--- title: Policy DDF file description: Policy DDF file ms.assetid: D90791B5-A772-4AF8-B058-5D566865AF8D ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower ms.date: 12/05/2017 --- # Policy DDF file This topic shows the OMA DM device description framework (DDF) for the **Policy** configuration service provider. DDF files are used only with OMA DM provisioning XML. You can download the DDF files from the links below: - [Download the Policy DDF file for Windows 10, version 1709](http://download.microsoft.com/download/8/C/4/8C43C116-62CB-470B-9B69-76A3E2BC32A8/PolicyDDF_all.xml) - [Download the Policy DDF file for Windows 10, version 1703](http://download.microsoft.com/download/7/2/C/72C36C37-20F9-41BF-8E23-721F6FFC253E/PolicyDDF_all.xml) - [Download the Policy DDF file for Windows 10, version 1607](http://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607.xml) - [Download the Policy DDF file for Windows 10, version 1607 release 8C](http://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607_8C.xml) - [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download) The XML below is the DDF for Windows 10, version 1709. ``` syntax ]> 1.2 Policy ./User/Vendor/MSFT com.microsoft/6.0/MDM/Policy Config ApplicationManagement RequirePrivateStoreOnly text/plain AttachmentManager DoNotPreserveZoneInformation text/plain HideZoneInfoMechanism text/plain NotifyAntivirusPrograms text/plain Authentication AllowEAPCertSSO text/plain Autoplay DisallowAutoplayForNonVolumeDevices text/plain SetDefaultAutoRunBehavior text/plain TurnOffAutoPlay text/plain Browser AllowAddressBarDropdown This policy setting lets you decide whether the Address bar drop-down functionality is available in Microsoft Edge. We recommend disabling this setting if you want to minimize network connections from Microsoft Edge to Microsoft services. text/plain AllowAutofill This setting lets you decide whether employees can use Autofill to automatically fill in form fields while using Microsoft Edge. text/plain AllowBrowser text/plain AllowCookies This setting lets you configure how your company deals with cookies. text/plain AllowDeveloperTools This setting lets you decide whether employees can use F12 Developer Tools on Microsoft Edge. text/plain AllowDoNotTrack This setting lets you decide whether employees can send Do Not Track headers to websites that request tracking info. text/plain AllowExtensions This setting lets you decide whether employees can load extensions in Microsoft Edge. text/plain AllowFlash This setting lets you decide whether employees can run Adobe Flash in Microsoft Edge. text/plain AllowFlashClickToRun Configure the Adobe Flash Click-to-Run setting. text/plain AllowInPrivate This setting lets you decide whether employees can browse using InPrivate website browsing. text/plain AllowMicrosoftCompatibilityList This policy setting lets you decide whether the Microsoft Compatibility List is enabled or disabled in Microsoft Edge. This feature uses a Microsoft-provided list to ensure that any sites with known compatibility issues are displayed correctly when a user navigates to them. By default, the Microsoft Compatibility List is enabled and can be viewed by navigating to about:compat. If you enable or don’t configure this setting, Microsoft Edge will periodically download the latest version of the list from Microsoft and will apply the configurations specified there during browser navigation. If a user visits a site on the Microsoft Compatibility List, he or she will be prompted to open the site in Internet Explorer 11. Once in Internet Explorer, the site will automatically be rendered as if the user is viewing it in the previous version of Internet Explorer it requires to display correctly. If you disable this setting, the Microsoft Compatibility List will not be used during browser navigation. text/plain AllowPasswordManager This setting lets you decide whether employees can save their passwords locally, using Password Manager. text/plain AllowPopups This setting lets you decide whether to turn on Pop-up Blocker and whether to allow pop-ups to appear in secondary windows. text/plain AllowSearchEngineCustomization Allow search engine customization for MDM enrolled devices. Users can change their default search engine. If this setting is turned on or not configured, users can add new search engines and change the default used in the address bar from within Microsoft Edge Settings. If this setting is disabled, users will be unable to add search engines or change the default used in the address bar. This policy will only apply on domain joined machines or when the device is MDM enrolled. For more information, see Microsoft browser extension policy (aka.ms/browserpolicy). text/plain AllowSearchSuggestionsinAddressBar This setting lets you decide whether search suggestions should appear in the Address bar of Microsoft Edge. text/plain AllowSmartScreen This setting lets you decide whether to turn on Windows Defender SmartScreen. text/plain AlwaysEnableBooksLibrary Specifies whether the Books Library in Microsoft Edge will always be visible regardless of the country or region setting for the device. text/plain ClearBrowsingDataOnExit Specifies whether to always clear browsing history on exiting Microsoft Edge. text/plain ConfigureAdditionalSearchEngines Allows you to add up to 5 additional search engines for MDM-enrolled devices. If this setting is turned on, you can add up to 5 additional search engines for your employee. For each additional search engine you wish to add, you must specify a link to the OpenSearch XML file that contains, at minimum, the short name and the URL to the search engine. This policy does not affect the default search engine. Employees will not be able to remove these search engines, but they can set any one of these as the default. If this setting is not configured, the search engines are the ones specified in the App settings. If this setting is disabled, the search engines you had added will be deleted from your employee's machine. Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled. text/plain DisableLockdownOfStartPages Boolean policy that specifies whether the lockdown on the Start pages is disabled. This policy works with the Browser/HomePages policy, which locks down the Start pages that the users cannot modify. You can use the DisableLockdownOfStartPages policy to allow users to modify the Start pages when Browser/HomePages policy is in effect. Note: This policy has no effect when Browser/HomePages is not configured. Important This setting can only be used with domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy). text/plain EnterpriseModeSiteList This setting lets you configure whether your company uses Enterprise Mode and the Enterprise Mode Site List to address common compatibility problems with legacy websites. text/plain EnterpriseSiteListServiceUrl text/plain FirstRunURL Configure first run URL. text/plain HomePages Configure the Start page URLs for your employees. Example: If you wanted to allow contoso.com and fabrikam.com then you would append /support to the site strings like contoso.com/support and fabrikam.com/support. Encapsulate each string with greater than and less than characters like any other XML tag. Version 1703 or later:  If you don't want to send traffic to Microsoft, you can use the about:blank value (encapsulate with greater than and less than characters like any other XML tag), which is honored for both domain- and non-domain-joined machines, when it's the only configured URL. text/plain LockdownFavorites This policy setting lets you decide whether employees can add, import, sort, or edit the Favorites list on Microsoft Edge. If you enable this setting, employees won't be able to add, import, or change anything in the Favorites list. Also as part of this, Save a Favorite, Import settings, and the context menu items (such as, Create a new folder) are all turned off. Important Don't enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge. If you disable or don't configure this setting (default), employees can add, import and make changes to the Favorites list. text/plain PreventAccessToAboutFlagsInMicrosoftEdge Prevent access to the about:flags page in Microsoft Edge. text/plain PreventFirstRunPage Specifies whether the First Run webpage is prevented from automatically opening on the first launch of Microsoft Edge. This policy is only available for Windows 10 version 1703 or later for desktop. Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled. text/plain PreventLiveTileDataCollection This policy lets you decide whether Microsoft Edge can gather Live Tile metadata from the ieonline.microsoft.com service to provide a better experience while pinning a Live Tile to the Start menu. Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled. text/plain PreventSmartScreenPromptOverride Don't allow Windows Defender SmartScreen warning overrides text/plain PreventSmartScreenPromptOverrideForFiles Don't allow Windows Defender SmartScreen warning overrides for unverified files. text/plain PreventUsingLocalHostIPAddressForWebRTC Prevent using localhost IP address for WebRTC text/plain ProvisionFavorites This policy setting allows you to configure a default set of favorites, which will appear for employees. Employees cannot modify, sort, move, export or delete these provisioned favorites. If you enable this setting, you can set favorite URL's and favorite folders to appear on top of users' favorites list (either in the Hub or Favorites Bar). The user favorites will appear after these provisioned favorites. Important Don't enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge. If you disable or don't configure this setting, employees will see the favorites they set in the Hub and Favorites Bar. text/plain SendIntranetTraffictoInternetExplorer Sends all intranet traffic over to Internet Explorer. text/plain SetDefaultSearchEngine Sets the default search engine for MDM-enrolled devices. Users can still change their default search engine. If this setting is turned on, you are setting the default search engine that you would like your employees to use. Employees can still change the default search engine, unless you apply the AllowSearchEngineCustomization policy which will disable the ability to change it. You must specify a link to the OpenSearch XML file that contains, at minimum, the short name and the URL to the search engine. If you would like for your employees to use the Edge factory settings for the default search engine for their market, set the string EDGEDEFAULT; if you would like for your employees to use Bing as the default search engine, set the string EDGEBING. If this setting is not configured, the default search engine is set to the one specified in App settings and can be changed by your employees. If this setting is disabled, the policy-set search engine will be removed, and, if it is the current default, the default will be set back to the factory Microsoft Edge search engine for the market. Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled. text/plain ShowMessageWhenOpeningSitesInInternetExplorer Show message when opening sites in Internet Explorer text/plain SyncFavoritesBetweenIEAndMicrosoftEdge Specifies whether favorites are kept in sync between Internet Explorer and Microsoft Edge. Changes to favorites in one browser are reflected in the other, including: additions, deletions, modifications, and ordering. text/plain CredentialsUI DisablePasswordReveal text/plain Desktop PreventUserRedirectionOfProfileFolders text/plain Education DefaultPrinterName This policy sets user's default printer text/plain PreventAddingNewPrinters Boolean that specifies whether or not to prevent user to install new printers text/plain PrinterNames This policy provisions per-user network printers text/plain EnterpriseCloudPrint CloudPrinterDiscoveryEndPoint This policy provisions per-user discovery end point to discover cloud printers text/plain CloudPrintOAuthAuthority Authentication endpoint for acquiring OAuth tokens text/plain CloudPrintOAuthClientId A GUID identifying the client application authorized to retrieve OAuth tokens from the OAuthAuthority text/plain CloudPrintResourceId Resource URI for which access is being requested by the Enterprise Cloud Print client during OAuth authentication text/plain DiscoveryMaxPrinterLimit Defines the maximum number of printers that should be queried from discovery end point text/plain MopriaDiscoveryResourceId Resource URI for which access is being requested by the Mopria discovery client during OAuth authentication text/plain Experience AllowTailoredExperiencesWithDiagnosticData text/plain AllowThirdPartySuggestionsInWindowsSpotlight text/plain AllowWindowsConsumerFeatures text/plain AllowWindowsSpotlight text/plain AllowWindowsSpotlightOnActionCenter text/plain AllowWindowsSpotlightWindowsWelcomeExperience text/plain ConfigureWindowsSpotlightOnLockScreen text/plain InternetExplorer AddSearchProvider text/plain AllowActiveXFiltering text/plain AllowAddOnList text/plain AllowAutoComplete text/plain AllowCertificateAddressMismatchWarning text/plain AllowDeletingBrowsingHistoryOnExit text/plain AllowEnhancedProtectedMode text/plain AllowEnterpriseModeFromToolsMenu text/plain AllowEnterpriseModeSiteList text/plain AllowInternetExplorer7PolicyList text/plain AllowInternetExplorerStandardsMode text/plain AllowInternetZoneTemplate text/plain AllowIntranetZoneTemplate text/plain AllowLocalMachineZoneTemplate text/plain AllowLockedDownInternetZoneTemplate text/plain AllowLockedDownIntranetZoneTemplate text/plain AllowLockedDownLocalMachineZoneTemplate text/plain AllowLockedDownRestrictedSitesZoneTemplate text/plain AllowOneWordEntry text/plain AllowSiteToZoneAssignmentList text/plain AllowsLockedDownTrustedSitesZoneTemplate text/plain AllowSoftwareWhenSignatureIsInvalid text/plain AllowsRestrictedSitesZoneTemplate text/plain AllowSuggestedSites text/plain AllowTrustedSitesZoneTemplate text/plain CheckServerCertificateRevocation text/plain CheckSignaturesOnDownloadedPrograms text/plain ConsistentMimeHandlingInternetExplorerProcesses text/plain DisableAdobeFlash text/plain DisableBypassOfSmartScreenWarnings text/plain DisableBypassOfSmartScreenWarningsAboutUncommonFiles text/plain DisableConfiguringHistory text/plain DisableCrashDetection text/plain DisableCustomerExperienceImprovementProgramParticipation text/plain DisableDeletingUserVisitedWebsites text/plain DisableEnclosureDownloading text/plain DisableEncryptionSupport text/plain DisableFirstRunWizard text/plain DisableFlipAheadFeature text/plain DisableHomePageChange text/plain DisableIgnoringCertificateErrors text/plain DisableInPrivateBrowsing text/plain DisableProcessesInEnhancedProtectedMode text/plain DisableProxyChange text/plain DisableSearchProviderChange text/plain DisableSecondaryHomePageChange text/plain DisableSecuritySettingsCheck text/plain DoNotAllowActiveXControlsInProtectedMode text/plain DoNotBlockOutdatedActiveXControls text/plain DoNotBlockOutdatedActiveXControlsOnSpecificDomains text/plain IncludeAllLocalSites text/plain IncludeAllNetworkPaths text/plain InternetZoneAllowAccessToDataSources text/plain InternetZoneAllowAutomaticPromptingForActiveXControls text/plain InternetZoneAllowAutomaticPromptingForFileDownloads text/plain InternetZoneAllowCopyPasteViaScript text/plain InternetZoneAllowDragAndDropCopyAndPasteFiles text/plain InternetZoneAllowFontDownloads text/plain InternetZoneAllowLessPrivilegedSites text/plain InternetZoneAllowLoadingOfXAMLFiles text/plain InternetZoneAllowNETFrameworkReliantComponents text/plain InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls text/plain InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl text/plain InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls text/plain InternetZoneAllowScriptInitiatedWindows text/plain InternetZoneAllowScriptlets text/plain InternetZoneAllowSmartScreenIE text/plain InternetZoneAllowUpdatesToStatusBarViaScript text/plain InternetZoneAllowUserDataPersistence text/plain InternetZoneDoNotRunAntimalwareAgainstActiveXControls text/plain InternetZoneDownloadSignedActiveXControls text/plain InternetZoneDownloadUnsignedActiveXControls text/plain InternetZoneEnableCrossSiteScriptingFilter text/plain InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows text/plain InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows text/plain InternetZoneEnableMIMESniffing text/plain InternetZoneEnableProtectedMode text/plain InternetZoneIncludeLocalPathWhenUploadingFilesToServer text/plain InternetZoneInitializeAndScriptActiveXControls text/plain InternetZoneJavaPermissions text/plain InternetZoneLaunchingApplicationsAndFilesInIFRAME text/plain InternetZoneLogonOptions text/plain InternetZoneNavigateWindowsAndFrames text/plain InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode text/plain InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles text/plain InternetZoneUsePopupBlocker text/plain IntranetZoneAllowAccessToDataSources text/plain IntranetZoneAllowAutomaticPromptingForActiveXControls text/plain IntranetZoneAllowAutomaticPromptingForFileDownloads text/plain IntranetZoneAllowFontDownloads text/plain IntranetZoneAllowLessPrivilegedSites text/plain IntranetZoneAllowNETFrameworkReliantComponents text/plain IntranetZoneAllowScriptlets text/plain IntranetZoneAllowSmartScreenIE text/plain IntranetZoneAllowUserDataPersistence text/plain IntranetZoneDoNotRunAntimalwareAgainstActiveXControls text/plain IntranetZoneInitializeAndScriptActiveXControls text/plain IntranetZoneJavaPermissions text/plain IntranetZoneNavigateWindowsAndFrames text/plain LocalMachineZoneAllowAccessToDataSources text/plain LocalMachineZoneAllowAutomaticPromptingForActiveXControls text/plain LocalMachineZoneAllowAutomaticPromptingForFileDownloads text/plain LocalMachineZoneAllowFontDownloads text/plain LocalMachineZoneAllowLessPrivilegedSites text/plain LocalMachineZoneAllowNETFrameworkReliantComponents text/plain LocalMachineZoneAllowScriptlets text/plain LocalMachineZoneAllowSmartScreenIE text/plain LocalMachineZoneAllowUserDataPersistence text/plain LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls text/plain LocalMachineZoneInitializeAndScriptActiveXControls text/plain LocalMachineZoneJavaPermissions text/plain LocalMachineZoneNavigateWindowsAndFrames text/plain LockedDownInternetZoneAllowAccessToDataSources text/plain LockedDownInternetZoneAllowAutomaticPromptingForActiveXControls text/plain LockedDownInternetZoneAllowAutomaticPromptingForFileDownloads text/plain LockedDownInternetZoneAllowFontDownloads text/plain LockedDownInternetZoneAllowLessPrivilegedSites text/plain LockedDownInternetZoneAllowNETFrameworkReliantComponents text/plain LockedDownInternetZoneAllowScriptlets text/plain LockedDownInternetZoneAllowSmartScreenIE text/plain LockedDownInternetZoneAllowUserDataPersistence text/plain LockedDownInternetZoneInitializeAndScriptActiveXControls text/plain LockedDownInternetZoneJavaPermissions text/plain LockedDownInternetZoneNavigateWindowsAndFrames text/plain LockedDownIntranetZoneAllowAccessToDataSources text/plain LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls text/plain LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloads text/plain LockedDownIntranetZoneAllowFontDownloads text/plain LockedDownIntranetZoneAllowLessPrivilegedSites text/plain LockedDownIntranetZoneAllowNETFrameworkReliantComponents text/plain LockedDownIntranetZoneAllowScriptlets text/plain LockedDownIntranetZoneAllowSmartScreenIE text/plain LockedDownIntranetZoneAllowUserDataPersistence text/plain LockedDownIntranetZoneInitializeAndScriptActiveXControls text/plain LockedDownIntranetZoneNavigateWindowsAndFrames text/plain LockedDownLocalMachineZoneAllowAccessToDataSources text/plain LockedDownLocalMachineZoneAllowAutomaticPromptingForActiveXControls text/plain LockedDownLocalMachineZoneAllowAutomaticPromptingForFileDownloads text/plain LockedDownLocalMachineZoneAllowFontDownloads text/plain LockedDownLocalMachineZoneAllowLessPrivilegedSites text/plain LockedDownLocalMachineZoneAllowNETFrameworkReliantComponents text/plain LockedDownLocalMachineZoneAllowScriptlets text/plain LockedDownLocalMachineZoneAllowSmartScreenIE text/plain LockedDownLocalMachineZoneAllowUserDataPersistence text/plain LockedDownLocalMachineZoneInitializeAndScriptActiveXControls text/plain LockedDownLocalMachineZoneJavaPermissions text/plain LockedDownLocalMachineZoneNavigateWindowsAndFrames text/plain LockedDownRestrictedSitesZoneAllowAccessToDataSources text/plain LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControls text/plain LockedDownRestrictedSitesZoneAllowAutomaticPromptingForFileDownloads text/plain LockedDownRestrictedSitesZoneAllowFontDownloads text/plain LockedDownRestrictedSitesZoneAllowLessPrivilegedSites text/plain LockedDownRestrictedSitesZoneAllowNETFrameworkReliantComponents text/plain LockedDownRestrictedSitesZoneAllowScriptlets text/plain LockedDownRestrictedSitesZoneAllowSmartScreenIE text/plain LockedDownRestrictedSitesZoneAllowUserDataPersistence text/plain LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls text/plain LockedDownRestrictedSitesZoneJavaPermissions text/plain LockedDownRestrictedSitesZoneNavigateWindowsAndFrames text/plain LockedDownTrustedSitesZoneAllowAccessToDataSources text/plain LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControls text/plain LockedDownTrustedSitesZoneAllowAutomaticPromptingForFileDownloads text/plain LockedDownTrustedSitesZoneAllowFontDownloads text/plain LockedDownTrustedSitesZoneAllowLessPrivilegedSites text/plain LockedDownTrustedSitesZoneAllowNETFrameworkReliantComponents text/plain LockedDownTrustedSitesZoneAllowScriptlets text/plain LockedDownTrustedSitesZoneAllowSmartScreenIE text/plain LockedDownTrustedSitesZoneAllowUserDataPersistence text/plain LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls text/plain LockedDownTrustedSitesZoneJavaPermissions text/plain LockedDownTrustedSitesZoneNavigateWindowsAndFrames text/plain MimeSniffingSafetyFeatureInternetExplorerProcesses text/plain MKProtocolSecurityRestrictionInternetExplorerProcesses text/plain NotificationBarInternetExplorerProcesses text/plain PreventManagingSmartScreenFilter text/plain PreventPerUserInstallationOfActiveXControls text/plain ProtectionFromZoneElevationInternetExplorerProcesses text/plain RemoveRunThisTimeButtonForOutdatedActiveXControls text/plain RestrictActiveXInstallInternetExplorerProcesses text/plain RestrictedSitesZoneAllowAccessToDataSources text/plain RestrictedSitesZoneAllowActiveScripting text/plain RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls text/plain RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads text/plain RestrictedSitesZoneAllowBinaryAndScriptBehaviors text/plain RestrictedSitesZoneAllowCopyPasteViaScript text/plain RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles text/plain RestrictedSitesZoneAllowFileDownloads text/plain RestrictedSitesZoneAllowFontDownloads text/plain RestrictedSitesZoneAllowLessPrivilegedSites text/plain RestrictedSitesZoneAllowLoadingOfXAMLFiles text/plain RestrictedSitesZoneAllowMETAREFRESH text/plain RestrictedSitesZoneAllowNETFrameworkReliantComponents text/plain RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls text/plain RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl text/plain RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls text/plain RestrictedSitesZoneAllowScriptInitiatedWindows text/plain RestrictedSitesZoneAllowScriptlets text/plain RestrictedSitesZoneAllowSmartScreenIE text/plain RestrictedSitesZoneAllowUpdatesToStatusBarViaScript text/plain RestrictedSitesZoneAllowUserDataPersistence text/plain RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls text/plain RestrictedSitesZoneDownloadSignedActiveXControls text/plain RestrictedSitesZoneDownloadUnsignedActiveXControls text/plain RestrictedSitesZoneEnableCrossSiteScriptingFilter text/plain RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows text/plain RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows text/plain RestrictedSitesZoneEnableMIMESniffing text/plain RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer text/plain RestrictedSitesZoneInitializeAndScriptActiveXControls text/plain RestrictedSitesZoneJavaPermissions text/plain RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME text/plain RestrictedSitesZoneLogonOptions text/plain RestrictedSitesZoneNavigateWindowsAndFrames text/plain RestrictedSitesZoneRunActiveXControlsAndPlugins text/plain RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode text/plain RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting text/plain RestrictedSitesZoneScriptingOfJavaApplets text/plain RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles text/plain RestrictedSitesZoneTurnOnProtectedMode text/plain RestrictedSitesZoneUsePopupBlocker text/plain RestrictFileDownloadInternetExplorerProcesses text/plain ScriptedWindowSecurityRestrictionsInternetExplorerProcesses text/plain SearchProviderList text/plain SpecifyUseOfActiveXInstallerService text/plain TrustedSitesZoneAllowAccessToDataSources text/plain TrustedSitesZoneAllowAutomaticPromptingForActiveXControls text/plain TrustedSitesZoneAllowAutomaticPromptingForFileDownloads text/plain TrustedSitesZoneAllowFontDownloads text/plain TrustedSitesZoneAllowLessPrivilegedSites text/plain TrustedSitesZoneAllowNETFrameworkReliantComponents text/plain TrustedSitesZoneAllowScriptlets text/plain TrustedSitesZoneAllowSmartScreenIE text/plain TrustedSitesZoneAllowUserDataPersistence text/plain TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls text/plain TrustedSitesZoneInitializeAndScriptActiveXControls text/plain TrustedSitesZoneJavaPermissions text/plain TrustedSitesZoneNavigateWindowsAndFrames text/plain Notifications DisallowNotificationMirroring text/plain Printers PointAndPrintRestrictions_User text/plain Settings ConfigureTaskbarCalendar text/plain Start HidePeopleBar Enabling this policy removes the people icon from the taskbar as well as the corresponding settings toggle. It also prevents users from pinning people to the taskbar. text/plain StartLayout text/plain System AllowTelemetry text/plain Result ApplicationManagement RequirePrivateStoreOnly 0 text/plain HighestValueMostSecure AttachmentManager DoNotPreserveZoneInformation text/plain phone AttachmentManager.admx AttachmentManager~AT~WindowsComponents~AM_AM AM_MarkZoneOnSavedAtttachments LastWrite HideZoneInfoMechanism text/plain phone AttachmentManager.admx AttachmentManager~AT~WindowsComponents~AM_AM AM_RemoveZoneInfo LastWrite NotifyAntivirusPrograms text/plain phone AttachmentManager.admx AttachmentManager~AT~WindowsComponents~AM_AM AM_CallIOfficeAntiVirus LastWrite Authentication AllowEAPCertSSO 0 text/plain LowestValueMostSecure Autoplay DisallowAutoplayForNonVolumeDevices text/plain phone AutoPlay.admx AutoPlay~AT~WindowsComponents~AutoPlay NoAutoplayfornonVolume LastWrite SetDefaultAutoRunBehavior text/plain phone AutoPlay.admx AutoPlay~AT~WindowsComponents~AutoPlay NoAutorun LastWrite TurnOffAutoPlay text/plain phone AutoPlay.admx AutoPlay~AT~WindowsComponents~AutoPlay Autorun LastWrite Browser AllowAddressBarDropdown This policy setting lets you decide whether the Address bar drop-down functionality is available in Microsoft Edge. We recommend disabling this setting if you want to minimize network connections from Microsoft Edge to Microsoft services. 1 text/plain phone LowestValueMostSecure AllowAutofill This setting lets you decide whether employees can use Autofill to automatically fill in form fields while using Microsoft Edge. 0 text/plain LowestValueMostSecure AllowBrowser 1 text/plain desktop LowestValueMostSecure AllowCookies This setting lets you configure how your company deals with cookies. 2 text/plain LowestValueMostSecure AllowDeveloperTools This setting lets you decide whether employees can use F12 Developer Tools on Microsoft Edge. 1 text/plain phone LowestValueMostSecure AllowDoNotTrack This setting lets you decide whether employees can send Do Not Track headers to websites that request tracking info. 0 text/plain LowestValueMostSecure AllowExtensions This setting lets you decide whether employees can load extensions in Microsoft Edge. 1 text/plain phone LowestValueMostSecure AllowFlash This setting lets you decide whether employees can run Adobe Flash in Microsoft Edge. 1 text/plain phone HighestValueMostSecure AllowFlashClickToRun Configure the Adobe Flash Click-to-Run setting. 1 text/plain phone HighestValueMostSecure AllowInPrivate This setting lets you decide whether employees can browse using InPrivate website browsing. 1 text/plain LowestValueMostSecure AllowMicrosoftCompatibilityList This policy setting lets you decide whether the Microsoft Compatibility List is enabled or disabled in Microsoft Edge. This feature uses a Microsoft-provided list to ensure that any sites with known compatibility issues are displayed correctly when a user navigates to them. By default, the Microsoft Compatibility List is enabled and can be viewed by navigating to about:compat. If you enable or don’t configure this setting, Microsoft Edge will periodically download the latest version of the list from Microsoft and will apply the configurations specified there during browser navigation. If a user visits a site on the Microsoft Compatibility List, he or she will be prompted to open the site in Internet Explorer 11. Once in Internet Explorer, the site will automatically be rendered as if the user is viewing it in the previous version of Internet Explorer it requires to display correctly. If you disable this setting, the Microsoft Compatibility List will not be used during browser navigation. 1 text/plain LowestValueMostSecure AllowPasswordManager This setting lets you decide whether employees can save their passwords locally, using Password Manager. 1 text/plain LowestValueMostSecure AllowPopups This setting lets you decide whether to turn on Pop-up Blocker and whether to allow pop-ups to appear in secondary windows. 0 text/plain phone LowestValueMostSecure AllowSearchEngineCustomization Allow search engine customization for MDM enrolled devices. Users can change their default search engine. If this setting is turned on or not configured, users can add new search engines and change the default used in the address bar from within Microsoft Edge Settings. If this setting is disabled, users will be unable to add search engines or change the default used in the address bar. This policy will only apply on domain joined machines or when the device is MDM enrolled. For more information, see Microsoft browser extension policy (aka.ms/browserpolicy). 1 text/plain LowestValueMostSecure AllowSearchSuggestionsinAddressBar This setting lets you decide whether search suggestions should appear in the Address bar of Microsoft Edge. 1 text/plain LowestValueMostSecure AllowSmartScreen This setting lets you decide whether to turn on Windows Defender SmartScreen. 1 text/plain LowestValueMostSecure AlwaysEnableBooksLibrary Specifies whether the Books Library in Microsoft Edge will always be visible regardless of the country or region setting for the device. 0 text/plain LowestValueMostSecure ClearBrowsingDataOnExit Specifies whether to always clear browsing history on exiting Microsoft Edge. 0 text/plain phone LowestValueMostSecure ConfigureAdditionalSearchEngines Allows you to add up to 5 additional search engines for MDM-enrolled devices. If this setting is turned on, you can add up to 5 additional search engines for your employee. For each additional search engine you wish to add, you must specify a link to the OpenSearch XML file that contains, at minimum, the short name and the URL to the search engine. This policy does not affect the default search engine. Employees will not be able to remove these search engines, but they can set any one of these as the default. If this setting is not configured, the search engines are the ones specified in the App settings. If this setting is disabled, the search engines you had added will be deleted from your employee's machine. Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled. text/plain LastWrite DisableLockdownOfStartPages Boolean policy that specifies whether the lockdown on the Start pages is disabled. This policy works with the Browser/HomePages policy, which locks down the Start pages that the users cannot modify. You can use the DisableLockdownOfStartPages policy to allow users to modify the Start pages when Browser/HomePages policy is in effect. Note: This policy has no effect when Browser/HomePages is not configured. Important This setting can only be used with domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy). 0 text/plain phone LowestValueMostSecure EnterpriseModeSiteList This setting lets you configure whether your company uses Enterprise Mode and the Enterprise Mode Site List to address common compatibility problems with legacy websites. text/plain phone LastWrite EnterpriseSiteListServiceUrl text/plain phone LastWrite FirstRunURL Configure first run URL. text/plain desktop LastWrite HomePages Configure the Start page URLs for your employees. Example: If you wanted to allow contoso.com and fabrikam.com then you would append /support to the site strings like contoso.com/support and fabrikam.com/support. Encapsulate each string with greater than and less than characters like any other XML tag. Version 1703 or later:  If you don't want to send traffic to Microsoft, you can use the about:blank value (encapsulate with greater than and less than characters like any other XML tag), which is honored for both domain- and non-domain-joined machines, when it's the only configured URL. text/plain phone LastWrite LockdownFavorites This policy setting lets you decide whether employees can add, import, sort, or edit the Favorites list on Microsoft Edge. If you enable this setting, employees won't be able to add, import, or change anything in the Favorites list. Also as part of this, Save a Favorite, Import settings, and the context menu items (such as, Create a new folder) are all turned off. Important Don't enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge. If you disable or don't configure this setting (default), employees can add, import and make changes to the Favorites list. 0 text/plain LowestValueMostSecure PreventAccessToAboutFlagsInMicrosoftEdge Prevent access to the about:flags page in Microsoft Edge. 0 text/plain HighestValueMostSecure PreventFirstRunPage Specifies whether the First Run webpage is prevented from automatically opening on the first launch of Microsoft Edge. This policy is only available for Windows 10 version 1703 or later for desktop. Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled. 0 text/plain phone HighestValueMostSecure PreventLiveTileDataCollection This policy lets you decide whether Microsoft Edge can gather Live Tile metadata from the ieonline.microsoft.com service to provide a better experience while pinning a Live Tile to the Start menu. Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled. 0 text/plain HighestValueMostSecure PreventSmartScreenPromptOverride Don't allow Windows Defender SmartScreen warning overrides 0 text/plain HighestValueMostSecure PreventSmartScreenPromptOverrideForFiles Don't allow Windows Defender SmartScreen warning overrides for unverified files. 0 text/plain HighestValueMostSecure PreventUsingLocalHostIPAddressForWebRTC Prevent using localhost IP address for WebRTC 0 text/plain HighestValueMostSecure ProvisionFavorites This policy setting allows you to configure a default set of favorites, which will appear for employees. Employees cannot modify, sort, move, export or delete these provisioned favorites. If you enable this setting, you can set favorite URL's and favorite folders to appear on top of users' favorites list (either in the Hub or Favorites Bar). The user favorites will appear after these provisioned favorites. Important Don't enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge. If you disable or don't configure this setting, employees will see the favorites they set in the Hub and Favorites Bar. text/plain LastWrite SendIntranetTraffictoInternetExplorer Sends all intranet traffic over to Internet Explorer. 0 text/plain phone HighestValueMostSecure SetDefaultSearchEngine Sets the default search engine for MDM-enrolled devices. Users can still change their default search engine. If this setting is turned on, you are setting the default search engine that you would like your employees to use. Employees can still change the default search engine, unless you apply the AllowSearchEngineCustomization policy which will disable the ability to change it. You must specify a link to the OpenSearch XML file that contains, at minimum, the short name and the URL to the search engine. If you would like for your employees to use the Edge factory settings for the default search engine for their market, set the string EDGEDEFAULT; if you would like for your employees to use Bing as the default search engine, set the string EDGEBING. If this setting is not configured, the default search engine is set to the one specified in App settings and can be changed by your employees. If this setting is disabled, the policy-set search engine will be removed, and, if it is the current default, the default will be set back to the factory Microsoft Edge search engine for the market. Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled. text/plain LastWrite ShowMessageWhenOpeningSitesInInternetExplorer Show message when opening sites in Internet Explorer 0 text/plain phone HighestValueMostSecure SyncFavoritesBetweenIEAndMicrosoftEdge Specifies whether favorites are kept in sync between Internet Explorer and Microsoft Edge. Changes to favorites in one browser are reflected in the other, including: additions, deletions, modifications, and ordering. 0 text/plain phone LowestValueMostSecure CredentialsUI DisablePasswordReveal text/plain phone credui.admx CredUI~AT~WindowsComponents~CredUI DisablePasswordReveal LastWrite Desktop PreventUserRedirectionOfProfileFolders text/plain phone desktop.admx desktop~AT~Desktop DisablePersonalDirChange LastWrite Education DefaultPrinterName This policy sets user's default printer text/plain LastWrite PreventAddingNewPrinters Boolean that specifies whether or not to prevent user to install new printers 0 text/plain HighestValueMostSecure PrinterNames This policy provisions per-user network printers text/plain LastWrite EnterpriseCloudPrint CloudPrinterDiscoveryEndPoint This policy provisions per-user discovery end point to discover cloud printers text/plain LastWrite CloudPrintOAuthAuthority Authentication endpoint for acquiring OAuth tokens text/plain LastWrite CloudPrintOAuthClientId A GUID identifying the client application authorized to retrieve OAuth tokens from the OAuthAuthority text/plain LastWrite CloudPrintResourceId Resource URI for which access is being requested by the Enterprise Cloud Print client during OAuth authentication text/plain LastWrite DiscoveryMaxPrinterLimit Defines the maximum number of printers that should be queried from discovery end point 20 text/plain LastWrite MopriaDiscoveryResourceId Resource URI for which access is being requested by the Mopria discovery client during OAuth authentication text/plain LastWrite Experience AllowTailoredExperiencesWithDiagnosticData 1 text/plain LowestValueMostSecure AllowThirdPartySuggestionsInWindowsSpotlight 1 text/plain phone LowestValueMostSecure AllowWindowsConsumerFeatures 0 text/plain phone LowestValueMostSecure AllowWindowsSpotlight 1 text/plain phone LowestValueMostSecure AllowWindowsSpotlightOnActionCenter 1 text/plain LowestValueMostSecure AllowWindowsSpotlightWindowsWelcomeExperience 1 text/plain LowestValueMostSecure ConfigureWindowsSpotlightOnLockScreen 1 text/plain phone LowestValueMostSecure InternetExplorer AddSearchProvider text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer AddSearchProvider LastWrite AllowActiveXFiltering text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer TurnOnActiveXFiltering LastWrite AllowAddOnList text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagement AddonManagement_AddOnList LastWrite AllowAutoComplete text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer RestrictFormSuggestPW LastWrite AllowCertificateAddressMismatchWarning text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_PolicyWarnCertMismatch LastWrite AllowDeletingBrowsingHistoryOnExit text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~DeleteBrowsingHistory DBHDisableDeleteOnExit LastWrite AllowEnhancedProtectedMode text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage Advanced_EnableEnhancedProtectedMode LastWrite AllowEnterpriseModeFromToolsMenu text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer EnterpriseModeEnable LastWrite AllowEnterpriseModeSiteList text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer EnterpriseModeSiteList LastWrite AllowInternetExplorer7PolicyList text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~CategoryCompatView CompatView_UsePolicyList LastWrite AllowInternetExplorerStandardsMode text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~CategoryCompatView CompatView_IntranetSites LastWrite AllowInternetZoneTemplate text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_PolicyInternetZoneTemplate LastWrite AllowIntranetZoneTemplate text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_PolicyIntranetZoneTemplate LastWrite AllowLocalMachineZoneTemplate text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_PolicyLocalMachineZoneTemplate LastWrite AllowLockedDownInternetZoneTemplate text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_PolicyInternetZoneLockdownTemplate LastWrite AllowLockedDownIntranetZoneTemplate text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_PolicyIntranetZoneLockdownTemplate LastWrite AllowLockedDownLocalMachineZoneTemplate text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_PolicyLocalMachineZoneLockdownTemplate LastWrite AllowLockedDownRestrictedSitesZoneTemplate text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_PolicyRestrictedSitesZoneLockdownTemplate LastWrite AllowOneWordEntry text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetSettings~Advanced~Browsing UseIntranetSiteForOneWordEntry LastWrite AllowSiteToZoneAssignmentList text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_Zonemaps LastWrite AllowsLockedDownTrustedSitesZoneTemplate text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_PolicyTrustedSitesZoneLockdownTemplate LastWrite AllowSoftwareWhenSignatureIsInvalid text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage Advanced_InvalidSignatureBlock LastWrite AllowsRestrictedSitesZoneTemplate text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_PolicyRestrictedSitesZoneTemplate LastWrite AllowSuggestedSites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer EnableSuggestedSites LastWrite AllowTrustedSitesZoneTemplate text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_PolicyTrustedSitesZoneTemplate LastWrite CheckServerCertificateRevocation text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage Advanced_CertificateRevocation LastWrite CheckSignaturesOnDownloadedPrograms text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage Advanced_DownloadSignatures LastWrite ConsistentMimeHandlingInternetExplorerProcesses text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryBinaryBehaviorSecurityRestriction IESF_PolicyExplorerProcesses_2 LastWrite DisableAdobeFlash text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagement DisableFlashInIE LastWrite DisableBypassOfSmartScreenWarnings text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer DisableSafetyFilterOverride LastWrite DisableBypassOfSmartScreenWarningsAboutUncommonFiles text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer DisableSafetyFilterOverrideForAppRepUnknown LastWrite DisableConfiguringHistory text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~DeleteBrowsingHistory RestrictHistory LastWrite DisableCrashDetection text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer AddonManagement_RestrictCrashDetection LastWrite DisableCustomerExperienceImprovementProgramParticipation text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer SQM_DisableCEIP LastWrite DisableDeletingUserVisitedWebsites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~DeleteBrowsingHistory DBHDisableDeleteHistory LastWrite DisableEnclosureDownloading text/plain phone inetres.admx inetres~AT~WindowsComponents~RSS_Feeds Disable_Downloading_of_Enclosures LastWrite DisableEncryptionSupport text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage Advanced_SetWinInetProtocols LastWrite DisableFirstRunWizard text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer NoFirstRunCustomise LastWrite DisableFlipAheadFeature text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage Advanced_DisableFlipAhead LastWrite DisableHomePageChange text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer RestrictHomePage LastWrite DisableIgnoringCertificateErrors text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL NoCertError LastWrite DisableInPrivateBrowsing text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~CategoryPrivacy DisableInPrivateBrowsing LastWrite DisableProcessesInEnhancedProtectedMode text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage Advanced_EnableEnhancedProtectedMode64Bit LastWrite DisableProxyChange text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer RestrictProxy LastWrite DisableSearchProviderChange text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer NoSearchProvider LastWrite DisableSecondaryHomePageChange text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer SecondaryHomePages LastWrite DisableSecuritySettingsCheck text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer Disable_Security_Settings_Check LastWrite DoNotAllowActiveXControlsInProtectedMode text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage Advanced_DisableEPMCompat LastWrite DoNotBlockOutdatedActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagement VerMgmtDisable LastWrite DoNotBlockOutdatedActiveXControlsOnSpecificDomains text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagement VerMgmtDomainAllowlist LastWrite IncludeAllLocalSites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_IncludeUnspecifiedLocalSites LastWrite IncludeAllNetworkPaths text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_UNCAsIntranet LastWrite InternetZoneAllowAccessToDataSources text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyAccessDataSourcesAcrossDomains_1 LastWrite InternetZoneAllowAutomaticPromptingForActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyNotificationBarActiveXURLaction_1 LastWrite InternetZoneAllowAutomaticPromptingForFileDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyNotificationBarDownloadURLaction_1 LastWrite InternetZoneAllowCopyPasteViaScript text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyAllowPasteViaScript_1 LastWrite InternetZoneAllowDragAndDropCopyAndPasteFiles text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyDropOrPasteFiles_1 LastWrite InternetZoneAllowFontDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyFontDownload_1 LastWrite InternetZoneAllowLessPrivilegedSites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyZoneElevationURLaction_1 LastWrite InternetZoneAllowLoadingOfXAMLFiles text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_Policy_XAML_1 LastWrite InternetZoneAllowNETFrameworkReliantComponents text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyUnsignedFrameworkComponentsURLaction_1 LastWrite InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Internet LastWrite InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyAllowTDCControl_Both_Internet LastWrite InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_Policy_WebBrowserControl_1 LastWrite InternetZoneAllowScriptInitiatedWindows text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyWindowsRestrictionsURLaction_1 LastWrite InternetZoneAllowScriptlets text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_Policy_AllowScriptlets_1 LastWrite InternetZoneAllowSmartScreenIE text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_Policy_Phishing_1 LastWrite InternetZoneAllowUpdatesToStatusBarViaScript text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_Policy_ScriptStatusBar_1 LastWrite InternetZoneAllowUserDataPersistence text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyUserdataPersistence_1 LastWrite InternetZoneDoNotRunAntimalwareAgainstActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyAntiMalwareCheckingOfActiveXControls_1 LastWrite InternetZoneDownloadSignedActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyDownloadSignedActiveX_1 LastWrite InternetZoneDownloadUnsignedActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyDownloadUnsignedActiveX_1 LastWrite InternetZoneEnableCrossSiteScriptingFilter text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyTurnOnXSSFilter_Both_Internet LastWrite InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Internet LastWrite InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Internet LastWrite InternetZoneEnableMIMESniffing text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyMimeSniffingURLaction_1 LastWrite InternetZoneEnableProtectedMode text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_Policy_TurnOnProtectedMode_1 LastWrite InternetZoneIncludeLocalPathWhenUploadingFilesToServer text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_Policy_LocalPathForUpload_1 LastWrite InternetZoneInitializeAndScriptActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyScriptActiveXNotMarkedSafe_1 LastWrite InternetZoneJavaPermissions text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyJavaPermissions_1 LastWrite InternetZoneLaunchingApplicationsAndFilesInIFRAME text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyLaunchAppsAndFilesInIFRAME_1 LastWrite InternetZoneLogonOptions text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyLogon_1 LastWrite InternetZoneNavigateWindowsAndFrames text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyNavigateSubframesAcrossDomains_1 LastWrite InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicySignedFrameworkComponentsURLaction_1 LastWrite InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_Policy_UnsafeFiles_1 LastWrite InternetZoneUsePopupBlocker text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyBlockPopupWindows_1 LastWrite IntranetZoneAllowAccessToDataSources text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_PolicyAccessDataSourcesAcrossDomains_3 LastWrite IntranetZoneAllowAutomaticPromptingForActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_PolicyNotificationBarActiveXURLaction_3 LastWrite IntranetZoneAllowAutomaticPromptingForFileDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_PolicyNotificationBarDownloadURLaction_3 LastWrite IntranetZoneAllowFontDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_PolicyFontDownload_3 LastWrite IntranetZoneAllowLessPrivilegedSites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_PolicyZoneElevationURLaction_3 LastWrite IntranetZoneAllowNETFrameworkReliantComponents text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_PolicyUnsignedFrameworkComponentsURLaction_3 LastWrite IntranetZoneAllowScriptlets text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_Policy_AllowScriptlets_3 LastWrite IntranetZoneAllowSmartScreenIE text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_Policy_Phishing_3 LastWrite IntranetZoneAllowUserDataPersistence text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_PolicyUserdataPersistence_3 LastWrite IntranetZoneDoNotRunAntimalwareAgainstActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_PolicyAntiMalwareCheckingOfActiveXControls_3 LastWrite IntranetZoneInitializeAndScriptActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_PolicyScriptActiveXNotMarkedSafe_3 LastWrite IntranetZoneJavaPermissions text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_PolicyJavaPermissions_3 LastWrite IntranetZoneNavigateWindowsAndFrames text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_PolicyNavigateSubframesAcrossDomains_3 LastWrite LocalMachineZoneAllowAccessToDataSources text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_PolicyAccessDataSourcesAcrossDomains_9 LastWrite LocalMachineZoneAllowAutomaticPromptingForActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_PolicyNotificationBarActiveXURLaction_9 LastWrite LocalMachineZoneAllowAutomaticPromptingForFileDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_PolicyNotificationBarDownloadURLaction_9 LastWrite LocalMachineZoneAllowFontDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_PolicyFontDownload_9 LastWrite LocalMachineZoneAllowLessPrivilegedSites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_PolicyZoneElevationURLaction_9 LastWrite LocalMachineZoneAllowNETFrameworkReliantComponents text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_PolicyUnsignedFrameworkComponentsURLaction_9 LastWrite LocalMachineZoneAllowScriptlets text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_Policy_AllowScriptlets_9 LastWrite LocalMachineZoneAllowSmartScreenIE text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_Policy_Phishing_9 LastWrite LocalMachineZoneAllowUserDataPersistence text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_PolicyUserdataPersistence_9 LastWrite LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_PolicyAntiMalwareCheckingOfActiveXControls_9 LastWrite LocalMachineZoneInitializeAndScriptActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_PolicyScriptActiveXNotMarkedSafe_9 LastWrite LocalMachineZoneJavaPermissions text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_PolicyJavaPermissions_9 LastWrite LocalMachineZoneNavigateWindowsAndFrames text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_PolicyNavigateSubframesAcrossDomains_9 LastWrite LockedDownInternetZoneAllowAccessToDataSources text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown IZ_PolicyAccessDataSourcesAcrossDomains_2 LastWrite LockedDownInternetZoneAllowAutomaticPromptingForActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown IZ_PolicyNotificationBarActiveXURLaction_2 LastWrite LockedDownInternetZoneAllowAutomaticPromptingForFileDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown IZ_PolicyNotificationBarDownloadURLaction_2 LastWrite LockedDownInternetZoneAllowFontDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown IZ_PolicyFontDownload_2 LastWrite LockedDownInternetZoneAllowLessPrivilegedSites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown IZ_PolicyZoneElevationURLaction_2 LastWrite LockedDownInternetZoneAllowNETFrameworkReliantComponents text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown IZ_PolicyUnsignedFrameworkComponentsURLaction_2 LastWrite LockedDownInternetZoneAllowScriptlets text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown IZ_Policy_AllowScriptlets_2 LastWrite LockedDownInternetZoneAllowSmartScreenIE text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown IZ_Policy_Phishing_2 LastWrite LockedDownInternetZoneAllowUserDataPersistence text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown IZ_PolicyUserdataPersistence_2 LastWrite LockedDownInternetZoneInitializeAndScriptActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown IZ_PolicyScriptActiveXNotMarkedSafe_2 LastWrite LockedDownInternetZoneJavaPermissions text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown IZ_PolicyJavaPermissions_2 LastWrite LockedDownInternetZoneNavigateWindowsAndFrames text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown IZ_PolicyNavigateSubframesAcrossDomains_2 LastWrite LockedDownIntranetZoneAllowAccessToDataSources text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown IZ_PolicyAccessDataSourcesAcrossDomains_4 LastWrite LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown IZ_PolicyNotificationBarActiveXURLaction_4 LastWrite LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown IZ_PolicyNotificationBarDownloadURLaction_4 LastWrite LockedDownIntranetZoneAllowFontDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown IZ_PolicyFontDownload_4 LastWrite LockedDownIntranetZoneAllowLessPrivilegedSites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown IZ_PolicyZoneElevationURLaction_4 LastWrite LockedDownIntranetZoneAllowNETFrameworkReliantComponents text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown IZ_PolicyUnsignedFrameworkComponentsURLaction_4 LastWrite LockedDownIntranetZoneAllowScriptlets text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown IZ_Policy_AllowScriptlets_4 LastWrite LockedDownIntranetZoneAllowSmartScreenIE text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown IZ_Policy_Phishing_4 LastWrite LockedDownIntranetZoneAllowUserDataPersistence text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown IZ_PolicyUserdataPersistence_4 LastWrite LockedDownIntranetZoneInitializeAndScriptActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown IZ_PolicyScriptActiveXNotMarkedSafe_4 LastWrite LockedDownIntranetZoneNavigateWindowsAndFrames text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown IZ_PolicyNavigateSubframesAcrossDomains_4 LastWrite LockedDownLocalMachineZoneAllowAccessToDataSources text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown IZ_PolicyAccessDataSourcesAcrossDomains_10 LastWrite LockedDownLocalMachineZoneAllowAutomaticPromptingForActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown IZ_PolicyNotificationBarActiveXURLaction_10 LastWrite LockedDownLocalMachineZoneAllowAutomaticPromptingForFileDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown IZ_PolicyNotificationBarDownloadURLaction_10 LastWrite LockedDownLocalMachineZoneAllowFontDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown IZ_PolicyFontDownload_10 LastWrite LockedDownLocalMachineZoneAllowLessPrivilegedSites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown IZ_PolicyZoneElevationURLaction_10 LastWrite LockedDownLocalMachineZoneAllowNETFrameworkReliantComponents text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown IZ_PolicyUnsignedFrameworkComponentsURLaction_10 LastWrite LockedDownLocalMachineZoneAllowScriptlets text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown IZ_Policy_AllowScriptlets_10 LastWrite LockedDownLocalMachineZoneAllowSmartScreenIE text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown IZ_Policy_Phishing_10 LastWrite LockedDownLocalMachineZoneAllowUserDataPersistence text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown IZ_PolicyUserdataPersistence_10 LastWrite LockedDownLocalMachineZoneInitializeAndScriptActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown IZ_PolicyScriptActiveXNotMarkedSafe_10 LastWrite LockedDownLocalMachineZoneJavaPermissions text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown IZ_PolicyJavaPermissions_10 LastWrite LockedDownLocalMachineZoneNavigateWindowsAndFrames text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown IZ_PolicyNavigateSubframesAcrossDomains_10 LastWrite LockedDownRestrictedSitesZoneAllowAccessToDataSources text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown IZ_PolicyAccessDataSourcesAcrossDomains_8 LastWrite LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown IZ_PolicyNotificationBarActiveXURLaction_8 LastWrite LockedDownRestrictedSitesZoneAllowAutomaticPromptingForFileDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown IZ_PolicyNotificationBarDownloadURLaction_8 LastWrite LockedDownRestrictedSitesZoneAllowFontDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown IZ_PolicyFontDownload_8 LastWrite LockedDownRestrictedSitesZoneAllowLessPrivilegedSites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown IZ_PolicyZoneElevationURLaction_8 LastWrite LockedDownRestrictedSitesZoneAllowNETFrameworkReliantComponents text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown IZ_PolicyUnsignedFrameworkComponentsURLaction_8 LastWrite LockedDownRestrictedSitesZoneAllowScriptlets text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown IZ_Policy_AllowScriptlets_8 LastWrite LockedDownRestrictedSitesZoneAllowSmartScreenIE text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown IZ_Policy_Phishing_8 LastWrite LockedDownRestrictedSitesZoneAllowUserDataPersistence text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown IZ_PolicyUserdataPersistence_8 LastWrite LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown IZ_PolicyScriptActiveXNotMarkedSafe_8 LastWrite LockedDownRestrictedSitesZoneJavaPermissions text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown IZ_PolicyJavaPermissions_8 LastWrite LockedDownRestrictedSitesZoneNavigateWindowsAndFrames text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown IZ_PolicyNavigateSubframesAcrossDomains_8 LastWrite LockedDownTrustedSitesZoneAllowAccessToDataSources text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_PolicyAccessDataSourcesAcrossDomains_6 LastWrite LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_PolicyNotificationBarActiveXURLaction_6 LastWrite LockedDownTrustedSitesZoneAllowAutomaticPromptingForFileDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_PolicyNotificationBarDownloadURLaction_6 LastWrite LockedDownTrustedSitesZoneAllowFontDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_PolicyFontDownload_6 LastWrite LockedDownTrustedSitesZoneAllowLessPrivilegedSites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_PolicyZoneElevationURLaction_6 LastWrite LockedDownTrustedSitesZoneAllowNETFrameworkReliantComponents text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_PolicyUnsignedFrameworkComponentsURLaction_6 LastWrite LockedDownTrustedSitesZoneAllowScriptlets text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_Policy_AllowScriptlets_6 LastWrite LockedDownTrustedSitesZoneAllowSmartScreenIE text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_Policy_Phishing_6 LastWrite LockedDownTrustedSitesZoneAllowUserDataPersistence text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_PolicyUserdataPersistence_6 LastWrite LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_PolicyScriptActiveXNotMarkedSafe_6 LastWrite LockedDownTrustedSitesZoneJavaPermissions text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_PolicyJavaPermissions_6 LastWrite LockedDownTrustedSitesZoneNavigateWindowsAndFrames text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_PolicyNavigateSubframesAcrossDomains_6 LastWrite MimeSniffingSafetyFeatureInternetExplorerProcesses text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryMimeSniffingSafetyFeature IESF_PolicyExplorerProcesses_6 LastWrite MKProtocolSecurityRestrictionInternetExplorerProcesses text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryMKProtocolSecurityRestriction IESF_PolicyExplorerProcesses_3 LastWrite NotificationBarInternetExplorerProcesses text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryInformationBar IESF_PolicyExplorerProcesses_10 LastWrite PreventManagingSmartScreenFilter text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer Disable_Managing_Safety_Filter_IE9 LastWrite PreventPerUserInstallationOfActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer DisablePerUserActiveXInstall LastWrite ProtectionFromZoneElevationInternetExplorerProcesses text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryProtectionFromZoneElevation IESF_PolicyAllProcesses_9 LastWrite RemoveRunThisTimeButtonForOutdatedActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagement VerMgmtDisableRunThisTime LastWrite RestrictActiveXInstallInternetExplorerProcesses text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryRestrictActiveXInstall IESF_PolicyAllProcesses_11 LastWrite RestrictedSitesZoneAllowAccessToDataSources text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyAccessDataSourcesAcrossDomains_7 LastWrite RestrictedSitesZoneAllowActiveScripting text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyActiveScripting_7 LastWrite RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyNotificationBarActiveXURLaction_7 LastWrite RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyNotificationBarDownloadURLaction_7 LastWrite RestrictedSitesZoneAllowBinaryAndScriptBehaviors text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyBinaryBehaviors_7 LastWrite RestrictedSitesZoneAllowCopyPasteViaScript text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyAllowPasteViaScript_7 LastWrite RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyDropOrPasteFiles_7 LastWrite RestrictedSitesZoneAllowFileDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyFileDownload_7 LastWrite RestrictedSitesZoneAllowFontDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyFontDownload_7 LastWrite RestrictedSitesZoneAllowLessPrivilegedSites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyZoneElevationURLaction_7 LastWrite RestrictedSitesZoneAllowLoadingOfXAMLFiles text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_Policy_XAML_7 LastWrite RestrictedSitesZoneAllowMETAREFRESH text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyAllowMETAREFRESH_7 LastWrite RestrictedSitesZoneAllowNETFrameworkReliantComponents text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyUnsignedFrameworkComponentsURLaction_7 LastWrite RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Restricted LastWrite RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyAllowTDCControl_Both_Restricted LastWrite RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_Policy_WebBrowserControl_7 LastWrite RestrictedSitesZoneAllowScriptInitiatedWindows text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyWindowsRestrictionsURLaction_7 LastWrite RestrictedSitesZoneAllowScriptlets text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_Policy_AllowScriptlets_7 LastWrite RestrictedSitesZoneAllowSmartScreenIE text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_Policy_Phishing_7 LastWrite RestrictedSitesZoneAllowUpdatesToStatusBarViaScript text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_Policy_ScriptStatusBar_7 LastWrite RestrictedSitesZoneAllowUserDataPersistence text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyUserdataPersistence_7 LastWrite RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyAntiMalwareCheckingOfActiveXControls_7 LastWrite RestrictedSitesZoneDownloadSignedActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyDownloadSignedActiveX_7 LastWrite RestrictedSitesZoneDownloadUnsignedActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyDownloadUnsignedActiveX_7 LastWrite RestrictedSitesZoneEnableCrossSiteScriptingFilter text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyTurnOnXSSFilter_Both_Restricted LastWrite RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Restricted LastWrite RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Restricted LastWrite RestrictedSitesZoneEnableMIMESniffing text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyMimeSniffingURLaction_7 LastWrite RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_Policy_LocalPathForUpload_7 LastWrite RestrictedSitesZoneInitializeAndScriptActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyScriptActiveXNotMarkedSafe_7 LastWrite RestrictedSitesZoneJavaPermissions text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyJavaPermissions_7 LastWrite RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyLaunchAppsAndFilesInIFRAME_7 LastWrite RestrictedSitesZoneLogonOptions text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyLogon_7 LastWrite RestrictedSitesZoneNavigateWindowsAndFrames text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyNavigateSubframesAcrossDomains_7 LastWrite RestrictedSitesZoneRunActiveXControlsAndPlugins text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyRunActiveXControls_7 LastWrite RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicySignedFrameworkComponentsURLaction_7 LastWrite RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyScriptActiveXMarkedSafe_7 LastWrite RestrictedSitesZoneScriptingOfJavaApplets text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyScriptingOfJavaApplets_7 LastWrite RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_Policy_UnsafeFiles_7 LastWrite RestrictedSitesZoneTurnOnProtectedMode text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_Policy_TurnOnProtectedMode_7 LastWrite RestrictedSitesZoneUsePopupBlocker text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyBlockPopupWindows_7 LastWrite RestrictFileDownloadInternetExplorerProcesses text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryRestrictFileDownload IESF_PolicyAllProcesses_12 LastWrite ScriptedWindowSecurityRestrictionsInternetExplorerProcesses text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryScriptedWindowSecurityRestrictions IESF_PolicyAllProcesses_8 LastWrite SearchProviderList text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer SpecificSearchProvider LastWrite SpecifyUseOfActiveXInstallerService text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer OnlyUseAXISForActiveXInstall LastWrite TrustedSitesZoneAllowAccessToDataSources text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_PolicyAccessDataSourcesAcrossDomains_5 LastWrite TrustedSitesZoneAllowAutomaticPromptingForActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_PolicyNotificationBarActiveXURLaction_5 LastWrite TrustedSitesZoneAllowAutomaticPromptingForFileDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_PolicyNotificationBarDownloadURLaction_5 LastWrite TrustedSitesZoneAllowFontDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_PolicyFontDownload_5 LastWrite TrustedSitesZoneAllowLessPrivilegedSites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_PolicyZoneElevationURLaction_5 LastWrite TrustedSitesZoneAllowNETFrameworkReliantComponents text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_PolicyUnsignedFrameworkComponentsURLaction_5 LastWrite TrustedSitesZoneAllowScriptlets text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_Policy_AllowScriptlets_5 LastWrite TrustedSitesZoneAllowSmartScreenIE text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_Policy_Phishing_5 LastWrite TrustedSitesZoneAllowUserDataPersistence text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_PolicyUserdataPersistence_5 LastWrite TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_PolicyAntiMalwareCheckingOfActiveXControls_5 LastWrite TrustedSitesZoneInitializeAndScriptActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_PolicyScriptActiveXNotMarkedSafe_5 LastWrite TrustedSitesZoneJavaPermissions text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_PolicyJavaPermissions_5 LastWrite TrustedSitesZoneNavigateWindowsAndFrames text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_PolicyNavigateSubframesAcrossDomains_5 LastWrite Notifications DisallowNotificationMirroring 0 text/plain LowestValueMostSecure Printers PointAndPrintRestrictions_User text/plain phone Printing.admx Printing~AT~ControlPanel~CplPrinters PointAndPrint_Restrictions LastWrite Settings ConfigureTaskbarCalendar 0 text/plain LastWrite Start HidePeopleBar Enabling this policy removes the people icon from the taskbar as well as the corresponding settings toggle. It also prevents users from pinning people to the taskbar. 0 text/plain phone LowestValueMostSecure StartLayout text/plain phone LastWrite System AllowTelemetry 3 text/plain LowestValueMostSecure Policy ./Device/Vendor/MSFT com.microsoft/6.0/MDM/Policy ConfigOperations Policy CSP ConfigOperations ADMXInstall Win32 App ADMX Ingestion * Win32 App Name * Setting Type of Win32 App. Policy Or Preference * Unique ID of ADMX file Config AboveLock AllowActionCenterNotifications text/plain AllowCortanaAboveLock text/plain AllowToasts text/plain Accounts AllowAddingNonMicrosoftAccountsManually text/plain AllowMicrosoftAccountConnection text/plain AllowMicrosoftAccountSignInAssistant text/plain DomainNamesForEmailSync text/plain ActiveXControls ApprovedInstallationSites text/plain ApplicationDefaults DefaultAssociationsConfiguration text/plain ApplicationManagement AllowAllTrustedApps text/plain AllowAppStoreAutoUpdate text/plain AllowDeveloperUnlock text/plain AllowGameDVR text/plain AllowSharedUserAppData text/plain AllowStore text/plain ApplicationRestrictions text/plain DisableStoreOriginatedApps text/plain RestrictAppDataToSystemVolume text/plain RestrictAppToSystemVolume text/plain AppVirtualization AllowAppVClient text/plain AllowDynamicVirtualization text/plain AllowPackageCleanup text/plain AllowPackageScripts text/plain AllowPublishingRefreshUX text/plain AllowReportingServer text/plain AllowRoamingFileExclusions text/plain AllowRoamingRegistryExclusions text/plain AllowStreamingAutoload text/plain ClientCoexistenceAllowMigrationmode text/plain IntegrationAllowRootGlobal text/plain IntegrationAllowRootUser text/plain PublishingAllowServer1 text/plain PublishingAllowServer2 text/plain PublishingAllowServer3 text/plain PublishingAllowServer4 text/plain PublishingAllowServer5 text/plain StreamingAllowCertificateFilterForClient_SSL text/plain StreamingAllowHighCostLaunch text/plain StreamingAllowLocationProvider text/plain StreamingAllowPackageInstallationRoot text/plain StreamingAllowPackageSourceRoot text/plain StreamingAllowReestablishmentInterval text/plain StreamingAllowReestablishmentRetries text/plain StreamingSharedContentStoreMode text/plain StreamingSupportBranchCache text/plain StreamingVerifyCertificateRevocationList text/plain VirtualComponentsAllowList text/plain Authentication AllowAadPasswordReset Specifies whether password reset is enabled for AAD accounts. text/plain AllowFastReconnect text/plain AllowFidoDeviceSignon Specifies whether FIDO device can be used to sign on. text/plain AllowSecondaryAuthenticationDevice text/plain Autoplay DisallowAutoplayForNonVolumeDevices text/plain SetDefaultAutoRunBehavior text/plain TurnOffAutoPlay text/plain Bitlocker EncryptionMethod text/plain Bluetooth AllowAdvertising text/plain AllowDiscoverableMode text/plain AllowPrepairing text/plain LocalDeviceName text/plain ServicesAllowedList text/plain Browser AllowAddressBarDropdown This policy setting lets you decide whether the Address bar drop-down functionality is available in Microsoft Edge. We recommend disabling this setting if you want to minimize network connections from Microsoft Edge to Microsoft services. text/plain AllowAutofill This setting lets you decide whether employees can use Autofill to automatically fill in form fields while using Microsoft Edge. text/plain AllowBrowser text/plain AllowCookies This setting lets you configure how your company deals with cookies. text/plain AllowDeveloperTools This setting lets you decide whether employees can use F12 Developer Tools on Microsoft Edge. text/plain AllowDoNotTrack This setting lets you decide whether employees can send Do Not Track headers to websites that request tracking info. text/plain AllowExtensions This setting lets you decide whether employees can load extensions in Microsoft Edge. text/plain AllowFlash This setting lets you decide whether employees can run Adobe Flash in Microsoft Edge. text/plain AllowFlashClickToRun Configure the Adobe Flash Click-to-Run setting. text/plain AllowInPrivate This setting lets you decide whether employees can browse using InPrivate website browsing. text/plain AllowMicrosoftCompatibilityList This policy setting lets you decide whether the Microsoft Compatibility List is enabled or disabled in Microsoft Edge. This feature uses a Microsoft-provided list to ensure that any sites with known compatibility issues are displayed correctly when a user navigates to them. By default, the Microsoft Compatibility List is enabled and can be viewed by navigating to about:compat. If you enable or don’t configure this setting, Microsoft Edge will periodically download the latest version of the list from Microsoft and will apply the configurations specified there during browser navigation. If a user visits a site on the Microsoft Compatibility List, he or she will be prompted to open the site in Internet Explorer 11. Once in Internet Explorer, the site will automatically be rendered as if the user is viewing it in the previous version of Internet Explorer it requires to display correctly. If you disable this setting, the Microsoft Compatibility List will not be used during browser navigation. text/plain AllowPasswordManager This setting lets you decide whether employees can save their passwords locally, using Password Manager. text/plain AllowPopups This setting lets you decide whether to turn on Pop-up Blocker and whether to allow pop-ups to appear in secondary windows. text/plain AllowSearchEngineCustomization Allow search engine customization for MDM enrolled devices. Users can change their default search engine. If this setting is turned on or not configured, users can add new search engines and change the default used in the address bar from within Microsoft Edge Settings. If this setting is disabled, users will be unable to add search engines or change the default used in the address bar. This policy will only apply on domain joined machines or when the device is MDM enrolled. For more information, see Microsoft browser extension policy (aka.ms/browserpolicy). text/plain AllowSearchSuggestionsinAddressBar This setting lets you decide whether search suggestions should appear in the Address bar of Microsoft Edge. text/plain AllowSmartScreen This setting lets you decide whether to turn on Windows Defender SmartScreen. text/plain AlwaysEnableBooksLibrary Specifies whether the Books Library in Microsoft Edge will always be visible regardless of the country or region setting for the device. text/plain ClearBrowsingDataOnExit Specifies whether to always clear browsing history on exiting Microsoft Edge. text/plain ConfigureAdditionalSearchEngines Allows you to add up to 5 additional search engines for MDM-enrolled devices. If this setting is turned on, you can add up to 5 additional search engines for your employee. For each additional search engine you wish to add, you must specify a link to the OpenSearch XML file that contains, at minimum, the short name and the URL to the search engine. This policy does not affect the default search engine. Employees will not be able to remove these search engines, but they can set any one of these as the default. If this setting is not configured, the search engines are the ones specified in the App settings. If this setting is disabled, the search engines you had added will be deleted from your employee's machine. Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled. text/plain DisableLockdownOfStartPages Boolean policy that specifies whether the lockdown on the Start pages is disabled. This policy works with the Browser/HomePages policy, which locks down the Start pages that the users cannot modify. You can use the DisableLockdownOfStartPages policy to allow users to modify the Start pages when Browser/HomePages policy is in effect. Note: This policy has no effect when Browser/HomePages is not configured. Important This setting can only be used with domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy). text/plain EnterpriseModeSiteList This setting lets you configure whether your company uses Enterprise Mode and the Enterprise Mode Site List to address common compatibility problems with legacy websites. text/plain EnterpriseSiteListServiceUrl text/plain FirstRunURL Configure first run URL. text/plain HomePages Configure the Start page URLs for your employees. Example: If you wanted to allow contoso.com and fabrikam.com then you would append /support to the site strings like contoso.com/support and fabrikam.com/support. Encapsulate each string with greater than and less than characters like any other XML tag. Version 1703 or later:  If you don't want to send traffic to Microsoft, you can use the about:blank value (encapsulate with greater than and less than characters like any other XML tag), which is honored for both domain- and non-domain-joined machines, when it's the only configured URL. text/plain LockdownFavorites This policy setting lets you decide whether employees can add, import, sort, or edit the Favorites list on Microsoft Edge. If you enable this setting, employees won't be able to add, import, or change anything in the Favorites list. Also as part of this, Save a Favorite, Import settings, and the context menu items (such as, Create a new folder) are all turned off. Important Don't enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge. If you disable or don't configure this setting (default), employees can add, import and make changes to the Favorites list. text/plain PreventAccessToAboutFlagsInMicrosoftEdge Prevent access to the about:flags page in Microsoft Edge. text/plain PreventFirstRunPage Specifies whether the First Run webpage is prevented from automatically opening on the first launch of Microsoft Edge. This policy is only available for Windows 10 version 1703 or later for desktop. Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled. text/plain PreventLiveTileDataCollection This policy lets you decide whether Microsoft Edge can gather Live Tile metadata from the ieonline.microsoft.com service to provide a better experience while pinning a Live Tile to the Start menu. Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled. text/plain PreventSmartScreenPromptOverride Don't allow Windows Defender SmartScreen warning overrides text/plain PreventSmartScreenPromptOverrideForFiles Don't allow Windows Defender SmartScreen warning overrides for unverified files. text/plain PreventUsingLocalHostIPAddressForWebRTC Prevent using localhost IP address for WebRTC text/plain ProvisionFavorites This policy setting allows you to configure a default set of favorites, which will appear for employees. Employees cannot modify, sort, move, export or delete these provisioned favorites. If you enable this setting, you can set favorite URL's and favorite folders to appear on top of users' favorites list (either in the Hub or Favorites Bar). The user favorites will appear after these provisioned favorites. Important Don't enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge. If you disable or don't configure this setting, employees will see the favorites they set in the Hub and Favorites Bar. text/plain SendIntranetTraffictoInternetExplorer Sends all intranet traffic over to Internet Explorer. text/plain SetDefaultSearchEngine Sets the default search engine for MDM-enrolled devices. Users can still change their default search engine. If this setting is turned on, you are setting the default search engine that you would like your employees to use. Employees can still change the default search engine, unless you apply the AllowSearchEngineCustomization policy which will disable the ability to change it. You must specify a link to the OpenSearch XML file that contains, at minimum, the short name and the URL to the search engine. If you would like for your employees to use the Edge factory settings for the default search engine for their market, set the string EDGEDEFAULT; if you would like for your employees to use Bing as the default search engine, set the string EDGEBING. If this setting is not configured, the default search engine is set to the one specified in App settings and can be changed by your employees. If this setting is disabled, the policy-set search engine will be removed, and, if it is the current default, the default will be set back to the factory Microsoft Edge search engine for the market. Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled. text/plain ShowMessageWhenOpeningSitesInInternetExplorer Show message when opening sites in Internet Explorer text/plain SyncFavoritesBetweenIEAndMicrosoftEdge Specifies whether favorites are kept in sync between Internet Explorer and Microsoft Edge. Changes to favorites in one browser are reflected in the other, including: additions, deletions, modifications, and ordering. text/plain Camera AllowCamera text/plain Cellular LetAppsAccessCellularData This policy setting specifies whether Windows apps can access cellular data. text/plain LetAppsAccessCellularData_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. text/plain LetAppsAccessCellularData_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. text/plain LetAppsAccessCellularData_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the cellular data access setting for the listed apps. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. text/plain ShowAppCellularAccessUI text/plain Connectivity AllowBluetooth text/plain AllowCellularData text/plain AllowCellularDataRoaming text/plain AllowConnectedDevices text/plain AllowNFC text/plain AllowUSBConnection text/plain AllowVPNOverCellular text/plain AllowVPNRoamingOverCellular text/plain DiablePrintingOverHTTP text/plain DisableDownloadingOfPrintDriversOverHTTP text/plain DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards text/plain DisallowNetworkConnectivityActiveTests text/plain HardenedUNCPaths text/plain ProhibitInstallationAndConfigurationOfNetworkBridge text/plain CredentialProviders AllowPINLogon text/plain BlockPicturePassword text/plain DisableAutomaticReDeploymentCredentials text/plain CredentialsUI DisablePasswordReveal text/plain EnumerateAdministrators text/plain Cryptography AllowFipsAlgorithmPolicy text/plain TLSCipherSuites text/plain DataProtection AllowDirectMemoryAccess text/plain LegacySelectiveWipeID text/plain DataUsage SetCost3G text/plain SetCost4G text/plain Defender AllowArchiveScanning text/plain AllowBehaviorMonitoring text/plain AllowCloudProtection text/plain AllowEmailScanning text/plain AllowFullScanOnMappedNetworkDrives text/plain AllowFullScanRemovableDriveScanning text/plain AllowIntrusionPreventionSystem text/plain AllowIOAVProtection text/plain AllowOnAccessProtection text/plain AllowRealtimeMonitoring text/plain AllowScanningNetworkFiles text/plain AllowScriptScanning text/plain AllowUserUIAccess text/plain AttackSurfaceReductionOnlyExclusions text/plain AttackSurfaceReductionRules text/plain AvgCPULoadFactor text/plain CloudBlockLevel text/plain CloudExtendedTimeout text/plain ControlledFolderAccessAllowedApplications text/plain ControlledFolderAccessProtectedFolders text/plain DaysToRetainCleanedMalware text/plain EnableControlledFolderAccess text/plain EnableNetworkProtection text/plain ExcludedExtensions text/plain ExcludedPaths text/plain ExcludedProcesses text/plain PUAProtection text/plain RealTimeScanDirection text/plain ScanParameter text/plain ScheduleQuickScanTime text/plain ScheduleScanDay text/plain ScheduleScanTime text/plain SignatureUpdateInterval text/plain SubmitSamplesConsent text/plain ThreatSeverityDefaultAction text/plain DeliveryOptimization DOAbsoluteMaxCacheSize text/plain DOAllowVPNPeerCaching text/plain DOCacheHost text/plain DODownloadMode text/plain DOGroupId text/plain DOMaxCacheAge text/plain DOMaxCacheSize text/plain DOMaxDownloadBandwidth text/plain DOMaxUploadBandwidth text/plain DOMinBackgroundQos text/plain DOMinBatteryPercentageAllowedToUpload text/plain DOMinDiskSizeAllowedToPeer text/plain DOMinFileSizeToCache text/plain DOMinRAMAllowedToPeer text/plain DOModifyCacheDrive text/plain DOMonthlyUploadDataCap text/plain DOPercentageMaxDownloadBandwidth text/plain DeviceGuard EnableVirtualizationBasedSecurity Turns On Virtualization Based Security(VBS) text/plain LsaCfgFlags Credential Guard Configuration: 0 - Turns off CredentialGuard remotely if configured previously without UEFI Lock, 1 - Turns on CredentialGuard with UEFI lock. 2 - Turns on CredentialGuard without UEFI lock. text/plain RequirePlatformSecurityFeatures Select Platform Security Level: 1 - Turns on VBS with Secure Boot, 3 - Turns on VBS with Secure Boot and DMA. DMA requires hardware support. text/plain DeviceInstallation PreventInstallationOfMatchingDeviceIDs text/plain PreventInstallationOfMatchingDeviceSetupClasses text/plain DeviceLock AllowIdleReturnWithoutPassword Specifies whether the user must input a PIN or password when the device resumes from an idle state. text/plain AllowScreenTimeoutWhileLockedUserConfig Specifies whether to show a user-configurable setting to control the screen timeout while on the lock screen of Windows 10 Mobile devices. text/plain AllowSimpleDevicePassword Specifies whether PINs or passwords such as 1111 or 1234 are allowed. For the desktop, it also controls the use of picture passwords. text/plain AlphanumericDevicePasswordRequired Determines the type of PIN or password required. This policy only applies if the DeviceLock/DevicePasswordEnabled policy is set to 0 text/plain DevicePasswordEnabled Specifies whether device lock is enabled. text/plain DevicePasswordExpiration Specifies when the password expires (in days). text/plain DevicePasswordHistory Specifies how many passwords can be stored in the history that can’t be used. text/plain EnforceLockScreenAndLogonImage text/plain EnforceLockScreenProvider text/plain MaxDevicePasswordFailedAttempts text/plain MaxInactivityTimeDeviceLock The number of authentication failures allowed before the device will be wiped. A value of 0 disables device wipe functionality. text/plain MaxInactivityTimeDeviceLockWithExternalDisplay Sets the maximum timeout value for the external display. text/plain MinDevicePasswordComplexCharacters The number of complex element types (uppercase and lowercase letters, numbers, and punctuation) required for a strong PIN or password. text/plain MinDevicePasswordLength Specifies the minimum number or characters required in the PIN or password. text/plain MinimumPasswordAge This security setting determines the period of time (in days) that a password must be used before the user can change it. You can set a value between 1 and 998 days, or you can allow changes immediately by setting the number of days to 0. The minimum password age must be less than the Maximum password age, unless the maximum password age is set to 0, indicating that passwords will never expire. If the maximum password age is set to 0, the minimum password age can be set to any value between 0 and 998. Configure the minimum password age to be more than 0 if you want Enforce password history to be effective. Without a minimum password age, users can cycle through passwords repeatedly until they get to an old favorite. The default setting does not follow this recommendation, so that an administrator can specify a password for a user and then require the user to change the administrator-defined password when the user logs on. If the password history is set to 0, the user does not have to choose a new password. For this reason, Enforce password history is set to 1 by default. text/plain PreventLockScreenSlideShow text/plain ScreenTimeoutWhileLocked Specifies whether to show a user-configurable setting to control the screen timeout while on the lock screen of Windows 10 Mobile devices. text/plain Display TurnOffGdiDPIScalingForApps This policy allows to force turn off GDI DPI Scaling for a semicolon separated list of applications. Applications can be specified either by using full path or just filename and extension. text/plain TurnOnGdiDPIScalingForApps This policy allows to turn on GDI DPI Scaling for a semicolon separated list of applications. Applications can be specified either by using full path or just filename and extension. text/plain ErrorReporting CustomizeConsentSettings text/plain DisableWindowsErrorReporting text/plain DisplayErrorNotification text/plain DoNotSendAdditionalData text/plain PreventCriticalErrorDisplay text/plain EventLogService ControlEventLogBehavior text/plain SpecifyMaximumFileSizeApplicationLog text/plain SpecifyMaximumFileSizeSecurityLog text/plain SpecifyMaximumFileSizeSystemLog text/plain Experience AllowCopyPaste text/plain AllowCortana text/plain AllowDeviceDiscovery text/plain AllowFindMyDevice text/plain AllowManualMDMUnenrollment text/plain AllowSaveAsOfOfficeFiles text/plain AllowScreenCapture text/plain AllowSharingOfOfficeFiles text/plain AllowSIMErrorDialogPromptWhenNoSIM text/plain AllowSyncMySettings text/plain AllowTaskSwitcher text/plain AllowVoiceRecording text/plain AllowWindowsTips text/plain DoNotShowFeedbackNotifications text/plain ExploitGuard ExploitProtectionSettings text/plain Games AllowAdvancedGamingServices Specifies whether advanced gaming services can be used. These services may send data to Microsoft or publishers of games that use these services. text/plain Handwriting PanelDefaultModeDocked Specifies whether the handwriting panel comes up floating near the text box or attached to the bottom of the screen text/plain InternetExplorer AddSearchProvider text/plain AllowActiveXFiltering text/plain AllowAddOnList text/plain AllowCertificateAddressMismatchWarning text/plain AllowDeletingBrowsingHistoryOnExit text/plain AllowEnhancedProtectedMode text/plain AllowEnterpriseModeFromToolsMenu text/plain AllowEnterpriseModeSiteList text/plain AllowFallbackToSSL3 text/plain AllowInternetExplorer7PolicyList text/plain AllowInternetExplorerStandardsMode text/plain AllowInternetZoneTemplate text/plain AllowIntranetZoneTemplate text/plain AllowLocalMachineZoneTemplate text/plain AllowLockedDownInternetZoneTemplate text/plain AllowLockedDownIntranetZoneTemplate text/plain AllowLockedDownLocalMachineZoneTemplate text/plain AllowLockedDownRestrictedSitesZoneTemplate text/plain AllowOneWordEntry text/plain AllowSiteToZoneAssignmentList text/plain AllowsLockedDownTrustedSitesZoneTemplate text/plain AllowSoftwareWhenSignatureIsInvalid text/plain AllowsRestrictedSitesZoneTemplate text/plain AllowSuggestedSites text/plain AllowTrustedSitesZoneTemplate text/plain CheckServerCertificateRevocation text/plain CheckSignaturesOnDownloadedPrograms text/plain ConsistentMimeHandlingInternetExplorerProcesses text/plain DisableAdobeFlash text/plain DisableBypassOfSmartScreenWarnings text/plain DisableBypassOfSmartScreenWarningsAboutUncommonFiles text/plain DisableConfiguringHistory text/plain DisableCrashDetection text/plain DisableCustomerExperienceImprovementProgramParticipation text/plain DisableDeletingUserVisitedWebsites text/plain DisableEnclosureDownloading text/plain DisableEncryptionSupport text/plain DisableFirstRunWizard text/plain DisableFlipAheadFeature text/plain DisableIgnoringCertificateErrors text/plain DisableInPrivateBrowsing text/plain DisableProcessesInEnhancedProtectedMode text/plain DisableProxyChange text/plain DisableSearchProviderChange text/plain DisableSecondaryHomePageChange text/plain DisableSecuritySettingsCheck text/plain DisableUpdateCheck text/plain DoNotAllowActiveXControlsInProtectedMode text/plain DoNotAllowUsersToAddSites text/plain DoNotAllowUsersToChangePolicies text/plain DoNotBlockOutdatedActiveXControls text/plain DoNotBlockOutdatedActiveXControlsOnSpecificDomains text/plain IncludeAllLocalSites text/plain IncludeAllNetworkPaths text/plain InternetZoneAllowAccessToDataSources text/plain InternetZoneAllowAutomaticPromptingForActiveXControls text/plain InternetZoneAllowAutomaticPromptingForFileDownloads text/plain InternetZoneAllowCopyPasteViaScript text/plain InternetZoneAllowDragAndDropCopyAndPasteFiles text/plain InternetZoneAllowFontDownloads text/plain InternetZoneAllowLessPrivilegedSites text/plain InternetZoneAllowLoadingOfXAMLFiles text/plain InternetZoneAllowNETFrameworkReliantComponents text/plain InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls text/plain InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl text/plain InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls text/plain InternetZoneAllowScriptInitiatedWindows text/plain InternetZoneAllowScriptlets text/plain InternetZoneAllowSmartScreenIE text/plain InternetZoneAllowUpdatesToStatusBarViaScript text/plain InternetZoneAllowUserDataPersistence text/plain InternetZoneDoNotRunAntimalwareAgainstActiveXControls text/plain InternetZoneDownloadSignedActiveXControls text/plain InternetZoneDownloadUnsignedActiveXControls text/plain InternetZoneEnableCrossSiteScriptingFilter text/plain InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows text/plain InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows text/plain InternetZoneEnableMIMESniffing text/plain InternetZoneEnableProtectedMode text/plain InternetZoneIncludeLocalPathWhenUploadingFilesToServer text/plain InternetZoneInitializeAndScriptActiveXControls text/plain InternetZoneJavaPermissions text/plain InternetZoneLaunchingApplicationsAndFilesInIFRAME text/plain InternetZoneLogonOptions text/plain InternetZoneNavigateWindowsAndFrames text/plain InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode text/plain InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles text/plain InternetZoneUsePopupBlocker text/plain IntranetZoneAllowAccessToDataSources text/plain IntranetZoneAllowAutomaticPromptingForActiveXControls text/plain IntranetZoneAllowAutomaticPromptingForFileDownloads text/plain IntranetZoneAllowFontDownloads text/plain IntranetZoneAllowLessPrivilegedSites text/plain IntranetZoneAllowNETFrameworkReliantComponents text/plain IntranetZoneAllowScriptlets text/plain IntranetZoneAllowSmartScreenIE text/plain IntranetZoneAllowUserDataPersistence text/plain IntranetZoneDoNotRunAntimalwareAgainstActiveXControls text/plain IntranetZoneInitializeAndScriptActiveXControls text/plain IntranetZoneJavaPermissions text/plain IntranetZoneNavigateWindowsAndFrames text/plain LocalMachineZoneAllowAccessToDataSources text/plain LocalMachineZoneAllowAutomaticPromptingForActiveXControls text/plain LocalMachineZoneAllowAutomaticPromptingForFileDownloads text/plain LocalMachineZoneAllowFontDownloads text/plain LocalMachineZoneAllowLessPrivilegedSites text/plain LocalMachineZoneAllowNETFrameworkReliantComponents text/plain LocalMachineZoneAllowScriptlets text/plain LocalMachineZoneAllowSmartScreenIE text/plain LocalMachineZoneAllowUserDataPersistence text/plain LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls text/plain LocalMachineZoneInitializeAndScriptActiveXControls text/plain LocalMachineZoneJavaPermissions text/plain LocalMachineZoneNavigateWindowsAndFrames text/plain LockedDownInternetZoneAllowAccessToDataSources text/plain LockedDownInternetZoneAllowAutomaticPromptingForActiveXControls text/plain LockedDownInternetZoneAllowAutomaticPromptingForFileDownloads text/plain LockedDownInternetZoneAllowFontDownloads text/plain LockedDownInternetZoneAllowLessPrivilegedSites text/plain LockedDownInternetZoneAllowNETFrameworkReliantComponents text/plain LockedDownInternetZoneAllowScriptlets text/plain LockedDownInternetZoneAllowSmartScreenIE text/plain LockedDownInternetZoneAllowUserDataPersistence text/plain LockedDownInternetZoneInitializeAndScriptActiveXControls text/plain LockedDownInternetZoneJavaPermissions text/plain LockedDownInternetZoneNavigateWindowsAndFrames text/plain LockedDownIntranetZoneAllowAccessToDataSources text/plain LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls text/plain LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloads text/plain LockedDownIntranetZoneAllowFontDownloads text/plain LockedDownIntranetZoneAllowLessPrivilegedSites text/plain LockedDownIntranetZoneAllowNETFrameworkReliantComponents text/plain LockedDownIntranetZoneAllowScriptlets text/plain LockedDownIntranetZoneAllowSmartScreenIE text/plain LockedDownIntranetZoneAllowUserDataPersistence text/plain LockedDownIntranetZoneInitializeAndScriptActiveXControls text/plain LockedDownIntranetZoneNavigateWindowsAndFrames text/plain LockedDownLocalMachineZoneAllowAccessToDataSources text/plain LockedDownLocalMachineZoneAllowAutomaticPromptingForActiveXControls text/plain LockedDownLocalMachineZoneAllowAutomaticPromptingForFileDownloads text/plain LockedDownLocalMachineZoneAllowFontDownloads text/plain LockedDownLocalMachineZoneAllowLessPrivilegedSites text/plain LockedDownLocalMachineZoneAllowNETFrameworkReliantComponents text/plain LockedDownLocalMachineZoneAllowScriptlets text/plain LockedDownLocalMachineZoneAllowSmartScreenIE text/plain LockedDownLocalMachineZoneAllowUserDataPersistence text/plain LockedDownLocalMachineZoneInitializeAndScriptActiveXControls text/plain LockedDownLocalMachineZoneJavaPermissions text/plain LockedDownLocalMachineZoneNavigateWindowsAndFrames text/plain LockedDownRestrictedSitesZoneAllowAccessToDataSources text/plain LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControls text/plain LockedDownRestrictedSitesZoneAllowAutomaticPromptingForFileDownloads text/plain LockedDownRestrictedSitesZoneAllowFontDownloads text/plain LockedDownRestrictedSitesZoneAllowLessPrivilegedSites text/plain LockedDownRestrictedSitesZoneAllowNETFrameworkReliantComponents text/plain LockedDownRestrictedSitesZoneAllowScriptlets text/plain LockedDownRestrictedSitesZoneAllowSmartScreenIE text/plain LockedDownRestrictedSitesZoneAllowUserDataPersistence text/plain LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls text/plain LockedDownRestrictedSitesZoneJavaPermissions text/plain LockedDownRestrictedSitesZoneNavigateWindowsAndFrames text/plain LockedDownTrustedSitesZoneAllowAccessToDataSources text/plain LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControls text/plain LockedDownTrustedSitesZoneAllowAutomaticPromptingForFileDownloads text/plain LockedDownTrustedSitesZoneAllowFontDownloads text/plain LockedDownTrustedSitesZoneAllowLessPrivilegedSites text/plain LockedDownTrustedSitesZoneAllowNETFrameworkReliantComponents text/plain LockedDownTrustedSitesZoneAllowScriptlets text/plain LockedDownTrustedSitesZoneAllowSmartScreenIE text/plain LockedDownTrustedSitesZoneAllowUserDataPersistence text/plain LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls text/plain LockedDownTrustedSitesZoneJavaPermissions text/plain LockedDownTrustedSitesZoneNavigateWindowsAndFrames text/plain MimeSniffingSafetyFeatureInternetExplorerProcesses text/plain MKProtocolSecurityRestrictionInternetExplorerProcesses text/plain NotificationBarInternetExplorerProcesses text/plain PreventManagingSmartScreenFilter text/plain PreventPerUserInstallationOfActiveXControls text/plain ProtectionFromZoneElevationInternetExplorerProcesses text/plain RemoveRunThisTimeButtonForOutdatedActiveXControls text/plain RestrictActiveXInstallInternetExplorerProcesses text/plain RestrictedSitesZoneAllowAccessToDataSources text/plain RestrictedSitesZoneAllowActiveScripting text/plain RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls text/plain RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads text/plain RestrictedSitesZoneAllowBinaryAndScriptBehaviors text/plain RestrictedSitesZoneAllowCopyPasteViaScript text/plain RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles text/plain RestrictedSitesZoneAllowFileDownloads text/plain RestrictedSitesZoneAllowFontDownloads text/plain RestrictedSitesZoneAllowLessPrivilegedSites text/plain RestrictedSitesZoneAllowLoadingOfXAMLFiles text/plain RestrictedSitesZoneAllowMETAREFRESH text/plain RestrictedSitesZoneAllowNETFrameworkReliantComponents text/plain RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls text/plain RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl text/plain RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls text/plain RestrictedSitesZoneAllowScriptInitiatedWindows text/plain RestrictedSitesZoneAllowScriptlets text/plain RestrictedSitesZoneAllowSmartScreenIE text/plain RestrictedSitesZoneAllowUpdatesToStatusBarViaScript text/plain RestrictedSitesZoneAllowUserDataPersistence text/plain RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls text/plain RestrictedSitesZoneDownloadSignedActiveXControls text/plain RestrictedSitesZoneDownloadUnsignedActiveXControls text/plain RestrictedSitesZoneEnableCrossSiteScriptingFilter text/plain RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows text/plain RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows text/plain RestrictedSitesZoneEnableMIMESniffing text/plain RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer text/plain RestrictedSitesZoneInitializeAndScriptActiveXControls text/plain RestrictedSitesZoneJavaPermissions text/plain RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME text/plain RestrictedSitesZoneLogonOptions text/plain RestrictedSitesZoneNavigateWindowsAndFrames text/plain RestrictedSitesZoneRunActiveXControlsAndPlugins text/plain RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode text/plain RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting text/plain RestrictedSitesZoneScriptingOfJavaApplets text/plain RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles text/plain RestrictedSitesZoneTurnOnProtectedMode text/plain RestrictedSitesZoneUsePopupBlocker text/plain RestrictFileDownloadInternetExplorerProcesses text/plain ScriptedWindowSecurityRestrictionsInternetExplorerProcesses text/plain SearchProviderList text/plain SecurityZonesUseOnlyMachineSettings text/plain SpecifyUseOfActiveXInstallerService text/plain TrustedSitesZoneAllowAccessToDataSources text/plain TrustedSitesZoneAllowAutomaticPromptingForActiveXControls text/plain TrustedSitesZoneAllowAutomaticPromptingForFileDownloads text/plain TrustedSitesZoneAllowFontDownloads text/plain TrustedSitesZoneAllowLessPrivilegedSites text/plain TrustedSitesZoneAllowNETFrameworkReliantComponents text/plain TrustedSitesZoneAllowScriptlets text/plain TrustedSitesZoneAllowSmartScreenIE text/plain TrustedSitesZoneAllowUserDataPersistence text/plain TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls text/plain TrustedSitesZoneInitializeAndScriptActiveXControls text/plain TrustedSitesZoneJavaPermissions text/plain TrustedSitesZoneNavigateWindowsAndFrames text/plain Kerberos AllowForestSearchOrder text/plain KerberosClientSupportsClaimsCompoundArmor text/plain RequireKerberosArmoring text/plain RequireStrictKDCValidation text/plain SetMaximumContextTokenSize text/plain Licensing AllowWindowsEntitlementReactivation text/plain DisallowKMSClientOnlineAVSValidation text/plain LocalPoliciesSecurityOptions Accounts_BlockMicrosoftAccounts This policy setting prevents users from adding new Microsoft accounts on this computer. If you select the "Users can’t add Microsoft accounts" option, users will not be able to create new Microsoft accounts on this computer, switch a local account to a Microsoft account, or connect a domain account to a Microsoft account. This is the preferred option if you need to limit the use of Microsoft accounts in your enterprise. If you select the "Users can’t add or log on with Microsoft accounts" option, existing Microsoft account users will not be able to log on to Windows. Selecting this option might make it impossible for an existing administrator on this computer to log on and manage the system. If you disable or do not configure this policy (recommended), users will be able to use Microsoft accounts with Windows. text/plain Accounts_EnableAdministratorAccountStatus This security setting determines whether the local Administrator account is enabled or disabled. Notes If you try to reenable the Administrator account after it has been disabled, and if the current Administrator password does not meet the password requirements, you cannot reenable the account. In this case, an alternative member of the Administrators group must reset the password on the Administrator account. For information about how to reset a password, see To reset a password. Disabling the Administrator account can become a maintenance issue under certain circumstances. Under Safe Mode boot, the disabled Administrator account will only be enabled if the machine is non-domain joined and there are no other local active administrator accounts. If the computer is domain joined the disabled administrator will not be enabled. Default: Disabled. text/plain Accounts_EnableGuestAccountStatus This security setting determines if the Guest account is enabled or disabled. Default: Disabled. Note: If the Guest account is disabled and the security option Network Access: Sharing and Security Model for local accounts is set to Guest Only, network logons, such as those performed by the Microsoft Network Server (SMB Service), will fail. text/plain Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly Accounts: Limit local account use of blank passwords to console logon only This security setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If enabled, local accounts that are not password protected will only be able to log on at the computer's keyboard. Default: Enabled. Warning: Computers that are not in physically secure locations should always enforce strong password policies for all local user accounts. Otherwise, anyone with physical access to the computer can log on by using a user account that does not have a password. This is especially important for portable computers. If you apply this security policy to the Everyone group, no one will be able to log on through Remote Desktop Services. Notes This setting does not affect logons that use domain accounts. It is possible for applications that use remote interactive logons to bypass this setting. text/plain Accounts_RenameAdministratorAccount Accounts: Rename administrator account This security setting determines whether a different account name is associated with the security identifier (SID) for the account Administrator. Renaming the well-known Administrator account makes it slightly more difficult for unauthorized persons to guess this privileged user name and password combination. Default: Administrator. text/plain Accounts_RenameGuestAccount Accounts: Rename guest account This security setting determines whether a different account name is associated with the security identifier (SID) for the account "Guest." Renaming the well-known Guest account makes it slightly more difficult for unauthorized persons to guess this user name and password combination. Default: Guest. text/plain Devices_AllowedToFormatAndEjectRemovableMedia Devices: Allowed to format and eject removable media This security setting determines who is allowed to format and eject removable NTFS media. This capability can be given to: Administrators Administrators and Interactive Users Default: This policy is not defined and only Administrators have this ability. text/plain Devices_AllowUndockWithoutHavingToLogon Devices: Allow undock without having to log on This security setting determines whether a portable computer can be undocked without having to log on. If this policy is enabled, logon is not required and an external hardware eject button can be used to undock the computer. If disabled, a user must log on and have the Remove computer from docking station privilege to undock the computer. Default: Enabled. Caution Disabling this policy may tempt users to try and physically remove the laptop from its docking station using methods other than the external hardware eject button. Since this may cause damage to the hardware, this setting, in general, should only be disabled on laptop configurations that are physically securable. text/plain Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters Devices: Prevent users from installing printer drivers when connecting to shared printers For a computer to print to a shared printer, the driver for that shared printer must be installed on the local computer. This security setting determines who is allowed to install a printer driver as part of connecting to a shared printer. If this setting is enabled, only Administrators can install a printer driver as part of connecting to a shared printer. If this setting is disabled, any user can install a printer driver as part of connecting to a shared printer. Default on servers: Enabled. Default on workstations: Disabled Notes This setting does not affect the ability to add a local printer. This setting does not affect Administrators. text/plain Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly Devices: Restrict CD-ROM access to locally logged-on user only This security setting determines whether a CD-ROM is accessible to both local and remote users simultaneously. If this policy is enabled, it allows only the interactively logged-on user to access removable CD-ROM media. If this policy is enabled and no one is logged on interactively, the CD-ROM can be accessed over the network. Default: This policy is not defined and CD-ROM access is not restricted to the locally logged-on user. text/plain InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked Interactive Logon:Display user information when the session is locked User display name, domain and user names (1) User display name only (2) Do not display user information (3) text/plain InteractiveLogon_DoNotDisplayLastSignedIn Interactive logon: Don't display last signed-in This security setting determines whether the Windows sign-in screen will show the username of the last person who signed in on this PC. If this policy is enabled, the username will not be shown. If this policy is disabled, the username will be shown. Default: Disabled. text/plain InteractiveLogon_DoNotDisplayUsernameAtSignIn Interactive logon: Don't display username at sign-in This security setting determines whether the username of the person signing in to this PC appears at Windows sign-in, after credentials are entered, and before the PC desktop is shown. If this policy is enabled, the username will not be shown. If this policy is disabled, the username will be shown. Default: Disabled. text/plain InteractiveLogon_DoNotRequireCTRLALTDEL Interactive logon: Do not require CTRL+ALT+DEL This security setting determines whether pressing CTRL+ALT+DEL is required before a user can log on. If this policy is enabled on a computer, a user is not required to press CTRL+ALT+DEL to log on. Not having to press CTRL+ALT+DEL leaves users susceptible to attacks that attempt to intercept the users' passwords. Requiring CTRL+ALT+DEL before users log on ensures that users are communicating by means of a trusted path when entering their passwords. If this policy is disabled, any user is required to press CTRL+ALT+DEL before logging on to Windows. Default on domain-computers: Enabled: At least Windows 8/Disabled: Windows 7 or earlier. Default on stand-alone computers: Enabled. text/plain InteractiveLogon_MachineInactivityLimit Interactive logon: Machine inactivity limit. Windows notices inactivity of a logon session, and if the amount of inactive time exceeds the inactivity limit, then the screen saver will run, locking the session. Default: not enforced. text/plain InteractiveLogon_MessageTextForUsersAttemptingToLogOn Interactive logon: Message text for users attempting to log on This security setting specifies a text message that is displayed to users when they log on. This text is often used for legal reasons, for example, to warn users about the ramifications of misusing company information or to warn them that their actions may be audited. Default: No message. text/plain InteractiveLogon_MessageTitleForUsersAttemptingToLogOn Interactive logon: Message title for users attempting to log on This security setting allows the specification of a title to appear in the title bar of the window that contains the Interactive logon: Message text for users attempting to log on. Default: No message. text/plain NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM Network access: Restrict clients allowed to make remote calls to SAM This policy setting allows you to restrict remote rpc connections to SAM. If not selected, the default security descriptor will be used. This policy is supported on at least Windows Server 2016. text/plain NetworkSecurity_AllowPKU2UAuthenticationRequests Network security: Allow PKU2U authentication requests to this computer to use online identities. This policy will be turned off by default on domain joined machines. This would prevent online identities from authenticating to the domain joined machine. text/plain Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn Shutdown: Allow system to be shut down without having to log on This security setting determines whether a computer can be shut down without having to log on to Windows. When this policy is enabled, the Shut Down command is available on the Windows logon screen. When this policy is disabled, the option to shut down the computer does not appear on the Windows logon screen. In this case, users must be able to log on to the computer successfully and have the Shut down the system user right before they can perform a system shutdown. Default on workstations: Enabled. Default on servers: Disabled. text/plain Shutdown_ClearVirtualMemoryPageFile Shutdown: Clear virtual memory pagefile This security setting determines whether the virtual memory pagefile is cleared when the system is shut down. Virtual memory support uses a system pagefile to swap pages of memory to disk when they are not used. On a running system, this pagefile is opened exclusively by the operating system, and it is well protected. However, systems that are configured to allow booting to other operating systems might have to make sure that the system pagefile is wiped clean when this system shuts down. This ensures that sensitive information from process memory that might go into the pagefile is not available to an unauthorized user who manages to directly access the pagefile. When this policy is enabled, it causes the system pagefile to be cleared upon clean shutdown. If you enable this security option, the hibernation file (hiberfil.sys) is also zeroed out when hibernation is disabled. Default: Disabled. text/plain UserAccountControl_AllowUIAccessApplicationsToPromptForElevation User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop. This policy setting controls whether User Interface Accessibility (UIAccess or UIA) programs can automatically disable the secure desktop for elevation prompts used by a standard user. • Enabled: UIA programs, including Windows Remote Assistance, automatically disable the secure desktop for elevation prompts. If you do not disable the "User Account Control: Switch to the secure desktop when prompting for elevation" policy setting, the prompts appear on the interactive user's desktop instead of the secure desktop. • Disabled: (Default) The secure desktop can be disabled only by the user of the interactive desktop or by disabling the "User Account Control: Switch to the secure desktop when prompting for elevation" policy setting. text/plain UserAccountControl_BehaviorOfTheElevationPromptForAdministrators User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode This policy setting controls the behavior of the elevation prompt for administrators. The options are: • Elevate without prompting: Allows privileged accounts to perform an operation that requires elevation without requiring consent or credentials. Note: Use this option only in the most constrained environments. • Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a privileged user name and password. If the user enters valid credentials, the operation continues with the user's highest available privilege. • Prompt for consent on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege. • Prompt for credentials: When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege. • Prompt for consent: When an operation requires elevation of privilege, the user is prompted to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege. • Prompt for consent for non-Windows binaries: (Default) When an operation for a non-Microsoft application requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege. text/plain UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers User Account Control: Behavior of the elevation prompt for standard users This policy setting controls the behavior of the elevation prompt for standard users. The options are: • Prompt for credentials: (Default) When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege. • Automatically deny elevation requests: When an operation requires elevation of privilege, a configurable access denied error message is displayed. An enterprise that is running desktops as standard user may choose this setting to reduce help desk calls. • Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a different user name and password. If the user enters valid credentials, the operation continues with the applicable privilege. text/plain UserAccountControl_DetectApplicationInstallationsAndPromptForElevation User Account Control: Detect application installations and prompt for elevation This policy setting controls the behavior of application installation detection for the computer. The options are: Enabled: (Default) When an application installation package is detected that requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege. Disabled: Application installation packages are not detected and prompted for elevation. Enterprises that are running standard user desktops and use delegated installation technologies such as Group Policy Software Installation or Systems Management Server (SMS) should disable this policy setting. In this case, installer detection is unnecessary. text/plain UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated User Account Control: Only elevate executable files that are signed and validated This policy setting enforces public key infrastructure (PKI) signature checks for any interactive applications that request elevation of privilege. Enterprise administrators can control which applications are allowed to run by adding certificates to the Trusted Publishers certificate store on local computers. The options are: • Enabled: Enforces the PKI certification path validation for a given executable file before it is permitted to run. • Disabled: (Default) Does not enforce PKI certification path validation before a given executable file is permitted to run. text/plain UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations User Account Control: Only elevate UIAccess applications that are installed in secure locations This policy setting controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system. Secure locations are limited to the following: - …\Program Files\, including subfolders - …\Windows\system32\ - …\Program Files (x86)\, including subfolders for 64-bit versions of Windows Note: Windows enforces a public key infrastructure (PKI) signature check on any interactive application that requests to run with a UIAccess integrity level regardless of the state of this security setting. The options are: • Enabled: (Default) If an application resides in a secure location in the file system, it runs only with UIAccess integrity. • Disabled: An application runs with UIAccess integrity even if it does not reside in a secure location in the file system. text/plain UserAccountControl_RunAllAdministratorsInAdminApprovalMode User Account Control: Turn on Admin Approval Mode This policy setting controls the behavior of all User Account Control (UAC) policy settings for the computer. If you change this policy setting, you must restart your computer. The options are: • Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode. • Disabled: Admin Approval Mode and all related UAC policy settings are disabled. Note: If this policy setting is disabled, the Security Center notifies you that the overall security of the operating system has been reduced. text/plain UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation User Account Control: Switch to the secure desktop when prompting for elevation This policy setting controls whether the elevation request prompt is displayed on the interactive user's desktop or the secure desktop. The options are: • Enabled: (Default) All elevation requests go to the secure desktop regardless of prompt behavior policy settings for administrators and standard users. • Disabled: All elevation requests go to the interactive user's desktop. Prompt behavior policy settings for administrators and standard users are used. text/plain UserAccountControl_UseAdminApprovalMode User Account Control: Use Admin Approval Mode for the built-in Administrator account This policy setting controls the behavior of Admin Approval Mode for the built-in Administrator account. The options are: • Enabled: The built-in Administrator account uses Admin Approval Mode. By default, any operation that requires elevation of privilege will prompt the user to approve the operation. • Disabled: (Default) The built-in Administrator account runs all applications with full administrative privilege. text/plain UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations User Account Control: Virtualize file and registry write failures to per-user locations This policy setting controls whether application write failures are redirected to defined registry and file system locations. This policy setting mitigates applications that run as administrator and write run-time application data to %ProgramFiles%, %Windir%, %Windir%\system32, or HKLM\Software. The options are: • Enabled: (Default) Application write failures are redirected at run time to defined user locations for both the file system and registry. • Disabled: Applications that write data to protected locations fail. text/plain Location EnableLocation text/plain LockDown AllowEdgeSwipe text/plain Maps AllowOfflineMapsDownloadOverMeteredConnection text/plain EnableOfflineMapsAutoUpdate text/plain Messaging AllowMessageSync This policy setting allows backup and restore of cellular text messages to Microsoft's cloud services. text/plain AllowMMS This policy setting allows you to enable or disable the sending and receiving cellular MMS messages. text/plain AllowRCS This policy setting allows you to enable or disable the sending and receiving of cellular RCS (Rich Communication Services) messages. text/plain NetworkIsolation EnterpriseCloudResources text/plain EnterpriseInternalProxyServers text/plain EnterpriseIPRange text/plain EnterpriseIPRangesAreAuthoritative text/plain EnterpriseNetworkDomainNames text/plain EnterpriseProxyServers text/plain EnterpriseProxyServersAreAuthoritative text/plain NeutralResources text/plain Power AllowStandbyWhenSleepingPluggedIn text/plain DisplayOffTimeoutOnBattery text/plain DisplayOffTimeoutPluggedIn text/plain HibernateTimeoutOnBattery text/plain HibernateTimeoutPluggedIn text/plain RequirePasswordWhenComputerWakesOnBattery text/plain RequirePasswordWhenComputerWakesPluggedIn text/plain StandbyTimeoutOnBattery text/plain StandbyTimeoutPluggedIn text/plain Printers PointAndPrintRestrictions text/plain PublishPrinters text/plain Privacy AllowAutoAcceptPairingAndPrivacyConsentPrompts text/plain AllowInputPersonalization text/plain DisableAdvertisingId text/plain EnableActivityFeed Enables ActivityFeed, which is responsible for mirroring different activity types (as applicable) across device graph of the user. text/plain LetAppsAccessAccountInfo This policy setting specifies whether Windows apps can access account information. text/plain LetAppsAccessAccountInfo_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps. text/plain LetAppsAccessAccountInfo_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps. text/plain LetAppsAccessAccountInfo_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the account information privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps. text/plain LetAppsAccessCalendar This policy setting specifies whether Windows apps can access the calendar. text/plain LetAppsAccessCalendar_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps. text/plain LetAppsAccessCalendar_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps. text/plain LetAppsAccessCalendar_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the calendar privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps. text/plain LetAppsAccessCallHistory This policy setting specifies whether Windows apps can access call history. text/plain LetAppsAccessCallHistory_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps. text/plain LetAppsAccessCallHistory_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps. text/plain LetAppsAccessCallHistory_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the call history privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps. text/plain LetAppsAccessCamera This policy setting specifies whether Windows apps can access the camera. text/plain LetAppsAccessCamera_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps. text/plain LetAppsAccessCamera_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps. text/plain LetAppsAccessCamera_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the camera privacy setting for the listed apps. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps. text/plain LetAppsAccessContacts This policy setting specifies whether Windows apps can access contacts. text/plain LetAppsAccessContacts_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps. text/plain LetAppsAccessContacts_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps. text/plain LetAppsAccessContacts_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the contacts privacy setting for the listed apps. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps. text/plain LetAppsAccessEmail This policy setting specifies whether Windows apps can access email. text/plain LetAppsAccessEmail_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps. text/plain LetAppsAccessEmail_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps. text/plain LetAppsAccessEmail_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the email privacy setting for the listed apps. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps. text/plain LetAppsAccessLocation This policy setting specifies whether Windows apps can access location. text/plain LetAppsAccessLocation_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps. text/plain LetAppsAccessLocation_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps. text/plain LetAppsAccessLocation_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the location privacy setting for the listed apps. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps. text/plain LetAppsAccessMessaging This policy setting specifies whether Windows apps can read or send messages (text or MMS). text/plain LetAppsAccessMessaging_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps. text/plain LetAppsAccessMessaging_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are not allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps. text/plain LetAppsAccessMessaging_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the messaging privacy setting for the listed apps. This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps. text/plain LetAppsAccessMicrophone This policy setting specifies whether Windows apps can access the microphone. text/plain LetAppsAccessMicrophone_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps. text/plain LetAppsAccessMicrophone_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps. text/plain LetAppsAccessMicrophone_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the microphone privacy setting for the listed apps. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps. text/plain LetAppsAccessMotion This policy setting specifies whether Windows apps can access motion data. text/plain LetAppsAccessMotion_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps. text/plain LetAppsAccessMotion_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps. text/plain LetAppsAccessMotion_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the motion privacy setting for the listed apps. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps. text/plain LetAppsAccessNotifications This policy setting specifies whether Windows apps can access notifications. text/plain LetAppsAccessNotifications_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps. text/plain LetAppsAccessNotifications_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps. text/plain LetAppsAccessNotifications_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the notifications privacy setting for the listed apps. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps. text/plain LetAppsAccessPhone This policy setting specifies whether Windows apps can make phone calls text/plain LetAppsAccessPhone_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps. text/plain LetAppsAccessPhone_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are not allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps. text/plain LetAppsAccessPhone_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the phone call privacy setting for the listed apps. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps. text/plain LetAppsAccessRadios This policy setting specifies whether Windows apps have access to control radios. text/plain LetAppsAccessRadios_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps. text/plain LetAppsAccessRadios_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will not have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps. text/plain LetAppsAccessRadios_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the radios privacy setting for the listed apps. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps. text/plain LetAppsAccessTasks This policy setting specifies whether Windows apps can access tasks. text/plain LetAppsAccessTasks_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps. text/plain LetAppsAccessTasks_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps. text/plain LetAppsAccessTasks_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the tasks privacy setting for the listed apps. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps. text/plain LetAppsAccessTrustedDevices This policy setting specifies whether Windows apps can access trusted devices. text/plain LetAppsAccessTrustedDevices_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps. text/plain LetAppsAccessTrustedDevices_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will not have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps. text/plain LetAppsAccessTrustedDevices_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the 'trusted devices' privacy setting for the listed apps. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps. text/plain LetAppsGetDiagnosticInfo This policy setting specifies whether Windows apps can get diagnostic information about other apps, including user names. text/plain LetAppsGetDiagnosticInfo_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed to get diagnostic information about other apps, including user names. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified Windows apps. text/plain LetAppsGetDiagnosticInfo_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are not allowed to get diagnostic information about other apps, including user names. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified Windows apps. text/plain LetAppsGetDiagnosticInfo_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the app diagnostics privacy setting for the listed Windows apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified Windows apps. text/plain LetAppsRunInBackground This policy setting specifies whether Windows apps can run in the background. text/plain LetAppsRunInBackground_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified Windows apps. text/plain LetAppsRunInBackground_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are not allowed to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified Windows apps. text/plain LetAppsRunInBackground_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the background apps privacy setting for the listed Windows apps. This setting overrides the default LetAppsRunInBackground policy setting for the specified Windows apps. text/plain LetAppsSyncWithDevices This policy setting specifies whether Windows apps can communicate with unpaired wireless devices. text/plain LetAppsSyncWithDevices_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will be allowed to communicate with unpaired wireless devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps. text/plain LetAppsSyncWithDevices_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will not be allowed to communicate with unpaired wireless devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps. text/plain LetAppsSyncWithDevices_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the 'Communicate with unpaired wireless devices' privacy setting for the listed apps. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps. text/plain PublishUserActivities Allows apps/system to publish 'User Activities' into ActivityFeed. text/plain RemoteAssistance CustomizeWarningMessages text/plain SessionLogging text/plain SolicitedRemoteAssistance text/plain UnsolicitedRemoteAssistance text/plain RemoteDesktopServices AllowUsersToConnectRemotely text/plain ClientConnectionEncryptionLevel text/plain DoNotAllowDriveRedirection text/plain DoNotAllowPasswordSaving text/plain PromptForPasswordUponConnection text/plain RequireSecureRPCCommunication text/plain RemoteManagement AllowBasicAuthentication_Client text/plain AllowBasicAuthentication_Service text/plain AllowCredSSPAuthenticationClient text/plain AllowCredSSPAuthenticationService text/plain AllowRemoteServerManagement text/plain AllowUnencryptedTraffic_Client text/plain AllowUnencryptedTraffic_Service text/plain DisallowDigestAuthentication text/plain DisallowNegotiateAuthenticationClient text/plain DisallowNegotiateAuthenticationService text/plain DisallowStoringOfRunAsCredentials text/plain SpecifyChannelBindingTokenHardeningLevel text/plain TrustedHosts text/plain TurnOnCompatibilityHTTPListener text/plain TurnOnCompatibilityHTTPSListener text/plain RemoteProcedureCall RestrictUnauthenticatedRPCClients text/plain RPCEndpointMapperClientAuthentication text/plain RemoteShell AllowRemoteShellAccess text/plain MaxConcurrentUsers text/plain SpecifyIdleTimeout text/plain SpecifyMaxMemory text/plain SpecifyMaxProcesses text/plain SpecifyMaxRemoteShells text/plain SpecifyShellTimeout text/plain Search AllowCloudSearch text/plain AllowIndexingEncryptedStoresOrItems text/plain AllowSearchToUseLocation text/plain AllowStoringImagesFromVisionSearch text/plain AllowUsingDiacritics text/plain AllowWindowsIndexer text/plain AlwaysUseAutoLangDetection text/plain DisableBackoff text/plain DisableRemovableDriveIndexing text/plain PreventIndexingLowDiskSpaceMB text/plain PreventRemoteQueries text/plain SafeSearchPermissions text/plain Security AllowAddProvisioningPackage text/plain AllowManualRootCertificateInstallation text/plain AllowRemoveProvisioningPackage text/plain AntiTheftMode text/plain ClearTPMIfNotReady text/plain PreventAutomaticDeviceEncryptionForAzureADJoinedDevices text/plain RequireDeviceEncryption text/plain RequireProvisioningPackageSignature text/plain RequireRetrieveHealthCertificateOnBoot text/plain Settings AllowAutoPlay text/plain AllowDataSense text/plain AllowDateTime text/plain AllowEditDeviceName text/plain AllowLanguage text/plain AllowOnlineTips text/plain AllowPowerSleep text/plain AllowRegion text/plain AllowSignInOptions text/plain AllowVPN text/plain AllowWorkplace text/plain AllowYourAccount text/plain PageVisibilityList text/plain SmartScreen EnableAppInstallControl text/plain EnableSmartScreenInShell text/plain PreventOverrideForFilesInShell text/plain Speech AllowSpeechModelUpdate text/plain Start AllowPinnedFolderDocuments This policy controls the visibility of the Documents shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user. text/plain AllowPinnedFolderDownloads This policy controls the visibility of the Downloads shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user. text/plain AllowPinnedFolderFileExplorer This policy controls the visibility of the File Explorer shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user. text/plain AllowPinnedFolderHomeGroup This policy controls the visibility of the HomeGroup shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user. text/plain AllowPinnedFolderMusic This policy controls the visibility of the Music shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user. text/plain AllowPinnedFolderNetwork This policy controls the visibility of the Network shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user. text/plain AllowPinnedFolderPersonalFolder This policy controls the visibility of the PersonalFolder shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user. text/plain AllowPinnedFolderPictures This policy controls the visibility of the Pictures shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user. text/plain AllowPinnedFolderSettings This policy controls the visibility of the Settings shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user. text/plain AllowPinnedFolderVideos This policy controls the visibility of the Videos shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user. text/plain ForceStartSize text/plain HideAppList Setting the value of this policy to 1 or 2 collapses the app list. Setting the value of this policy to 3 removes the app list entirely. Setting the value of this policy to 2 or 3 disables the corresponding toggle in the Settings app. text/plain HideChangeAccountSettings Enabling this policy hides "Change account settings" from appearing in the user tile in the start menu. text/plain HideFrequentlyUsedApps Enabling this policy hides the most used apps from appearing on the start menu and disables the corresponding toggle in the Settings app. text/plain HideHibernate Enabling this policy hides "Hibernate" from appearing in the power button in the start menu. text/plain HideLock Enabling this policy hides "Lock" from appearing in the user tile in the start menu. text/plain HidePowerButton Enabling this policy hides the power button from appearing in the start menu. text/plain HideRecentJumplists Enabling this policy hides recent jumplists from appearing on the start menu/taskbar and disables the corresponding toggle in the Settings app. text/plain HideRecentlyAddedApps Enabling this policy hides recently added apps from appearing on the start menu and disables the corresponding toggle in the Settings app. text/plain HideRestart Enabling this policy hides "Restart/Update and restart" from appearing in the power button in the start menu. text/plain HideShutDown Enabling this policy hides "Shut down/Update and shut down" from appearing in the power button in the start menu. text/plain HideSignOut Enabling this policy hides "Sign out" from appearing in the user tile in the start menu. text/plain HideSleep Enabling this policy hides "Sleep" from appearing in the power button in the start menu. text/plain HideSwitchAccount Enabling this policy hides "Switch account" from appearing in the user tile in the start menu. text/plain HideUserTile Enabling this policy hides the user tile from appearing in the start menu. text/plain ImportEdgeAssets This policy setting allows you to import Edge assets to be used with StartLayout policy. Start layout can contain secondary tile from Edge app which looks for Edge local asset file. Edge local asset would not exist and cause Edge secondary tile to appear empty in this case. This policy only gets applied when StartLayout policy is modified. text/plain NoPinningToTaskbar This policy setting allows you to control pinning programs to the Taskbar. If you enable this policy setting, users cannot change the programs currently pinned to the Taskbar. If any programs are already pinned to the Taskbar, these programs continue to show in the Taskbar. However, users cannot unpin these programs already pinned to the Taskbar, and they cannot pin new programs to the Taskbar. If you disable or do not configure this policy setting, users can change the programs currently pinned to the Taskbar. text/plain StartLayout text/plain Storage AllowDiskHealthModelUpdates text/plain EnhancedStorageDevices text/plain System AllowBuildPreview text/plain AllowEmbeddedMode text/plain AllowExperimentation text/plain AllowFontProviders text/plain AllowLocation text/plain AllowStorageCard text/plain AllowTelemetry text/plain AllowUserToResetPhone text/plain BootStartDriverInitialization text/plain DisableEnterpriseAuthProxy This policy setting blocks the Connected User Experience and Telemetry service from automatically using an authenticated proxy to send data back to Microsoft on Windows 10. If you disable or do not configure this policy setting, the Connected User Experience and Telemetry service will automatically use an authenticated proxy to send data back to Microsoft. Enabling this policy will block the Connected User Experience and Telemetry service from automatically using an authenticated proxy. text/plain DisableOneDriveFileSync This policy setting lets you prevent apps and features from working with files on OneDrive. If you enable this policy setting: users can’t access OneDrive from the OneDrive app and file picker; Windows Store apps can’t access OneDrive using the WinRT API; OneDrive doesn’t appear in the navigation pane in File Explorer; OneDrive files aren’t kept in sync with the cloud; Users can’t automatically upload photos and videos from the camera roll folder. If you disable or do not configure this policy setting, apps and features can work with OneDrive file storage. text/plain DisableSystemRestore text/plain FeedbackHubAlwaysSaveDiagnosticsLocally Diagnostic files created when a feedback is filed in the Feedback Hub app will always be saved locally. If this policy is not present or set to false, users will be presented with the option to save locally. The default is to not save locally. text/plain LimitEnhancedDiagnosticDataWindowsAnalytics This policy setting, in combination with the Allow Telemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. To enable this behavior you must complete two steps: 1. Enable this policy setting 2. Set Allow Telemetry to level 2 (Enhanced) When you configure these policy settings, a Basic level of diagnostic data plus additional events that are required for Windows Analytics are sent to Microsoft. These events are documented here: https://go.microsoft.com/fwlink/?linkid=847594. Enabling Enhanced diagnostic data in the Allow Telemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus additional Enhanced level telemetry data. This setting has no effect on computers configured to send Full, Basic or Security level diagnostic data to Microsoft. If you disable or do not configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the Allow Telemetry policy. text/plain TelemetryProxy text/plain TextInput AllowIMELogging text/plain AllowIMENetworkAccess text/plain AllowInputPanel text/plain AllowJapaneseIMESurrogatePairCharacters text/plain AllowJapaneseIVSCharacters text/plain AllowJapaneseNonPublishingStandardGlyph text/plain AllowJapaneseUserDictionary text/plain AllowKeyboardTextSuggestions text/plain AllowLanguageFeaturesUninstall text/plain ExcludeJapaneseIMEExceptJIS0208 text/plain ExcludeJapaneseIMEExceptJIS0208andEUDC text/plain ExcludeJapaneseIMEExceptShiftJIS text/plain TimeLanguageSettings AllowSet24HourClock text/plain Update ActiveHoursEnd text/plain ActiveHoursMaxRange text/plain ActiveHoursStart text/plain AllowAutoUpdate text/plain AllowAutoWindowsUpdateDownloadOverMeteredNetwork text/plain AllowMUUpdateService text/plain AllowNonMicrosoftSignedUpdate text/plain AllowUpdateService text/plain AutoRestartDeadlinePeriodInDays text/plain AutoRestartNotificationSchedule text/plain AutoRestartRequiredNotificationDismissal text/plain BranchReadinessLevel text/plain DeferFeatureUpdatesPeriodInDays text/plain DeferQualityUpdatesPeriodInDays text/plain DeferUpdatePeriod text/plain DeferUpgradePeriod text/plain DetectionFrequency text/plain DisableDualScan Do not allow update deferral policies to cause scans against Windows Update text/plain EngagedRestartDeadline text/plain EngagedRestartSnoozeSchedule text/plain EngagedRestartTransitionSchedule text/plain ExcludeWUDriversInQualityUpdate text/plain FillEmptyContentUrls text/plain IgnoreMOAppDownloadLimit text/plain IgnoreMOUpdateDownloadLimit text/plain ManagePreviewBuilds text/plain PauseDeferrals text/plain PauseFeatureUpdates text/plain PauseFeatureUpdatesStartTime text/plain PauseQualityUpdates text/plain PauseQualityUpdatesStartTime text/plain PhoneUpdateRestrictions text/plain RequireDeferUpgrade text/plain RequireUpdateApproval text/plain ScheduledInstallDay text/plain ScheduledInstallEveryWeek text/plain ScheduledInstallFirstWeek text/plain ScheduledInstallFourthWeek text/plain ScheduledInstallSecondWeek text/plain ScheduledInstallThirdWeek text/plain ScheduledInstallTime text/plain ScheduleImminentRestartWarning text/plain ScheduleRestartWarning text/plain SetAutoRestartNotificationDisable text/plain SetEDURestart text/plain UpdateServiceUrl text/plain UpdateServiceUrlAlternate text/plain Wifi AllowAutoConnectToWiFiSenseHotspots text/plain AllowInternetSharing text/plain AllowManualWiFiConfiguration text/plain AllowWiFi text/plain AllowWiFiDirect text/plain WLANScanMode text/plain WindowsDefenderSecurityCenter CompanyName text/plain DisableAppBrowserUI text/plain DisableEnhancedNotifications text/plain DisableFamilyUI text/plain DisableHealthUI text/plain DisableNetworkUI text/plain DisableNotifications text/plain DisableVirusUI text/plain DisallowExploitProtectionOverride text/plain Email text/plain EnableCustomizedToasts text/plain EnableInAppCustomization text/plain Phone text/plain URL text/plain WindowsInkWorkspace AllowSuggestedAppsInWindowsInkWorkspace text/plain AllowWindowsInkWorkspace text/plain WindowsLogon DisableLockScreenAppNotifications text/plain DontDisplayNetworkSelectionUI text/plain HideFastUserSwitching This policy setting allows you to hide the Switch User interface in the Logon UI, the Start menu and the Task Manager. If you enable this policy setting, the Switch User interface is hidden from the user who is attempting to log on or is logged on to the computer that has this policy applied. The locations that Switch User interface appear are in the Logon UI, the Start menu and the Task Manager. If you disable or do not configure this policy setting, the Switch User interface is accessible to the user in the three locations. text/plain WirelessDisplay AllowMdnsAdvertisement This policy setting allows you to turn off the Wireless Display multicast DNS service advertisement from a Wireless Display receiver. text/plain AllowMdnsDiscovery This policy setting allows you to turn off discovering the display service advertised over multicast DNS by a Wireless Display receiver. text/plain AllowProjectionFromPC This policy allows you to turn off projection from a PC. If you set it to 0, your PC cannot discover or project to other devices. If you set it to 1, your PC can discover and project to other devices. text/plain AllowProjectionFromPCOverInfrastructure This policy allows you to turn off projection from a PC over infrastructure. If you set it to 0, your PC cannot discover or project to other infrastructure devices, though it may still be possible to discover and project over WiFi Direct. If you set it to 1, your PC can discover and project to other devices over infrastructure. text/plain AllowProjectionToPC This policy setting allows you to turn off projection to a PC If you set it to 0, your PC isn't discoverable and can't be projected to If you set it to 1, your PC is discoverable and can be projected to above the lock screen only. The user has an option to turn it always on or off except for manual launch, too. text/plain AllowProjectionToPCOverInfrastructure This policy setting allows you to turn off projection to a PC over infrastructure. If you set it to 0, your PC cannot be discoverable and can't be projected to over infrastructure, though it may still be possible to project over WiFi Direct. If you set it to 1, your PC can be discoverable and can be projected to over infrastructure. text/plain AllowUserInputFromWirelessDisplayReceiver text/plain RequirePinForPairing This policy setting allows you to require a pin for pairing. If you turn this on, the pairing ceremony for new devices will always require a PIN If you turn it off or don't configure it, a pin isn't required for pairing. text/plain Result AboveLock AllowActionCenterNotifications 1 text/plain desktop LowestValueMostSecure AllowCortanaAboveLock 1 text/plain LowestValueMostSecure AllowToasts 1 text/plain LowestValueMostSecure Accounts AllowAddingNonMicrosoftAccountsManually 1 text/plain LowestValueMostSecure AllowMicrosoftAccountConnection 1 text/plain LowestValueMostSecure AllowMicrosoftAccountSignInAssistant 1 text/plain LastWrite DomainNamesForEmailSync text/plain LastWrite ActiveXControls ApprovedInstallationSites text/plain phone ActiveXInstallService.admx ActiveXInstallService~AT~WindowsComponents~AxInstSv ApprovedActiveXInstallSites LastWrite ApplicationDefaults DefaultAssociationsConfiguration text/plain phone LastWrite ApplicationManagement AllowAllTrustedApps 65535 text/plain LowestValueMostSecure AllowAppStoreAutoUpdate 2 text/plain LowestValueMostSecure AllowDeveloperUnlock 65535 text/plain LowestValueMostSecure AllowGameDVR 1 text/plain phone LowestValueMostSecure AllowSharedUserAppData 0 text/plain LowestValueMostSecure AllowStore 1 text/plain desktop LowestValueMostSecure ApplicationRestrictions text/plain desktop LastWrite DisableStoreOriginatedApps 0 text/plain LowestValueMostSecure RestrictAppDataToSystemVolume 0 text/plain LowestValueMostSecure RestrictAppToSystemVolume 0 text/plain LowestValueMostSecure AppVirtualization AllowAppVClient text/plain phone appv.admx appv~AT~System~CAT_AppV EnableAppV LastWrite AllowDynamicVirtualization text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Virtualization Virtualization_JITVEnable LastWrite AllowPackageCleanup text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_PackageManagement PackageManagement_AutoCleanupEnable LastWrite AllowPackageScripts text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Scripting Scripting_Enable_Package_Scripts LastWrite AllowPublishingRefreshUX text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Publishing Enable_Publishing_Refresh_UX LastWrite AllowReportingServer text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Reporting Reporting_Server_Policy LastWrite AllowRoamingFileExclusions text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Integration Integration_Roaming_File_Exclusions LastWrite AllowRoamingRegistryExclusions text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Integration Integration_Roaming_Registry_Exclusions LastWrite AllowStreamingAutoload text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Streaming Steaming_Autoload LastWrite ClientCoexistenceAllowMigrationmode text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Client_Coexistence Client_Coexistence_Enable_Migration_mode LastWrite IntegrationAllowRootGlobal text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Integration Integration_Root_User LastWrite IntegrationAllowRootUser text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Integration Integration_Root_Global LastWrite PublishingAllowServer1 text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Publishing Publishing_Server1_Policy LastWrite PublishingAllowServer2 text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Publishing Publishing_Server2_Policy LastWrite PublishingAllowServer3 text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Publishing Publishing_Server3_Policy LastWrite PublishingAllowServer4 text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Publishing Publishing_Server4_Policy LastWrite PublishingAllowServer5 text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Publishing Publishing_Server5_Policy LastWrite StreamingAllowCertificateFilterForClient_SSL text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Streaming Streaming_Certificate_Filter_For_Client_SSL LastWrite StreamingAllowHighCostLaunch text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Streaming Streaming_Allow_High_Cost_Launch LastWrite StreamingAllowLocationProvider text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Streaming Streaming_Location_Provider LastWrite StreamingAllowPackageInstallationRoot text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Streaming Streaming_Package_Installation_Root LastWrite StreamingAllowPackageSourceRoot text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Streaming Streaming_Package_Source_Root LastWrite StreamingAllowReestablishmentInterval text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Streaming Streaming_Reestablishment_Interval LastWrite StreamingAllowReestablishmentRetries text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Streaming Streaming_Reestablishment_Retries LastWrite StreamingSharedContentStoreMode text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Streaming Streaming_Shared_Content_Store_Mode LastWrite StreamingSupportBranchCache text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Streaming Streaming_Support_Branch_Cache LastWrite StreamingVerifyCertificateRevocationList text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Streaming Streaming_Verify_Certificate_Revocation_List LastWrite VirtualComponentsAllowList text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Virtualization Virtualization_JITVAllowList LastWrite Authentication AllowAadPasswordReset Specifies whether password reset is enabled for AAD accounts. 0 text/plain phone LowestValueMostSecure AllowFastReconnect 1 text/plain LowestValueMostSecure AllowFidoDeviceSignon Specifies whether FIDO device can be used to sign on. 0 text/plain phone LowestValueMostSecure AllowSecondaryAuthenticationDevice 0 text/plain LowestValueMostSecure Autoplay DisallowAutoplayForNonVolumeDevices text/plain phone AutoPlay.admx AutoPlay~AT~WindowsComponents~AutoPlay NoAutoplayfornonVolume LastWrite SetDefaultAutoRunBehavior text/plain phone AutoPlay.admx AutoPlay~AT~WindowsComponents~AutoPlay NoAutorun LastWrite TurnOffAutoPlay text/plain phone AutoPlay.admx AutoPlay~AT~WindowsComponents~AutoPlay Autorun LastWrite Bitlocker EncryptionMethod 6 text/plain LastWrite Bluetooth AllowAdvertising 1 text/plain LowestValueMostSecure AllowDiscoverableMode 1 text/plain LowestValueMostSecure AllowPrepairing 1 text/plain LowestValueMostSecure LocalDeviceName text/plain LastWrite ServicesAllowedList text/plain LastWrite Browser AllowAddressBarDropdown This policy setting lets you decide whether the Address bar drop-down functionality is available in Microsoft Edge. We recommend disabling this setting if you want to minimize network connections from Microsoft Edge to Microsoft services. 1 text/plain phone LowestValueMostSecure AllowAutofill This setting lets you decide whether employees can use Autofill to automatically fill in form fields while using Microsoft Edge. 0 text/plain LowestValueMostSecure AllowBrowser 1 text/plain desktop LowestValueMostSecure AllowCookies This setting lets you configure how your company deals with cookies. 2 text/plain LowestValueMostSecure AllowDeveloperTools This setting lets you decide whether employees can use F12 Developer Tools on Microsoft Edge. 1 text/plain phone LowestValueMostSecure AllowDoNotTrack This setting lets you decide whether employees can send Do Not Track headers to websites that request tracking info. 0 text/plain LowestValueMostSecure AllowExtensions This setting lets you decide whether employees can load extensions in Microsoft Edge. 1 text/plain phone LowestValueMostSecure AllowFlash This setting lets you decide whether employees can run Adobe Flash in Microsoft Edge. 1 text/plain phone HighestValueMostSecure AllowFlashClickToRun Configure the Adobe Flash Click-to-Run setting. 1 text/plain phone HighestValueMostSecure AllowInPrivate This setting lets you decide whether employees can browse using InPrivate website browsing. 1 text/plain LowestValueMostSecure AllowMicrosoftCompatibilityList This policy setting lets you decide whether the Microsoft Compatibility List is enabled or disabled in Microsoft Edge. This feature uses a Microsoft-provided list to ensure that any sites with known compatibility issues are displayed correctly when a user navigates to them. By default, the Microsoft Compatibility List is enabled and can be viewed by navigating to about:compat. If you enable or don’t configure this setting, Microsoft Edge will periodically download the latest version of the list from Microsoft and will apply the configurations specified there during browser navigation. If a user visits a site on the Microsoft Compatibility List, he or she will be prompted to open the site in Internet Explorer 11. Once in Internet Explorer, the site will automatically be rendered as if the user is viewing it in the previous version of Internet Explorer it requires to display correctly. If you disable this setting, the Microsoft Compatibility List will not be used during browser navigation. 1 text/plain LowestValueMostSecure AllowPasswordManager This setting lets you decide whether employees can save their passwords locally, using Password Manager. 1 text/plain LowestValueMostSecure AllowPopups This setting lets you decide whether to turn on Pop-up Blocker and whether to allow pop-ups to appear in secondary windows. 0 text/plain phone LowestValueMostSecure AllowSearchEngineCustomization Allow search engine customization for MDM enrolled devices. Users can change their default search engine. If this setting is turned on or not configured, users can add new search engines and change the default used in the address bar from within Microsoft Edge Settings. If this setting is disabled, users will be unable to add search engines or change the default used in the address bar. This policy will only apply on domain joined machines or when the device is MDM enrolled. For more information, see Microsoft browser extension policy (aka.ms/browserpolicy). 1 text/plain LowestValueMostSecure AllowSearchSuggestionsinAddressBar This setting lets you decide whether search suggestions should appear in the Address bar of Microsoft Edge. 1 text/plain LowestValueMostSecure AllowSmartScreen This setting lets you decide whether to turn on Windows Defender SmartScreen. 1 text/plain LowestValueMostSecure AlwaysEnableBooksLibrary Specifies whether the Books Library in Microsoft Edge will always be visible regardless of the country or region setting for the device. 0 text/plain LowestValueMostSecure ClearBrowsingDataOnExit Specifies whether to always clear browsing history on exiting Microsoft Edge. 0 text/plain phone LowestValueMostSecure ConfigureAdditionalSearchEngines Allows you to add up to 5 additional search engines for MDM-enrolled devices. If this setting is turned on, you can add up to 5 additional search engines for your employee. For each additional search engine you wish to add, you must specify a link to the OpenSearch XML file that contains, at minimum, the short name and the URL to the search engine. This policy does not affect the default search engine. Employees will not be able to remove these search engines, but they can set any one of these as the default. If this setting is not configured, the search engines are the ones specified in the App settings. If this setting is disabled, the search engines you had added will be deleted from your employee's machine. Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled. text/plain LastWrite DisableLockdownOfStartPages Boolean policy that specifies whether the lockdown on the Start pages is disabled. This policy works with the Browser/HomePages policy, which locks down the Start pages that the users cannot modify. You can use the DisableLockdownOfStartPages policy to allow users to modify the Start pages when Browser/HomePages policy is in effect. Note: This policy has no effect when Browser/HomePages is not configured. Important This setting can only be used with domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy). 0 text/plain phone LowestValueMostSecure EnterpriseModeSiteList This setting lets you configure whether your company uses Enterprise Mode and the Enterprise Mode Site List to address common compatibility problems with legacy websites. text/plain phone LastWrite EnterpriseSiteListServiceUrl text/plain phone LastWrite FirstRunURL Configure first run URL. text/plain desktop LastWrite HomePages Configure the Start page URLs for your employees. Example: If you wanted to allow contoso.com and fabrikam.com then you would append /support to the site strings like contoso.com/support and fabrikam.com/support. Encapsulate each string with greater than and less than characters like any other XML tag. Version 1703 or later:  If you don't want to send traffic to Microsoft, you can use the about:blank value (encapsulate with greater than and less than characters like any other XML tag), which is honored for both domain- and non-domain-joined machines, when it's the only configured URL. text/plain phone LastWrite LockdownFavorites This policy setting lets you decide whether employees can add, import, sort, or edit the Favorites list on Microsoft Edge. If you enable this setting, employees won't be able to add, import, or change anything in the Favorites list. Also as part of this, Save a Favorite, Import settings, and the context menu items (such as, Create a new folder) are all turned off. Important Don't enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge. If you disable or don't configure this setting (default), employees can add, import and make changes to the Favorites list. 0 text/plain LowestValueMostSecure PreventAccessToAboutFlagsInMicrosoftEdge Prevent access to the about:flags page in Microsoft Edge. 0 text/plain HighestValueMostSecure PreventFirstRunPage Specifies whether the First Run webpage is prevented from automatically opening on the first launch of Microsoft Edge. This policy is only available for Windows 10 version 1703 or later for desktop. Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled. 0 text/plain phone HighestValueMostSecure PreventLiveTileDataCollection This policy lets you decide whether Microsoft Edge can gather Live Tile metadata from the ieonline.microsoft.com service to provide a better experience while pinning a Live Tile to the Start menu. Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled. 0 text/plain HighestValueMostSecure PreventSmartScreenPromptOverride Don't allow Windows Defender SmartScreen warning overrides 0 text/plain HighestValueMostSecure PreventSmartScreenPromptOverrideForFiles Don't allow Windows Defender SmartScreen warning overrides for unverified files. 0 text/plain HighestValueMostSecure PreventUsingLocalHostIPAddressForWebRTC Prevent using localhost IP address for WebRTC 0 text/plain HighestValueMostSecure ProvisionFavorites This policy setting allows you to configure a default set of favorites, which will appear for employees. Employees cannot modify, sort, move, export or delete these provisioned favorites. If you enable this setting, you can set favorite URL's and favorite folders to appear on top of users' favorites list (either in the Hub or Favorites Bar). The user favorites will appear after these provisioned favorites. Important Don't enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge. If you disable or don't configure this setting, employees will see the favorites they set in the Hub and Favorites Bar. text/plain LastWrite SendIntranetTraffictoInternetExplorer Sends all intranet traffic over to Internet Explorer. 0 text/plain phone HighestValueMostSecure SetDefaultSearchEngine Sets the default search engine for MDM-enrolled devices. Users can still change their default search engine. If this setting is turned on, you are setting the default search engine that you would like your employees to use. Employees can still change the default search engine, unless you apply the AllowSearchEngineCustomization policy which will disable the ability to change it. You must specify a link to the OpenSearch XML file that contains, at minimum, the short name and the URL to the search engine. If you would like for your employees to use the Edge factory settings for the default search engine for their market, set the string EDGEDEFAULT; if you would like for your employees to use Bing as the default search engine, set the string EDGEBING. If this setting is not configured, the default search engine is set to the one specified in App settings and can be changed by your employees. If this setting is disabled, the policy-set search engine will be removed, and, if it is the current default, the default will be set back to the factory Microsoft Edge search engine for the market. Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled. text/plain LastWrite ShowMessageWhenOpeningSitesInInternetExplorer Show message when opening sites in Internet Explorer 0 text/plain phone HighestValueMostSecure SyncFavoritesBetweenIEAndMicrosoftEdge Specifies whether favorites are kept in sync between Internet Explorer and Microsoft Edge. Changes to favorites in one browser are reflected in the other, including: additions, deletions, modifications, and ordering. 0 text/plain phone LowestValueMostSecure Camera AllowCamera 1 text/plain LowestValueMostSecure Cellular LetAppsAccessCellularData This policy setting specifies whether Windows apps can access cellular data. 0 text/plain HighestValueMostSecure LetAppsAccessCellularData_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. text/plain LastWrite ; LetAppsAccessCellularData_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. text/plain LastWrite ; LetAppsAccessCellularData_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the cellular data access setting for the listed apps. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. text/plain LastWrite ; ShowAppCellularAccessUI text/plain wwansvc.admx wwansvc~AT~Network~WwanSvc_Category~UISettings_Category ShowAppCellularAccessUI LastWrite Connectivity AllowBluetooth 2 text/plain LowestValueMostSecure AllowCellularData 1 text/plain LowestValueMostSecure AllowCellularDataRoaming 1 text/plain LowestValueMostSecure AllowConnectedDevices 1 text/plain LowestValueMostSecure AllowNFC 1 text/plain desktop LowestValueMostSecure AllowUSBConnection 1 text/plain desktop LowestValueMostSecure AllowVPNOverCellular 1 text/plain LowestValueMostSecure AllowVPNRoamingOverCellular 1 text/plain LowestValueMostSecure DiablePrintingOverHTTP text/plain phone ICM.admx ICM~AT~System~InternetManagement~InternetManagement_Settings DisableHTTPPrinting_2 LastWrite DisableDownloadingOfPrintDriversOverHTTP text/plain phone ICM.admx ICM~AT~System~InternetManagement~InternetManagement_Settings DisableWebPnPDownload_2 LastWrite DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards text/plain phone ICM.admx ICM~AT~System~InternetManagement~InternetManagement_Settings ShellPreventWPWDownload_2 LastWrite DisallowNetworkConnectivityActiveTests 0 text/plain HighestValueMostSecure HardenedUNCPaths text/plain phone networkprovider.admx NetworkProvider~AT~Network~Cat_NetworkProvider Pol_HardenedPaths LastWrite ProhibitInstallationAndConfigurationOfNetworkBridge text/plain phone NetworkConnections.admx NetworkConnections~AT~Network~NetworkConnections NC_AllowNetBridge_NLA LastWrite CredentialProviders AllowPINLogon text/plain phone credentialproviders.admx CredentialProviders~AT~System~Logon AllowDomainPINLogon LastWrite BlockPicturePassword text/plain phone credentialproviders.admx CredentialProviders~AT~System~Logon BlockDomainPicturePassword LastWrite DisableAutomaticReDeploymentCredentials 1 text/plain HighestValueMostSecure CredentialsUI DisablePasswordReveal text/plain phone credui.admx CredUI~AT~WindowsComponents~CredUI DisablePasswordReveal LastWrite EnumerateAdministrators text/plain phone credui.admx CredUI~AT~WindowsComponents~CredUI EnumerateAdministrators LastWrite Cryptography AllowFipsAlgorithmPolicy 0 text/plain LastWrite TLSCipherSuites text/plain LastWrite DataProtection AllowDirectMemoryAccess 1 text/plain LowestValueMostSecure LegacySelectiveWipeID text/plain LastWrite DataUsage SetCost3G text/plain wwansvc.admx wwansvc~AT~Network~WwanSvc_Category~NetworkCost_Category SetCost3G LastWrite SetCost4G text/plain wwansvc.admx wwansvc~AT~Network~WwanSvc_Category~NetworkCost_Category SetCost4G LastWrite Defender AllowArchiveScanning 1 text/plain phone HighestValueMostSecure AllowBehaviorMonitoring 1 text/plain phone HighestValueMostSecure AllowCloudProtection 1 text/plain phone HighestValueMostSecure AllowEmailScanning 0 text/plain phone HighestValueMostSecure AllowFullScanOnMappedNetworkDrives 0 text/plain phone HighestValueMostSecure AllowFullScanRemovableDriveScanning 1 text/plain phone HighestValueMostSecure AllowIntrusionPreventionSystem 1 text/plain phone HighestValueMostSecure AllowIOAVProtection 1 text/plain phone HighestValueMostSecure AllowOnAccessProtection 1 text/plain phone HighestValueMostSecure AllowRealtimeMonitoring 1 text/plain phone HighestValueMostSecure AllowScanningNetworkFiles 0 text/plain phone HighestValueMostSecure AllowScriptScanning 1 text/plain phone HighestValueMostSecure AllowUserUIAccess 1 text/plain phone LastWrite AttackSurfaceReductionOnlyExclusions text/plain phone LastWrite AttackSurfaceReductionRules text/plain phone LastWrite AvgCPULoadFactor 50 text/plain phone LastWrite CloudBlockLevel 0 text/plain phone LastWrite CloudExtendedTimeout 0 text/plain phone LastWrite ControlledFolderAccessAllowedApplications text/plain phone LastWrite ControlledFolderAccessProtectedFolders text/plain phone LastWrite DaysToRetainCleanedMalware 0 text/plain phone LastWrite EnableControlledFolderAccess 0 text/plain phone LastWrite EnableNetworkProtection 0 text/plain phone LastWrite ExcludedExtensions text/plain phone LastWrite ExcludedPaths text/plain phone LastWrite ExcludedProcesses text/plain phone LastWrite PUAProtection 0 text/plain phone LastWrite RealTimeScanDirection 0 text/plain phone LowestValueMostSecure ScanParameter 1 text/plain phone LastWrite ScheduleQuickScanTime 120 text/plain phone LastWrite ScheduleScanDay 0 text/plain phone LastWrite ScheduleScanTime 120 text/plain phone LastWrite SignatureUpdateInterval 8 text/plain phone LastWrite SubmitSamplesConsent 1 text/plain phone HighestValueMostSecure ThreatSeverityDefaultAction text/plain phone LastWrite DeliveryOptimization DOAbsoluteMaxCacheSize 10 text/plain phone LastWrite DOAllowVPNPeerCaching 0 text/plain phone LowestValueMostSecure DOCacheHost text/plain phone LastWrite DODownloadMode 1 text/plain phone LastWrite DOGroupId text/plain phone LastWrite DOMaxCacheAge 259200 text/plain phone LastWrite DOMaxCacheSize 20 text/plain phone LastWrite DOMaxDownloadBandwidth 0 text/plain phone LastWrite DOMaxUploadBandwidth 0 text/plain phone LastWrite DOMinBackgroundQos 500 text/plain phone LastWrite DOMinBatteryPercentageAllowedToUpload 0 text/plain phone LastWrite DOMinDiskSizeAllowedToPeer 32 text/plain phone LastWrite DOMinFileSizeToCache 100 text/plain phone LastWrite DOMinRAMAllowedToPeer 4 text/plain phone LastWrite DOModifyCacheDrive %SystemDrive% text/plain phone LastWrite DOMonthlyUploadDataCap 20 text/plain phone LastWrite DOPercentageMaxDownloadBandwidth 0 text/plain phone LastWrite DeviceGuard EnableVirtualizationBasedSecurity Turns On Virtualization Based Security(VBS) 0 text/plain phone HighestValueMostSecure LsaCfgFlags Credential Guard Configuration: 0 - Turns off CredentialGuard remotely if configured previously without UEFI Lock, 1 - Turns on CredentialGuard with UEFI lock. 2 - Turns on CredentialGuard without UEFI lock. 0 text/plain phone LowestValueMostSecureZeroHasNoLimits RequirePlatformSecurityFeatures Select Platform Security Level: 1 - Turns on VBS with Secure Boot, 3 - Turns on VBS with Secure Boot and DMA. DMA requires hardware support. 1 text/plain phone HighestValueMostSecure DeviceInstallation PreventInstallationOfMatchingDeviceIDs text/plain phone deviceinstallation.admx DeviceInstallation~AT~System~DeviceInstall_Category~DeviceInstall_Restrictions_Category DeviceInstall_IDs_Deny LastWrite PreventInstallationOfMatchingDeviceSetupClasses text/plain phone deviceinstallation.admx DeviceInstallation~AT~System~DeviceInstall_Category~DeviceInstall_Restrictions_Category DeviceInstall_Classes_Deny LastWrite DeviceLock AllowIdleReturnWithoutPassword Specifies whether the user must input a PIN or password when the device resumes from an idle state. 1 text/plain desktop LowestValueMostSecure AllowScreenTimeoutWhileLockedUserConfig Specifies whether to show a user-configurable setting to control the screen timeout while on the lock screen of Windows 10 Mobile devices. 0 text/plain LastWrite AllowSimpleDevicePassword Specifies whether PINs or passwords such as 1111 or 1234 are allowed. For the desktop, it also controls the use of picture passwords. 1 text/plain LowestValueMostSecure AlphanumericDevicePasswordRequired Determines the type of PIN or password required. This policy only applies if the DeviceLock/DevicePasswordEnabled policy is set to 0 2 text/plain LowestValueMostSecure DevicePasswordEnabled Specifies whether device lock is enabled. 1 text/plain LowestValueMostSecure DevicePasswordExpiration Specifies when the password expires (in days). 0 text/plain LowestValueMostSecureZeroHasNoLimits DevicePasswordHistory Specifies how many passwords can be stored in the history that can’t be used. 0 text/plain HighestValueMostSecure EnforceLockScreenAndLogonImage text/plain phone LastWrite EnforceLockScreenProvider text/plain LastWrite MaxDevicePasswordFailedAttempts 0 text/plain LowestValueMostSecureZeroHasNoLimits MaxInactivityTimeDeviceLock The number of authentication failures allowed before the device will be wiped. A value of 0 disables device wipe functionality. 0 text/plain LowestValueMostSecureZeroHasNoLimits MaxInactivityTimeDeviceLockWithExternalDisplay Sets the maximum timeout value for the external display. 0 text/plain desktop LowestValueMostSecure MinDevicePasswordComplexCharacters The number of complex element types (uppercase and lowercase letters, numbers, and punctuation) required for a strong PIN or password. 1 text/plain HighestValueMostSecure MinDevicePasswordLength Specifies the minimum number or characters required in the PIN or password. 4 text/plain HighestValueMostSecureZeroHasNoLimits MinimumPasswordAge This security setting determines the period of time (in days) that a password must be used before the user can change it. You can set a value between 1 and 998 days, or you can allow changes immediately by setting the number of days to 0. The minimum password age must be less than the Maximum password age, unless the maximum password age is set to 0, indicating that passwords will never expire. If the maximum password age is set to 0, the minimum password age can be set to any value between 0 and 998. Configure the minimum password age to be more than 0 if you want Enforce password history to be effective. Without a minimum password age, users can cycle through passwords repeatedly until they get to an old favorite. The default setting does not follow this recommendation, so that an administrator can specify a password for a user and then require the user to change the administrator-defined password when the user logs on. If the password history is set to 0, the user does not have to choose a new password. For this reason, Enforce password history is set to 1 by default. 1 text/plain phone HighestValueMostSecure PreventLockScreenSlideShow text/plain phone ControlPanelDisplay.admx ControlPanelDisplay~AT~ControlPanel~Personalization CPL_Personalization_NoLockScreenSlideshow LastWrite ScreenTimeoutWhileLocked Specifies whether to show a user-configurable setting to control the screen timeout while on the lock screen of Windows 10 Mobile devices. 10 text/plain LastWrite Display TurnOffGdiDPIScalingForApps This policy allows to force turn off GDI DPI Scaling for a semicolon separated list of applications. Applications can be specified either by using full path or just filename and extension. text/plain phone LastWrite TurnOnGdiDPIScalingForApps This policy allows to turn on GDI DPI Scaling for a semicolon separated list of applications. Applications can be specified either by using full path or just filename and extension. text/plain phone LastWrite ErrorReporting CustomizeConsentSettings text/plain phone ErrorReporting.admx ErrorReporting~AT~WindowsComponents~CAT_WindowsErrorReporting WerConsentCustomize_2 LastWrite DisableWindowsErrorReporting text/plain phone ErrorReporting.admx ErrorReporting~AT~WindowsComponents~CAT_WindowsErrorReporting WerDisable_2 LastWrite DisplayErrorNotification text/plain phone ErrorReporting.admx ErrorReporting~AT~WindowsComponents~CAT_WindowsErrorReporting PCH_ShowUI LastWrite DoNotSendAdditionalData text/plain phone ErrorReporting.admx ErrorReporting~AT~WindowsComponents~CAT_WindowsErrorReporting WerNoSecondLevelData_2 LastWrite PreventCriticalErrorDisplay text/plain phone ErrorReporting.admx ErrorReporting~AT~WindowsComponents~CAT_WindowsErrorReporting WerDoNotShowUI LastWrite EventLogService ControlEventLogBehavior text/plain phone eventlog.admx EventLog~AT~WindowsComponents~EventLogCategory~EventLog_Application Channel_Log_Retention_1 LastWrite SpecifyMaximumFileSizeApplicationLog text/plain phone eventlog.admx EventLog~AT~WindowsComponents~EventLogCategory~EventLog_Application Channel_LogMaxSize_1 LastWrite SpecifyMaximumFileSizeSecurityLog text/plain phone eventlog.admx EventLog~AT~WindowsComponents~EventLogCategory~EventLog_Security Channel_LogMaxSize_2 LastWrite SpecifyMaximumFileSizeSystemLog text/plain phone eventlog.admx EventLog~AT~WindowsComponents~EventLogCategory~EventLog_System Channel_LogMaxSize_4 LastWrite Experience AllowCopyPaste 1 text/plain desktop LowestValueMostSecure AllowCortana 1 text/plain LowestValueMostSecure AllowDeviceDiscovery 1 text/plain LowestValueMostSecure AllowFindMyDevice 1 text/plain LowestValueMostSecure AllowManualMDMUnenrollment 1 text/plain LowestValueMostSecure AllowSaveAsOfOfficeFiles 1 text/plain LowestValueMostSecure AllowScreenCapture 1 text/plain LowestValueMostSecure AllowSharingOfOfficeFiles 1 text/plain LowestValueMostSecure AllowSIMErrorDialogPromptWhenNoSIM 1 text/plain HighestValueMostSecure AllowSyncMySettings 1 text/plain LowestValueMostSecure AllowTaskSwitcher 1 text/plain desktop LowestValueMostSecure AllowVoiceRecording 1 text/plain desktop LowestValueMostSecure AllowWindowsTips 1 text/plain phone LowestValueMostSecure DoNotShowFeedbackNotifications 0 text/plain HighestValueMostSecure ExploitGuard ExploitProtectionSettings text/plain LastWrite Games AllowAdvancedGamingServices Specifies whether advanced gaming services can be used. These services may send data to Microsoft or publishers of games that use these services. 1 text/plain LowestValueMostSecure Handwriting PanelDefaultModeDocked Specifies whether the handwriting panel comes up floating near the text box or attached to the bottom of the screen 0 text/plain phone LowestValueMostSecure InternetExplorer AddSearchProvider text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer AddSearchProvider LastWrite AllowActiveXFiltering text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer TurnOnActiveXFiltering LastWrite AllowAddOnList text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagement AddonManagement_AddOnList LastWrite AllowCertificateAddressMismatchWarning text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_PolicyWarnCertMismatch LastWrite AllowDeletingBrowsingHistoryOnExit text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~DeleteBrowsingHistory DBHDisableDeleteOnExit LastWrite AllowEnhancedProtectedMode text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage Advanced_EnableEnhancedProtectedMode LastWrite AllowEnterpriseModeFromToolsMenu text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer EnterpriseModeEnable LastWrite AllowEnterpriseModeSiteList text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer EnterpriseModeSiteList LastWrite AllowFallbackToSSL3 text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures Advanced_EnableSSL3Fallback LastWrite AllowInternetExplorer7PolicyList text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~CategoryCompatView CompatView_UsePolicyList LastWrite AllowInternetExplorerStandardsMode text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~CategoryCompatView CompatView_IntranetSites LastWrite AllowInternetZoneTemplate text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_PolicyInternetZoneTemplate LastWrite AllowIntranetZoneTemplate text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_PolicyIntranetZoneTemplate LastWrite AllowLocalMachineZoneTemplate text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_PolicyLocalMachineZoneTemplate LastWrite AllowLockedDownInternetZoneTemplate text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_PolicyInternetZoneLockdownTemplate LastWrite AllowLockedDownIntranetZoneTemplate text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_PolicyIntranetZoneLockdownTemplate LastWrite AllowLockedDownLocalMachineZoneTemplate text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_PolicyLocalMachineZoneLockdownTemplate LastWrite AllowLockedDownRestrictedSitesZoneTemplate text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_PolicyRestrictedSitesZoneLockdownTemplate LastWrite AllowOneWordEntry text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetSettings~Advanced~Browsing UseIntranetSiteForOneWordEntry LastWrite AllowSiteToZoneAssignmentList text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_Zonemaps LastWrite AllowsLockedDownTrustedSitesZoneTemplate text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_PolicyTrustedSitesZoneLockdownTemplate LastWrite AllowSoftwareWhenSignatureIsInvalid text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage Advanced_InvalidSignatureBlock LastWrite AllowsRestrictedSitesZoneTemplate text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_PolicyRestrictedSitesZoneTemplate LastWrite AllowSuggestedSites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer EnableSuggestedSites LastWrite AllowTrustedSitesZoneTemplate text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_PolicyTrustedSitesZoneTemplate LastWrite CheckServerCertificateRevocation text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage Advanced_CertificateRevocation LastWrite CheckSignaturesOnDownloadedPrograms text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage Advanced_DownloadSignatures LastWrite ConsistentMimeHandlingInternetExplorerProcesses text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryBinaryBehaviorSecurityRestriction IESF_PolicyExplorerProcesses_2 LastWrite DisableAdobeFlash text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagement DisableFlashInIE LastWrite DisableBypassOfSmartScreenWarnings text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer DisableSafetyFilterOverride LastWrite DisableBypassOfSmartScreenWarningsAboutUncommonFiles text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer DisableSafetyFilterOverrideForAppRepUnknown LastWrite DisableConfiguringHistory text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~DeleteBrowsingHistory RestrictHistory LastWrite DisableCrashDetection text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer AddonManagement_RestrictCrashDetection LastWrite DisableCustomerExperienceImprovementProgramParticipation text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer SQM_DisableCEIP LastWrite DisableDeletingUserVisitedWebsites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~DeleteBrowsingHistory DBHDisableDeleteHistory LastWrite DisableEnclosureDownloading text/plain phone inetres.admx inetres~AT~WindowsComponents~RSS_Feeds Disable_Downloading_of_Enclosures LastWrite DisableEncryptionSupport text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage Advanced_SetWinInetProtocols LastWrite DisableFirstRunWizard text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer NoFirstRunCustomise LastWrite DisableFlipAheadFeature text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage Advanced_DisableFlipAhead LastWrite DisableIgnoringCertificateErrors text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL NoCertError LastWrite DisableInPrivateBrowsing text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~CategoryPrivacy DisableInPrivateBrowsing LastWrite DisableProcessesInEnhancedProtectedMode text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage Advanced_EnableEnhancedProtectedMode64Bit LastWrite DisableProxyChange text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer RestrictProxy LastWrite DisableSearchProviderChange text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer NoSearchProvider LastWrite DisableSecondaryHomePageChange text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer SecondaryHomePages LastWrite DisableSecuritySettingsCheck text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer Disable_Security_Settings_Check LastWrite DisableUpdateCheck text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer NoUpdateCheck LastWrite DoNotAllowActiveXControlsInProtectedMode text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage Advanced_DisableEPMCompat LastWrite DoNotAllowUsersToAddSites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer Security_zones_map_edit LastWrite DoNotAllowUsersToChangePolicies text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer Security_options_edit LastWrite DoNotBlockOutdatedActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagement VerMgmtDisable LastWrite DoNotBlockOutdatedActiveXControlsOnSpecificDomains text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagement VerMgmtDomainAllowlist LastWrite IncludeAllLocalSites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_IncludeUnspecifiedLocalSites LastWrite IncludeAllNetworkPaths text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_UNCAsIntranet LastWrite InternetZoneAllowAccessToDataSources text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyAccessDataSourcesAcrossDomains_1 LastWrite InternetZoneAllowAutomaticPromptingForActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyNotificationBarActiveXURLaction_1 LastWrite InternetZoneAllowAutomaticPromptingForFileDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyNotificationBarDownloadURLaction_1 LastWrite InternetZoneAllowCopyPasteViaScript text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyAllowPasteViaScript_1 LastWrite InternetZoneAllowDragAndDropCopyAndPasteFiles text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyDropOrPasteFiles_1 LastWrite InternetZoneAllowFontDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyFontDownload_1 LastWrite InternetZoneAllowLessPrivilegedSites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyZoneElevationURLaction_1 LastWrite InternetZoneAllowLoadingOfXAMLFiles text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_Policy_XAML_1 LastWrite InternetZoneAllowNETFrameworkReliantComponents text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyUnsignedFrameworkComponentsURLaction_1 LastWrite InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Internet LastWrite InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyAllowTDCControl_Both_Internet LastWrite InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_Policy_WebBrowserControl_1 LastWrite InternetZoneAllowScriptInitiatedWindows text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyWindowsRestrictionsURLaction_1 LastWrite InternetZoneAllowScriptlets text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_Policy_AllowScriptlets_1 LastWrite InternetZoneAllowSmartScreenIE text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_Policy_Phishing_1 LastWrite InternetZoneAllowUpdatesToStatusBarViaScript text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_Policy_ScriptStatusBar_1 LastWrite InternetZoneAllowUserDataPersistence text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyUserdataPersistence_1 LastWrite InternetZoneDoNotRunAntimalwareAgainstActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyAntiMalwareCheckingOfActiveXControls_1 LastWrite InternetZoneDownloadSignedActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyDownloadSignedActiveX_1 LastWrite InternetZoneDownloadUnsignedActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyDownloadUnsignedActiveX_1 LastWrite InternetZoneEnableCrossSiteScriptingFilter text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyTurnOnXSSFilter_Both_Internet LastWrite InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Internet LastWrite InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Internet LastWrite InternetZoneEnableMIMESniffing text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyMimeSniffingURLaction_1 LastWrite InternetZoneEnableProtectedMode text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_Policy_TurnOnProtectedMode_1 LastWrite InternetZoneIncludeLocalPathWhenUploadingFilesToServer text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_Policy_LocalPathForUpload_1 LastWrite InternetZoneInitializeAndScriptActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyScriptActiveXNotMarkedSafe_1 LastWrite InternetZoneJavaPermissions text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyJavaPermissions_1 LastWrite InternetZoneLaunchingApplicationsAndFilesInIFRAME text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyLaunchAppsAndFilesInIFRAME_1 LastWrite InternetZoneLogonOptions text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyLogon_1 LastWrite InternetZoneNavigateWindowsAndFrames text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyNavigateSubframesAcrossDomains_1 LastWrite InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicySignedFrameworkComponentsURLaction_1 LastWrite InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_Policy_UnsafeFiles_1 LastWrite InternetZoneUsePopupBlocker text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyBlockPopupWindows_1 LastWrite IntranetZoneAllowAccessToDataSources text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_PolicyAccessDataSourcesAcrossDomains_3 LastWrite IntranetZoneAllowAutomaticPromptingForActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_PolicyNotificationBarActiveXURLaction_3 LastWrite IntranetZoneAllowAutomaticPromptingForFileDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_PolicyNotificationBarDownloadURLaction_3 LastWrite IntranetZoneAllowFontDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_PolicyFontDownload_3 LastWrite IntranetZoneAllowLessPrivilegedSites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_PolicyZoneElevationURLaction_3 LastWrite IntranetZoneAllowNETFrameworkReliantComponents text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_PolicyUnsignedFrameworkComponentsURLaction_3 LastWrite IntranetZoneAllowScriptlets text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_Policy_AllowScriptlets_3 LastWrite IntranetZoneAllowSmartScreenIE text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_Policy_Phishing_3 LastWrite IntranetZoneAllowUserDataPersistence text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_PolicyUserdataPersistence_3 LastWrite IntranetZoneDoNotRunAntimalwareAgainstActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_PolicyAntiMalwareCheckingOfActiveXControls_3 LastWrite IntranetZoneInitializeAndScriptActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_PolicyScriptActiveXNotMarkedSafe_3 LastWrite IntranetZoneJavaPermissions text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_PolicyJavaPermissions_3 LastWrite IntranetZoneNavigateWindowsAndFrames text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_PolicyNavigateSubframesAcrossDomains_3 LastWrite LocalMachineZoneAllowAccessToDataSources text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_PolicyAccessDataSourcesAcrossDomains_9 LastWrite LocalMachineZoneAllowAutomaticPromptingForActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_PolicyNotificationBarActiveXURLaction_9 LastWrite LocalMachineZoneAllowAutomaticPromptingForFileDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_PolicyNotificationBarDownloadURLaction_9 LastWrite LocalMachineZoneAllowFontDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_PolicyFontDownload_9 LastWrite LocalMachineZoneAllowLessPrivilegedSites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_PolicyZoneElevationURLaction_9 LastWrite LocalMachineZoneAllowNETFrameworkReliantComponents text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_PolicyUnsignedFrameworkComponentsURLaction_9 LastWrite LocalMachineZoneAllowScriptlets text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_Policy_AllowScriptlets_9 LastWrite LocalMachineZoneAllowSmartScreenIE text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_Policy_Phishing_9 LastWrite LocalMachineZoneAllowUserDataPersistence text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_PolicyUserdataPersistence_9 LastWrite LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_PolicyAntiMalwareCheckingOfActiveXControls_9 LastWrite LocalMachineZoneInitializeAndScriptActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_PolicyScriptActiveXNotMarkedSafe_9 LastWrite LocalMachineZoneJavaPermissions text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_PolicyJavaPermissions_9 LastWrite LocalMachineZoneNavigateWindowsAndFrames text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_PolicyNavigateSubframesAcrossDomains_9 LastWrite LockedDownInternetZoneAllowAccessToDataSources text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown IZ_PolicyAccessDataSourcesAcrossDomains_2 LastWrite LockedDownInternetZoneAllowAutomaticPromptingForActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown IZ_PolicyNotificationBarActiveXURLaction_2 LastWrite LockedDownInternetZoneAllowAutomaticPromptingForFileDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown IZ_PolicyNotificationBarDownloadURLaction_2 LastWrite LockedDownInternetZoneAllowFontDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown IZ_PolicyFontDownload_2 LastWrite LockedDownInternetZoneAllowLessPrivilegedSites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown IZ_PolicyZoneElevationURLaction_2 LastWrite LockedDownInternetZoneAllowNETFrameworkReliantComponents text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown IZ_PolicyUnsignedFrameworkComponentsURLaction_2 LastWrite LockedDownInternetZoneAllowScriptlets text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown IZ_Policy_AllowScriptlets_2 LastWrite LockedDownInternetZoneAllowSmartScreenIE text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown IZ_Policy_Phishing_2 LastWrite LockedDownInternetZoneAllowUserDataPersistence text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown IZ_PolicyUserdataPersistence_2 LastWrite LockedDownInternetZoneInitializeAndScriptActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown IZ_PolicyScriptActiveXNotMarkedSafe_2 LastWrite LockedDownInternetZoneJavaPermissions text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown IZ_PolicyJavaPermissions_2 LastWrite LockedDownInternetZoneNavigateWindowsAndFrames text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown IZ_PolicyNavigateSubframesAcrossDomains_2 LastWrite LockedDownIntranetZoneAllowAccessToDataSources text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown IZ_PolicyAccessDataSourcesAcrossDomains_4 LastWrite LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown IZ_PolicyNotificationBarActiveXURLaction_4 LastWrite LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown IZ_PolicyNotificationBarDownloadURLaction_4 LastWrite LockedDownIntranetZoneAllowFontDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown IZ_PolicyFontDownload_4 LastWrite LockedDownIntranetZoneAllowLessPrivilegedSites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown IZ_PolicyZoneElevationURLaction_4 LastWrite LockedDownIntranetZoneAllowNETFrameworkReliantComponents text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown IZ_PolicyUnsignedFrameworkComponentsURLaction_4 LastWrite LockedDownIntranetZoneAllowScriptlets text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown IZ_Policy_AllowScriptlets_4 LastWrite LockedDownIntranetZoneAllowSmartScreenIE text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown IZ_Policy_Phishing_4 LastWrite LockedDownIntranetZoneAllowUserDataPersistence text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown IZ_PolicyUserdataPersistence_4 LastWrite LockedDownIntranetZoneInitializeAndScriptActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown IZ_PolicyScriptActiveXNotMarkedSafe_4 LastWrite LockedDownIntranetZoneNavigateWindowsAndFrames text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown IZ_PolicyNavigateSubframesAcrossDomains_4 LastWrite LockedDownLocalMachineZoneAllowAccessToDataSources text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown IZ_PolicyAccessDataSourcesAcrossDomains_10 LastWrite LockedDownLocalMachineZoneAllowAutomaticPromptingForActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown IZ_PolicyNotificationBarActiveXURLaction_10 LastWrite LockedDownLocalMachineZoneAllowAutomaticPromptingForFileDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown IZ_PolicyNotificationBarDownloadURLaction_10 LastWrite LockedDownLocalMachineZoneAllowFontDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown IZ_PolicyFontDownload_10 LastWrite LockedDownLocalMachineZoneAllowLessPrivilegedSites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown IZ_PolicyZoneElevationURLaction_10 LastWrite LockedDownLocalMachineZoneAllowNETFrameworkReliantComponents text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown IZ_PolicyUnsignedFrameworkComponentsURLaction_10 LastWrite LockedDownLocalMachineZoneAllowScriptlets text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown IZ_Policy_AllowScriptlets_10 LastWrite LockedDownLocalMachineZoneAllowSmartScreenIE text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown IZ_Policy_Phishing_10 LastWrite LockedDownLocalMachineZoneAllowUserDataPersistence text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown IZ_PolicyUserdataPersistence_10 LastWrite LockedDownLocalMachineZoneInitializeAndScriptActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown IZ_PolicyScriptActiveXNotMarkedSafe_10 LastWrite LockedDownLocalMachineZoneJavaPermissions text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown IZ_PolicyJavaPermissions_10 LastWrite LockedDownLocalMachineZoneNavigateWindowsAndFrames text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown IZ_PolicyNavigateSubframesAcrossDomains_10 LastWrite LockedDownRestrictedSitesZoneAllowAccessToDataSources text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown IZ_PolicyAccessDataSourcesAcrossDomains_8 LastWrite LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown IZ_PolicyNotificationBarActiveXURLaction_8 LastWrite LockedDownRestrictedSitesZoneAllowAutomaticPromptingForFileDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown IZ_PolicyNotificationBarDownloadURLaction_8 LastWrite LockedDownRestrictedSitesZoneAllowFontDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown IZ_PolicyFontDownload_8 LastWrite LockedDownRestrictedSitesZoneAllowLessPrivilegedSites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown IZ_PolicyZoneElevationURLaction_8 LastWrite LockedDownRestrictedSitesZoneAllowNETFrameworkReliantComponents text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown IZ_PolicyUnsignedFrameworkComponentsURLaction_8 LastWrite LockedDownRestrictedSitesZoneAllowScriptlets text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown IZ_Policy_AllowScriptlets_8 LastWrite LockedDownRestrictedSitesZoneAllowSmartScreenIE text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown IZ_Policy_Phishing_8 LastWrite LockedDownRestrictedSitesZoneAllowUserDataPersistence text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown IZ_PolicyUserdataPersistence_8 LastWrite LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown IZ_PolicyScriptActiveXNotMarkedSafe_8 LastWrite LockedDownRestrictedSitesZoneJavaPermissions text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown IZ_PolicyJavaPermissions_8 LastWrite LockedDownRestrictedSitesZoneNavigateWindowsAndFrames text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown IZ_PolicyNavigateSubframesAcrossDomains_8 LastWrite LockedDownTrustedSitesZoneAllowAccessToDataSources text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_PolicyAccessDataSourcesAcrossDomains_6 LastWrite LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_PolicyNotificationBarActiveXURLaction_6 LastWrite LockedDownTrustedSitesZoneAllowAutomaticPromptingForFileDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_PolicyNotificationBarDownloadURLaction_6 LastWrite LockedDownTrustedSitesZoneAllowFontDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_PolicyFontDownload_6 LastWrite LockedDownTrustedSitesZoneAllowLessPrivilegedSites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_PolicyZoneElevationURLaction_6 LastWrite LockedDownTrustedSitesZoneAllowNETFrameworkReliantComponents text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_PolicyUnsignedFrameworkComponentsURLaction_6 LastWrite LockedDownTrustedSitesZoneAllowScriptlets text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_Policy_AllowScriptlets_6 LastWrite LockedDownTrustedSitesZoneAllowSmartScreenIE text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_Policy_Phishing_6 LastWrite LockedDownTrustedSitesZoneAllowUserDataPersistence text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_PolicyUserdataPersistence_6 LastWrite LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_PolicyScriptActiveXNotMarkedSafe_6 LastWrite LockedDownTrustedSitesZoneJavaPermissions text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_PolicyJavaPermissions_6 LastWrite LockedDownTrustedSitesZoneNavigateWindowsAndFrames text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_PolicyNavigateSubframesAcrossDomains_6 LastWrite MimeSniffingSafetyFeatureInternetExplorerProcesses text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryMimeSniffingSafetyFeature IESF_PolicyExplorerProcesses_6 LastWrite MKProtocolSecurityRestrictionInternetExplorerProcesses text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryMKProtocolSecurityRestriction IESF_PolicyExplorerProcesses_3 LastWrite NotificationBarInternetExplorerProcesses text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryInformationBar IESF_PolicyExplorerProcesses_10 LastWrite PreventManagingSmartScreenFilter text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer Disable_Managing_Safety_Filter_IE9 LastWrite PreventPerUserInstallationOfActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer DisablePerUserActiveXInstall LastWrite ProtectionFromZoneElevationInternetExplorerProcesses text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryProtectionFromZoneElevation IESF_PolicyAllProcesses_9 LastWrite RemoveRunThisTimeButtonForOutdatedActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagement VerMgmtDisableRunThisTime LastWrite RestrictActiveXInstallInternetExplorerProcesses text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryRestrictActiveXInstall IESF_PolicyAllProcesses_11 LastWrite RestrictedSitesZoneAllowAccessToDataSources text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyAccessDataSourcesAcrossDomains_7 LastWrite RestrictedSitesZoneAllowActiveScripting text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyActiveScripting_7 LastWrite RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyNotificationBarActiveXURLaction_7 LastWrite RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyNotificationBarDownloadURLaction_7 LastWrite RestrictedSitesZoneAllowBinaryAndScriptBehaviors text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyBinaryBehaviors_7 LastWrite RestrictedSitesZoneAllowCopyPasteViaScript text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyAllowPasteViaScript_7 LastWrite RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyDropOrPasteFiles_7 LastWrite RestrictedSitesZoneAllowFileDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyFileDownload_7 LastWrite RestrictedSitesZoneAllowFontDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyFontDownload_7 LastWrite RestrictedSitesZoneAllowLessPrivilegedSites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyZoneElevationURLaction_7 LastWrite RestrictedSitesZoneAllowLoadingOfXAMLFiles text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_Policy_XAML_7 LastWrite RestrictedSitesZoneAllowMETAREFRESH text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyAllowMETAREFRESH_7 LastWrite RestrictedSitesZoneAllowNETFrameworkReliantComponents text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyUnsignedFrameworkComponentsURLaction_7 LastWrite RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Restricted LastWrite RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyAllowTDCControl_Both_Restricted LastWrite RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_Policy_WebBrowserControl_7 LastWrite RestrictedSitesZoneAllowScriptInitiatedWindows text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyWindowsRestrictionsURLaction_7 LastWrite RestrictedSitesZoneAllowScriptlets text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_Policy_AllowScriptlets_7 LastWrite RestrictedSitesZoneAllowSmartScreenIE text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_Policy_Phishing_7 LastWrite RestrictedSitesZoneAllowUpdatesToStatusBarViaScript text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_Policy_ScriptStatusBar_7 LastWrite RestrictedSitesZoneAllowUserDataPersistence text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyUserdataPersistence_7 LastWrite RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyAntiMalwareCheckingOfActiveXControls_7 LastWrite RestrictedSitesZoneDownloadSignedActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyDownloadSignedActiveX_7 LastWrite RestrictedSitesZoneDownloadUnsignedActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyDownloadUnsignedActiveX_7 LastWrite RestrictedSitesZoneEnableCrossSiteScriptingFilter text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyTurnOnXSSFilter_Both_Restricted LastWrite RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Restricted LastWrite RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Restricted LastWrite RestrictedSitesZoneEnableMIMESniffing text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyMimeSniffingURLaction_7 LastWrite RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_Policy_LocalPathForUpload_7 LastWrite RestrictedSitesZoneInitializeAndScriptActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyScriptActiveXNotMarkedSafe_7 LastWrite RestrictedSitesZoneJavaPermissions text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyJavaPermissions_7 LastWrite RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyLaunchAppsAndFilesInIFRAME_7 LastWrite RestrictedSitesZoneLogonOptions text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyLogon_7 LastWrite RestrictedSitesZoneNavigateWindowsAndFrames text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyNavigateSubframesAcrossDomains_7 LastWrite RestrictedSitesZoneRunActiveXControlsAndPlugins text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyRunActiveXControls_7 LastWrite RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicySignedFrameworkComponentsURLaction_7 LastWrite RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyScriptActiveXMarkedSafe_7 LastWrite RestrictedSitesZoneScriptingOfJavaApplets text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyScriptingOfJavaApplets_7 LastWrite RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_Policy_UnsafeFiles_7 LastWrite RestrictedSitesZoneTurnOnProtectedMode text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_Policy_TurnOnProtectedMode_7 LastWrite RestrictedSitesZoneUsePopupBlocker text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyBlockPopupWindows_7 LastWrite RestrictFileDownloadInternetExplorerProcesses text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryRestrictFileDownload IESF_PolicyAllProcesses_12 LastWrite ScriptedWindowSecurityRestrictionsInternetExplorerProcesses text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryScriptedWindowSecurityRestrictions IESF_PolicyAllProcesses_8 LastWrite SearchProviderList text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer SpecificSearchProvider LastWrite SecurityZonesUseOnlyMachineSettings text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer Security_HKLM_only LastWrite SpecifyUseOfActiveXInstallerService text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer OnlyUseAXISForActiveXInstall LastWrite TrustedSitesZoneAllowAccessToDataSources text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_PolicyAccessDataSourcesAcrossDomains_5 LastWrite TrustedSitesZoneAllowAutomaticPromptingForActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_PolicyNotificationBarActiveXURLaction_5 LastWrite TrustedSitesZoneAllowAutomaticPromptingForFileDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_PolicyNotificationBarDownloadURLaction_5 LastWrite TrustedSitesZoneAllowFontDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_PolicyFontDownload_5 LastWrite TrustedSitesZoneAllowLessPrivilegedSites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_PolicyZoneElevationURLaction_5 LastWrite TrustedSitesZoneAllowNETFrameworkReliantComponents text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_PolicyUnsignedFrameworkComponentsURLaction_5 LastWrite TrustedSitesZoneAllowScriptlets text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_Policy_AllowScriptlets_5 LastWrite TrustedSitesZoneAllowSmartScreenIE text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_Policy_Phishing_5 LastWrite TrustedSitesZoneAllowUserDataPersistence text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_PolicyUserdataPersistence_5 LastWrite TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_PolicyAntiMalwareCheckingOfActiveXControls_5 LastWrite TrustedSitesZoneInitializeAndScriptActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_PolicyScriptActiveXNotMarkedSafe_5 LastWrite TrustedSitesZoneJavaPermissions text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_PolicyJavaPermissions_5 LastWrite TrustedSitesZoneNavigateWindowsAndFrames text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_PolicyNavigateSubframesAcrossDomains_5 LastWrite Kerberos AllowForestSearchOrder text/plain phone Kerberos.admx Kerberos~AT~System~kerberos ForestSearch LastWrite KerberosClientSupportsClaimsCompoundArmor text/plain phone Kerberos.admx Kerberos~AT~System~kerberos EnableCbacAndArmor LastWrite RequireKerberosArmoring text/plain phone Kerberos.admx Kerberos~AT~System~kerberos ClientRequireFast LastWrite RequireStrictKDCValidation text/plain phone Kerberos.admx Kerberos~AT~System~kerberos ValidateKDC LastWrite SetMaximumContextTokenSize text/plain phone Kerberos.admx Kerberos~AT~System~kerberos MaxTokenSize LastWrite Licensing AllowWindowsEntitlementReactivation 1 text/plain phone LowestValueMostSecure DisallowKMSClientOnlineAVSValidation 0 text/plain phone LowestValueMostSecure LocalPoliciesSecurityOptions Accounts_BlockMicrosoftAccounts This policy setting prevents users from adding new Microsoft accounts on this computer. If you select the "Users can’t add Microsoft accounts" option, users will not be able to create new Microsoft accounts on this computer, switch a local account to a Microsoft account, or connect a domain account to a Microsoft account. This is the preferred option if you need to limit the use of Microsoft accounts in your enterprise. If you select the "Users can’t add or log on with Microsoft accounts" option, existing Microsoft account users will not be able to log on to Windows. Selecting this option might make it impossible for an existing administrator on this computer to log on and manage the system. If you disable or do not configure this policy (recommended), users will be able to use Microsoft accounts with Windows. 0 text/plain phone LastWrite Accounts_EnableAdministratorAccountStatus This security setting determines whether the local Administrator account is enabled or disabled. Notes If you try to reenable the Administrator account after it has been disabled, and if the current Administrator password does not meet the password requirements, you cannot reenable the account. In this case, an alternative member of the Administrators group must reset the password on the Administrator account. For information about how to reset a password, see To reset a password. Disabling the Administrator account can become a maintenance issue under certain circumstances. Under Safe Mode boot, the disabled Administrator account will only be enabled if the machine is non-domain joined and there are no other local active administrator accounts. If the computer is domain joined the disabled administrator will not be enabled. Default: Disabled. 0 text/plain phone LastWrite Accounts_EnableGuestAccountStatus This security setting determines if the Guest account is enabled or disabled. Default: Disabled. Note: If the Guest account is disabled and the security option Network Access: Sharing and Security Model for local accounts is set to Guest Only, network logons, such as those performed by the Microsoft Network Server (SMB Service), will fail. 0 text/plain phone LastWrite Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly Accounts: Limit local account use of blank passwords to console logon only This security setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If enabled, local accounts that are not password protected will only be able to log on at the computer's keyboard. Default: Enabled. Warning: Computers that are not in physically secure locations should always enforce strong password policies for all local user accounts. Otherwise, anyone with physical access to the computer can log on by using a user account that does not have a password. This is especially important for portable computers. If you apply this security policy to the Everyone group, no one will be able to log on through Remote Desktop Services. Notes This setting does not affect logons that use domain accounts. It is possible for applications that use remote interactive logons to bypass this setting. 1 text/plain phone LastWrite Accounts_RenameAdministratorAccount Accounts: Rename administrator account This security setting determines whether a different account name is associated with the security identifier (SID) for the account Administrator. Renaming the well-known Administrator account makes it slightly more difficult for unauthorized persons to guess this privileged user name and password combination. Default: Administrator. Administrator text/plain phone LastWrite Accounts_RenameGuestAccount Accounts: Rename guest account This security setting determines whether a different account name is associated with the security identifier (SID) for the account "Guest." Renaming the well-known Guest account makes it slightly more difficult for unauthorized persons to guess this user name and password combination. Default: Guest. Guest text/plain phone LastWrite Devices_AllowedToFormatAndEjectRemovableMedia Devices: Allowed to format and eject removable media This security setting determines who is allowed to format and eject removable NTFS media. This capability can be given to: Administrators Administrators and Interactive Users Default: This policy is not defined and only Administrators have this ability. 0 text/plain phone LastWrite Devices_AllowUndockWithoutHavingToLogon Devices: Allow undock without having to log on This security setting determines whether a portable computer can be undocked without having to log on. If this policy is enabled, logon is not required and an external hardware eject button can be used to undock the computer. If disabled, a user must log on and have the Remove computer from docking station privilege to undock the computer. Default: Enabled. Caution Disabling this policy may tempt users to try and physically remove the laptop from its docking station using methods other than the external hardware eject button. Since this may cause damage to the hardware, this setting, in general, should only be disabled on laptop configurations that are physically securable. 1 text/plain phone LastWrite Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters Devices: Prevent users from installing printer drivers when connecting to shared printers For a computer to print to a shared printer, the driver for that shared printer must be installed on the local computer. This security setting determines who is allowed to install a printer driver as part of connecting to a shared printer. If this setting is enabled, only Administrators can install a printer driver as part of connecting to a shared printer. If this setting is disabled, any user can install a printer driver as part of connecting to a shared printer. Default on servers: Enabled. Default on workstations: Disabled Notes This setting does not affect the ability to add a local printer. This setting does not affect Administrators. 0 text/plain phone LastWrite Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly Devices: Restrict CD-ROM access to locally logged-on user only This security setting determines whether a CD-ROM is accessible to both local and remote users simultaneously. If this policy is enabled, it allows only the interactively logged-on user to access removable CD-ROM media. If this policy is enabled and no one is logged on interactively, the CD-ROM can be accessed over the network. Default: This policy is not defined and CD-ROM access is not restricted to the locally logged-on user. 0 text/plain phone LastWrite InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked Interactive Logon:Display user information when the session is locked User display name, domain and user names (1) User display name only (2) Do not display user information (3) 1 text/plain phone LastWrite InteractiveLogon_DoNotDisplayLastSignedIn Interactive logon: Don't display last signed-in This security setting determines whether the Windows sign-in screen will show the username of the last person who signed in on this PC. If this policy is enabled, the username will not be shown. If this policy is disabled, the username will be shown. Default: Disabled. 0 text/plain phone LastWrite InteractiveLogon_DoNotDisplayUsernameAtSignIn Interactive logon: Don't display username at sign-in This security setting determines whether the username of the person signing in to this PC appears at Windows sign-in, after credentials are entered, and before the PC desktop is shown. If this policy is enabled, the username will not be shown. If this policy is disabled, the username will be shown. Default: Disabled. 1 text/plain phone LastWrite InteractiveLogon_DoNotRequireCTRLALTDEL Interactive logon: Do not require CTRL+ALT+DEL This security setting determines whether pressing CTRL+ALT+DEL is required before a user can log on. If this policy is enabled on a computer, a user is not required to press CTRL+ALT+DEL to log on. Not having to press CTRL+ALT+DEL leaves users susceptible to attacks that attempt to intercept the users' passwords. Requiring CTRL+ALT+DEL before users log on ensures that users are communicating by means of a trusted path when entering their passwords. If this policy is disabled, any user is required to press CTRL+ALT+DEL before logging on to Windows. Default on domain-computers: Enabled: At least Windows 8/Disabled: Windows 7 or earlier. Default on stand-alone computers: Enabled. 1 text/plain phone LastWrite InteractiveLogon_MachineInactivityLimit Interactive logon: Machine inactivity limit. Windows notices inactivity of a logon session, and if the amount of inactive time exceeds the inactivity limit, then the screen saver will run, locking the session. Default: not enforced. 0 text/plain phone LastWrite InteractiveLogon_MessageTextForUsersAttemptingToLogOn Interactive logon: Message text for users attempting to log on This security setting specifies a text message that is displayed to users when they log on. This text is often used for legal reasons, for example, to warn users about the ramifications of misusing company information or to warn them that their actions may be audited. Default: No message. text/plain phone LastWrite 0xF000 InteractiveLogon_MessageTitleForUsersAttemptingToLogOn Interactive logon: Message title for users attempting to log on This security setting allows the specification of a title to appear in the title bar of the window that contains the Interactive logon: Message text for users attempting to log on. Default: No message. text/plain phone LastWrite NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM Network access: Restrict clients allowed to make remote calls to SAM This policy setting allows you to restrict remote rpc connections to SAM. If not selected, the default security descriptor will be used. This policy is supported on at least Windows Server 2016. text/plain phone LastWrite NetworkSecurity_AllowPKU2UAuthenticationRequests Network security: Allow PKU2U authentication requests to this computer to use online identities. This policy will be turned off by default on domain joined machines. This would prevent online identities from authenticating to the domain joined machine. 1 text/plain phone LastWrite Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn Shutdown: Allow system to be shut down without having to log on This security setting determines whether a computer can be shut down without having to log on to Windows. When this policy is enabled, the Shut Down command is available on the Windows logon screen. When this policy is disabled, the option to shut down the computer does not appear on the Windows logon screen. In this case, users must be able to log on to the computer successfully and have the Shut down the system user right before they can perform a system shutdown. Default on workstations: Enabled. Default on servers: Disabled. 1 text/plain phone LastWrite Shutdown_ClearVirtualMemoryPageFile Shutdown: Clear virtual memory pagefile This security setting determines whether the virtual memory pagefile is cleared when the system is shut down. Virtual memory support uses a system pagefile to swap pages of memory to disk when they are not used. On a running system, this pagefile is opened exclusively by the operating system, and it is well protected. However, systems that are configured to allow booting to other operating systems might have to make sure that the system pagefile is wiped clean when this system shuts down. This ensures that sensitive information from process memory that might go into the pagefile is not available to an unauthorized user who manages to directly access the pagefile. When this policy is enabled, it causes the system pagefile to be cleared upon clean shutdown. If you enable this security option, the hibernation file (hiberfil.sys) is also zeroed out when hibernation is disabled. Default: Disabled. 0 text/plain phone LastWrite UserAccountControl_AllowUIAccessApplicationsToPromptForElevation User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop. This policy setting controls whether User Interface Accessibility (UIAccess or UIA) programs can automatically disable the secure desktop for elevation prompts used by a standard user. • Enabled: UIA programs, including Windows Remote Assistance, automatically disable the secure desktop for elevation prompts. If you do not disable the "User Account Control: Switch to the secure desktop when prompting for elevation" policy setting, the prompts appear on the interactive user's desktop instead of the secure desktop. • Disabled: (Default) The secure desktop can be disabled only by the user of the interactive desktop or by disabling the "User Account Control: Switch to the secure desktop when prompting for elevation" policy setting. 0 text/plain phone LastWrite UserAccountControl_BehaviorOfTheElevationPromptForAdministrators User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode This policy setting controls the behavior of the elevation prompt for administrators. The options are: • Elevate without prompting: Allows privileged accounts to perform an operation that requires elevation without requiring consent or credentials. Note: Use this option only in the most constrained environments. • Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a privileged user name and password. If the user enters valid credentials, the operation continues with the user's highest available privilege. • Prompt for consent on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege. • Prompt for credentials: When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege. • Prompt for consent: When an operation requires elevation of privilege, the user is prompted to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege. • Prompt for consent for non-Windows binaries: (Default) When an operation for a non-Microsoft application requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege. 5 text/plain phone LastWrite UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers User Account Control: Behavior of the elevation prompt for standard users This policy setting controls the behavior of the elevation prompt for standard users. The options are: • Prompt for credentials: (Default) When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege. • Automatically deny elevation requests: When an operation requires elevation of privilege, a configurable access denied error message is displayed. An enterprise that is running desktops as standard user may choose this setting to reduce help desk calls. • Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a different user name and password. If the user enters valid credentials, the operation continues with the applicable privilege. 3 text/plain phone LastWrite UserAccountControl_DetectApplicationInstallationsAndPromptForElevation User Account Control: Detect application installations and prompt for elevation This policy setting controls the behavior of application installation detection for the computer. The options are: Enabled: (Default) When an application installation package is detected that requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege. Disabled: Application installation packages are not detected and prompted for elevation. Enterprises that are running standard user desktops and use delegated installation technologies such as Group Policy Software Installation or Systems Management Server (SMS) should disable this policy setting. In this case, installer detection is unnecessary. 1 text/plain phone LastWrite UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated User Account Control: Only elevate executable files that are signed and validated This policy setting enforces public key infrastructure (PKI) signature checks for any interactive applications that request elevation of privilege. Enterprise administrators can control which applications are allowed to run by adding certificates to the Trusted Publishers certificate store on local computers. The options are: • Enabled: Enforces the PKI certification path validation for a given executable file before it is permitted to run. • Disabled: (Default) Does not enforce PKI certification path validation before a given executable file is permitted to run. 0 text/plain phone LastWrite UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations User Account Control: Only elevate UIAccess applications that are installed in secure locations This policy setting controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system. Secure locations are limited to the following: - …\Program Files\, including subfolders - …\Windows\system32\ - …\Program Files (x86)\, including subfolders for 64-bit versions of Windows Note: Windows enforces a public key infrastructure (PKI) signature check on any interactive application that requests to run with a UIAccess integrity level regardless of the state of this security setting. The options are: • Enabled: (Default) If an application resides in a secure location in the file system, it runs only with UIAccess integrity. • Disabled: An application runs with UIAccess integrity even if it does not reside in a secure location in the file system. 1 text/plain phone LastWrite UserAccountControl_RunAllAdministratorsInAdminApprovalMode User Account Control: Turn on Admin Approval Mode This policy setting controls the behavior of all User Account Control (UAC) policy settings for the computer. If you change this policy setting, you must restart your computer. The options are: • Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode. • Disabled: Admin Approval Mode and all related UAC policy settings are disabled. Note: If this policy setting is disabled, the Security Center notifies you that the overall security of the operating system has been reduced. 1 text/plain phone LastWrite UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation User Account Control: Switch to the secure desktop when prompting for elevation This policy setting controls whether the elevation request prompt is displayed on the interactive user's desktop or the secure desktop. The options are: • Enabled: (Default) All elevation requests go to the secure desktop regardless of prompt behavior policy settings for administrators and standard users. • Disabled: All elevation requests go to the interactive user's desktop. Prompt behavior policy settings for administrators and standard users are used. 1 text/plain phone LastWrite UserAccountControl_UseAdminApprovalMode User Account Control: Use Admin Approval Mode for the built-in Administrator account This policy setting controls the behavior of Admin Approval Mode for the built-in Administrator account. The options are: • Enabled: The built-in Administrator account uses Admin Approval Mode. By default, any operation that requires elevation of privilege will prompt the user to approve the operation. • Disabled: (Default) The built-in Administrator account runs all applications with full administrative privilege. 0 text/plain phone LastWrite UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations User Account Control: Virtualize file and registry write failures to per-user locations This policy setting controls whether application write failures are redirected to defined registry and file system locations. This policy setting mitigates applications that run as administrator and write run-time application data to %ProgramFiles%, %Windir%, %Windir%\system32, or HKLM\Software. The options are: • Enabled: (Default) Application write failures are redirected at run time to defined user locations for both the file system and registry. • Disabled: Applications that write data to protected locations fail. 1 text/plain phone LastWrite Location EnableLocation 0 text/plain LastWrite LockDown AllowEdgeSwipe 1 text/plain phone LowestValueMostSecure Maps AllowOfflineMapsDownloadOverMeteredConnection 65535 text/plain LastWrite EnableOfflineMapsAutoUpdate 65535 text/plain LastWrite Messaging AllowMessageSync This policy setting allows backup and restore of cellular text messages to Microsoft's cloud services. 1 text/plain LowestValueMostSecure AllowMMS This policy setting allows you to enable or disable the sending and receiving cellular MMS messages. 1 text/plain desktop LowestValueMostSecure AllowRCS This policy setting allows you to enable or disable the sending and receiving of cellular RCS (Rich Communication Services) messages. 1 text/plain desktop LowestValueMostSecure NetworkIsolation EnterpriseCloudResources text/plain LastWrite EnterpriseInternalProxyServers text/plain LastWrite EnterpriseIPRange text/plain LastWrite EnterpriseIPRangesAreAuthoritative 0 text/plain LastWrite EnterpriseNetworkDomainNames text/plain LastWrite EnterpriseProxyServers text/plain LastWrite EnterpriseProxyServersAreAuthoritative 0 text/plain LastWrite NeutralResources text/plain LastWrite Power AllowStandbyWhenSleepingPluggedIn text/plain phone power.admx Power~AT~System~PowerManagementCat~PowerSleepSettingsCat AllowStandbyStatesAC_2 LastWrite DisplayOffTimeoutOnBattery text/plain phone power.admx Power~AT~System~PowerManagementCat~PowerVideoSettingsCat VideoPowerDownTimeOutDC_2 LastWrite DisplayOffTimeoutPluggedIn text/plain phone power.admx Power~AT~System~PowerManagementCat~PowerVideoSettingsCat VideoPowerDownTimeOutAC_2 LastWrite HibernateTimeoutOnBattery text/plain phone power.admx Power~AT~System~PowerManagementCat~PowerSleepSettingsCat DCHibernateTimeOut_2 LastWrite HibernateTimeoutPluggedIn text/plain phone power.admx Power~AT~System~PowerManagementCat~PowerSleepSettingsCat ACHibernateTimeOut_2 LastWrite RequirePasswordWhenComputerWakesOnBattery text/plain phone power.admx Power~AT~System~PowerManagementCat~PowerSleepSettingsCat DCPromptForPasswordOnResume_2 LastWrite RequirePasswordWhenComputerWakesPluggedIn text/plain phone power.admx Power~AT~System~PowerManagementCat~PowerSleepSettingsCat ACPromptForPasswordOnResume_2 LastWrite StandbyTimeoutOnBattery text/plain phone power.admx Power~AT~System~PowerManagementCat~PowerSleepSettingsCat DCStandbyTimeOut_2 LastWrite StandbyTimeoutPluggedIn text/plain phone power.admx Power~AT~System~PowerManagementCat~PowerSleepSettingsCat ACStandbyTimeOut_2 LastWrite Printers PointAndPrintRestrictions text/plain phone Printing.admx Printing~AT~ControlPanel~CplPrinters PointAndPrint_Restrictions_Win7 LastWrite PublishPrinters text/plain phone Printing2.admx Printing2~AT~Printers PublishPrinters LastWrite Privacy AllowAutoAcceptPairingAndPrivacyConsentPrompts 0 text/plain LowestValueMostSecure AllowInputPersonalization 1 text/plain 10.0.10240 LowestValueMostSecure DisableAdvertisingId 65535 text/plain LowestValueMostSecureZeroHasNoLimits EnableActivityFeed Enables ActivityFeed, which is responsible for mirroring different activity types (as applicable) across device graph of the user. 1 text/plain HighestValueMostSecure LetAppsAccessAccountInfo This policy setting specifies whether Windows apps can access account information. 0 text/plain HighestValueMostSecure LetAppsAccessAccountInfo_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps. text/plain LastWrite ; LetAppsAccessAccountInfo_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps. text/plain LastWrite ; LetAppsAccessAccountInfo_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the account information privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps. text/plain LastWrite ; LetAppsAccessCalendar This policy setting specifies whether Windows apps can access the calendar. 0 text/plain HighestValueMostSecure LetAppsAccessCalendar_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps. text/plain LastWrite ; LetAppsAccessCalendar_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps. text/plain LastWrite ; LetAppsAccessCalendar_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the calendar privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps. text/plain LastWrite ; LetAppsAccessCallHistory This policy setting specifies whether Windows apps can access call history. 0 text/plain HighestValueMostSecure LetAppsAccessCallHistory_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps. text/plain LastWrite ; LetAppsAccessCallHistory_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps. text/plain LastWrite ; LetAppsAccessCallHistory_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the call history privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps. text/plain LastWrite ; LetAppsAccessCamera This policy setting specifies whether Windows apps can access the camera. 0 text/plain HighestValueMostSecure LetAppsAccessCamera_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps. text/plain LastWrite ; LetAppsAccessCamera_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps. text/plain LastWrite ; LetAppsAccessCamera_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the camera privacy setting for the listed apps. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps. text/plain LastWrite ; LetAppsAccessContacts This policy setting specifies whether Windows apps can access contacts. 0 text/plain HighestValueMostSecure LetAppsAccessContacts_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps. text/plain LastWrite ; LetAppsAccessContacts_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps. text/plain LastWrite ; LetAppsAccessContacts_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the contacts privacy setting for the listed apps. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps. text/plain LastWrite ; LetAppsAccessEmail This policy setting specifies whether Windows apps can access email. 0 text/plain HighestValueMostSecure LetAppsAccessEmail_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps. text/plain LastWrite ; LetAppsAccessEmail_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps. text/plain LastWrite ; LetAppsAccessEmail_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the email privacy setting for the listed apps. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps. text/plain LastWrite ; LetAppsAccessLocation This policy setting specifies whether Windows apps can access location. 0 text/plain HighestValueMostSecure LetAppsAccessLocation_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps. text/plain LastWrite ; LetAppsAccessLocation_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps. text/plain LastWrite ; LetAppsAccessLocation_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the location privacy setting for the listed apps. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps. text/plain LastWrite ; LetAppsAccessMessaging This policy setting specifies whether Windows apps can read or send messages (text or MMS). 0 text/plain HighestValueMostSecure LetAppsAccessMessaging_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps. text/plain LastWrite ; LetAppsAccessMessaging_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are not allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps. text/plain LastWrite ; LetAppsAccessMessaging_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the messaging privacy setting for the listed apps. This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps. text/plain LastWrite ; LetAppsAccessMicrophone This policy setting specifies whether Windows apps can access the microphone. 0 text/plain HighestValueMostSecure LetAppsAccessMicrophone_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps. text/plain LastWrite ; LetAppsAccessMicrophone_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps. text/plain LastWrite ; LetAppsAccessMicrophone_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the microphone privacy setting for the listed apps. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps. text/plain LastWrite ; LetAppsAccessMotion This policy setting specifies whether Windows apps can access motion data. 0 text/plain HighestValueMostSecure LetAppsAccessMotion_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps. text/plain LastWrite ; LetAppsAccessMotion_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps. text/plain LastWrite ; LetAppsAccessMotion_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the motion privacy setting for the listed apps. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps. text/plain LastWrite ; LetAppsAccessNotifications This policy setting specifies whether Windows apps can access notifications. 0 text/plain HighestValueMostSecure LetAppsAccessNotifications_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps. text/plain LastWrite ; LetAppsAccessNotifications_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps. text/plain LastWrite ; LetAppsAccessNotifications_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the notifications privacy setting for the listed apps. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps. text/plain LastWrite ; LetAppsAccessPhone This policy setting specifies whether Windows apps can make phone calls 0 text/plain HighestValueMostSecure LetAppsAccessPhone_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps. text/plain LastWrite ; LetAppsAccessPhone_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are not allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps. text/plain LastWrite ; LetAppsAccessPhone_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the phone call privacy setting for the listed apps. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps. text/plain LastWrite ; LetAppsAccessRadios This policy setting specifies whether Windows apps have access to control radios. 0 text/plain HighestValueMostSecure LetAppsAccessRadios_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps. text/plain LastWrite ; LetAppsAccessRadios_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will not have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps. text/plain LastWrite ; LetAppsAccessRadios_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the radios privacy setting for the listed apps. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps. text/plain LastWrite ; LetAppsAccessTasks This policy setting specifies whether Windows apps can access tasks. 0 text/plain HighestValueMostSecure LetAppsAccessTasks_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps. text/plain LastWrite ; LetAppsAccessTasks_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps. text/plain LastWrite ; LetAppsAccessTasks_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the tasks privacy setting for the listed apps. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps. text/plain LastWrite ; LetAppsAccessTrustedDevices This policy setting specifies whether Windows apps can access trusted devices. 0 text/plain HighestValueMostSecure LetAppsAccessTrustedDevices_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps. text/plain LastWrite ; LetAppsAccessTrustedDevices_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will not have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps. text/plain LastWrite ; LetAppsAccessTrustedDevices_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the 'trusted devices' privacy setting for the listed apps. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps. text/plain LastWrite ; LetAppsGetDiagnosticInfo This policy setting specifies whether Windows apps can get diagnostic information about other apps, including user names. 0 text/plain HighestValueMostSecure LetAppsGetDiagnosticInfo_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed to get diagnostic information about other apps, including user names. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified Windows apps. text/plain LastWrite ; LetAppsGetDiagnosticInfo_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are not allowed to get diagnostic information about other apps, including user names. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified Windows apps. text/plain LastWrite ; LetAppsGetDiagnosticInfo_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the app diagnostics privacy setting for the listed Windows apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified Windows apps. text/plain LastWrite ; LetAppsRunInBackground This policy setting specifies whether Windows apps can run in the background. 0 text/plain HighestValueMostSecure LetAppsRunInBackground_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified Windows apps. text/plain LastWrite ; LetAppsRunInBackground_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are not allowed to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified Windows apps. text/plain LastWrite ; LetAppsRunInBackground_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the background apps privacy setting for the listed Windows apps. This setting overrides the default LetAppsRunInBackground policy setting for the specified Windows apps. text/plain LastWrite ; LetAppsSyncWithDevices This policy setting specifies whether Windows apps can communicate with unpaired wireless devices. 0 text/plain HighestValueMostSecure LetAppsSyncWithDevices_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will be allowed to communicate with unpaired wireless devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps. text/plain LastWrite ; LetAppsSyncWithDevices_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will not be allowed to communicate with unpaired wireless devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps. text/plain LastWrite ; LetAppsSyncWithDevices_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the 'Communicate with unpaired wireless devices' privacy setting for the listed apps. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps. text/plain LastWrite ; PublishUserActivities Allows apps/system to publish 'User Activities' into ActivityFeed. 1 text/plain HighestValueMostSecure RemoteAssistance CustomizeWarningMessages text/plain phone remoteassistance.admx RemoteAssistance~AT~System~RemoteAssist RA_Options LastWrite SessionLogging text/plain phone remoteassistance.admx RemoteAssistance~AT~System~RemoteAssist RA_Logging LastWrite SolicitedRemoteAssistance text/plain phone remoteassistance.admx RemoteAssistance~AT~System~RemoteAssist RA_Solicit LastWrite UnsolicitedRemoteAssistance text/plain phone remoteassistance.admx RemoteAssistance~AT~System~RemoteAssist RA_Unsolicit LastWrite RemoteDesktopServices AllowUsersToConnectRemotely text/plain phone terminalserver.admx TerminalServer~AT~WindowsComponents~TS_GP_NODE~TS_TERMINAL_SERVER~TS_CONNECTIONS TS_DISABLE_CONNECTIONS LastWrite ClientConnectionEncryptionLevel text/plain phone terminalserver.admx TerminalServer~AT~WindowsComponents~TS_GP_NODE~TS_TERMINAL_SERVER~TS_SECURITY TS_ENCRYPTION_POLICY LastWrite DoNotAllowDriveRedirection text/plain phone terminalserver.admx TerminalServer~AT~WindowsComponents~TS_GP_NODE~TS_TERMINAL_SERVER~TS_REDIRECTION TS_CLIENT_DRIVE_M LastWrite DoNotAllowPasswordSaving text/plain phone terminalserver.admx TerminalServer~AT~WindowsComponents~TS_GP_NODE~TS_CLIENT TS_CLIENT_DISABLE_PASSWORD_SAVING_2 LastWrite PromptForPasswordUponConnection text/plain phone terminalserver.admx TerminalServer~AT~WindowsComponents~TS_GP_NODE~TS_TERMINAL_SERVER~TS_SECURITY TS_PASSWORD LastWrite RequireSecureRPCCommunication text/plain phone terminalserver.admx TerminalServer~AT~WindowsComponents~TS_GP_NODE~TS_TERMINAL_SERVER~TS_SECURITY TS_RPC_ENCRYPTION LastWrite RemoteManagement AllowBasicAuthentication_Client text/plain phone WindowsRemoteManagement.admx WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMClient AllowBasic_2 LastWrite AllowBasicAuthentication_Service text/plain phone WindowsRemoteManagement.admx WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMService AllowBasic_1 LastWrite AllowCredSSPAuthenticationClient text/plain phone WindowsRemoteManagement.admx WindowsRemoteManagement~AT~WindowsComponents~WinRMClient AllowCredSSP_2 LastWrite AllowCredSSPAuthenticationService text/plain phone WindowsRemoteManagement.admx WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMService AllowCredSSP_1 LastWrite AllowRemoteServerManagement text/plain phone WindowsRemoteManagement.admx WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMService AllowAutoConfig LastWrite AllowUnencryptedTraffic_Client text/plain phone WindowsRemoteManagement.admx WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMClient AllowUnencrypted_2 LastWrite AllowUnencryptedTraffic_Service text/plain phone WindowsRemoteManagement.admx WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMService AllowUnencrypted_1 LastWrite DisallowDigestAuthentication text/plain phone WindowsRemoteManagement.admx WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMClient DisallowDigest LastWrite DisallowNegotiateAuthenticationClient text/plain phone WindowsRemoteManagement.admx WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMClient DisallowNegotiate_2 LastWrite DisallowNegotiateAuthenticationService text/plain phone WindowsRemoteManagement.admx WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMService DisallowNegotiate_1 LastWrite DisallowStoringOfRunAsCredentials text/plain phone WindowsRemoteManagement.admx WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMService DisableRunAs LastWrite SpecifyChannelBindingTokenHardeningLevel text/plain phone WindowsRemoteManagement.admx WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMService CBTHardeningLevel_1 LastWrite TrustedHosts text/plain phone WindowsRemoteManagement.admx WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMClient TrustedHosts LastWrite TurnOnCompatibilityHTTPListener text/plain phone WindowsRemoteManagement.admx WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMService HttpCompatibilityListener LastWrite TurnOnCompatibilityHTTPSListener text/plain phone WindowsRemoteManagement.admx WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMService HttpsCompatibilityListener LastWrite RemoteProcedureCall RestrictUnauthenticatedRPCClients text/plain phone rpc.admx RPC~AT~System~Rpc RpcRestrictRemoteClients LastWrite RPCEndpointMapperClientAuthentication text/plain phone rpc.admx RPC~AT~System~Rpc RpcEnableAuthEpResolution LastWrite RemoteShell AllowRemoteShellAccess text/plain phone WindowsRemoteShell.admx WindowsRemoteShell~AT~WindowsComponents~WinRS AllowRemoteShellAccess LastWrite MaxConcurrentUsers text/plain phone WindowsRemoteShell.admx WindowsRemoteShell~AT~WindowsComponents~WinRS MaxConcurrentUsers LastWrite SpecifyIdleTimeout text/plain phone WindowsRemoteShell.admx WindowsRemoteShell~AT~WindowsComponents~WinRS IdleTimeout LastWrite SpecifyMaxMemory text/plain phone WindowsRemoteShell.admx WindowsRemoteShell~AT~WindowsComponents~WinRS MaxMemoryPerShellMB LastWrite SpecifyMaxProcesses text/plain phone WindowsRemoteShell.admx WindowsRemoteShell~AT~WindowsComponents~WinRS MaxProcessesPerShell LastWrite SpecifyMaxRemoteShells text/plain phone WindowsRemoteShell.admx WindowsRemoteShell~AT~WindowsComponents~WinRS MaxShellsPerUser LastWrite SpecifyShellTimeout text/plain phone WindowsRemoteShell.admx WindowsRemoteShell~AT~WindowsComponents~WinRS ShellTimeOut LastWrite Search AllowCloudSearch 2 text/plain LowestValueMostSecure AllowIndexingEncryptedStoresOrItems 0 text/plain LowestValueMostSecure AllowSearchToUseLocation 1 text/plain LowestValueMostSecure AllowStoringImagesFromVisionSearch 1 text/plain LowestValueMostSecure AllowUsingDiacritics 0 text/plain HighestValueMostSecure AllowWindowsIndexer 3 text/plain LowestValueMostSecure AlwaysUseAutoLangDetection 0 text/plain HighestValueMostSecure DisableBackoff 0 text/plain HighestValueMostSecure DisableRemovableDriveIndexing 0 text/plain HighestValueMostSecure PreventIndexingLowDiskSpaceMB 1 text/plain HighestValueMostSecure PreventRemoteQueries 1 text/plain HighestValueMostSecure SafeSearchPermissions 1 text/plain desktop HighestValueMostSecure Security AllowAddProvisioningPackage 1 text/plain LowestValueMostSecure AllowManualRootCertificateInstallation 1 text/plain desktop LowestValueMostSecure AllowRemoveProvisioningPackage 1 text/plain LowestValueMostSecure AntiTheftMode 1 text/plain desktop LowestValueMostSecure ClearTPMIfNotReady 0 text/plain phone HighestValueMostSecure PreventAutomaticDeviceEncryptionForAzureADJoinedDevices 0 text/plain LastWrite RequireDeviceEncryption 0 text/plain HighestValueMostSecure RequireProvisioningPackageSignature 0 text/plain HighestValueMostSecure RequireRetrieveHealthCertificateOnBoot 0 text/plain HighestValueMostSecure Settings AllowAutoPlay 1 text/plain phone LowestValueMostSecure AllowDataSense 1 text/plain LowestValueMostSecure AllowDateTime 1 text/plain LowestValueMostSecure AllowEditDeviceName 1 text/plain LowestValueMostSecure AllowLanguage 1 text/plain phone LowestValueMostSecure AllowOnlineTips 1 text/plain LowestValueMostSecure AllowPowerSleep 1 text/plain phone LowestValueMostSecure AllowRegion 1 text/plain phone LowestValueMostSecure AllowSignInOptions 1 text/plain phone LowestValueMostSecure AllowVPN 1 text/plain LowestValueMostSecure AllowWorkplace 1 text/plain phone LowestValueMostSecure AllowYourAccount 1 text/plain LowestValueMostSecure PageVisibilityList text/plain LastWrite SmartScreen EnableAppInstallControl 0 text/plain phone HighestValueMostSecure EnableSmartScreenInShell 1 text/plain phone HighestValueMostSecure PreventOverrideForFilesInShell 0 text/plain phone HighestValueMostSecure Speech AllowSpeechModelUpdate 1 text/plain LowestValueMostSecure Start AllowPinnedFolderDocuments This policy controls the visibility of the Documents shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user. 65535 text/plain phone LowestValueMostSecure AllowPinnedFolderDownloads This policy controls the visibility of the Downloads shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user. 65535 text/plain phone LowestValueMostSecure AllowPinnedFolderFileExplorer This policy controls the visibility of the File Explorer shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user. 65535 text/plain phone LowestValueMostSecure AllowPinnedFolderHomeGroup This policy controls the visibility of the HomeGroup shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user. 65535 text/plain phone LowestValueMostSecure AllowPinnedFolderMusic This policy controls the visibility of the Music shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user. 65535 text/plain phone LowestValueMostSecure AllowPinnedFolderNetwork This policy controls the visibility of the Network shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user. 65535 text/plain phone LowestValueMostSecure AllowPinnedFolderPersonalFolder This policy controls the visibility of the PersonalFolder shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user. 65535 text/plain phone LowestValueMostSecure AllowPinnedFolderPictures This policy controls the visibility of the Pictures shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user. 65535 text/plain phone LowestValueMostSecure AllowPinnedFolderSettings This policy controls the visibility of the Settings shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user. 65535 text/plain phone LowestValueMostSecure AllowPinnedFolderVideos This policy controls the visibility of the Videos shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user. 65535 text/plain phone LowestValueMostSecure ForceStartSize 0 text/plain phone LastWrite HideAppList Setting the value of this policy to 1 or 2 collapses the app list. Setting the value of this policy to 3 removes the app list entirely. Setting the value of this policy to 2 or 3 disables the corresponding toggle in the Settings app. 0 text/plain phone LastWrite HideChangeAccountSettings Enabling this policy hides "Change account settings" from appearing in the user tile in the start menu. 0 text/plain LowestValueMostSecure HideFrequentlyUsedApps Enabling this policy hides the most used apps from appearing on the start menu and disables the corresponding toggle in the Settings app. 0 text/plain phone LowestValueMostSecure HideHibernate Enabling this policy hides "Hibernate" from appearing in the power button in the start menu. 0 text/plain LowestValueMostSecure HideLock Enabling this policy hides "Lock" from appearing in the user tile in the start menu. 0 text/plain LowestValueMostSecure HidePowerButton Enabling this policy hides the power button from appearing in the start menu. 0 text/plain LowestValueMostSecure HideRecentJumplists Enabling this policy hides recent jumplists from appearing on the start menu/taskbar and disables the corresponding toggle in the Settings app. 0 text/plain phone LowestValueMostSecure HideRecentlyAddedApps Enabling this policy hides recently added apps from appearing on the start menu and disables the corresponding toggle in the Settings app. 0 text/plain phone LowestValueMostSecure HideRestart Enabling this policy hides "Restart/Update and restart" from appearing in the power button in the start menu. 0 text/plain LowestValueMostSecure HideShutDown Enabling this policy hides "Shut down/Update and shut down" from appearing in the power button in the start menu. 0 text/plain LowestValueMostSecure HideSignOut Enabling this policy hides "Sign out" from appearing in the user tile in the start menu. 0 text/plain LowestValueMostSecure HideSleep Enabling this policy hides "Sleep" from appearing in the power button in the start menu. 0 text/plain LowestValueMostSecure HideSwitchAccount Enabling this policy hides "Switch account" from appearing in the user tile in the start menu. 0 text/plain LowestValueMostSecure HideUserTile Enabling this policy hides the user tile from appearing in the start menu. 0 text/plain LowestValueMostSecure ImportEdgeAssets This policy setting allows you to import Edge assets to be used with StartLayout policy. Start layout can contain secondary tile from Edge app which looks for Edge local asset file. Edge local asset would not exist and cause Edge secondary tile to appear empty in this case. This policy only gets applied when StartLayout policy is modified. text/plain phone LastWrite NoPinningToTaskbar This policy setting allows you to control pinning programs to the Taskbar. If you enable this policy setting, users cannot change the programs currently pinned to the Taskbar. If any programs are already pinned to the Taskbar, these programs continue to show in the Taskbar. However, users cannot unpin these programs already pinned to the Taskbar, and they cannot pin new programs to the Taskbar. If you disable or do not configure this policy setting, users can change the programs currently pinned to the Taskbar. 0 text/plain phone HighestValueMostSecure StartLayout text/plain phone LastWrite Storage AllowDiskHealthModelUpdates 1 text/plain phone LastWrite EnhancedStorageDevices text/plain phone enhancedstorage.admx EnhancedStorage~AT~System~EnStorDeviceAccess TCGSecurityActivationDisabled LastWrite System AllowBuildPreview 2 text/plain LowestValueMostSecure AllowEmbeddedMode 0 text/plain LowestValueMostSecure AllowExperimentation 1 text/plain LowestValueMostSecure AllowFontProviders 1 text/plain LowestValueMostSecure AllowLocation 1 text/plain LowestValueMostSecure AllowStorageCard 1 text/plain LowestValueMostSecure AllowTelemetry 3 text/plain LowestValueMostSecure AllowUserToResetPhone 1 text/plain LowestValueMostSecure BootStartDriverInitialization text/plain phone earlylauncham.admx EarlyLaunchAM~AT~System~ELAMCategory POL_DriverLoadPolicy_Name LastWrite DisableEnterpriseAuthProxy This policy setting blocks the Connected User Experience and Telemetry service from automatically using an authenticated proxy to send data back to Microsoft on Windows 10. If you disable or do not configure this policy setting, the Connected User Experience and Telemetry service will automatically use an authenticated proxy to send data back to Microsoft. Enabling this policy will block the Connected User Experience and Telemetry service from automatically using an authenticated proxy. 0 text/plain LastWrite DisableOneDriveFileSync This policy setting lets you prevent apps and features from working with files on OneDrive. If you enable this policy setting: users can’t access OneDrive from the OneDrive app and file picker; Windows Store apps can’t access OneDrive using the WinRT API; OneDrive doesn’t appear in the navigation pane in File Explorer; OneDrive files aren’t kept in sync with the cloud; Users can’t automatically upload photos and videos from the camera roll folder. If you disable or do not configure this policy setting, apps and features can work with OneDrive file storage. 0 text/plain HighestValueMostSecure DisableSystemRestore text/plain phone systemrestore.admx SystemRestore~AT~System~SR SR_DisableSR LastWrite FeedbackHubAlwaysSaveDiagnosticsLocally Diagnostic files created when a feedback is filed in the Feedback Hub app will always be saved locally. If this policy is not present or set to false, users will be presented with the option to save locally. The default is to not save locally. 0 text/plain LastWrite LimitEnhancedDiagnosticDataWindowsAnalytics This policy setting, in combination with the Allow Telemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. To enable this behavior you must complete two steps: 1. Enable this policy setting 2. Set Allow Telemetry to level 2 (Enhanced) When you configure these policy settings, a Basic level of diagnostic data plus additional events that are required for Windows Analytics are sent to Microsoft. These events are documented here: https://go.microsoft.com/fwlink/?linkid=847594. Enabling Enhanced diagnostic data in the Allow Telemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus additional Enhanced level telemetry data. This setting has no effect on computers configured to send Full, Basic or Security level diagnostic data to Microsoft. If you disable or do not configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the Allow Telemetry policy. 0 text/plain LowestValueMostSecure TelemetryProxy text/plain LastWrite TextInput AllowIMELogging 1 text/plain phone LowestValueMostSecure AllowIMENetworkAccess 1 text/plain phone LowestValueMostSecure AllowInputPanel 1 text/plain phone LowestValueMostSecure AllowJapaneseIMESurrogatePairCharacters 1 text/plain phone HighestValueMostSecure AllowJapaneseIVSCharacters 1 text/plain phone LowestValueMostSecure AllowJapaneseNonPublishingStandardGlyph 1 text/plain phone LowestValueMostSecure AllowJapaneseUserDictionary 1 text/plain phone LowestValueMostSecure AllowKeyboardTextSuggestions 1 text/plain LowestValueMostSecure AllowLanguageFeaturesUninstall 1 text/plain phone LowestValueMostSecure ExcludeJapaneseIMEExceptJIS0208 0 text/plain HighestValueMostSecure ExcludeJapaneseIMEExceptJIS0208andEUDC 0 text/plain phone HighestValueMostSecure ExcludeJapaneseIMEExceptShiftJIS 0 text/plain phone HighestValueMostSecure TimeLanguageSettings AllowSet24HourClock 0 text/plain desktop LowestValueMostSecure Update ActiveHoursEnd 17 text/plain LastWrite ActiveHoursMaxRange 18 text/plain LastWrite ActiveHoursStart 8 text/plain LastWrite AllowAutoUpdate 2 text/plain LowestValueMostSecure AllowAutoWindowsUpdateDownloadOverMeteredNetwork 0 text/plain LastWrite AllowMUUpdateService 0 text/plain phone LowestValueMostSecure AllowNonMicrosoftSignedUpdate 1 text/plain LowestValueMostSecure AllowUpdateService 1 text/plain LowestValueMostSecure AutoRestartDeadlinePeriodInDays 7 text/plain LastWrite AutoRestartNotificationSchedule 15 text/plain LastWrite AutoRestartRequiredNotificationDismissal 1 text/plain LastWrite BranchReadinessLevel 16 text/plain LastWrite DeferFeatureUpdatesPeriodInDays 0 text/plain LastWrite DeferQualityUpdatesPeriodInDays 0 text/plain LastWrite DeferUpdatePeriod 0 text/plain LastWrite DeferUpgradePeriod 0 text/plain LastWrite DetectionFrequency 22 text/plain LastWrite DisableDualScan Do not allow update deferral policies to cause scans against Windows Update 0 text/plain LastWrite EngagedRestartDeadline 14 text/plain LastWrite EngagedRestartSnoozeSchedule 3 text/plain LastWrite EngagedRestartTransitionSchedule 7 text/plain LastWrite ExcludeWUDriversInQualityUpdate 0 text/plain LastWrite FillEmptyContentUrls 0 text/plain LastWrite IgnoreMOAppDownloadLimit 0 text/plain LowestValueMostSecure IgnoreMOUpdateDownloadLimit 0 text/plain LowestValueMostSecure ManagePreviewBuilds 3 text/plain LastWrite PauseDeferrals 0 text/plain LastWrite PauseFeatureUpdates 0 text/plain LastWrite PauseFeatureUpdatesStartTime text/plain LastWrite PauseQualityUpdates 0 text/plain LastWrite PauseQualityUpdatesStartTime text/plain LastWrite PhoneUpdateRestrictions 4 text/plain LowestValueMostSecure RequireDeferUpgrade 0 text/plain LastWrite RequireUpdateApproval 0 text/plain HighestValueMostSecure ScheduledInstallDay 0 text/plain LowestValueMostSecure ScheduledInstallEveryWeek 1 text/plain LowestValueMostSecure ScheduledInstallFirstWeek 0 text/plain LowestValueMostSecure ScheduledInstallFourthWeek 0 text/plain LowestValueMostSecure ScheduledInstallSecondWeek 0 text/plain LowestValueMostSecure ScheduledInstallThirdWeek 0 text/plain LowestValueMostSecure ScheduledInstallTime 3 text/plain LowestValueMostSecure ScheduleImminentRestartWarning 15 text/plain LastWrite ScheduleRestartWarning 4 text/plain LastWrite SetAutoRestartNotificationDisable 0 text/plain LastWrite SetEDURestart 0 text/plain LastWrite UpdateServiceUrl CorpWSUS text/plain LastWrite UpdateServiceUrlAlternate text/plain phone LastWrite Wifi AllowAutoConnectToWiFiSenseHotspots 1 text/plain LowestValueMostSecure AllowInternetSharing 1 text/plain LowestValueMostSecure AllowManualWiFiConfiguration 1 text/plain LowestValueMostSecure AllowWiFi 1 text/plain LowestValueMostSecure AllowWiFiDirect 1 text/plain LowestValueMostSecure WLANScanMode 0 text/plain HighestValueMostSecureZeroHasNoLimits WindowsDefenderSecurityCenter CompanyName text/plain phone LastWrite DisableAppBrowserUI 0 text/plain phone LastWrite DisableEnhancedNotifications 0 text/plain phone LastWrite DisableFamilyUI 0 text/plain phone LastWrite DisableHealthUI 0 text/plain phone LastWrite DisableNetworkUI 0 text/plain phone LastWrite DisableNotifications 0 text/plain phone LastWrite DisableVirusUI 0 text/plain phone LastWrite DisallowExploitProtectionOverride 0 text/plain phone LastWrite Email text/plain phone LastWrite EnableCustomizedToasts 0 text/plain phone LastWrite EnableInAppCustomization 0 text/plain phone LastWrite Phone text/plain phone LastWrite URL text/plain phone LastWrite WindowsInkWorkspace AllowSuggestedAppsInWindowsInkWorkspace 1 text/plain phone LowestValueMostSecure AllowWindowsInkWorkspace 2 text/plain phone LowestValueMostSecure WindowsLogon DisableLockScreenAppNotifications text/plain phone logon.admx Logon~AT~System~Logon DisableLockScreenAppNotifications LastWrite DontDisplayNetworkSelectionUI text/plain phone logon.admx Logon~AT~System~Logon DontDisplayNetworkSelectionUI LastWrite HideFastUserSwitching This policy setting allows you to hide the Switch User interface in the Logon UI, the Start menu and the Task Manager. If you enable this policy setting, the Switch User interface is hidden from the user who is attempting to log on or is logged on to the computer that has this policy applied. The locations that Switch User interface appear are in the Logon UI, the Start menu and the Task Manager. If you disable or do not configure this policy setting, the Switch User interface is accessible to the user in the three locations. 0 text/plain HighestValueMostSecure WirelessDisplay AllowMdnsAdvertisement This policy setting allows you to turn off the Wireless Display multicast DNS service advertisement from a Wireless Display receiver. 1 text/plain LowestValueMostSecure AllowMdnsDiscovery This policy setting allows you to turn off discovering the display service advertised over multicast DNS by a Wireless Display receiver. 1 text/plain LowestValueMostSecure AllowProjectionFromPC This policy allows you to turn off projection from a PC. If you set it to 0, your PC cannot discover or project to other devices. If you set it to 1, your PC can discover and project to other devices. 1 text/plain LowestValueMostSecure AllowProjectionFromPCOverInfrastructure This policy allows you to turn off projection from a PC over infrastructure. If you set it to 0, your PC cannot discover or project to other infrastructure devices, though it may still be possible to discover and project over WiFi Direct. If you set it to 1, your PC can discover and project to other devices over infrastructure. 1 text/plain LowestValueMostSecure AllowProjectionToPC This policy setting allows you to turn off projection to a PC If you set it to 0, your PC isn't discoverable and can't be projected to If you set it to 1, your PC is discoverable and can be projected to above the lock screen only. The user has an option to turn it always on or off except for manual launch, too. 1 text/plain phone LowestValueMostSecure AllowProjectionToPCOverInfrastructure This policy setting allows you to turn off projection to a PC over infrastructure. If you set it to 0, your PC cannot be discoverable and can't be projected to over infrastructure, though it may still be possible to project over WiFi Direct. If you set it to 1, your PC can be discoverable and can be projected to over infrastructure. 1 text/plain LowestValueMostSecure AllowUserInputFromWirelessDisplayReceiver 1 text/plain LowestValueMostSecure RequirePinForPairing This policy setting allows you to require a pin for pairing. If you turn this on, the pairing ceremony for new devices will always require a PIN If you turn it off or don't configure it, a pin isn't required for pairing. 0 text/plain LowestValueMostSecure ```