  

Turn off automatic learning

Hardware Buttons  

Prevent Back-ESC mapping

Prevent launch an application

Prevent press and hold

Turn off hardware buttons

Input Panel  

Turn off AutoComplete integration with Input Panel

Prevent Input Panel tab from appearing

For tablet pen input, don’t show the Input Panel icon

For touch input, don’t show the Input Panel icon

Switch to the Simplified Chinese (PRC) gestures

Turn off password security in Input Panel

Disable text prediction

Include rarely used Chinese, Kanji, or Hanja characters

Turn off tolerant and Z-shaped scratch-out gestures

Pen Flicks Learning  

Prevent Flicks Learning Mode

Pen UX Behaviors  

Prevent flicks

Tablet PC Pen Training  

Turn off Tablet PC Pen Training

Touch Input

Turn off Touch Panning

Turn off Tablet PC touch input

Task Scheduler  

Prohibit Browse

Hide Advanced Properties Checkbox in Add Scheduled Task Wizard

Prohibit Drag-and-Drop

Prevent Task Run or End

Hide Property Pages

Prohibit New Task Creation

Prohibit Task Deletion

Windows Anytime Upgrade  

Prevent Windows Anytime Upgrade from running.

Windows Calendar  

Turn off Windows Calendar

Windows Color System  

Prohibit installing or uninstalling color profiles

Windows Customer Experience Improvement Program  

Allow Corporate redirection of Customer Experience Improvement uploads

Tag Windows Customer Experience Improvement data with Study Identifier

Windows Defender  

Turn on definition updates through both WSUS and Windows Update

Turn on definition updates through both WSUS and the Microsoft Malware
Protection Center

Check for New Signatures Before Scheduled Scans

Turn off Windows Defender

Turn off Real-Time Monitoring

Turn off Routinely Taking Action

Configure Microsoft SpyNet Reporting

Windows Error Reporting  

Advanced Error Reporting Settings  

Report unplanned shutdown events

Default application reporting settings

List of applications to never report errors for

List of applications to always report errors for

Report operating system errors

Configure Report Archive

Configure Corporate Windows Error Reporting

List of applications to be excluded

Configure Report Queue

Consent  

Customize consent settings

Ignore custom consent settings

Configure Default consent

Configure Error Reporting

Display Error Notification

Disable Windows Error Reporting

Prevent display of the user interface for critical errors

Disable Logging

Do not send additional data

Windows Explorer  

Previous Versions  

Prevent restoring previous versions from backups

Hide previous versions list for local files

Prevent restoring local previous versions

Hide previous versions list for remote files

Prevent restoring remote previous versions

Hide previous versions of files on backup location

Verify old and new Folder Redirection targets point to the same share before
redirecting

Disable binding directly to IPropertySetStorage without intermediate layers.

Turn off numerical sorting in Windows Explorer

Turn off shell protocol protected mode

Set a support web page link

Turn off Data Execution Prevention for Explorer

Turn off heap termination on corruption

Windows Installer  

Enable user to browse for source while elevated

Enable user to use media source while elevated

Enable user to patch elevated products

Always install with elevated privileges

Prohibit Use of Restart Manager

Remove browse dialog box for new source

Prohibit Flyweight Patching

Disable logging via package settings

Disable Windows Installer

Prohibit patching

Prohibit rollback

Allow admin to install from Remote Desktop Services session

Enable user control over installs

Logging

Prohibit non-administrators from applying vendor signed updates

Prohibit removal of updates

Turn off creation of System Restore Checkpoints

Prohibit User Installs

Enforce upgrade component rules

Baseline file cache maximum size

Disable IE security prompt for Windows Installer scripts

Cache transforms in secure location on workstation

Windows Logon Options  

Display information about previous logons during user logon

Report when logon server was not available during user logon

Disable or enable software Secure Attention Sequence

Windows Mail  

Turn off the communities features

Turn off Windows Mail application

Windows Media Center  

Do not allow Windows Media Center to run

Windows Media Digital Rights Management  

Prevent Windows Media DRM Internet Access

Windows Media Player  

Prevent Automatic Updates

Do Not Show First Use Dialog Boxes

Prevent Video Smoothing

Prevent Media Sharing

Prevent Quick Launch Toolbar Shortcut Creation

Prevent Desktop Shortcut Creation

Windows Messenger  

Do not automatically start Windows Messenger initially

Do not allow Windows Messenger to be run

Windows Mobility Center  

Turn off Windows Mobility Center

Windows Reliability Analysis  

Configure Reliability WMI Providers

Windows Remote Management (WinRM)  

WinRM Client  

Allow Basic authentication

Allow CredSSP authentication

Allow unencrypted traffic

Disallow Digest authentication

Disallow Kerberos authentication

Disallow Negotiate authentication

Trusted Hosts

WinRM Service

Allow automatic configuration of listeners

Allow Basic authentication

Allow CredSSP authentication

Allow unencrypted traffic

Specify channel binding token hardening level

Disallow Kerberos authentication

Disallow Negotiate authentication

Turn On Compatibility HTTP Listener

Turn On Compatibility HTTPS Listener

Windows Remote Shell  

Allow Remote Shell Access

Specify idle Timeout

MaxConcurrentUsers

Specify maximum amount of memory in MB per Shell

Specify maximum number of processes per Shell

Specify maximum number of remote shells per user

Specify Shell Timeout

Windows SideShow  

Delete data from devices running Microsoft firmware when a user logs off from the
computer.

Turn off automatic wake

Turn off Windows SideShow

Require a PIN to access data on devices running Microsoft firmware

Windows System Resource Manager  

Turn on Accounting for WSRM

Set the Email IDs to which notifications are to be sent

Set the Time interval in minutes for logging accounting data

Set the SMTP Server used to send notifications

Windows Update

Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog
box

Do not adjust default option to 'Install Updates and Shut Down' in Shut Down
Windows dialog box

Enabling Windows Update Power Management to automatically wake up the system to
install scheduled updates

Configure Automatic Updates

Specify intranet Microsoft update service location

Automatic Updates detection frequency

Allow non-administrators to receive update notifications

Turn on Software Notifications

Allow Automatic Updates immediate installation

Turn on recommended updates via Automatic Updates

No auto-restart with logged on users for scheduled automatic updates installations

Re-prompt for restart with scheduled installations

Delay Restart for scheduled installations

Reschedule Automatic Updates scheduled installations

Enable client-side targeting

Allow signed updates from an intranet Microsoft update service location