--- title: Policy DDF file description: Policy DDF file ms.assetid: D90791B5-A772-4AF8-B058-5D566865AF8D ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower ms.date: 06/30/2017 --- # Policy DDF file > [!WARNING] > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. This topic shows the OMA DM device description framework (DDF) for the **Policy** configuration service provider. DDF files are used only with OMA DM provisioning XML. You can download the DDF files from the links below: - [Download the Policy DDF file for Windows 10, version 1703](http://download.microsoft.com/download/7/2/C/72C36C37-20F9-41BF-8E23-721F6FFC253E/PolicyDDF_all.xml) - [Download the Policy DDF file for Windows 10, version 1607](http://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607.xml) - [Download all the DDF files for Windows 10, version 1607](http://download.microsoft.com/download/2/3/E/23E27D6B-6E23-4833-B143-915EDA3BDD44/Windows10_1607_DDF.zip) The XML below is the DDF for Windows 10, version 1709. ``` syntax ]> 1.2 Policy ./User/Vendor/MSFT com.microsoft/5.0/MDM/Policy Config ApplicationManagement RequirePrivateStoreOnly text/plain AttachmentManager DoNotPreserveZoneInformation text/plain HideZoneInfoMechanism text/plain NotifyAntivirusPrograms text/plain Authentication AllowEAPCertSSO text/plain Autoplay DisallowAutoplayForNonVolumeDevices text/plain SetDefaultAutoRunBehavior text/plain TurnOffAutoPlay text/plain CredentialsUI DisablePasswordReveal text/plain Desktop PreventUserRedirectionOfProfileFolders text/plain Education AllowUserPrinterInstallation Boolean that specifies whether or not to allow user to install new printers text/plain DefaultPrinterName This policy sets user's default printer text/plain PrinterNames This policy provisions per-user network printers text/plain EnterpriseCloudPrint CloudPrinterDiscoveryEndPoint This policy provisions per-user discovery end point to discover cloud printers text/plain CloudPrintOAuthAuthority Authentication endpoint for acquiring OAuth tokens text/plain CloudPrintOAuthClientId A GUID identifying the client application authorized to retrieve OAuth tokens from the OAuthAuthority text/plain CloudPrintResourceId Resource URI for which access is being requested by the Enterprise Cloud Print client during OAuth authentication text/plain DiscoveryMaxPrinterLimit Defines the maximum number of printers that should be queried from discovery end point text/plain MopriaDiscoveryResourceId Resource URI for which access is being requested by the Mopria discovery client during OAuth authentication text/plain Experience AllowTailoredExperiencesWithDiagnosticData text/plain AllowThirdPartySuggestionsInWindowsSpotlight text/plain AllowWindowsConsumerFeatures text/plain AllowWindowsSpotlight text/plain AllowWindowsSpotlightOnActionCenter text/plain AllowWindowsSpotlightWindowsWelcomeExperience text/plain ConfigureWindowsSpotlightOnLockScreen text/plain InternetExplorer AddSearchProvider text/plain AllowActiveXFiltering text/plain AllowAddOnList text/plain AllowAutoComplete text/plain AllowCertificateAddressMismatchWarning text/plain AllowDeletingBrowsingHistoryOnExit text/plain AllowEnhancedProtectedMode text/plain AllowEnterpriseModeFromToolsMenu text/plain AllowEnterpriseModeSiteList text/plain AllowInternetExplorer7PolicyList text/plain AllowInternetExplorerStandardsMode text/plain AllowInternetZoneTemplate text/plain AllowIntranetZoneTemplate text/plain AllowLocalMachineZoneTemplate text/plain AllowLockedDownInternetZoneTemplate text/plain AllowLockedDownIntranetZoneTemplate text/plain AllowLockedDownLocalMachineZoneTemplate text/plain AllowLockedDownRestrictedSitesZoneTemplate text/plain AllowOneWordEntry text/plain AllowSiteToZoneAssignmentList text/plain AllowsLockedDownTrustedSitesZoneTemplate text/plain AllowSoftwareWhenSignatureIsInvalid text/plain AllowsRestrictedSitesZoneTemplate text/plain AllowSuggestedSites text/plain AllowTrustedSitesZoneTemplate text/plain CheckServerCertificateRevocation text/plain CheckSignaturesOnDownloadedPrograms text/plain ConsistentMimeHandlingInternetExplorerProcesses text/plain DisableAdobeFlash text/plain DisableBlockingOfOutdatedActiveXControls text/plain DisableBypassOfSmartScreenWarnings text/plain DisableBypassOfSmartScreenWarningsAboutUncommonFiles text/plain DisableConfiguringHistory text/plain DisableCrashDetection text/plain DisableCustomerExperienceImprovementProgramParticipation text/plain DisableDeletingUserVisitedWebsites text/plain DisableEnclosureDownloading text/plain DisableEncryptionSupport text/plain DisableFirstRunWizard text/plain DisableFlipAheadFeature text/plain DisableHomePageChange text/plain DisableIgnoringCertificateErrors text/plain DisableInPrivateBrowsing text/plain DisableProcessesInEnhancedProtectedMode text/plain DisableProxyChange text/plain DisableSearchProviderChange text/plain DisableSecondaryHomePageChange text/plain DisableSecuritySettingsCheck text/plain DoNotAllowActiveXControlsInProtectedMode text/plain DoNotBlockOutdatedActiveXControls text/plain DoNotBlockOutdatedActiveXControlsOnSpecificDomains text/plain IncludeAllLocalSites text/plain IncludeAllNetworkPaths text/plain InternetZoneAllowAccessToDataSources text/plain InternetZoneAllowAutomaticPromptingForActiveXControls text/plain InternetZoneAllowAutomaticPromptingForFileDownloads text/plain InternetZoneAllowCopyPasteViaScript text/plain InternetZoneAllowDragAndDropCopyAndPasteFiles text/plain InternetZoneAllowFontDownloads text/plain InternetZoneAllowLessPrivilegedSites text/plain InternetZoneAllowLoadingOfXAMLFilesWRONG text/plain InternetZoneAllowNETFrameworkReliantComponents text/plain InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls text/plain InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl text/plain InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls text/plain InternetZoneAllowScriptInitiatedWindows text/plain InternetZoneAllowScriptlets text/plain InternetZoneAllowSmartScreenIE text/plain InternetZoneAllowUpdatesToStatusBarViaScript text/plain InternetZoneAllowUserDataPersistence text/plain InternetZoneDoNotRunAntimalwareAgainstActiveXControlsWRONG1 text/plain InternetZoneDoNotRunAntimalwareAgainstActiveXControlsWRONG2 text/plain InternetZoneDownloadSignedActiveXControls text/plain InternetZoneDownloadUnsignedActiveXControls text/plain InternetZoneEnableCrossSiteScriptingFilter text/plain InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows text/plain InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows text/plain InternetZoneEnableMIMESniffing text/plain InternetZoneEnableProtectedMode text/plain InternetZoneIncludeLocalPathWhenUploadingFilesToServer text/plain InternetZoneInitializeAndScriptActiveXControls text/plain InternetZoneInitializeAndScriptActiveXControlsNotMarkedSafe text/plain InternetZoneJavaPermissionsWRONG1 text/plain InternetZoneJavaPermissionsWRONG2 text/plain InternetZoneLaunchingApplicationsAndFilesInIFRAME text/plain InternetZoneLogonOptions text/plain InternetZoneNavigateWindowsAndFrames text/plain InternetZoneRunNETFrameworkReliantComponentsNotSignedWithAuthenticode text/plain InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode text/plain InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles text/plain InternetZoneUsePopupBlocker text/plain InternetZoneWebsitesInLessPrivilegedZonesCanNavigateIntoThisZone text/plain IntranetZoneAllowAccessToDataSources text/plain IntranetZoneAllowAutomaticPromptingForActiveXControls text/plain IntranetZoneAllowAutomaticPromptingForFileDownloads text/plain IntranetZoneAllowFontDownloads text/plain IntranetZoneAllowLessPrivilegedSites text/plain IntranetZoneAllowNETFrameworkReliantComponents text/plain IntranetZoneAllowScriptlets text/plain IntranetZoneAllowSmartScreenIE text/plain IntranetZoneAllowUserDataPersistence text/plain IntranetZoneInitializeAndScriptActiveXControls text/plain IntranetZoneNavigateWindowsAndFrames text/plain LocalMachineZoneAllowAccessToDataSources text/plain LocalMachineZoneAllowAutomaticPromptingForActiveXControls text/plain LocalMachineZoneAllowAutomaticPromptingForFileDownloads text/plain LocalMachineZoneAllowFontDownloads text/plain LocalMachineZoneAllowLessPrivilegedSites text/plain LocalMachineZoneAllowNETFrameworkReliantComponents text/plain LocalMachineZoneAllowScriptlets text/plain LocalMachineZoneAllowSmartScreenIE text/plain LocalMachineZoneAllowUserDataPersistence text/plain LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls text/plain LocalMachineZoneInitializeAndScriptActiveXControls text/plain LocalMachineZoneJavaPermissions text/plain LocalMachineZoneNavigateWindowsAndFrames text/plain LockedDownInternetZoneAllowAccessToDataSources text/plain LockedDownInternetZoneAllowAutomaticPromptingForActiveXControls text/plain LockedDownInternetZoneAllowAutomaticPromptingForFileDownloads text/plain LockedDownInternetZoneAllowFontDownloads text/plain LockedDownInternetZoneAllowLessPrivilegedSites text/plain LockedDownInternetZoneAllowNETFrameworkReliantComponents text/plain LockedDownInternetZoneAllowScriptlets text/plain LockedDownInternetZoneAllowSmartScreenIE text/plain LockedDownInternetZoneAllowUserDataPersistence text/plain LockedDownInternetZoneInitializeAndScriptActiveXControls text/plain LockedDownInternetZoneJavaPermissions text/plain LockedDownInternetZoneNavigateWindowsAndFrames text/plain LockedDownIntranetZoneAllowAccessToDataSources text/plain LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls text/plain LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloads text/plain LockedDownIntranetZoneAllowFontDownloads text/plain LockedDownIntranetZoneAllowLessPrivilegedSites text/plain LockedDownIntranetZoneAllowNETFrameworkReliantComponents text/plain LockedDownIntranetZoneAllowScriptlets text/plain LockedDownIntranetZoneAllowSmartScreenIE text/plain LockedDownIntranetZoneAllowUserDataPersistence text/plain LockedDownIntranetZoneInitializeAndScriptActiveXControls text/plain LockedDownIntranetZoneNavigateWindowsAndFrames text/plain LockedDownLocalMachineZoneAllowAccessToDataSources text/plain LockedDownLocalMachineZoneAllowAutomaticPromptingForActiveXControls text/plain LockedDownLocalMachineZoneAllowAutomaticPromptingForFileDownloads text/plain LockedDownLocalMachineZoneAllowFontDownloads text/plain LockedDownLocalMachineZoneAllowLessPrivilegedSites text/plain LockedDownLocalMachineZoneAllowNETFrameworkReliantComponents text/plain LockedDownLocalMachineZoneAllowScriptlets text/plain LockedDownLocalMachineZoneAllowSmartScreenIE text/plain LockedDownLocalMachineZoneAllowUserDataPersistence text/plain LockedDownLocalMachineZoneInitializeAndScriptActiveXControls text/plain LockedDownLocalMachineZoneJavaPermissions text/plain LockedDownLocalMachineZoneNavigateWindowsAndFrames text/plain LockedDownRestrictedSitesZoneAllowAccessToDataSources text/plain LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControls text/plain LockedDownRestrictedSitesZoneAllowAutomaticPromptingForFileDownloads text/plain LockedDownRestrictedSitesZoneAllowFontDownloads text/plain LockedDownRestrictedSitesZoneAllowLessPrivilegedSites text/plain LockedDownRestrictedSitesZoneAllowNETFrameworkReliantComponents text/plain LockedDownRestrictedSitesZoneAllowScriptlets text/plain LockedDownRestrictedSitesZoneAllowSmartScreenIE text/plain LockedDownRestrictedSitesZoneAllowUserDataPersistence text/plain LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls text/plain LockedDownRestrictedSitesZoneJavaPermissions text/plain LockedDownRestrictedSitesZoneNavigateWindowsAndFrames text/plain LockedDownTrustedSitesZoneAllowAccessToDataSources text/plain LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControls text/plain LockedDownTrustedSitesZoneAllowAutomaticPromptingForFileDownloads text/plain LockedDownTrustedSitesZoneAllowFontDownloads text/plain LockedDownTrustedSitesZoneAllowLessPrivilegedSites text/plain LockedDownTrustedSitesZoneAllowNETFrameworkReliantComponents text/plain LockedDownTrustedSitesZoneAllowScriptlets text/plain LockedDownTrustedSitesZoneAllowSmartScreenIE text/plain LockedDownTrustedSitesZoneAllowUserDataPersistence text/plain LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls text/plain LockedDownTrustedSitesZoneJavaPermissions text/plain LockedDownTrustedSitesZoneNavigateWindowsAndFrames text/plain MimeSniffingSafetyFeatureInternetExplorerProcesses text/plain MKProtocolSecurityRestrictionInternetExplorerProcesses text/plain NotificationBarInternetExplorerProcesses text/plain PreventManagingSmartScreenFilter text/plain PreventPerUserInstallationOfActiveXControls text/plain ProtectionFromZoneElevationInternetExplorerProcesses text/plain RemoveRunThisTimeButtonForOutdatedActiveXControls text/plain RestrictActiveXInstallInternetExplorerProcesses text/plain RestrictedSitesZoneAllowAccessToDataSources text/plain RestrictedSitesZoneAllowActiveScripting text/plain RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls text/plain RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads text/plain RestrictedSitesZoneAllowBinaryAndScriptBehaviors text/plain RestrictedSitesZoneAllowCopyPasteViaScript text/plain RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles text/plain RestrictedSitesZoneAllowFileDownloads text/plain RestrictedSitesZoneAllowFontDownloadsWRONG1 text/plain RestrictedSitesZoneAllowFontDownloadsWRONG2 text/plain RestrictedSitesZoneAllowLessPrivilegedSites text/plain RestrictedSitesZoneAllowLoadingOfXAMLFiles text/plain RestrictedSitesZoneAllowMETAREFRESH text/plain RestrictedSitesZoneAllowNETFrameworkReliantComponents text/plain RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls text/plain RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl text/plain RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls text/plain RestrictedSitesZoneAllowScriptInitiatedWindows text/plain RestrictedSitesZoneAllowScriptlets text/plain RestrictedSitesZoneAllowSmartScreenIE text/plain RestrictedSitesZoneAllowUpdatesToStatusBarViaScript text/plain RestrictedSitesZoneAllowUserDataPersistence text/plain RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls text/plain RestrictedSitesZoneDownloadSignedActiveXControls text/plain RestrictedSitesZoneDownloadUnsignedActiveXControls text/plain RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows text/plain RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows text/plain RestrictedSitesZoneEnableMIMESniffing text/plain RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer text/plain RestrictedSitesZoneInitializeAndScriptActiveXControls text/plain RestrictedSitesZoneJavaPermissions text/plain RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME text/plain RestrictedSitesZoneLogonOptions text/plain RestrictedSitesZoneNavigateWindowsAndFrames text/plain RestrictedSitesZoneNavigateWindowsAndFramesAcrossDomains text/plain RestrictedSitesZoneRunActiveXControlsAndPlugins text/plain RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode text/plain RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting text/plain RestrictedSitesZoneWRONG text/plain RestrictedSitesZoneWRONG2 text/plain RestrictedSitesZoneWRONG3 text/plain RestrictedSitesZoneWRONG4 text/plain RestrictedSitesZoneWRONG5 text/plain RestrictFileDownloadInternetExplorerProcesses text/plain ScriptedWindowSecurityRestrictionsInternetExplorerProcesses text/plain SearchProviderList text/plain SpecifyUseOfActiveXInstallerService text/plain TrustedSitesZoneAllowAccessToDataSources text/plain TrustedSitesZoneAllowAutomaticPromptingForActiveXControls text/plain TrustedSitesZoneAllowAutomaticPromptingForFileDownloads text/plain TrustedSitesZoneAllowFontDownloads text/plain TrustedSitesZoneAllowLessPrivilegedSites text/plain TrustedSitesZoneAllowNETFrameworkReliantComponents text/plain TrustedSitesZoneAllowScriptlets text/plain TrustedSitesZoneAllowSmartScreenIE text/plain TrustedSitesZoneAllowUserDataPersistence text/plain TrustedSitesZoneInitializeAndScriptActiveXControls text/plain TrustedSitesZoneJavaPermissions text/plain TrustedSitesZoneNavigateWindowsAndFrames text/plain TrustedSitesZoneWRONG1 text/plain TrustedSitesZoneWRONG2 text/plain Notifications DisallowNotificationMirroring text/plain Printers PointAndPrintRestrictions_User text/plain Settings ConfigureTaskbarCalendar text/plain Start StartLayout text/plain System AllowTelemetry text/plain Result ApplicationManagement RequirePrivateStoreOnly 0 text/plain AttachmentManager DoNotPreserveZoneInformation text/plain phone AttachmentManager.admx AttachmentManager~AT~WindowsComponents~AM_AM AM_MarkZoneOnSavedAtttachments HideZoneInfoMechanism text/plain phone AttachmentManager.admx AttachmentManager~AT~WindowsComponents~AM_AM AM_RemoveZoneInfo NotifyAntivirusPrograms text/plain phone AttachmentManager.admx AttachmentManager~AT~WindowsComponents~AM_AM AM_CallIOfficeAntiVirus Authentication AllowEAPCertSSO 0 text/plain Autoplay DisallowAutoplayForNonVolumeDevices text/plain phone AutoPlay.admx AutoPlay~AT~WindowsComponents~AutoPlay NoAutoplayfornonVolume SetDefaultAutoRunBehavior text/plain phone AutoPlay.admx AutoPlay~AT~WindowsComponents~AutoPlay NoAutorun TurnOffAutoPlay text/plain phone AutoPlay.admx AutoPlay~AT~WindowsComponents~AutoPlay Autorun CredentialsUI DisablePasswordReveal text/plain phone credui.admx CredUI~AT~WindowsComponents~CredUI DisablePasswordReveal Desktop PreventUserRedirectionOfProfileFolders text/plain phone desktop.admx desktop~AT~Desktop DisablePersonalDirChange Education AllowUserPrinterInstallation Boolean that specifies whether or not to allow user to install new printers text/plain DefaultPrinterName This policy sets user's default printer text/plain PrinterNames This policy provisions per-user network printers text/plain EnterpriseCloudPrint CloudPrinterDiscoveryEndPoint This policy provisions per-user discovery end point to discover cloud printers text/plain CloudPrintOAuthAuthority Authentication endpoint for acquiring OAuth tokens text/plain CloudPrintOAuthClientId A GUID identifying the client application authorized to retrieve OAuth tokens from the OAuthAuthority E1CF1107-FF90-4228-93BF-26052DD2C714 text/plain CloudPrintResourceId Resource URI for which access is being requested by the Enterprise Cloud Print client during OAuth authentication text/plain DiscoveryMaxPrinterLimit Defines the maximum number of printers that should be queried from discovery end point 20 text/plain MopriaDiscoveryResourceId Resource URI for which access is being requested by the Mopria discovery client during OAuth authentication text/plain Experience AllowTailoredExperiencesWithDiagnosticData 1 text/plain AllowThirdPartySuggestionsInWindowsSpotlight 1 text/plain phone AllowWindowsConsumerFeatures 0 text/plain phone AllowWindowsSpotlight 1 text/plain phone AllowWindowsSpotlightOnActionCenter 1 text/plain AllowWindowsSpotlightWindowsWelcomeExperience 1 text/plain ConfigureWindowsSpotlightOnLockScreen 1 text/plain phone InternetExplorer AddSearchProvider text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer AddSearchProvider AllowActiveXFiltering text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer TurnOnActiveXFiltering AllowAddOnList text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagement AddonManagement_AddOnList AllowAutoComplete text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer RestrictFormSuggestPW AllowCertificateAddressMismatchWarning text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_PolicyWarnCertMismatch AllowDeletingBrowsingHistoryOnExit text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~DeleteBrowsingHistory DBHDisableDeleteOnExit AllowEnhancedProtectedMode text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage Advanced_EnableEnhancedProtectedMode AllowEnterpriseModeFromToolsMenu text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer EnterpriseModeEnable AllowEnterpriseModeSiteList text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer EnterpriseModeSiteList AllowInternetExplorer7PolicyList text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~CategoryCompatView CompatView_UsePolicyList AllowInternetExplorerStandardsMode text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~CategoryCompatView CompatView_IntranetSites AllowInternetZoneTemplate text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_PolicyInternetZoneTemplate AllowIntranetZoneTemplate text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_PolicyIntranetZoneTemplate AllowLocalMachineZoneTemplate text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_PolicyLocalMachineZoneTemplate AllowLockedDownInternetZoneTemplate text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_PolicyInternetZoneLockdownTemplate AllowLockedDownIntranetZoneTemplate text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_PolicyIntranetZoneLockdownTemplate AllowLockedDownLocalMachineZoneTemplate text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_PolicyLocalMachineZoneLockdownTemplate AllowLockedDownRestrictedSitesZoneTemplate text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_PolicyRestrictedSitesZoneLockdownTemplate AllowOneWordEntry text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetSettings~Advanced~Browsing UseIntranetSiteForOneWordEntry AllowSiteToZoneAssignmentList text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_Zonemaps AllowsLockedDownTrustedSitesZoneTemplate text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_PolicyTrustedSitesZoneLockdownTemplate AllowSoftwareWhenSignatureIsInvalid text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage Advanced_InvalidSignatureBlock AllowsRestrictedSitesZoneTemplate text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_PolicyRestrictedSitesZoneTemplate AllowSuggestedSites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer EnableSuggestedSites AllowTrustedSitesZoneTemplate text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_PolicyTrustedSitesZoneTemplate CheckServerCertificateRevocation text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage Advanced_CertificateRevocation CheckSignaturesOnDownloadedPrograms text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage Advanced_DownloadSignatures ConsistentMimeHandlingInternetExplorerProcesses text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryBinaryBehaviorSecurityRestriction IESF_PolicyExplorerProcesses_2 DisableAdobeFlash text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagement DisableFlashInIE DisableBlockingOfOutdatedActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagement VerMgmtDisable DisableBypassOfSmartScreenWarnings text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer DisableSafetyFilterOverride DisableBypassOfSmartScreenWarningsAboutUncommonFiles text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer DisableSafetyFilterOverrideForAppRepUnknown DisableConfiguringHistory text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~DeleteBrowsingHistory RestrictHistory DisableCrashDetection text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer AddonManagement_RestrictCrashDetection DisableCustomerExperienceImprovementProgramParticipation text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer SQM_DisableCEIP DisableDeletingUserVisitedWebsites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~DeleteBrowsingHistory DBHDisableDeleteHistory DisableEnclosureDownloading text/plain phone inetres.admx inetres~AT~WindowsComponents~RSS_Feeds Disable_Downloading_of_Enclosures DisableEncryptionSupport text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage Advanced_SetWinInetProtocols DisableFirstRunWizard text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer NoFirstRunCustomise DisableFlipAheadFeature text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage Advanced_DisableFlipAhead DisableHomePageChange text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer RestrictHomePage DisableIgnoringCertificateErrors text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL NoCertError DisableInPrivateBrowsing text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~CategoryPrivacy DisableInPrivateBrowsing DisableProcessesInEnhancedProtectedMode text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage Advanced_EnableEnhancedProtectedMode64Bit DisableProxyChange text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer RestrictProxy DisableSearchProviderChange text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer NoSearchProvider DisableSecondaryHomePageChange text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer SecondaryHomePages DisableSecuritySettingsCheck text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer Disable_Security_Settings_Check DoNotAllowActiveXControlsInProtectedMode text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage Advanced_DisableEPMCompat DoNotBlockOutdatedActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagement VerMgmtDisable DoNotBlockOutdatedActiveXControlsOnSpecificDomains text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagement VerMgmtDomainAllowlist IncludeAllLocalSites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_IncludeUnspecifiedLocalSites IncludeAllNetworkPaths text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_UNCAsIntranet InternetZoneAllowAccessToDataSources text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyAccessDataSourcesAcrossDomains_1 InternetZoneAllowAutomaticPromptingForActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyNotificationBarActiveXURLaction_1 InternetZoneAllowAutomaticPromptingForFileDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyNotificationBarDownloadURLaction_1 InternetZoneAllowCopyPasteViaScript text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyAllowPasteViaScript_1 InternetZoneAllowDragAndDropCopyAndPasteFiles text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyDropOrPasteFiles_1 InternetZoneAllowFontDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyFontDownload_1 InternetZoneAllowLessPrivilegedSites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyZoneElevationURLaction_1 InternetZoneAllowLoadingOfXAMLFilesWRONG text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_Policy_XAML_1 InternetZoneAllowNETFrameworkReliantComponents text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyUnsignedFrameworkComponentsURLaction_1 InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Intranet InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_PolicyAllowTDCControl_Both_LocalMachine InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_Policy_WebBrowserControl_1 InternetZoneAllowScriptInitiatedWindows text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_PolicyWindowsRestrictionsURLaction_6 InternetZoneAllowScriptlets text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_Policy_AllowScriptlets_1 InternetZoneAllowSmartScreenIE text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_Policy_Phishing_1 InternetZoneAllowUpdatesToStatusBarViaScript text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_Policy_ScriptStatusBar_1 InternetZoneAllowUserDataPersistence text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyUserdataPersistence_1 InternetZoneDoNotRunAntimalwareAgainstActiveXControlsWRONG1 text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyAntiMalwareCheckingOfActiveXControls_1 InternetZoneDoNotRunAntimalwareAgainstActiveXControlsWRONG2 text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_PolicyAntiMalwareCheckingOfActiveXControls_3 InternetZoneDownloadSignedActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_PolicyDownloadSignedActiveX_3 InternetZoneDownloadUnsignedActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyDownloadUnsignedActiveX_1 InternetZoneEnableCrossSiteScriptingFilter text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_PolicyTurnOnXSSFilter_Both_LocalMachine InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Internet InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Internet InternetZoneEnableMIMESniffing text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyMimeSniffingURLaction_1 InternetZoneEnableProtectedMode text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown IZ_Policy_TurnOnProtectedMode_2 InternetZoneIncludeLocalPathWhenUploadingFilesToServer text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_Policy_LocalPathForUpload_1 InternetZoneInitializeAndScriptActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyScriptActiveXNotMarkedSafe_1 InternetZoneInitializeAndScriptActiveXControlsNotMarkedSafe text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyScriptActiveXNotMarkedSafe_1 InternetZoneJavaPermissionsWRONG1 text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyJavaPermissions_1 InternetZoneJavaPermissionsWRONG2 text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_PolicyJavaPermissions_3 InternetZoneLaunchingApplicationsAndFilesInIFRAME text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyLaunchAppsAndFilesInIFRAME_1 InternetZoneLogonOptions text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyLogon_1 InternetZoneNavigateWindowsAndFrames text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyNavigateSubframesAcrossDomains_1 InternetZoneRunNETFrameworkReliantComponentsNotSignedWithAuthenticode text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyUnsignedFrameworkComponentsURLaction_1 InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicySignedFrameworkComponentsURLaction_1 InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_Policy_UnsafeFiles_1 InternetZoneUsePopupBlocker text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyBlockPopupWindows_1 InternetZoneWebsitesInLessPrivilegedZonesCanNavigateIntoThisZone text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyZoneElevationURLaction_1 IntranetZoneAllowAccessToDataSources text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_PolicyAccessDataSourcesAcrossDomains_3 IntranetZoneAllowAutomaticPromptingForActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_PolicyNotificationBarActiveXURLaction_3 IntranetZoneAllowAutomaticPromptingForFileDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_PolicyNotificationBarDownloadURLaction_3 IntranetZoneAllowFontDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_PolicyFontDownload_3 IntranetZoneAllowLessPrivilegedSites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_PolicyZoneElevationURLaction_3 IntranetZoneAllowNETFrameworkReliantComponents text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_PolicyUnsignedFrameworkComponentsURLaction_3 IntranetZoneAllowScriptlets text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_Policy_AllowScriptlets_3 IntranetZoneAllowSmartScreenIE text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_Policy_Phishing_3 IntranetZoneAllowUserDataPersistence text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_PolicyUserdataPersistence_3 IntranetZoneInitializeAndScriptActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_PolicyScriptActiveXNotMarkedSafe_3 IntranetZoneNavigateWindowsAndFrames text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_PolicyNavigateSubframesAcrossDomains_3 LocalMachineZoneAllowAccessToDataSources text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_PolicyAccessDataSourcesAcrossDomains_9 LocalMachineZoneAllowAutomaticPromptingForActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_PolicyNotificationBarActiveXURLaction_9 LocalMachineZoneAllowAutomaticPromptingForFileDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_PolicyNotificationBarDownloadURLaction_9 LocalMachineZoneAllowFontDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_PolicyFontDownload_9 LocalMachineZoneAllowLessPrivilegedSites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_PolicyZoneElevationURLaction_9 LocalMachineZoneAllowNETFrameworkReliantComponents text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_PolicyUnsignedFrameworkComponentsURLaction_9 LocalMachineZoneAllowScriptlets text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_Policy_AllowScriptlets_9 LocalMachineZoneAllowSmartScreenIE text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_Policy_Phishing_9 LocalMachineZoneAllowUserDataPersistence text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_PolicyUserdataPersistence_9 LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone~IZ_LocalMachineZone IZ_PolicyAntiMalwareCheckingOfActiveXControls_9 LocalMachineZoneInitializeAndScriptActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_PolicyScriptActiveXNotMarkedSafe_9 LocalMachineZoneJavaPermissions text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_PolicyJavaPermissions_9 LocalMachineZoneNavigateWindowsAndFrames text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_PolicyNavigateSubframesAcrossDomains_9 LockedDownInternetZoneAllowAccessToDataSources text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown IZ_PolicyAccessDataSourcesAcrossDomains_2 LockedDownInternetZoneAllowAutomaticPromptingForActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown IZ_PolicyNotificationBarActiveXURLaction_2 LockedDownInternetZoneAllowAutomaticPromptingForFileDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown IZ_PolicyNotificationBarDownloadURLaction_2 LockedDownInternetZoneAllowFontDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown IZ_PolicyFontDownload_2 LockedDownInternetZoneAllowLessPrivilegedSites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown IZ_PolicyZoneElevationURLaction_2 LockedDownInternetZoneAllowNETFrameworkReliantComponents text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown IZ_PolicyUnsignedFrameworkComponentsURLaction_2 LockedDownInternetZoneAllowScriptlets text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown IZ_Policy_AllowScriptlets_2 LockedDownInternetZoneAllowSmartScreenIE text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown IZ_Policy_Phishing_2 LockedDownInternetZoneAllowUserDataPersistence text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown IZ_PolicyUserdataPersistence_2 LockedDownInternetZoneInitializeAndScriptActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown IZ_PolicyScriptActiveXNotMarkedSafe_2 LockedDownInternetZoneJavaPermissions text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown IZ_PolicyJavaPermissions_2 LockedDownInternetZoneNavigateWindowsAndFrames text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown IZ_PolicyNavigateSubframesAcrossDomains_2 LockedDownIntranetZoneAllowAccessToDataSources text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown IZ_PolicyAccessDataSourcesAcrossDomains_4 LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown IZ_PolicyNotificationBarActiveXURLaction_4 LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown IZ_PolicyNotificationBarDownloadURLaction_4 LockedDownIntranetZoneAllowFontDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown IZ_PolicyFontDownload_4 LockedDownIntranetZoneAllowLessPrivilegedSites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown IZ_PolicyZoneElevationURLaction_4 LockedDownIntranetZoneAllowNETFrameworkReliantComponents text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown IZ_PolicyUnsignedFrameworkComponentsURLaction_4 LockedDownIntranetZoneAllowScriptlets text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown IZ_Policy_AllowScriptlets_4 LockedDownIntranetZoneAllowSmartScreenIE text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown IZ_Policy_Phishing_4 LockedDownIntranetZoneAllowUserDataPersistence text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown IZ_PolicyUserdataPersistence_4 LockedDownIntranetZoneInitializeAndScriptActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown IZ_PolicyScriptActiveXNotMarkedSafe_4 LockedDownIntranetZoneNavigateWindowsAndFrames text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown IZ_PolicyNavigateSubframesAcrossDomains_4 LockedDownLocalMachineZoneAllowAccessToDataSources text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown IZ_PolicyAccessDataSourcesAcrossDomains_10 LockedDownLocalMachineZoneAllowAutomaticPromptingForActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown IZ_PolicyNotificationBarActiveXURLaction_10 LockedDownLocalMachineZoneAllowAutomaticPromptingForFileDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown IZ_PolicyNotificationBarDownloadURLaction_10 LockedDownLocalMachineZoneAllowFontDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown IZ_PolicyFontDownload_10 LockedDownLocalMachineZoneAllowLessPrivilegedSites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown IZ_PolicyZoneElevationURLaction_10 LockedDownLocalMachineZoneAllowNETFrameworkReliantComponents text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown IZ_PolicyUnsignedFrameworkComponentsURLaction_10 LockedDownLocalMachineZoneAllowScriptlets text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown IZ_Policy_AllowScriptlets_10 LockedDownLocalMachineZoneAllowSmartScreenIE text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown IZ_Policy_Phishing_10 LockedDownLocalMachineZoneAllowUserDataPersistence text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown IZ_PolicyUserdataPersistence_10 LockedDownLocalMachineZoneInitializeAndScriptActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown IZ_PolicyScriptActiveXNotMarkedSafe_10 LockedDownLocalMachineZoneJavaPermissions text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown IZ_PolicyJavaPermissions_10 LockedDownLocalMachineZoneNavigateWindowsAndFrames text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown IZ_PolicyNavigateSubframesAcrossDomains_10 LockedDownRestrictedSitesZoneAllowAccessToDataSources text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown IZ_PolicyAccessDataSourcesAcrossDomains_8 LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown IZ_PolicyNotificationBarActiveXURLaction_8 LockedDownRestrictedSitesZoneAllowAutomaticPromptingForFileDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown IZ_PolicyNotificationBarDownloadURLaction_8 LockedDownRestrictedSitesZoneAllowFontDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown IZ_PolicyFontDownload_8 LockedDownRestrictedSitesZoneAllowLessPrivilegedSites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown IZ_PolicyZoneElevationURLaction_8 LockedDownRestrictedSitesZoneAllowNETFrameworkReliantComponents text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown IZ_PolicyUnsignedFrameworkComponentsURLaction_8 LockedDownRestrictedSitesZoneAllowScriptlets text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown IZ_Policy_AllowScriptlets_8 LockedDownRestrictedSitesZoneAllowSmartScreenIE text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown IZ_Policy_Phishing_8 LockedDownRestrictedSitesZoneAllowUserDataPersistence text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown IZ_PolicyUserdataPersistence_8 LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown IZ_PolicyScriptActiveXNotMarkedSafe_8 LockedDownRestrictedSitesZoneJavaPermissions text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown IZ_PolicyJavaPermissions_8 LockedDownRestrictedSitesZoneNavigateWindowsAndFrames text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown IZ_PolicyNavigateSubframesAcrossDomains_8 LockedDownTrustedSitesZoneAllowAccessToDataSources text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_PolicyAccessDataSourcesAcrossDomains_6 LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_PolicyNotificationBarActiveXURLaction_6 LockedDownTrustedSitesZoneAllowAutomaticPromptingForFileDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_PolicyNotificationBarDownloadURLaction_6 LockedDownTrustedSitesZoneAllowFontDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_PolicyFontDownload_6 LockedDownTrustedSitesZoneAllowLessPrivilegedSites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_PolicyZoneElevationURLaction_6 LockedDownTrustedSitesZoneAllowNETFrameworkReliantComponents text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_PolicyUnsignedFrameworkComponentsURLaction_6 LockedDownTrustedSitesZoneAllowScriptlets text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_Policy_AllowScriptlets_6 LockedDownTrustedSitesZoneAllowSmartScreenIE text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_Policy_Phishing_6 LockedDownTrustedSitesZoneAllowUserDataPersistence text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_PolicyUserdataPersistence_6 LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_PolicyScriptActiveXNotMarkedSafe_6 LockedDownTrustedSitesZoneJavaPermissions text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_PolicyJavaPermissions_6 LockedDownTrustedSitesZoneNavigateWindowsAndFrames text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_PolicyNavigateSubframesAcrossDomains_6 MimeSniffingSafetyFeatureInternetExplorerProcesses text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryMimeSniffingSafetyFeature IESF_PolicyExplorerProcesses_6 MKProtocolSecurityRestrictionInternetExplorerProcesses text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryMKProtocolSecurityRestriction IESF_PolicyExplorerProcesses_3 NotificationBarInternetExplorerProcesses text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryInformationBar IESF_PolicyExplorerProcesses_10 PreventManagingSmartScreenFilter text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyDownloadSignedActiveX_1 PreventPerUserInstallationOfActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer DisablePerUserActiveXInstall ProtectionFromZoneElevationInternetExplorerProcesses text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryProtectionFromZoneElevation IESF_PolicyAllProcesses_9 RemoveRunThisTimeButtonForOutdatedActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagement VerMgmtDisableRunThisTime RestrictActiveXInstallInternetExplorerProcesses text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryRestrictActiveXInstall IESF_PolicyAllProcesses_11 RestrictedSitesZoneAllowAccessToDataSources text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyAccessDataSourcesAcrossDomains_7 RestrictedSitesZoneAllowActiveScripting text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyActiveScripting_1 RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyNotificationBarActiveXURLaction_7 RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyNotificationBarDownloadURLaction_7 RestrictedSitesZoneAllowBinaryAndScriptBehaviors text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyBinaryBehaviors_1 RestrictedSitesZoneAllowCopyPasteViaScript text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyAllowPasteViaScript_7 RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyDropOrPasteFiles_7 RestrictedSitesZoneAllowFileDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyFileDownload_1 RestrictedSitesZoneAllowFontDownloadsWRONG1 text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyFontDownload_7 RestrictedSitesZoneAllowFontDownloadsWRONG2 text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyFontDownload_1 RestrictedSitesZoneAllowLessPrivilegedSites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyZoneElevationURLaction_7 RestrictedSitesZoneAllowLoadingOfXAMLFiles text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_Policy_XAML_7 RestrictedSitesZoneAllowMETAREFRESH text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyAllowMETAREFRESH_1 RestrictedSitesZoneAllowNETFrameworkReliantComponents text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyUnsignedFrameworkComponentsURLaction_7 RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Restricted RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyAllowTDCControl_Both_Restricted RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_Policy_WebBrowserControl_7 RestrictedSitesZoneAllowScriptInitiatedWindows text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyWindowsRestrictionsURLaction_7 RestrictedSitesZoneAllowScriptlets text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_Policy_AllowScriptlets_7 RestrictedSitesZoneAllowSmartScreenIE text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_Policy_Phishing_7 RestrictedSitesZoneAllowUpdatesToStatusBarViaScript text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_Policy_ScriptStatusBar_7 RestrictedSitesZoneAllowUserDataPersistence text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyUserdataPersistence_7 RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyAntiMalwareCheckingOfActiveXControls_7 RestrictedSitesZoneDownloadSignedActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyDownloadSignedActiveX_7 RestrictedSitesZoneDownloadUnsignedActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyDownloadUnsignedActiveX_7 RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Restricted RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Restricted RestrictedSitesZoneEnableMIMESniffing text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyMimeSniffingURLaction_7 RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_Policy_LocalPathForUpload_7 RestrictedSitesZoneInitializeAndScriptActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyScriptActiveXNotMarkedSafe_7 RestrictedSitesZoneJavaPermissions text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyJavaPermissions_7 RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyLaunchAppsAndFilesInIFRAME_7 RestrictedSitesZoneLogonOptions text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyLogon_7 RestrictedSitesZoneNavigateWindowsAndFrames text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyNavigateSubframesAcrossDomains_7 RestrictedSitesZoneNavigateWindowsAndFramesAcrossDomains text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyNavigateSubframesAcrossDomains_1 RestrictedSitesZoneRunActiveXControlsAndPlugins text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyRunActiveXControls_1 RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicySignedFrameworkComponentsURLaction_7 RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyScriptActiveXMarkedSafe_1 RestrictedSitesZoneWRONG text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_PolicyScriptingOfJavaApplets_6 RestrictedSitesZoneWRONG2 text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_Policy_UnsafeFiles_7 RestrictedSitesZoneWRONG3 text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyTurnOnXSSFilter_Both_Restricted RestrictedSitesZoneWRONG4 text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_Policy_TurnOnProtectedMode_7 RestrictedSitesZoneWRONG5 text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyBlockPopupWindows_7 RestrictFileDownloadInternetExplorerProcesses text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryRestrictFileDownload IESF_PolicyAllProcesses_12 ScriptedWindowSecurityRestrictionsInternetExplorerProcesses text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryScriptedWindowSecurityRestrictions IESF_PolicyAllProcesses_8 SearchProviderList text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer SpecificSearchProvider SpecifyUseOfActiveXInstallerService text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer OnlyUseAXISForActiveXInstall TrustedSitesZoneAllowAccessToDataSources text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_PolicyAccessDataSourcesAcrossDomains_5 TrustedSitesZoneAllowAutomaticPromptingForActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_PolicyNotificationBarActiveXURLaction_5 TrustedSitesZoneAllowAutomaticPromptingForFileDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_PolicyNotificationBarDownloadURLaction_5 TrustedSitesZoneAllowFontDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_PolicyFontDownload_5 TrustedSitesZoneAllowLessPrivilegedSites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_PolicyZoneElevationURLaction_5 TrustedSitesZoneAllowNETFrameworkReliantComponents text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_PolicyUnsignedFrameworkComponentsURLaction_5 TrustedSitesZoneAllowScriptlets text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_Policy_AllowScriptlets_5 TrustedSitesZoneAllowSmartScreenIE text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_Policy_Phishing_5 TrustedSitesZoneAllowUserDataPersistence text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_PolicyUserdataPersistence_5 TrustedSitesZoneInitializeAndScriptActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_PolicyScriptActiveXNotMarkedSafe_5 TrustedSitesZoneJavaPermissions text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_PolicyJavaPermissions_5 TrustedSitesZoneNavigateWindowsAndFrames text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_PolicyNavigateSubframesAcrossDomains_5 TrustedSitesZoneWRONG1 text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_PolicyAntiMalwareCheckingOfActiveXControls_5 TrustedSitesZoneWRONG2 text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_PolicyScriptActiveXNotMarkedSafe_5 Notifications DisallowNotificationMirroring 0 text/plain Printers PointAndPrintRestrictions_User text/plain phone Printing.admx Printing~AT~ControlPanel~CplPrinters PointAndPrint_Restrictions Settings ConfigureTaskbarCalendar 0 text/plain Start StartLayout text/plain phone System AllowTelemetry 3 text/plain Policy ./Device/Vendor/MSFT com.microsoft/5.0/MDM/Policy ConfigOperations Policy CSP ConfigOperations ADMXInstall Win32 App ADMX Ingestion * Win32 App Name * Setting Type of Win32 App. Policy Or Preference * Unique ID of ADMX file Config AboveLock AllowActionCenterNotifications text/plain AllowCortanaAboveLock text/plain AllowToasts text/plain AccountPolicies MinDevicePasswordLength This security setting determines the least number of characters that a password for a user account may contain. You can set a value of between 1 and 14 characters, or you can establish that no password is required by setting the number of characters to 0. text/plain PasswordMustMeetComplexityRequirement This security setting determines whether passwords must meet complexity requirements. If this policy is enabled, passwords must meet the following minimum requirements: Not contain the user's account name or parts of the user's full name that exceed two consecutive characters Be at least six characters in length Contain characters from three of the following four categories: English uppercase characters (A through Z) English lowercase characters (a through z) Base 10 digits (0 through 9) Non-alphabetic characters (for example, !, $, #, %) Complexity requirements are enforced when passwords are changed or created. text/plain Accounts AllowAddingNonMicrosoftAccountsManually text/plain AllowMicrosoftAccountConnection text/plain AllowMicrosoftAccountSignInAssistant text/plain DomainNamesForEmailSync text/plain ActiveXControls ApprovedInstallationSites text/plain ApplicationDefaults DefaultAssociationsConfiguration text/plain ApplicationManagement AllowAllTrustedApps text/plain AllowAppStoreAutoUpdate text/plain AllowDeveloperUnlock text/plain AllowGameDVR text/plain AllowSharedUserAppData text/plain AllowStore text/plain ApplicationRestrictions text/plain DisableStoreOriginatedApps text/plain RestrictAppDataToSystemVolume text/plain RestrictAppToSystemVolume text/plain AppVirtualization AllowAppVClient text/plain AllowDynamicVirtualization text/plain AllowPackageCleanup text/plain AllowPackageScripts text/plain AllowPublishingRefreshUX text/plain AllowReportingServer text/plain AllowRoamingFileExclusions text/plain AllowRoamingRegistryExclusions text/plain AllowStreamingAutoload text/plain ClientCoexistenceAllowMigrationmode text/plain IntegrationAllowRootGlobal text/plain IntegrationAllowRootUser text/plain PublishingAllowServer1 text/plain PublishingAllowServer2 text/plain PublishingAllowServer3 text/plain PublishingAllowServer4 text/plain PublishingAllowServer5 text/plain StreamingAllowCertificateFilterForClient_SSL text/plain StreamingAllowHighCostLaunch text/plain StreamingAllowLocationProvider text/plain StreamingAllowPackageInstallationRoot text/plain StreamingAllowPackageSourceRoot text/plain StreamingAllowReestablishmentInterval text/plain StreamingAllowReestablishmentRetries text/plain StreamingSharedContentStoreMode text/plain StreamingSupportBranchCache text/plain StreamingVerifyCertificateRevocationList text/plain VirtualComponentsAllowList text/plain Authentication AllowFastReconnect text/plain AllowFidoDeviceSignon Specifies whether FIDO device can be used to sign on. text/plain AllowSecondaryAuthenticationDevice text/plain Autoplay DisallowAutoplayForNonVolumeDevices text/plain SetDefaultAutoRunBehavior text/plain TurnOffAutoPlay text/plain Bitlocker EncryptionMethod text/plain Bluetooth AllowAdvertising text/plain AllowDiscoverableMode text/plain AllowPrepairing text/plain LocalDeviceName text/plain ServicesAllowedList text/plain Browser AllowAddressBarDropdown This policy setting lets you decide whether the Address bar drop-down functionality is available in Microsoft Edge. We recommend disabling this setting if you want to minimize network connections from Microsoft Edge to Microsoft services. text/plain AllowAutofill This setting lets you decide whether employees can use Autofill to automatically fill in form fields while using Microsoft Edge. text/plain AllowBrowser text/plain AllowCookies This setting lets you configure how your company deals with cookies. text/plain AllowDeveloperTools This setting lets you decide whether employees can use F12 Developer Tools on Microsoft Edge. text/plain AllowDoNotTrack This setting lets you decide whether employees can send Do Not Track headers to websites that request tracking info. text/plain AllowExtensions This setting lets you decide whether employees can load extensions in Microsoft Edge. text/plain AllowFlash This setting lets you decide whether employees can run Adobe Flash in Microsoft Edge. text/plain AllowFlashClickToRun Configure the Adobe Flash Click-to-Run setting. text/plain AllowInPrivate This setting lets you decide whether employees can browse using InPrivate website browsing. text/plain AllowMicrosoftCompatibilityList This policy setting lets you decide whether the Microsoft Compatibility List is enabled or disabled in Microsoft Edge. This feature uses a Microsoft-provided list to ensure that any sites with known compatibility issues are displayed correctly when a user navigates to them. By default, the Microsoft Compatibility List is enabled and can be viewed by navigating to about:compat. If you enable or donâ€™t configure this setting, Microsoft Edge will periodically download the latest version of the list from Microsoft and will apply the configurations specified there during browser navigation. If a user visits a site on the Microsoft Compatibility List, he or she will be prompted to open the site in Internet Explorer 11. Once in Internet Explorer, the site will automatically be rendered as if the user is viewing it in the previous version of Internet Explorer it requires to display correctly. If you disable this setting, the Microsoft Compatibility List will not be used during browser navigation. text/plain AllowPasswordManager This setting lets you decide whether employees can save their passwords locally, using Password Manager. text/plain AllowPopups This setting lets you decide whether to turn on Pop-up Blocker and whether to allow pop-ups to appear in secondary windows. text/plain AllowSearchEngineCustomization Allow search engine customization for MDM enrolled devices. Users can change their default search engine. If this setting is turned on or not configured, users can add new search engines and change the default used in the address bar from within Microsoft Edge Settings. If this setting is disabled, users will be unable to add search engines or change the default used in the address bar. This policy will only apply on domain joined machines or when the device is MDM enrolled. For more information, see Microsoft browser extension policy (aka.ms/browserpolicy). text/plain AllowSearchSuggestionsinAddressBar This setting lets you decide whether search suggestions should appear in the Address bar of Microsoft Edge. text/plain AllowSmartScreen This setting lets you decide whether to turn on Windows Defender SmartScreen. text/plain ClearBrowsingDataOnExit Specifies whether to always clear browsing history on exiting Microsoft Edge. text/plain ConfigureAdditionalSearchEngines Allows you to add up to 5 additional search engines for MDM-enrolled devices. If this setting is turned on, you can add up to 5 additional search engines for your employee. For each additional search engine you wish to add, you must specify a link to the OpenSearch XML file that contains, at minimum, the short name and the URL to the search engine. This policy does not affect the default search engine. Employees will not be able to remove these search engines, but they can set any one of these as the default. If this setting is not configured, the search engines are the ones specified in the App settings. If this setting is disabled, the search engines you had added will be deleted from your employee's machine. Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled. text/plain DisableLockdownOfStartPages Boolean policy that specifies whether the lockdown on the Start pages is disabled. This policy works with the Browser/HomePages policy, which locks down the Start pages that the users cannot modify. You can use the DisableLockdownOfStartPages policy to allow users to modify the Start pages when Browser/HomePages policy is in effect. Note: This policy has no effect when Browser/HomePages is not configured. Important This setting can only be used with domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy). text/plain EnterpriseModeSiteList This setting lets you configure whether your company uses Enterprise Mode and the Enterprise Mode Site List to address common compatibility problems with legacy websites. text/plain EnterpriseSiteListServiceUrl text/plain FirstRunURL Configure first run URL. text/plain HomePages Configure the Start page URLs for your employees. Example: If you wanted to allow contoso.com and fabrikam.com then you would append /support to the site strings like contoso.com/support and fabrikam.com/support. Encapsulate each string with greater than and less than characters like any other XML tag. Version 1703 or later:â€¯ If you don't want to send traffic to Microsoft, you can use the about:blank value (encapsulate with greater than and less than characters like any other XML tag), which is honored for both domain- and non-domain-joined machines, when it's the only configured URL. text/plain PreventAccessToAboutFlagsInMicrosoftEdge Prevent access to the about:flags page in Microsoft Edge. text/plain PreventFirstRunPage Specifies whether the First Run webpage is prevented from automatically opening on the first launch of Microsoft Edge. This policy is only available for Windows 10 version 1703 or later for desktop. Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled. text/plain PreventLiveTileDataCollection This policy lets you decide whether Microsoft Edge can gather Live Tile metadata from the ieonline.microsoft.com service to provide a better experience while pinning a Live Tile to the Start menu. Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled. text/plain PreventSmartScreenPromptOverride Don't allow Windows Defender SmartScreen warning overrides text/plain PreventSmartScreenPromptOverrideForFiles Don't allow Windows Defender SmartScreen warning overrides for unverified files. text/plain PreventUsingLocalHostIPAddressForWebRTC Prevent using localhost IP address for WebRTC text/plain SendIntranetTraffictoInternetExplorer Sends all intranet traffic over to Internet Explorer. text/plain SetDefaultSearchEngine Sets the default search engine for MDM-enrolled devices. Users can still change their default search engine. If this setting is turned on, you are setting the default search engine that you would like your employees to use. Employees can still change the default search engine, unless you apply the AllowSearchEngineCustomization policy which will disable the ability to change it. You must specify a link to the OpenSearch XML file that contains, at minimum, the short name and the URL to the search engine. If you would like for your employees to use the Edge factory settings for the default search engine for their market, set the string EDGEDEFAULT; if you would like for your employees to use Bing as the default search engine, set the string EDGEBING. If this setting is not configured, the default search engine is set to the one specified in App settings and can be changed by your employees. If this setting is disabled, the policy-set search engine will be removed, and, if it is the current default, the default will be set back to the factory Microsoft Edge search engine for the market. Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled. text/plain ShowMessageWhenOpeningSitesInInternetExplorer Show message when opening sites in Internet Explorer text/plain SyncFavoritesBetweenIEAndMicrosoftEdge Specifies whether favorites are kept in sync between Internet Explorer and Microsoft Edge. Changes to favorites in one browser are reflected in the other, including: additions, deletions, modifications, and ordering. text/plain Camera AllowCamera text/plain Cellular ShowAppCellularAccessUI text/plain Connectivity AllowBluetooth text/plain AllowCellularData text/plain AllowCellularDataRoaming text/plain AllowConnectedDevices text/plain AllowNFC text/plain AllowUSBConnection text/plain AllowVPNOverCellular text/plain AllowVPNRoamingOverCellular text/plain DiablePrintingOverHTTP text/plain DisableDownloadingOfPrintDriversOverHTTP text/plain DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards text/plain DisallowNetworkConnectivityActiveTests text/plain HardenedUNCPaths text/plain ProhibitInstallationAndConfigurationOfNetworkBridge text/plain CredentialProviders AllowPINLogon text/plain BlockPicturePassword text/plain CredentialsUI DisablePasswordReveal text/plain EnumerateAdministrators text/plain Cryptography AllowFipsAlgorithmPolicy text/plain TLSCipherSuites text/plain DataProtection AllowDirectMemoryAccess text/plain LegacySelectiveWipeID text/plain DataUsage SetCost3G text/plain SetCost4G text/plain Defender AllowArchiveScanning text/plain AllowBehaviorMonitoring text/plain AllowCloudProtection text/plain AllowEmailScanning text/plain AllowFullScanOnMappedNetworkDrives text/plain AllowFullScanRemovableDriveScanning text/plain AllowIntrusionPreventionSystem text/plain AllowIOAVProtection text/plain AllowOnAccessProtection text/plain AllowRealtimeMonitoring text/plain AllowScanningNetworkFiles text/plain AllowScriptScanning text/plain AllowUserUIAccess text/plain AttackSurfaceReductionOnlyExclusions text/plain AttackSurfaceReductionRules text/plain AvgCPULoadFactor text/plain CloudBlockLevel text/plain CloudExtendedTimeout text/plain DaysToRetainCleanedMalware text/plain EnableGuardMyFolders text/plain EnableNetworkProtection text/plain ExcludedExtensions text/plain ExcludedPaths text/plain ExcludedProcesses text/plain GuardedFoldersAllowedApplications text/plain GuardedFoldersList text/plain PUAProtection text/plain RealTimeScanDirection text/plain ScanParameter text/plain ScheduleQuickScanTime text/plain ScheduleScanDay text/plain ScheduleScanTime text/plain SignatureUpdateInterval text/plain SubmitSamplesConsent text/plain ThreatSeverityDefaultAction text/plain DeliveryOptimization DOAbsoluteMaxCacheSize text/plain DOAllowVPNPeerCaching text/plain DODownloadMode text/plain DOGroupId text/plain DOMaxCacheAge text/plain DOMaxCacheSize text/plain DOMaxDownloadBandwidth text/plain DOMaxUploadBandwidth text/plain DOMinBackgroundQos text/plain DOMinBatteryPercentageAllowedToUpload text/plain DOMinDiskSizeAllowedToPeer text/plain DOMinFileSizeToCache text/plain DOMinRAMAllowedToPeer text/plain DOModifyCacheDrive text/plain DOMonthlyUploadDataCap text/plain DOPercentageMaxDownloadBandwidth text/plain DeviceGuard EnableVirtualizationBasedSecurity Turns On Virtualization Based Security(VBS) text/plain LsaCfgFlags Credential Guard Configuration: 0 - Turns off CredentialGuard remotely if configured previously without UEFI Lock, 1 - Turns on CredentialGuard with UEFI lock. 2 - Turns on CredentialGuard without UEFI lock. text/plain RequirePlatformSecurityFeatures Select Platform Security Level: 1 - Turns on VBS with Secure Boot, 3 - Turns on VBS with Secure Boot and DMA. DMA requires hardware support. text/plain DeviceInstallation PreventInstallationOfMatchingDeviceIDs text/plain PreventInstallationOfMatchingDeviceSetupClasses text/plain DeviceLock AllowIdleReturnWithoutPassword Specifies whether the user must input a PIN or password when the device resumes from an idle state. text/plain AllowScreenTimeoutWhileLockedUserConfig Specifies whether to show a user-configurable setting to control the screen timeout while on the lock screen of Windows 10 Mobile devices. text/plain AllowSimpleDevicePassword Specifies whether PINs or passwords such as 1111 or 1234 are allowed. For the desktop, it also controls the use of picture passwords. text/plain AlphanumericDevicePasswordRequired Determines the type of PIN or password required. This policy only applies if the DeviceLock/DevicePasswordEnabled policy is set to 0 text/plain DevicePasswordEnabled Specifies whether device lock is enabled. text/plain DevicePasswordExpiration Specifies when the password expires (in days). text/plain DevicePasswordHistory Specifies how many passwords can be stored in the history that canâ€™t be used. text/plain EnforceLockScreenAndLogonImage text/plain EnforceLockScreenProvider text/plain MaxDevicePasswordFailedAttempts text/plain MaxInactivityTimeDeviceLock The number of authentication failures allowed before the device will be wiped. A value of 0 disables device wipe functionality. text/plain MaxInactivityTimeDeviceLockWithExternalDisplay Sets the maximum timeout value for the external display. text/plain MinDevicePasswordComplexCharacters The number of complex element types (uppercase and lowercase letters, numbers, and punctuation) required for a strong PIN or password. text/plain MinDevicePasswordLength Specifies the minimum number or characters required in the PIN or password. text/plain MinimumPasswordAge This security setting determines the period of time (in days) that a password must be used before the user can change it. You can set a value between 1 and 998 days, or you can allow changes immediately by setting the number of days to 0. The minimum password age must be less than the Maximum password age, unless the maximum password age is set to 0, indicating that passwords will never expire. If the maximum password age is set to 0, the minimum password age can be set to any value between 0 and 998. Configure the minimum password age to be more than 0 if you want Enforce password history to be effective. Without a minimum password age, users can cycle through passwords repeatedly until they get to an old favorite. The default setting does not follow this recommendation, so that an administrator can specify a password for a user and then require the user to change the administrator-defined password when the user logs on. If the password history is set to 0, the user does not have to choose a new password. For this reason, Enforce password history is set to 1 by default. text/plain PreventLockScreenSlideShow text/plain ScreenTimeoutWhileLocked Specifies whether to show a user-configurable setting to control the screen timeout while on the lock screen of Windows 10 Mobile devices. text/plain Display TurnOffGdiDPIScalingForApps This policy allows to force turn off GDI DPI Scaling for a semicolon separated list of applications. Applications can be specified either by using full path or just filename and extension. text/plain TurnOnGdiDPIScalingForApps This policy allows to turn on GDI DPI Scaling for a semicolon separated list of applications. Applications can be specified either by using full path or just filename and extension. text/plain ErrorReporting CustomizeConsentSettings text/plain DisableWindowsErrorReporting text/plain DisplayErrorNotification text/plain DoNotSendAdditionalData text/plain PreventCriticalErrorDisplay text/plain EventLogService ControlEventLogBehavior text/plain SpecifyMaximumFileSizeApplicationLog text/plain SpecifyMaximumFileSizeSecurityLog text/plain SpecifyMaximumFileSizeSystemLog text/plain Experience AllowCopyPaste text/plain AllowCortana text/plain AllowDeviceDiscovery text/plain AllowFindMyDevice text/plain AllowManualMDMUnenrollment text/plain AllowSaveAsOfOfficeFiles text/plain AllowScreenCapture text/plain AllowSharingOfOfficeFiles text/plain AllowSIMErrorDialogPromptWhenNoSIM text/plain AllowSyncMySettings text/plain AllowTaskSwitcher text/plain AllowVoiceRecording text/plain AllowWindowsTips text/plain DoNotShowFeedbackNotifications text/plain Games AllowAdvancedGamingServices Specifies whether advanced gaming services can be used. These services may send data to Microsoft or publishers of games that use these services. text/plain InternetExplorer AddSearchProvider text/plain AllowActiveXFiltering text/plain AllowAddOnList text/plain AllowCertificateAddressMismatchWarning text/plain AllowDeletingBrowsingHistoryOnExit text/plain AllowEnhancedProtectedMode text/plain AllowEnterpriseModeFromToolsMenu text/plain AllowEnterpriseModeSiteList text/plain AllowFallbackToSSL3 text/plain AllowInternetExplorer7PolicyList text/plain AllowInternetExplorerStandardsMode text/plain AllowInternetZoneTemplate text/plain AllowIntranetZoneTemplate text/plain AllowLocalMachineZoneTemplate text/plain AllowLockedDownInternetZoneTemplate text/plain AllowLockedDownIntranetZoneTemplate text/plain AllowLockedDownLocalMachineZoneTemplate text/plain AllowLockedDownRestrictedSitesZoneTemplate text/plain AllowOneWordEntry text/plain AllowSiteToZoneAssignmentList text/plain AllowsLockedDownTrustedSitesZoneTemplate text/plain AllowSoftwareWhenSignatureIsInvalid text/plain AllowsRestrictedSitesZoneTemplate text/plain AllowSuggestedSites text/plain AllowTrustedSitesZoneTemplate text/plain CheckServerCertificateRevocation text/plain CheckSignaturesOnDownloadedPrograms text/plain ConsistentMimeHandlingInternetExplorerProcesses text/plain DisableAdobeFlash text/plain DisableBlockingOfOutdatedActiveXControls text/plain DisableBypassOfSmartScreenWarnings text/plain DisableBypassOfSmartScreenWarningsAboutUncommonFiles text/plain DisableConfiguringHistory text/plain DisableCrashDetection text/plain DisableCustomerExperienceImprovementProgramParticipation text/plain DisableDeletingUserVisitedWebsites text/plain DisableEnclosureDownloading text/plain DisableEncryptionSupport text/plain DisableFirstRunWizard text/plain DisableFlipAheadFeature text/plain DisableIgnoringCertificateErrors text/plain DisableInPrivateBrowsing text/plain DisableProcessesInEnhancedProtectedMode text/plain DisableProxyChange text/plain DisableSearchProviderChange text/plain DisableSecondaryHomePageChange text/plain DisableSecuritySettingsCheck text/plain DisableUpdateCheck text/plain DoNotAllowActiveXControlsInProtectedMode text/plain DoNotAllowUsersToAddSites text/plain DoNotAllowUsersToChangePolicies text/plain DoNotBlockOutdatedActiveXControls text/plain DoNotBlockOutdatedActiveXControlsOnSpecificDomains text/plain IncludeAllLocalSites text/plain IncludeAllNetworkPaths text/plain InternetZoneAllowAccessToDataSources text/plain InternetZoneAllowAutomaticPromptingForActiveXControls text/plain InternetZoneAllowAutomaticPromptingForFileDownloads text/plain InternetZoneAllowCopyPasteViaScript text/plain InternetZoneAllowDragAndDropCopyAndPasteFiles text/plain InternetZoneAllowFontDownloads text/plain InternetZoneAllowLessPrivilegedSites text/plain InternetZoneAllowLoadingOfXAMLFilesWRONG text/plain InternetZoneAllowNETFrameworkReliantComponents text/plain InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls text/plain InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl text/plain InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls text/plain InternetZoneAllowScriptInitiatedWindows text/plain InternetZoneAllowScriptlets text/plain InternetZoneAllowSmartScreenIE text/plain InternetZoneAllowUpdatesToStatusBarViaScript text/plain InternetZoneAllowUserDataPersistence text/plain InternetZoneDoNotRunAntimalwareAgainstActiveXControlsWRONG1 text/plain InternetZoneDoNotRunAntimalwareAgainstActiveXControlsWRONG2 text/plain InternetZoneDownloadSignedActiveXControls text/plain InternetZoneDownloadUnsignedActiveXControls text/plain InternetZoneEnableCrossSiteScriptingFilter text/plain InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows text/plain InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows text/plain InternetZoneEnableMIMESniffing text/plain InternetZoneEnableProtectedMode text/plain InternetZoneIncludeLocalPathWhenUploadingFilesToServer text/plain InternetZoneInitializeAndScriptActiveXControls text/plain InternetZoneInitializeAndScriptActiveXControlsNotMarkedSafe text/plain InternetZoneJavaPermissionsWRONG1 text/plain InternetZoneJavaPermissionsWRONG2 text/plain InternetZoneLaunchingApplicationsAndFilesInIFRAME text/plain InternetZoneLogonOptions text/plain InternetZoneNavigateWindowsAndFrames text/plain InternetZoneRunNETFrameworkReliantComponentsNotSignedWithAuthenticode text/plain InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode text/plain InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles text/plain InternetZoneUsePopupBlocker text/plain InternetZoneWebsitesInLessPrivilegedZonesCanNavigateIntoThisZone text/plain IntranetZoneAllowAccessToDataSources text/plain IntranetZoneAllowAutomaticPromptingForActiveXControls text/plain IntranetZoneAllowAutomaticPromptingForFileDownloads text/plain IntranetZoneAllowFontDownloads text/plain IntranetZoneAllowLessPrivilegedSites text/plain IntranetZoneAllowNETFrameworkReliantComponents text/plain IntranetZoneAllowScriptlets text/plain IntranetZoneAllowSmartScreenIE text/plain IntranetZoneAllowUserDataPersistence text/plain IntranetZoneInitializeAndScriptActiveXControls text/plain IntranetZoneNavigateWindowsAndFrames text/plain LocalMachineZoneAllowAccessToDataSources text/plain LocalMachineZoneAllowAutomaticPromptingForActiveXControls text/plain LocalMachineZoneAllowAutomaticPromptingForFileDownloads text/plain LocalMachineZoneAllowFontDownloads text/plain LocalMachineZoneAllowLessPrivilegedSites text/plain LocalMachineZoneAllowNETFrameworkReliantComponents text/plain LocalMachineZoneAllowScriptlets text/plain LocalMachineZoneAllowSmartScreenIE text/plain LocalMachineZoneAllowUserDataPersistence text/plain LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls text/plain LocalMachineZoneInitializeAndScriptActiveXControls text/plain LocalMachineZoneJavaPermissions text/plain LocalMachineZoneNavigateWindowsAndFrames text/plain LockedDownInternetZoneAllowAccessToDataSources text/plain LockedDownInternetZoneAllowAutomaticPromptingForActiveXControls text/plain LockedDownInternetZoneAllowAutomaticPromptingForFileDownloads text/plain LockedDownInternetZoneAllowFontDownloads text/plain LockedDownInternetZoneAllowLessPrivilegedSites text/plain LockedDownInternetZoneAllowNETFrameworkReliantComponents text/plain LockedDownInternetZoneAllowScriptlets text/plain LockedDownInternetZoneAllowSmartScreenIE text/plain LockedDownInternetZoneAllowUserDataPersistence text/plain LockedDownInternetZoneInitializeAndScriptActiveXControls text/plain LockedDownInternetZoneJavaPermissions text/plain LockedDownInternetZoneNavigateWindowsAndFrames text/plain LockedDownIntranetZoneAllowAccessToDataSources text/plain LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls text/plain LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloads text/plain LockedDownIntranetZoneAllowFontDownloads text/plain LockedDownIntranetZoneAllowLessPrivilegedSites text/plain LockedDownIntranetZoneAllowNETFrameworkReliantComponents text/plain LockedDownIntranetZoneAllowScriptlets text/plain LockedDownIntranetZoneAllowSmartScreenIE text/plain LockedDownIntranetZoneAllowUserDataPersistence text/plain LockedDownIntranetZoneInitializeAndScriptActiveXControls text/plain LockedDownIntranetZoneNavigateWindowsAndFrames text/plain LockedDownLocalMachineZoneAllowAccessToDataSources text/plain LockedDownLocalMachineZoneAllowAutomaticPromptingForActiveXControls text/plain LockedDownLocalMachineZoneAllowAutomaticPromptingForFileDownloads text/plain LockedDownLocalMachineZoneAllowFontDownloads text/plain LockedDownLocalMachineZoneAllowLessPrivilegedSites text/plain LockedDownLocalMachineZoneAllowNETFrameworkReliantComponents text/plain LockedDownLocalMachineZoneAllowScriptlets text/plain LockedDownLocalMachineZoneAllowSmartScreenIE text/plain LockedDownLocalMachineZoneAllowUserDataPersistence text/plain LockedDownLocalMachineZoneInitializeAndScriptActiveXControls text/plain LockedDownLocalMachineZoneJavaPermissions text/plain LockedDownLocalMachineZoneNavigateWindowsAndFrames text/plain LockedDownRestrictedSitesZoneAllowAccessToDataSources text/plain LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControls text/plain LockedDownRestrictedSitesZoneAllowAutomaticPromptingForFileDownloads text/plain LockedDownRestrictedSitesZoneAllowFontDownloads text/plain LockedDownRestrictedSitesZoneAllowLessPrivilegedSites text/plain LockedDownRestrictedSitesZoneAllowNETFrameworkReliantComponents text/plain LockedDownRestrictedSitesZoneAllowScriptlets text/plain LockedDownRestrictedSitesZoneAllowSmartScreenIE text/plain LockedDownRestrictedSitesZoneAllowUserDataPersistence text/plain LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls text/plain LockedDownRestrictedSitesZoneJavaPermissions text/plain LockedDownRestrictedSitesZoneNavigateWindowsAndFrames text/plain LockedDownTrustedSitesZoneAllowAccessToDataSources text/plain LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControls text/plain LockedDownTrustedSitesZoneAllowAutomaticPromptingForFileDownloads text/plain LockedDownTrustedSitesZoneAllowFontDownloads text/plain LockedDownTrustedSitesZoneAllowLessPrivilegedSites text/plain LockedDownTrustedSitesZoneAllowNETFrameworkReliantComponents text/plain LockedDownTrustedSitesZoneAllowScriptlets text/plain LockedDownTrustedSitesZoneAllowSmartScreenIE text/plain LockedDownTrustedSitesZoneAllowUserDataPersistence text/plain LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls text/plain LockedDownTrustedSitesZoneJavaPermissions text/plain LockedDownTrustedSitesZoneNavigateWindowsAndFrames text/plain MimeSniffingSafetyFeatureInternetExplorerProcesses text/plain MKProtocolSecurityRestrictionInternetExplorerProcesses text/plain NotificationBarInternetExplorerProcesses text/plain PreventManagingSmartScreenFilter text/plain PreventPerUserInstallationOfActiveXControls text/plain ProtectionFromZoneElevationInternetExplorerProcesses text/plain RemoveRunThisTimeButtonForOutdatedActiveXControls text/plain RestrictActiveXInstallInternetExplorerProcesses text/plain RestrictedSitesZoneAllowAccessToDataSources text/plain RestrictedSitesZoneAllowActiveScripting text/plain RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls text/plain RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads text/plain RestrictedSitesZoneAllowBinaryAndScriptBehaviors text/plain RestrictedSitesZoneAllowCopyPasteViaScript text/plain RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles text/plain RestrictedSitesZoneAllowFileDownloads text/plain RestrictedSitesZoneAllowFontDownloadsWRONG1 text/plain RestrictedSitesZoneAllowFontDownloadsWRONG2 text/plain RestrictedSitesZoneAllowLessPrivilegedSites text/plain RestrictedSitesZoneAllowLoadingOfXAMLFiles text/plain RestrictedSitesZoneAllowMETAREFRESH text/plain RestrictedSitesZoneAllowNETFrameworkReliantComponents text/plain RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls text/plain RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl text/plain RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls text/plain RestrictedSitesZoneAllowScriptInitiatedWindows text/plain RestrictedSitesZoneAllowScriptlets text/plain RestrictedSitesZoneAllowSmartScreenIE text/plain RestrictedSitesZoneAllowUpdatesToStatusBarViaScript text/plain RestrictedSitesZoneAllowUserDataPersistence text/plain RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls text/plain RestrictedSitesZoneDownloadSignedActiveXControls text/plain RestrictedSitesZoneDownloadUnsignedActiveXControls text/plain RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows text/plain RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows text/plain RestrictedSitesZoneEnableMIMESniffing text/plain RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer text/plain RestrictedSitesZoneInitializeAndScriptActiveXControls text/plain RestrictedSitesZoneJavaPermissions text/plain RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME text/plain RestrictedSitesZoneLogonOptions text/plain RestrictedSitesZoneNavigateWindowsAndFrames text/plain RestrictedSitesZoneNavigateWindowsAndFramesAcrossDomains text/plain RestrictedSitesZoneRunActiveXControlsAndPlugins text/plain RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode text/plain RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting text/plain RestrictedSitesZoneWRONG text/plain RestrictedSitesZoneWRONG2 text/plain RestrictedSitesZoneWRONG3 text/plain RestrictedSitesZoneWRONG4 text/plain RestrictedSitesZoneWRONG5 text/plain RestrictFileDownloadInternetExplorerProcesses text/plain ScriptedWindowSecurityRestrictionsInternetExplorerProcesses text/plain SearchProviderList text/plain SecurityZonesUseOnlyMachineSettings text/plain SpecifyUseOfActiveXInstallerService text/plain TrustedSitesZoneAllowAccessToDataSources text/plain TrustedSitesZoneAllowAutomaticPromptingForActiveXControls text/plain TrustedSitesZoneAllowAutomaticPromptingForFileDownloads text/plain TrustedSitesZoneAllowFontDownloads text/plain TrustedSitesZoneAllowLessPrivilegedSites text/plain TrustedSitesZoneAllowNETFrameworkReliantComponents text/plain TrustedSitesZoneAllowScriptlets text/plain TrustedSitesZoneAllowSmartScreenIE text/plain TrustedSitesZoneAllowUserDataPersistence text/plain TrustedSitesZoneInitializeAndScriptActiveXControls text/plain TrustedSitesZoneJavaPermissions text/plain TrustedSitesZoneNavigateWindowsAndFrames text/plain TrustedSitesZoneWRONG1 text/plain TrustedSitesZoneWRONG2 text/plain Kerberos AllowForestSearchOrder text/plain KerberosClientSupportsClaimsCompoundArmor text/plain RequireKerberosArmoring text/plain RequireStrictKDCValidation text/plain SetMaximumContextTokenSize text/plain Licensing AllowWindowsEntitlementReactivation text/plain DisallowKMSClientOnlineAVSValidation text/plain LocalPoliciesSecurityOptions Accounts_BlockMicrosoftAccounts This policy setting prevents users from adding new Microsoft accounts on this computer. If you select the "Users canâ€™t add Microsoft accounts" option, users will not be able to create new Microsoft accounts on this computer, switch a local account to a Microsoft account, or connect a domain account to a Microsoft account. This is the preferred option if you need to limit the use of Microsoft accounts in your enterprise. If you select the "Users canâ€™t add or log on with Microsoft accounts" option, existing Microsoft account users will not be able to log on to Windows. Selecting this option might make it impossible for an existing administrator on this computer to log on and manage the system. If you disable or do not configure this policy (recommended), users will be able to use Microsoft accounts with Windows. text/plain Accounts_EnableAdministratorAccountStatus This security setting determines whether the local Administrator account is enabled or disabled. Notes If you try to reenable the Administrator account after it has been disabled, and if the current Administrator password does not meet the password requirements, you cannot reenable the account. In this case, an alternative member of the Administrators group must reset the password on the Administrator account. For information about how to reset a password, see To reset a password. Disabling the Administrator account can become a maintenance issue under certain circumstances. Under Safe Mode boot, the disabled Administrator account will only be enabled if the machine is non-domain joined and there are no other local active administrator accounts. If the computer is domain joined the disabled administrator will not be enabled. Default: Disabled. text/plain Accounts_EnableGuestAccountStatus This security setting determines if the Guest account is enabled or disabled. Default: Disabled. Note: If the Guest account is disabled and the security option Network Access: Sharing and Security Model for local accounts is set to Guest Only, network logons, such as those performed by the Microsoft Network Server (SMB Service), will fail. text/plain Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly Accounts: Limit local account use of blank passwords to console logon only This security setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If enabled, local accounts that are not password protected will only be able to log on at the computer's keyboard. Default: Enabled. Warning: Computers that are not in physically secure locations should always enforce strong password policies for all local user accounts. Otherwise, anyone with physical access to the computer can log on by using a user account that does not have a password. This is especially important for portable computers. If you apply this security policy to the Everyone group, no one will be able to log on through Remote Desktop Services. Notes This setting does not affect logons that use domain accounts. It is possible for applications that use remote interactive logons to bypass this setting. text/plain Accounts_RenameAdministratorAccount Accounts: Rename administrator account This security setting determines whether a different account name is associated with the security identifier (SID) for the account Administrator. Renaming the well-known Administrator account makes it slightly more difficult for unauthorized persons to guess this privileged user name and password combination. Default: Administrator. text/plain Accounts_RenameGuestAccount Accounts: Rename guest account This security setting determines whether a different account name is associated with the security identifier (SID) for the account "Guest." Renaming the well-known Guest account makes it slightly more difficult for unauthorized persons to guess this user name and password combination. Default: Guest. text/plain InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked Interactive Logon:Display user information when the session is locked User display name, domain and user names (1) User display name only (2) Do not display user information (3) text/plain Interactivelogon_DoNotDisplayLastSignedIn Interactive logon: Don't display last signed-in This security setting determines whether the Windows sign-in screen will show the username of the last person who signed in on this PC. If this policy is enabled, the username will not be shown. If this policy is disabled, the username will be shown. Default: Disabled. text/plain Interactivelogon_DoNotDisplayUsernameAtSignIn Interactive logon: Don't display username at sign-in This security setting determines whether the username of the person signing in to this PC appears at Windows sign-in, after credentials are entered, and before the PC desktop is shown. If this policy is enabled, the username will not be shown. If this policy is disabled, the username will be shown. Default: Disabled. text/plain Interactivelogon_DoNotRequireCTRLALTDEL Interactive logon: Do not require CTRL+ALT+DEL This security setting determines whether pressing CTRL+ALT+DEL is required before a user can log on. If this policy is enabled on a computer, a user is not required to press CTRL+ALT+DEL to log on. Not having to press CTRL+ALT+DEL leaves users susceptible to attacks that attempt to intercept the users' passwords. Requiring CTRL+ALT+DEL before users log on ensures that users are communicating by means of a trusted path when entering their passwords. If this policy is disabled, any user is required to press CTRL+ALT+DEL before logging on to Windows. Default on domain-computers: Enabled: At least Windows 8/Disabled: Windows 7 or earlier. Default on stand-alone computers: Enabled. text/plain InteractiveLogon_MachineInactivityLimit Interactive logon: Machine inactivity limit. Windows notices inactivity of a logon session, and if the amount of inactive time exceeds the inactivity limit, then the screen saver will run, locking the session. Default: not enforced. text/plain InteractiveLogon_MessageTextForUsersAttemptingToLogOn Interactive logon: Message text for users attempting to log on This security setting specifies a text message that is displayed to users when they log on. This text is often used for legal reasons, for example, to warn users about the ramifications of misusing company information or to warn them that their actions may be audited. Default: No message. text/plain InteractiveLogon_MessageTitleForUsersAttemptingToLogOn Interactive logon: Message title for users attempting to log on This security setting allows the specification of a title to appear in the title bar of the window that contains the Interactive logon: Message text for users attempting to log on. Default: No message. text/plain NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccountsAndShares Network access: Do not allow anonymous enumeration of SAM accounts and shares This security setting determines whether anonymous enumeration of SAM accounts and shares is allowed. Windows allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares. This is convenient, for example, when an administrator wants to grant access to users in a trusted domain that does not maintain a reciprocal trust. If you do not want to allow anonymous enumeration of SAM accounts and shares, then enable this policy. Default: Disabled. text/plain NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares Network access: Restrict anonymous access to Named Pipes and Shares When enabled, this security setting restricts anonymous access to shares and pipes to the settings for: Network access: Named pipes that can be accessed anonymously Network access: Shares that can be accessed anonymously Default: Enabled. text/plain NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM Network access: Restrict clients allowed to make remote calls to SAM This policy setting allows you to restrict remote rpc connections to SAM. If not selected, the default security descriptor will be used. This policy is supported on at least Windows Server 2016. text/plain NetworkSecurity_AllowPKU2UAuthenticationRequests Network security: Allow PKU2U authentication requests to this computer to use online identities. This policy will be turned off by default on domain joined machines. This would prevent online identities from authenticating to the domain joined machine. text/plain RecoveryConsole_AllowAutomaticAdministrativeLogon Recovery console: Allow automatic administrative logon This security setting determines if the password for the Administrator account must be given before access to the system is granted. If this option is enabled, the Recovery Console does not require you to provide a password, and it automatically logs on to the system. Default: This policy is not defined and automatic administrative logon is not allowed. text/plain Shutdown_ClearVirtualMemoryPageFile Shutdown: Clear virtual memory pagefile This security setting determines whether the virtual memory pagefile is cleared when the system is shut down. Virtual memory support uses a system pagefile to swap pages of memory to disk when they are not used. On a running system, this pagefile is opened exclusively by the operating system, and it is well protected. However, systems that are configured to allow booting to other operating systems might have to make sure that the system pagefile is wiped clean when this system shuts down. This ensures that sensitive information from process memory that might go into the pagefile is not available to an unauthorized user who manages to directly access the pagefile. When this policy is enabled, it causes the system pagefile to be cleared upon clean shutdown. If you enable this security option, the hibernation file (hiberfil.sys) is also zeroed out when hibernation is disabled. Default: Disabled. text/plain UserAccountControl_AllowUIAccessApplicationsToPromptForElevation User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop. This policy setting controls whether User Interface Accessibility (UIAccess or UIA) programs can automatically disable the secure desktop for elevation prompts used by a standard user. â€¢ Enabled: UIA programs, including Windows Remote Assistance, automatically disable the secure desktop for elevation prompts. If you do not disable the "User Account Control: Switch to the secure desktop when prompting for elevation" policy setting, the prompts appear on the interactive user's desktop instead of the secure desktop. â€¢ Disabled: (Default) The secure desktop can be disabled only by the user of the interactive desktop or by disabling the "User Account Control: Switch to the secure desktop when prompting for elevation" policy setting. text/plain UserAccountControl_BehaviorOfTheElevationPromptForAdministrators User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode This policy setting controls the behavior of the elevation prompt for administrators. The options are: â€¢ Elevate without prompting: Allows privileged accounts to perform an operation that requires elevation without requiring consent or credentials. Note: Use this option only in the most constrained environments. â€¢ Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a privileged user name and password. If the user enters valid credentials, the operation continues with the user's highest available privilege. â€¢ Prompt for consent on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege. â€¢ Prompt for credentials: When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege. â€¢ Prompt for consent: When an operation requires elevation of privilege, the user is prompted to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege. â€¢ Prompt for consent for non-Windows binaries: (Default) When an operation for a non-Microsoft application requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege. text/plain UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers User Account Control: Behavior of the elevation prompt for standard users This policy setting controls the behavior of the elevation prompt for standard users. The options are: â€¢ Prompt for credentials: (Default) When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege. â€¢ Automatically deny elevation requests: When an operation requires elevation of privilege, a configurable access denied error message is displayed. An enterprise that is running desktops as standard user may choose this setting to reduce help desk calls. â€¢ Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a different user name and password. If the user enters valid credentials, the operation continues with the applicable privilege. text/plain UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated User Account Control: Only elevate executable files that are signed and validated This policy setting enforces public key infrastructure (PKI) signature checks for any interactive applications that request elevation of privilege. Enterprise administrators can control which applications are allowed to run by adding certificates to the Trusted Publishers certificate store on local computers. The options are: â€¢ Enabled: Enforces the PKI certification path validation for a given executable file before it is permitted to run. â€¢ Disabled: (Default) Does not enforce PKI certification path validation before a given executable file is permitted to run. text/plain UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations User Account Control: Only elevate UIAccess applications that are installed in secure locations This policy setting controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system. Secure locations are limited to the following: - â€¦\Program Files\, including subfolders - â€¦\Windows\system32\ - â€¦\Program Files (x86)\, including subfolders for 64-bit versions of Windows Note: Windows enforces a public key infrastructure (PKI) signature check on any interactive application that requests to run with a UIAccess integrity level regardless of the state of this security setting. The options are: â€¢ Enabled: (Default) If an application resides in a secure location in the file system, it runs only with UIAccess integrity. â€¢ Disabled: An application runs with UIAccess integrity even if it does not reside in a secure location in the file system. text/plain UserAccountControl_RunAllAdministratorsInAdminApprovalMode User Account Control: Turn on Admin Approval Mode This policy setting controls the behavior of all User Account Control (UAC) policy settings for the computer. If you change this policy setting, you must restart your computer. The options are: â€¢ Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode. â€¢ Disabled: Admin Approval Mode and all related UAC policy settings are disabled. Note: If this policy setting is disabled, the Security Center notifies you that the overall security of the operating system has been reduced. text/plain UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation User Account Control: Switch to the secure desktop when prompting for elevation This policy setting controls whether the elevation request prompt is displayed on the interactive user's desktop or the secure desktop. The options are: â€¢ Enabled: (Default) All elevation requests go to the secure desktop regardless of prompt behavior policy settings for administrators and standard users. â€¢ Disabled: All elevation requests go to the interactive user's desktop. Prompt behavior policy settings for administrators and standard users are used. text/plain UserAccountControl_UseAdminApprovalMode User Account Control: Use Admin Approval Mode for the built-in Administrator account This policy setting controls the behavior of Admin Approval Mode for the built-in Administrator account. The options are: â€¢ Enabled: The built-in Administrator account uses Admin Approval Mode. By default, any operation that requires elevation of privilege will prompt the user to approve the operation. â€¢ Disabled: (Default) The built-in Administrator account runs all applications with full administrative privilege. text/plain UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations User Account Control: Virtualize file and registry write failures to per-user locations This policy setting controls whether application write failures are redirected to defined registry and file system locations. This policy setting mitigates applications that run as administrator and write run-time application data to %ProgramFiles%, %Windir%, %Windir%\system32, or HKLM\Software. The options are: â€¢ Enabled: (Default) Application write failures are redirected at run time to defined user locations for both the file system and registry. â€¢ Disabled: Applications that write data to protected locations fail. text/plain Location EnableLocation text/plain LockDown AllowEdgeSwipe text/plain Maps AllowOfflineMapsDownloadOverMeteredConnection text/plain EnableOfflineMapsAutoUpdate text/plain Messaging AllowMessageSync text/plain AllowMMS text/plain AllowRCS text/plain NetworkIsolation EnterpriseCloudResources text/plain EnterpriseInternalProxyServers text/plain EnterpriseIPRange text/plain EnterpriseIPRangesAreAuthoritative text/plain EnterpriseNetworkDomainNames text/plain EnterpriseProxyServers text/plain EnterpriseProxyServersAreAuthoritative text/plain NeutralResources text/plain Power AllowStandbyWhenSleepingPluggedIn text/plain DisplayOffTimeoutOnBattery text/plain DisplayOffTimeoutPluggedIn text/plain HibernateTimeoutOnBattery text/plain HibernateTimeoutPluggedIn text/plain RequirePasswordWhenComputerWakesOnBattery text/plain RequirePasswordWhenComputerWakesPluggedIn text/plain StandbyTimeoutOnBattery text/plain StandbyTimeoutPluggedIn text/plain Printers PointAndPrintRestrictions text/plain PublishPrinters text/plain Privacy AllowAutoAcceptPairingAndPrivacyConsentPrompts text/plain AllowInputPersonalization text/plain DisableAdvertisingId text/plain EnableActivityFeed Enables ActivityFeed, which is responsible for mirroring different activity types (as applicable) across device graph of the user. text/plain LetAppsAccessAccountInfo This policy setting specifies whether Windows apps can access account information. text/plain LetAppsAccessAccountInfo_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps. text/plain LetAppsAccessAccountInfo_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps. text/plain LetAppsAccessAccountInfo_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the account information privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps. text/plain LetAppsAccessCalendar This policy setting specifies whether Windows apps can access the calendar. text/plain LetAppsAccessCalendar_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps. text/plain LetAppsAccessCalendar_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps. text/plain LetAppsAccessCalendar_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the calendar privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps. text/plain LetAppsAccessCallHistory This policy setting specifies whether Windows apps can access call history. text/plain LetAppsAccessCallHistory_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps. text/plain LetAppsAccessCallHistory_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps. text/plain LetAppsAccessCallHistory_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the call history privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps. text/plain LetAppsAccessCamera This policy setting specifies whether Windows apps can access the camera. text/plain LetAppsAccessCamera_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps. text/plain LetAppsAccessCamera_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps. text/plain LetAppsAccessCamera_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the camera privacy setting for the listed apps. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps. text/plain LetAppsAccessCellularData This policy setting specifies whether Windows apps can access cellular data. text/plain LetAppsAccessCellularData_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. text/plain LetAppsAccessCellularData_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. text/plain LetAppsAccessCellularData_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the cellular data privacy setting for the listed apps. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. text/plain LetAppsAccessContacts This policy setting specifies whether Windows apps can access contacts. text/plain LetAppsAccessContacts_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps. text/plain LetAppsAccessContacts_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps. text/plain LetAppsAccessContacts_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the contacts privacy setting for the listed apps. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps. text/plain LetAppsAccessEmail This policy setting specifies whether Windows apps can access email. text/plain LetAppsAccessEmail_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps. text/plain LetAppsAccessEmail_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps. text/plain LetAppsAccessEmail_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the email privacy setting for the listed apps. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps. text/plain LetAppsAccessLocation This policy setting specifies whether Windows apps can access location. text/plain LetAppsAccessLocation_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps. text/plain LetAppsAccessLocation_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps. text/plain LetAppsAccessLocation_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the location privacy setting for the listed apps. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps. text/plain LetAppsAccessMessaging This policy setting specifies whether Windows apps can read or send messages (text or MMS). text/plain LetAppsAccessMessaging_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps. text/plain LetAppsAccessMessaging_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are not allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps. text/plain LetAppsAccessMessaging_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the messaging privacy setting for the listed apps. This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps. text/plain LetAppsAccessMicrophone This policy setting specifies whether Windows apps can access the microphone. text/plain LetAppsAccessMicrophone_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps. text/plain LetAppsAccessMicrophone_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps. text/plain LetAppsAccessMicrophone_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the microphone privacy setting for the listed apps. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps. text/plain LetAppsAccessMotion This policy setting specifies whether Windows apps can access motion data. text/plain LetAppsAccessMotion_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps. text/plain LetAppsAccessMotion_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps. text/plain LetAppsAccessMotion_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the motion privacy setting for the listed apps. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps. text/plain LetAppsAccessNotifications This policy setting specifies whether Windows apps can access notifications. text/plain LetAppsAccessNotifications_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps. text/plain LetAppsAccessNotifications_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps. text/plain LetAppsAccessNotifications_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the notifications privacy setting for the listed apps. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps. text/plain LetAppsAccessPhone This policy setting specifies whether Windows apps can make phone calls text/plain LetAppsAccessPhone_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps. text/plain LetAppsAccessPhone_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are not allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps. text/plain LetAppsAccessPhone_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the phone call privacy setting for the listed apps. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps. text/plain LetAppsAccessRadios This policy setting specifies whether Windows apps have access to control radios. text/plain LetAppsAccessRadios_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps. text/plain LetAppsAccessRadios_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will not have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps. text/plain LetAppsAccessRadios_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the radios privacy setting for the listed apps. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps. text/plain LetAppsAccessTasks This policy setting specifies whether Windows apps can access tasks. text/plain LetAppsAccessTasks_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps. text/plain LetAppsAccessTasks_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps. text/plain LetAppsAccessTasks_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the tasks privacy setting for the listed apps. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps. text/plain LetAppsAccessTrustedDevices This policy setting specifies whether Windows apps can access trusted devices. text/plain LetAppsAccessTrustedDevices_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps. text/plain LetAppsAccessTrustedDevices_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will not have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps. text/plain LetAppsAccessTrustedDevices_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the 'trusted devices' privacy setting for the listed apps. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps. text/plain LetAppsGetDiagnosticInfo This policy setting specifies whether Windows apps can get diagnostic information about other apps, including user names. text/plain LetAppsGetDiagnosticInfo_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed to get diagnostic information about other apps, including user names. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified Windows apps. text/plain LetAppsGetDiagnosticInfo_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are not allowed to get diagnostic information about other apps, including user names. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified Windows apps. text/plain LetAppsGetDiagnosticInfo_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the app diagnostics privacy setting for the listed Windows apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified Windows apps. text/plain LetAppsRunInBackground This policy setting specifies whether Windows apps can run in the background. text/plain LetAppsRunInBackground_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified Windows apps. text/plain LetAppsRunInBackground_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are not allowed to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified Windows apps. text/plain LetAppsRunInBackground_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the background apps privacy setting for the listed Windows apps. This setting overrides the default LetAppsRunInBackground policy setting for the specified Windows apps. text/plain LetAppsSyncWithDevices This policy setting specifies whether Windows apps can sync with devices. text/plain LetAppsSyncWithDevices_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will have access to sync with devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps. text/plain LetAppsSyncWithDevices_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will not have access to sync with devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps. text/plain LetAppsSyncWithDevices_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the 'sync with devices' privacy setting for the listed apps. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps. text/plain PublishUserActivities Allows apps/system to publish 'User Activities' into ActivityFeed. text/plain RemoteAssistance CustomizeWarningMessages text/plain SessionLogging text/plain SolicitedRemoteAssistance text/plain UnsolicitedRemoteAssistance text/plain RemoteDesktopServices AllowUsersToConnectRemotely text/plain ClientConnectionEncryptionLevel text/plain DoNotAllowDriveRedirection text/plain DoNotAllowPasswordSaving text/plain PromptForPasswordUponConnection text/plain RequireSecureRPCCommunication text/plain RemoteManagement AllowBasicAuthentication_Client text/plain AllowBasicAuthentication_Service text/plain AllowCredSSPAuthenticationClient text/plain AllowCredSSPAuthenticationService text/plain AllowRemoteServerManagement text/plain AllowUnencryptedTraffic_Client text/plain AllowUnencryptedTraffic_Service text/plain DisallowDigestAuthentication text/plain DisallowNegotiateAuthenticationClient text/plain DisallowNegotiateAuthenticationService text/plain DisallowStoringOfRunAsCredentials text/plain SpecifyChannelBindingTokenHardeningLevel text/plain TrustedHosts text/plain TurnOnCompatibilityHTTPListener text/plain TurnOnCompatibilityHTTPSListener text/plain RemoteProcedureCall RestrictUnauthenticatedRPCClients text/plain RPCEndpointMapperClientAuthentication text/plain RemoteShell AllowRemoteShellAccess text/plain MaxConcurrentUsers text/plain SpecifyIdleTimeout text/plain SpecifyMaxMemory text/plain SpecifyMaxProcesses text/plain SpecifyMaxRemoteShells text/plain SpecifyShellTimeout text/plain Search AllowIndexingEncryptedStoresOrItems text/plain AllowSearchToUseLocation text/plain AllowStoringImagesFromVisionSearch text/plain AllowUsingDiacritics text/plain AllowWindowsIndexer text/plain AlwaysUseAutoLangDetection text/plain DisableBackoff text/plain DisableRemovableDriveIndexing text/plain PreventIndexingLowDiskSpaceMB text/plain PreventRemoteQueries text/plain SafeSearchPermissions text/plain Security AllowAddProvisioningPackage text/plain AllowManualRootCertificateInstallation text/plain AllowRemoveProvisioningPackage text/plain AntiTheftMode text/plain ClearTPMIfNotReady text/plain PreventAutomaticDeviceEncryptionForAzureADJoinedDevices text/plain RequireDeviceEncryption text/plain RequireProvisioningPackageSignature text/plain RequireRetrieveHealthCertificateOnBoot text/plain Settings AllowAutoPlay text/plain AllowDataSense text/plain AllowDateTime text/plain AllowEditDeviceName text/plain AllowLanguage text/plain AllowPowerSleep text/plain AllowRegion text/plain AllowSignInOptions text/plain AllowVPN text/plain AllowWorkplace text/plain AllowYourAccount text/plain PageVisibilityList text/plain SmartScreen EnableAppInstallControl text/plain EnableSmartScreenInShell text/plain PreventOverrideForFilesInShell text/plain Speech AllowSpeechModelUpdate text/plain Start AllowPinnedFolderDocuments This policy controls the visibility of the Documents shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user. text/plain AllowPinnedFolderDownloads This policy controls the visibility of the Downloads shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user. text/plain AllowPinnedFolderFileExplorer This policy controls the visibility of the File Explorer shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user. text/plain AllowPinnedFolderHomeGroup This policy controls the visibility of the HomeGroup shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user. text/plain AllowPinnedFolderMusic This policy controls the visibility of the Music shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user. text/plain AllowPinnedFolderNetwork This policy controls the visibility of the Network shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user. text/plain AllowPinnedFolderPersonalFolder This policy controls the visibility of the PersonalFolder shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user. text/plain AllowPinnedFolderPictures This policy controls the visibility of the Pictures shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user. text/plain AllowPinnedFolderSettings This policy controls the visibility of the Settings shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user. text/plain AllowPinnedFolderVideos This policy controls the visibility of the Videos shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user. text/plain ForceStartSize text/plain HideAppList Setting the value of this policy to 1 or 2 collapses the app list. Setting the value of this policy to 3 removes the app list entirely. Setting the value of this policy to 2 or 3 disables the corresponding toggle in the Settings app. text/plain HideChangeAccountSettings Enabling this policy hides "Change account settings" from appearing in the user tile in the start menu. text/plain HideFrequentlyUsedApps Enabling this policy hides the most used apps from appearing on the start menu and disables the corresponding toggle in the Settings app. text/plain HideHibernate Enabling this policy hides "Hibernate" from appearing in the power button in the start menu. text/plain HideLock Enabling this policy hides "Lock" from appearing in the user tile in the start menu. text/plain HidePeopleBar Enabling this policy removes the people icon from the taskbar as well as the corresponding settings toggle. It also prevents users from pinning people to the taskbar. text/plain HidePowerButton Enabling this policy hides the power button from appearing in the start menu. text/plain HideRecentJumplists Enabling this policy hides recent jumplists from appearing on the start menu/taskbar and disables the corresponding toggle in the Settings app. text/plain HideRecentlyAddedApps Enabling this policy hides recently added apps from appearing on the start menu and disables the corresponding toggle in the Settings app. text/plain HideRestart Enabling this policy hides "Restart/Update and restart" from appearing in the power button in the start menu. text/plain HideShutDown Enabling this policy hides "Shut down/Update and shut down" from appearing in the power button in the start menu. text/plain HideSignOut Enabling this policy hides "Sign out" from appearing in the user tile in the start menu. text/plain HideSleep Enabling this policy hides "Sleep" from appearing in the power button in the start menu. text/plain HideSwitchAccount Enabling this policy hides "Switch account" from appearing in the user tile in the start menu. text/plain HideUserTile Enabling this policy hides the user tile from appearing in the start menu. text/plain ImportEdgeAssets This policy setting allows you to import Edge assets to be used with StartLayout policy. Start layout can contain secondary tile from Edge app which looks for Edge local asset file. Edge local asset would not exist and cause Edge secondary tile to appear empty in this case. This policy only gets applied when StartLayout policy is modified. text/plain NoPinningToTaskbar This policy setting allows you to control pinning programs to the Taskbar. If you enable this policy setting, users cannot change the programs currently pinned to the Taskbar. If any programs are already pinned to the Taskbar, these programs continue to show in the Taskbar. However, users cannot unpin these programs already pinned to the Taskbar, and they cannot pin new programs to the Taskbar. If you disable or do not configure this policy setting, users can change the programs currently pinned to the Taskbar. text/plain StartLayout text/plain Storage EnhancedStorageDevices text/plain System AllowBuildPreview text/plain AllowEmbeddedMode text/plain AllowExperimentation text/plain AllowFontProviders text/plain AllowLocation text/plain AllowStorageCard text/plain AllowTelemetry text/plain AllowUserToResetPhone text/plain BootStartDriverInitialization text/plain DisableOneDriveFileSync This policy setting lets you prevent apps and features from working with files on OneDrive. If you enable this policy setting: users canâ€™t access OneDrive from the OneDrive app and file picker; Windows Store apps canâ€™t access OneDrive using the WinRT API; OneDrive doesnâ€™t appear in the navigation pane in File Explorer; OneDrive files arenâ€™t kept in sync with the cloud; Users canâ€™t automatically upload photos and videos from the camera roll folder. If you disable or do not configure this policy setting, apps and features can work with OneDrive file storage. text/plain DisableSystemRestore text/plain TelemetryProxy text/plain TextInput AllowIMELogging text/plain AllowIMENetworkAccess text/plain AllowInputPanel text/plain AllowJapaneseIMESurrogatePairCharacters text/plain AllowJapaneseIVSCharacters text/plain AllowJapaneseNonPublishingStandardGlyph text/plain AllowJapaneseUserDictionary text/plain AllowKeyboardTextSuggestions text/plain AllowLanguageFeaturesUninstall text/plain ExcludeJapaneseIMEExceptJIS0208 text/plain ExcludeJapaneseIMEExceptJIS0208andEUDC text/plain ExcludeJapaneseIMEExceptShiftJIS text/plain TimeLanguageSettings AllowSet24HourClock text/plain Update ActiveHoursEnd text/plain ActiveHoursMaxRange text/plain ActiveHoursStart text/plain AllowAutoUpdate text/plain AllowAutoWindowsUpdateDownloadOverMeteredNetwork text/plain AllowMUUpdateService text/plain AllowNonMicrosoftSignedUpdate text/plain AllowUpdateService text/plain AutoRestartDeadlinePeriodInDays text/plain AutoRestartNotificationSchedule text/plain AutoRestartRequiredNotificationDismissal text/plain BranchReadinessLevel text/plain DeferFeatureUpdatesPeriodInDays text/plain DeferQualityUpdatesPeriodInDays text/plain DeferUpdatePeriod text/plain DeferUpgradePeriod text/plain DetectionFrequency text/plain EngagedRestartDeadline text/plain EngagedRestartSnoozeSchedule text/plain EngagedRestartTransitionSchedule text/plain ExcludeWUDriversInQualityUpdate text/plain FillEmptyContentUrls text/plain IgnoreMOAppDownloadLimit text/plain IgnoreMOUpdateDownloadLimit text/plain ManageBuildPreview text/plain PauseDeferrals text/plain PauseFeatureUpdates text/plain PauseFeatureUpdatesStartTime text/plain PauseQualityUpdates text/plain PauseQualityUpdatesStartTime text/plain PhoneUpdateRestrictions text/plain RequireDeferUpgrade text/plain RequireUpdateApproval text/plain ScheduledInstallDay text/plain ScheduledInstallEveryWeek text/plain ScheduledInstallFirstWeek text/plain ScheduledInstallFourthWeek text/plain ScheduledInstallSecondWeek text/plain ScheduledInstallThirdWeek text/plain ScheduledInstallTime text/plain ScheduleImminentRestartWarning text/plain ScheduleRestartWarning text/plain SetAutoRestartNotificationDisable text/plain SetEDURestart text/plain UpdateServiceUrl text/plain UpdateServiceUrlAlternate text/plain Wifi AllowAutoConnectToWiFiSenseHotspots text/plain AllowInternetSharing text/plain AllowManualWiFiConfiguration text/plain AllowWiFi text/plain AllowWiFiDirect text/plain WLANScanMode text/plain WindowsDefenderSecurityCenter CompanyName text/plain DisableAppBrowserUI text/plain DisableEnhancedNotifications text/plain DisableFamilyUI text/plain DisableHealthUI text/plain DisableNetworkUI text/plain DisableNotifications text/plain DisableVirusUI text/plain DisallowExploitProtectionOverride text/plain Email text/plain EnableCustomizedToasts text/plain EnableInAppCustomization text/plain Phone text/plain URL text/plain WindowsInkWorkspace AllowSuggestedAppsInWindowsInkWorkspace text/plain AllowWindowsInkWorkspace text/plain WindowsLogon DisableLockScreenAppNotifications text/plain DontDisplayNetworkSelectionUI text/plain HideFastUserSwitching This policy setting allows you to hide the Switch User interface in the Logon UI, the Start menu and the Task Manager. If you enable this policy setting, the Switch User interface is hidden from the user who is attempting to log on or is logged on to the computer that has this policy applied. The locations that Switch User interface appear are in the Logon UI, the Start menu and the Task Manager. If you disable or do not configure this policy setting, the Switch User interface is accessible to the user in the three locations. text/plain WirelessDisplay AllowMdnsAdvertisement This policy setting allows you to turn off the Wireless Display multicast DNS service advertisement from a Wireless Display receiver. text/plain AllowMdnsDiscovery This policy setting allows you to turn off discovering the display service advertised over multicast DNS by a Wireless Display receiver. text/plain AllowProjectionFromPC This policy allows you to turn off projection from a PC. If you set it to 0, your PC cannot discover or project to other devices. If you set it to 1, your PC can discover and project to other devices. text/plain AllowProjectionFromPCOverInfrastructure This policy allows you to turn off projection from a PC over infrastructure. If you set it to 0, your PC cannot discover or project to other infrastructure devices, though it may still be possible to discover and project over WiFi Direct. If you set it to 1, your PC can discover and project to other devices over infrastructure. text/plain AllowProjectionToPC This policy setting allows you to turn off projection to a PC If you set it to 0, your PC isn't discoverable and can't be projected to If you set it to 1, your PC is discoverable and can be projected to above the lock screen only. The user has an option to turn it always on or off except for manual launch, too. text/plain AllowProjectionToPCOverInfrastructure This policy setting allows you to turn off projection to a PC over infrastructure. If you set it to 0, your PC cannot be discoverable and can't be projected to over infrastructure, though it may still be possible to project over WiFi Direct. If you set it to 1, your PC can be discoverable and can be projected to over infrastructure. text/plain AllowUserInputFromWirelessDisplayReceiver text/plain RequirePinForPairing This policy setting allows you to require a pin for pairing. If you turn this on, the pairing ceremony for new devices will always require a PIN If you turn it off or don't configure it, a pin isn't required for pairing. text/plain Result AboveLock AllowActionCenterNotifications 1 text/plain desktop AllowCortanaAboveLock 1 text/plain AllowToasts 1 text/plain AccountPolicies MinDevicePasswordLength This security setting determines the least number of characters that a password for a user account may contain. You can set a value of between 1 and 14 characters, or you can establish that no password is required by setting the number of characters to 0. 7 text/plain phone PasswordMustMeetComplexityRequirement This security setting determines whether passwords must meet complexity requirements. If this policy is enabled, passwords must meet the following minimum requirements: Not contain the user's account name or parts of the user's full name that exceed two consecutive characters Be at least six characters in length Contain characters from three of the following four categories: English uppercase characters (A through Z) English lowercase characters (a through z) Base 10 digits (0 through 9) Non-alphabetic characters (for example, !, $, #, %) Complexity requirements are enforced when passwords are changed or created. 0 text/plain phone Accounts AllowAddingNonMicrosoftAccountsManually 1 text/plain AllowMicrosoftAccountConnection 1 text/plain AllowMicrosoftAccountSignInAssistant 1 text/plain DomainNamesForEmailSync text/plain ActiveXControls ApprovedInstallationSites text/plain phone ActiveXInstallService.admx ActiveXInstallService~AT~WindowsComponents~AxInstSv ApprovedActiveXInstallSites ApplicationDefaults DefaultAssociationsConfiguration text/plain phone ApplicationManagement AllowAllTrustedApps 65535 text/plain AllowAppStoreAutoUpdate 2 text/plain AllowDeveloperUnlock 65535 text/plain AllowGameDVR 1 text/plain phone AllowSharedUserAppData 0 text/plain AllowStore 1 text/plain desktop ApplicationRestrictions text/plain desktop DisableStoreOriginatedApps 0 text/plain RestrictAppDataToSystemVolume 0 text/plain RestrictAppToSystemVolume 0 text/plain AppVirtualization AllowAppVClient text/plain phone appv.admx appv~AT~System~CAT_AppV EnableAppV AllowDynamicVirtualization text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Virtualization Virtualization_JITVEnable AllowPackageCleanup text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_PackageManagement PackageManagement_AutoCleanupEnable AllowPackageScripts text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Scripting Scripting_Enable_Package_Scripts AllowPublishingRefreshUX text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Publishing Enable_Publishing_Refresh_UX AllowReportingServer text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Reporting Reporting_Server_Policy AllowRoamingFileExclusions text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Integration Integration_Roaming_File_Exclusions AllowRoamingRegistryExclusions text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Integration Integration_Roaming_Registry_Exclusions AllowStreamingAutoload text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Streaming Steaming_Autoload ClientCoexistenceAllowMigrationmode text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Client_Coexistence Client_Coexistence_Enable_Migration_mode IntegrationAllowRootGlobal text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Integration Integration_Root_User IntegrationAllowRootUser text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Integration Integration_Root_Global PublishingAllowServer1 text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Publishing Publishing_Server1_Policy PublishingAllowServer2 text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Publishing Publishing_Server2_Policy PublishingAllowServer3 text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Publishing Publishing_Server3_Policy PublishingAllowServer4 text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Publishing Publishing_Server4_Policy PublishingAllowServer5 text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Publishing Publishing_Server5_Policy StreamingAllowCertificateFilterForClient_SSL text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Streaming Streaming_Certificate_Filter_For_Client_SSL StreamingAllowHighCostLaunch text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Streaming Streaming_Allow_High_Cost_Launch StreamingAllowLocationProvider text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Streaming Streaming_Location_Provider StreamingAllowPackageInstallationRoot text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Streaming Streaming_Package_Installation_Root StreamingAllowPackageSourceRoot text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Streaming Streaming_Package_Source_Root StreamingAllowReestablishmentInterval text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Streaming Streaming_Reestablishment_Interval StreamingAllowReestablishmentRetries text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Streaming Streaming_Reestablishment_Retries StreamingSharedContentStoreMode text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Streaming Streaming_Shared_Content_Store_Mode StreamingSupportBranchCache text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Streaming Streaming_Support_Branch_Cache StreamingVerifyCertificateRevocationList text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Streaming Streaming_Verify_Certificate_Revocation_List VirtualComponentsAllowList text/plain phone appv.admx appv~AT~System~CAT_AppV~CAT_Virtualization Virtualization_JITVAllowList Authentication AllowFastReconnect 1 text/plain AllowFidoDeviceSignon Specifies whether FIDO device can be used to sign on. 0 text/plain phone AllowSecondaryAuthenticationDevice 0 text/plain Autoplay DisallowAutoplayForNonVolumeDevices text/plain phone AutoPlay.admx AutoPlay~AT~WindowsComponents~AutoPlay NoAutoplayfornonVolume SetDefaultAutoRunBehavior text/plain phone AutoPlay.admx AutoPlay~AT~WindowsComponents~AutoPlay NoAutorun TurnOffAutoPlay text/plain phone AutoPlay.admx AutoPlay~AT~WindowsComponents~AutoPlay Autorun Bitlocker EncryptionMethod 6 text/plain Bluetooth AllowAdvertising 1 text/plain AllowDiscoverableMode 1 text/plain AllowPrepairing 1 text/plain LocalDeviceName text/plain ServicesAllowedList text/plain Browser AllowAddressBarDropdown This policy setting lets you decide whether the Address bar drop-down functionality is available in Microsoft Edge. We recommend disabling this setting if you want to minimize network connections from Microsoft Edge to Microsoft services. 1 text/plain phone AllowAutofill This setting lets you decide whether employees can use Autofill to automatically fill in form fields while using Microsoft Edge. 0 text/plain AllowBrowser 1 text/plain desktop AllowCookies This setting lets you configure how your company deals with cookies. 2 text/plain AllowDeveloperTools This setting lets you decide whether employees can use F12 Developer Tools on Microsoft Edge. 1 text/plain phone AllowDoNotTrack This setting lets you decide whether employees can send Do Not Track headers to websites that request tracking info. 0 text/plain AllowExtensions This setting lets you decide whether employees can load extensions in Microsoft Edge. 1 text/plain phone AllowFlash This setting lets you decide whether employees can run Adobe Flash in Microsoft Edge. 1 text/plain phone AllowFlashClickToRun Configure the Adobe Flash Click-to-Run setting. 1 text/plain phone AllowInPrivate This setting lets you decide whether employees can browse using InPrivate website browsing. 1 text/plain AllowMicrosoftCompatibilityList This policy setting lets you decide whether the Microsoft Compatibility List is enabled or disabled in Microsoft Edge. This feature uses a Microsoft-provided list to ensure that any sites with known compatibility issues are displayed correctly when a user navigates to them. By default, the Microsoft Compatibility List is enabled and can be viewed by navigating to about:compat. If you enable or donâ€™t configure this setting, Microsoft Edge will periodically download the latest version of the list from Microsoft and will apply the configurations specified there during browser navigation. If a user visits a site on the Microsoft Compatibility List, he or she will be prompted to open the site in Internet Explorer 11. Once in Internet Explorer, the site will automatically be rendered as if the user is viewing it in the previous version of Internet Explorer it requires to display correctly. If you disable this setting, the Microsoft Compatibility List will not be used during browser navigation. 1 text/plain AllowPasswordManager This setting lets you decide whether employees can save their passwords locally, using Password Manager. 1 text/plain AllowPopups This setting lets you decide whether to turn on Pop-up Blocker and whether to allow pop-ups to appear in secondary windows. 0 text/plain phone AllowSearchEngineCustomization Allow search engine customization for MDM enrolled devices. Users can change their default search engine. If this setting is turned on or not configured, users can add new search engines and change the default used in the address bar from within Microsoft Edge Settings. If this setting is disabled, users will be unable to add search engines or change the default used in the address bar. This policy will only apply on domain joined machines or when the device is MDM enrolled. For more information, see Microsoft browser extension policy (aka.ms/browserpolicy). 1 text/plain AllowSearchSuggestionsinAddressBar This setting lets you decide whether search suggestions should appear in the Address bar of Microsoft Edge. 1 text/plain AllowSmartScreen This setting lets you decide whether to turn on Windows Defender SmartScreen. 1 text/plain ClearBrowsingDataOnExit Specifies whether to always clear browsing history on exiting Microsoft Edge. 0 text/plain phone ConfigureAdditionalSearchEngines Allows you to add up to 5 additional search engines for MDM-enrolled devices. If this setting is turned on, you can add up to 5 additional search engines for your employee. For each additional search engine you wish to add, you must specify a link to the OpenSearch XML file that contains, at minimum, the short name and the URL to the search engine. This policy does not affect the default search engine. Employees will not be able to remove these search engines, but they can set any one of these as the default. If this setting is not configured, the search engines are the ones specified in the App settings. If this setting is disabled, the search engines you had added will be deleted from your employee's machine. Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled. text/plain DisableLockdownOfStartPages Boolean policy that specifies whether the lockdown on the Start pages is disabled. This policy works with the Browser/HomePages policy, which locks down the Start pages that the users cannot modify. You can use the DisableLockdownOfStartPages policy to allow users to modify the Start pages when Browser/HomePages policy is in effect. Note: This policy has no effect when Browser/HomePages is not configured. Important This setting can only be used with domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy). 0 text/plain phone EnterpriseModeSiteList This setting lets you configure whether your company uses Enterprise Mode and the Enterprise Mode Site List to address common compatibility problems with legacy websites. text/plain phone EnterpriseSiteListServiceUrl text/plain phone FirstRunURL Configure first run URL. text/plain desktop HomePages Configure the Start page URLs for your employees. Example: If you wanted to allow contoso.com and fabrikam.com then you would append /support to the site strings like contoso.com/support and fabrikam.com/support. Encapsulate each string with greater than and less than characters like any other XML tag. Version 1703 or later:â€¯ If you don't want to send traffic to Microsoft, you can use the about:blank value (encapsulate with greater than and less than characters like any other XML tag), which is honored for both domain- and non-domain-joined machines, when it's the only configured URL. text/plain phone PreventAccessToAboutFlagsInMicrosoftEdge Prevent access to the about:flags page in Microsoft Edge. 0 text/plain PreventFirstRunPage Specifies whether the First Run webpage is prevented from automatically opening on the first launch of Microsoft Edge. This policy is only available for Windows 10 version 1703 or later for desktop. Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled. 0 text/plain phone PreventLiveTileDataCollection This policy lets you decide whether Microsoft Edge can gather Live Tile metadata from the ieonline.microsoft.com service to provide a better experience while pinning a Live Tile to the Start menu. Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled. 0 text/plain PreventSmartScreenPromptOverride Don't allow Windows Defender SmartScreen warning overrides 0 text/plain PreventSmartScreenPromptOverrideForFiles Don't allow Windows Defender SmartScreen warning overrides for unverified files. 0 text/plain PreventUsingLocalHostIPAddressForWebRTC Prevent using localhost IP address for WebRTC 0 text/plain SendIntranetTraffictoInternetExplorer Sends all intranet traffic over to Internet Explorer. 0 text/plain phone SetDefaultSearchEngine Sets the default search engine for MDM-enrolled devices. Users can still change their default search engine. If this setting is turned on, you are setting the default search engine that you would like your employees to use. Employees can still change the default search engine, unless you apply the AllowSearchEngineCustomization policy which will disable the ability to change it. You must specify a link to the OpenSearch XML file that contains, at minimum, the short name and the URL to the search engine. If you would like for your employees to use the Edge factory settings for the default search engine for their market, set the string EDGEDEFAULT; if you would like for your employees to use Bing as the default search engine, set the string EDGEBING. If this setting is not configured, the default search engine is set to the one specified in App settings and can be changed by your employees. If this setting is disabled, the policy-set search engine will be removed, and, if it is the current default, the default will be set back to the factory Microsoft Edge search engine for the market. Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled. text/plain ShowMessageWhenOpeningSitesInInternetExplorer Show message when opening sites in Internet Explorer 0 text/plain phone SyncFavoritesBetweenIEAndMicrosoftEdge Specifies whether favorites are kept in sync between Internet Explorer and Microsoft Edge. Changes to favorites in one browser are reflected in the other, including: additions, deletions, modifications, and ordering. 0 text/plain phone Camera AllowCamera 1 text/plain Cellular ShowAppCellularAccessUI text/plain wwansvc.admx wwansvc~AT~Network~WwanSvc_Category~UISettings_Category ShowAppCellularAccessUI Connectivity AllowBluetooth 2 text/plain AllowCellularData 1 text/plain AllowCellularDataRoaming 1 text/plain AllowConnectedDevices 1 text/plain AllowNFC 1 text/plain desktop AllowUSBConnection 1 text/plain desktop AllowVPNOverCellular 1 text/plain AllowVPNRoamingOverCellular 1 text/plain DiablePrintingOverHTTP text/plain phone ICM.admx ICM~AT~System~InternetManagement~InternetManagement_Settings DisableHTTPPrinting_2 DisableDownloadingOfPrintDriversOverHTTP text/plain phone ICM.admx ICM~AT~System~InternetManagement~InternetManagement_Settings DisableWebPnPDownload_2 DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards text/plain phone ICM.admx ICM~AT~System~InternetManagement~InternetManagement_Settings ShellPreventWPWDownload_2 DisallowNetworkConnectivityActiveTests 0 text/plain HardenedUNCPaths text/plain phone networkprovider.admx NetworkProvider~AT~Network~Cat_NetworkProvider Pol_HardenedPaths ProhibitInstallationAndConfigurationOfNetworkBridge text/plain phone NetworkConnections.admx NetworkConnections~AT~Network~NetworkConnections NC_AllowNetBridge_NLA CredentialProviders AllowPINLogon text/plain phone credentialproviders.admx CredentialProviders~AT~System~Logon AllowDomainPINLogon BlockPicturePassword text/plain phone credentialproviders.admx CredentialProviders~AT~System~Logon BlockDomainPicturePassword CredentialsUI DisablePasswordReveal text/plain phone credui.admx CredUI~AT~WindowsComponents~CredUI DisablePasswordReveal EnumerateAdministrators text/plain phone credui.admx CredUI~AT~WindowsComponents~CredUI EnumerateAdministrators Cryptography AllowFipsAlgorithmPolicy 0 text/plain TLSCipherSuites text/plain DataProtection AllowDirectMemoryAccess 1 text/plain LegacySelectiveWipeID text/plain DataUsage SetCost3G text/plain wwansvc.admx wwansvc~AT~Network~WwanSvc_Category~NetworkCost_Category SetCost3G SetCost4G text/plain wwansvc.admx wwansvc~AT~Network~WwanSvc_Category~NetworkCost_Category SetCost4G Defender AllowArchiveScanning 1 text/plain phone AllowBehaviorMonitoring 1 text/plain phone AllowCloudProtection 1 text/plain phone AllowEmailScanning 0 text/plain phone AllowFullScanOnMappedNetworkDrives 0 text/plain phone AllowFullScanRemovableDriveScanning 1 text/plain phone AllowIntrusionPreventionSystem 1 text/plain phone AllowIOAVProtection 1 text/plain phone AllowOnAccessProtection 1 text/plain phone AllowRealtimeMonitoring 1 text/plain phone AllowScanningNetworkFiles 0 text/plain phone AllowScriptScanning 1 text/plain phone AllowUserUIAccess 1 text/plain phone AttackSurfaceReductionOnlyExclusions text/plain phone AttackSurfaceReductionRules text/plain phone AvgCPULoadFactor 50 text/plain phone CloudBlockLevel 0 text/plain phone CloudExtendedTimeout 0 text/plain phone DaysToRetainCleanedMalware 0 text/plain phone EnableGuardMyFolders 0 text/plain phone EnableNetworkProtection 0 text/plain phone ExcludedExtensions text/plain phone ExcludedPaths text/plain phone ExcludedProcesses text/plain phone GuardedFoldersAllowedApplications text/plain phone GuardedFoldersList text/plain phone PUAProtection 0 text/plain phone RealTimeScanDirection 0 text/plain phone ScanParameter 1 text/plain phone ScheduleQuickScanTime 120 text/plain phone ScheduleScanDay 0 text/plain phone ScheduleScanTime 120 text/plain phone SignatureUpdateInterval 8 text/plain phone SubmitSamplesConsent 1 text/plain phone ThreatSeverityDefaultAction text/plain phone DeliveryOptimization DOAbsoluteMaxCacheSize 10 text/plain phone DOAllowVPNPeerCaching 0 text/plain phone DODownloadMode 1 text/plain phone DOGroupId text/plain phone DOMaxCacheAge 259200 text/plain phone DOMaxCacheSize 20 text/plain phone DOMaxDownloadBandwidth 0 text/plain phone DOMaxUploadBandwidth 0 text/plain phone DOMinBackgroundQos 500 text/plain phone DOMinBatteryPercentageAllowedToUpload 0 text/plain phone DOMinDiskSizeAllowedToPeer 32 text/plain phone DOMinFileSizeToCache 100 text/plain phone DOMinRAMAllowedToPeer 4 text/plain phone DOModifyCacheDrive %SystemDrive% text/plain phone DOMonthlyUploadDataCap 20 text/plain phone DOPercentageMaxDownloadBandwidth 0 text/plain phone DeviceGuard EnableVirtualizationBasedSecurity Turns On Virtualization Based Security(VBS) 0 text/plain phone LsaCfgFlags Credential Guard Configuration: 0 - Turns off CredentialGuard remotely if configured previously without UEFI Lock, 1 - Turns on CredentialGuard with UEFI lock. 2 - Turns on CredentialGuard without UEFI lock. 0 text/plain phone RequirePlatformSecurityFeatures Select Platform Security Level: 1 - Turns on VBS with Secure Boot, 3 - Turns on VBS with Secure Boot and DMA. DMA requires hardware support. 1 text/plain phone DeviceInstallation PreventInstallationOfMatchingDeviceIDs text/plain phone deviceinstallation.admx DeviceInstallation~AT~System~DeviceInstall_Category~DeviceInstall_Restrictions_Category DeviceInstall_IDs_Deny PreventInstallationOfMatchingDeviceSetupClasses text/plain phone deviceinstallation.admx DeviceInstallation~AT~System~DeviceInstall_Category~DeviceInstall_Restrictions_Category DeviceInstall_Classes_Deny DeviceLock AllowIdleReturnWithoutPassword Specifies whether the user must input a PIN or password when the device resumes from an idle state. 1 text/plain desktop AllowScreenTimeoutWhileLockedUserConfig Specifies whether to show a user-configurable setting to control the screen timeout while on the lock screen of Windows 10 Mobile devices. 0 text/plain AllowSimpleDevicePassword Specifies whether PINs or passwords such as 1111 or 1234 are allowed. For the desktop, it also controls the use of picture passwords. 1 text/plain AlphanumericDevicePasswordRequired Determines the type of PIN or password required. This policy only applies if the DeviceLock/DevicePasswordEnabled policy is set to 0 2 text/plain DevicePasswordEnabled Specifies whether device lock is enabled. 1 text/plain DevicePasswordExpiration Specifies when the password expires (in days). 0 text/plain DevicePasswordHistory Specifies how many passwords can be stored in the history that canâ€™t be used. 0 text/plain EnforceLockScreenAndLogonImage text/plain phone EnforceLockScreenProvider text/plain MaxDevicePasswordFailedAttempts 0 text/plain MaxInactivityTimeDeviceLock The number of authentication failures allowed before the device will be wiped. A value of 0 disables device wipe functionality. 0 text/plain MaxInactivityTimeDeviceLockWithExternalDisplay Sets the maximum timeout value for the external display. 0 text/plain desktop MinDevicePasswordComplexCharacters The number of complex element types (uppercase and lowercase letters, numbers, and punctuation) required for a strong PIN or password. 1 text/plain MinDevicePasswordLength Specifies the minimum number or characters required in the PIN or password. 4 text/plain MinimumPasswordAge This security setting determines the period of time (in days) that a password must be used before the user can change it. You can set a value between 1 and 998 days, or you can allow changes immediately by setting the number of days to 0. The minimum password age must be less than the Maximum password age, unless the maximum password age is set to 0, indicating that passwords will never expire. If the maximum password age is set to 0, the minimum password age can be set to any value between 0 and 998. Configure the minimum password age to be more than 0 if you want Enforce password history to be effective. Without a minimum password age, users can cycle through passwords repeatedly until they get to an old favorite. The default setting does not follow this recommendation, so that an administrator can specify a password for a user and then require the user to change the administrator-defined password when the user logs on. If the password history is set to 0, the user does not have to choose a new password. For this reason, Enforce password history is set to 1 by default. 1 text/plain phone PreventLockScreenSlideShow text/plain phone ControlPanelDisplay.admx ControlPanelDisplay~AT~ControlPanel~Personalization CPL_Personalization_NoLockScreenSlideshow ScreenTimeoutWhileLocked Specifies whether to show a user-configurable setting to control the screen timeout while on the lock screen of Windows 10 Mobile devices. 10 text/plain Display TurnOffGdiDPIScalingForApps This policy allows to force turn off GDI DPI Scaling for a semicolon separated list of applications. Applications can be specified either by using full path or just filename and extension. text/plain phone TurnOnGdiDPIScalingForApps This policy allows to turn on GDI DPI Scaling for a semicolon separated list of applications. Applications can be specified either by using full path or just filename and extension. text/plain phone ErrorReporting CustomizeConsentSettings text/plain phone ErrorReporting.admx ErrorReporting~AT~WindowsComponents~CAT_WindowsErrorReporting WerConsentCustomize_2 DisableWindowsErrorReporting text/plain phone ErrorReporting.admx ErrorReporting~AT~WindowsComponents~CAT_WindowsErrorReporting WerDisable_2 DisplayErrorNotification text/plain phone ErrorReporting.admx ErrorReporting~AT~WindowsComponents~CAT_WindowsErrorReporting PCH_ShowUI DoNotSendAdditionalData text/plain phone ErrorReporting.admx ErrorReporting~AT~WindowsComponents~CAT_WindowsErrorReporting WerNoSecondLevelData_2 PreventCriticalErrorDisplay text/plain phone ErrorReporting.admx ErrorReporting~AT~WindowsComponents~CAT_WindowsErrorReporting WerDoNotShowUI EventLogService ControlEventLogBehavior text/plain phone eventlog.admx EventLog~AT~WindowsComponents~EventLogCategory~EventLog_Application Channel_Log_Retention_1 SpecifyMaximumFileSizeApplicationLog text/plain phone eventlog.admx EventLog~AT~WindowsComponents~EventLogCategory~EventLog_Application Channel_LogMaxSize_1 SpecifyMaximumFileSizeSecurityLog text/plain phone eventlog.admx EventLog~AT~WindowsComponents~EventLogCategory~EventLog_Security Channel_LogMaxSize_2 SpecifyMaximumFileSizeSystemLog text/plain phone eventlog.admx EventLog~AT~WindowsComponents~EventLogCategory~EventLog_System Channel_LogMaxSize_4 Experience AllowCopyPaste 1 text/plain desktop AllowCortana 1 text/plain AllowDeviceDiscovery 1 text/plain AllowFindMyDevice 1 text/plain AllowManualMDMUnenrollment 1 text/plain AllowSaveAsOfOfficeFiles 1 text/plain AllowScreenCapture 1 text/plain AllowSharingOfOfficeFiles 1 text/plain AllowSIMErrorDialogPromptWhenNoSIM 1 text/plain AllowSyncMySettings 1 text/plain AllowTaskSwitcher 1 text/plain desktop AllowVoiceRecording 1 text/plain desktop AllowWindowsTips 1 text/plain phone DoNotShowFeedbackNotifications 0 text/plain Games AllowAdvancedGamingServices Specifies whether advanced gaming services can be used. These services may send data to Microsoft or publishers of games that use these services. 1 text/plain InternetExplorer AddSearchProvider text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer AddSearchProvider AllowActiveXFiltering text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer TurnOnActiveXFiltering AllowAddOnList text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagement AddonManagement_AddOnList AllowCertificateAddressMismatchWarning text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_PolicyWarnCertMismatch AllowDeletingBrowsingHistoryOnExit text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~DeleteBrowsingHistory DBHDisableDeleteOnExit AllowEnhancedProtectedMode text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage Advanced_EnableEnhancedProtectedMode AllowEnterpriseModeFromToolsMenu text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer EnterpriseModeEnable AllowEnterpriseModeSiteList text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer EnterpriseModeSiteList AllowFallbackToSSL3 text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures Advanced_EnableSSL3Fallback AllowInternetExplorer7PolicyList text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~CategoryCompatView CompatView_UsePolicyList AllowInternetExplorerStandardsMode text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~CategoryCompatView CompatView_IntranetSites AllowInternetZoneTemplate text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_PolicyInternetZoneTemplate AllowIntranetZoneTemplate text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_PolicyIntranetZoneTemplate AllowLocalMachineZoneTemplate text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_PolicyLocalMachineZoneTemplate AllowLockedDownInternetZoneTemplate text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_PolicyInternetZoneLockdownTemplate AllowLockedDownIntranetZoneTemplate text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_PolicyIntranetZoneLockdownTemplate AllowLockedDownLocalMachineZoneTemplate text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_PolicyLocalMachineZoneLockdownTemplate AllowLockedDownRestrictedSitesZoneTemplate text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_PolicyRestrictedSitesZoneLockdownTemplate AllowOneWordEntry text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetSettings~Advanced~Browsing UseIntranetSiteForOneWordEntry AllowSiteToZoneAssignmentList text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_Zonemaps AllowsLockedDownTrustedSitesZoneTemplate text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_PolicyTrustedSitesZoneLockdownTemplate AllowSoftwareWhenSignatureIsInvalid text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage Advanced_InvalidSignatureBlock AllowsRestrictedSitesZoneTemplate text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_PolicyRestrictedSitesZoneTemplate AllowSuggestedSites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer EnableSuggestedSites AllowTrustedSitesZoneTemplate text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_PolicyTrustedSitesZoneTemplate CheckServerCertificateRevocation text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage Advanced_CertificateRevocation CheckSignaturesOnDownloadedPrograms text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage Advanced_DownloadSignatures ConsistentMimeHandlingInternetExplorerProcesses text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryBinaryBehaviorSecurityRestriction IESF_PolicyExplorerProcesses_2 DisableAdobeFlash text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagement DisableFlashInIE DisableBlockingOfOutdatedActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagement VerMgmtDisable DisableBypassOfSmartScreenWarnings text/plain phone inetres.admx DisableBypassOfSmartScreenWarningsAboutUncommonFiles text/plain phone inetres.admx DisableConfiguringHistory text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~DeleteBrowsingHistory RestrictHistory DisableCrashDetection text/plain phone inetres.admx DisableCustomerExperienceImprovementProgramParticipation text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer SQM_DisableCEIP DisableDeletingUserVisitedWebsites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~DeleteBrowsingHistory DBHDisableDeleteHistory DisableEnclosureDownloading text/plain phone inetres.admx inetres~AT~WindowsComponents~RSS_Feeds Disable_Downloading_of_Enclosures DisableEncryptionSupport text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage Advanced_SetWinInetProtocols DisableFirstRunWizard text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer NoFirstRunCustomise DisableFlipAheadFeature text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage Advanced_DisableFlipAhead DisableIgnoringCertificateErrors text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL NoCertError DisableInPrivateBrowsing text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~CategoryPrivacy DisableInPrivateBrowsing DisableProcessesInEnhancedProtectedMode text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage Advanced_EnableEnhancedProtectedMode64Bit DisableProxyChange text/plain phone inetres.admx DisableSearchProviderChange text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer NoSearchProvider DisableSecondaryHomePageChange text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer SecondaryHomePages DisableSecuritySettingsCheck text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer Disable_Security_Settings_Check DisableUpdateCheck text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer NoUpdateCheck DoNotAllowActiveXControlsInProtectedMode text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage Advanced_DisableEPMCompat DoNotAllowUsersToAddSites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer Security_zones_map_edit DoNotAllowUsersToChangePolicies text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer Security_options_edit DoNotBlockOutdatedActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagement VerMgmtDisable DoNotBlockOutdatedActiveXControlsOnSpecificDomains text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagement VerMgmtDomainAllowlist IncludeAllLocalSites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_IncludeUnspecifiedLocalSites IncludeAllNetworkPaths text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage IZ_UNCAsIntranet InternetZoneAllowAccessToDataSources text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyAccessDataSourcesAcrossDomains_1 InternetZoneAllowAutomaticPromptingForActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyNotificationBarActiveXURLaction_1 InternetZoneAllowAutomaticPromptingForFileDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyNotificationBarDownloadURLaction_1 InternetZoneAllowCopyPasteViaScript text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyAllowPasteViaScript_1 InternetZoneAllowDragAndDropCopyAndPasteFiles text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyDropOrPasteFiles_1 InternetZoneAllowFontDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyFontDownload_1 InternetZoneAllowLessPrivilegedSites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyZoneElevationURLaction_1 InternetZoneAllowLoadingOfXAMLFilesWRONG text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_Policy_XAML_1 InternetZoneAllowNETFrameworkReliantComponents text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyUnsignedFrameworkComponentsURLaction_1 InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Intranet InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_PolicyAllowTDCControl_Both_LocalMachine InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_Policy_WebBrowserControl_1 InternetZoneAllowScriptInitiatedWindows text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_PolicyWindowsRestrictionsURLaction_6 InternetZoneAllowScriptlets text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_Policy_AllowScriptlets_1 InternetZoneAllowSmartScreenIE text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_Policy_Phishing_1 InternetZoneAllowUpdatesToStatusBarViaScript text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_Policy_ScriptStatusBar_1 InternetZoneAllowUserDataPersistence text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyUserdataPersistence_1 InternetZoneDoNotRunAntimalwareAgainstActiveXControlsWRONG1 text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyAntiMalwareCheckingOfActiveXControls_1 InternetZoneDoNotRunAntimalwareAgainstActiveXControlsWRONG2 text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_PolicyAntiMalwareCheckingOfActiveXControls_3 InternetZoneDownloadSignedActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_PolicyDownloadSignedActiveX_3 InternetZoneDownloadUnsignedActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyDownloadUnsignedActiveX_1 InternetZoneEnableCrossSiteScriptingFilter text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_PolicyTurnOnXSSFilter_Both_LocalMachine InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Internet InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Internet InternetZoneEnableMIMESniffing text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyMimeSniffingURLaction_1 InternetZoneEnableProtectedMode text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown IZ_Policy_TurnOnProtectedMode_2 InternetZoneIncludeLocalPathWhenUploadingFilesToServer text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_Policy_LocalPathForUpload_1 InternetZoneInitializeAndScriptActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyScriptActiveXNotMarkedSafe_1 InternetZoneInitializeAndScriptActiveXControlsNotMarkedSafe text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyScriptActiveXNotMarkedSafe_1 InternetZoneJavaPermissionsWRONG1 text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyJavaPermissions_1 InternetZoneJavaPermissionsWRONG2 text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_PolicyJavaPermissions_3 InternetZoneLaunchingApplicationsAndFilesInIFRAME text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyLaunchAppsAndFilesInIFRAME_1 InternetZoneLogonOptions text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyLogon_1 InternetZoneNavigateWindowsAndFrames text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyNavigateSubframesAcrossDomains_1 InternetZoneRunNETFrameworkReliantComponentsNotSignedWithAuthenticode text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyUnsignedFrameworkComponentsURLaction_1 InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicySignedFrameworkComponentsURLaction_1 InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_Policy_UnsafeFiles_1 InternetZoneUsePopupBlocker text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyBlockPopupWindows_1 InternetZoneWebsitesInLessPrivilegedZonesCanNavigateIntoThisZone text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyZoneElevationURLaction_1 IntranetZoneAllowAccessToDataSources text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_PolicyAccessDataSourcesAcrossDomains_3 IntranetZoneAllowAutomaticPromptingForActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_PolicyNotificationBarActiveXURLaction_3 IntranetZoneAllowAutomaticPromptingForFileDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_PolicyNotificationBarDownloadURLaction_3 IntranetZoneAllowFontDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_PolicyFontDownload_3 IntranetZoneAllowLessPrivilegedSites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_PolicyZoneElevationURLaction_3 IntranetZoneAllowNETFrameworkReliantComponents text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_PolicyUnsignedFrameworkComponentsURLaction_3 IntranetZoneAllowScriptlets text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_Policy_AllowScriptlets_3 IntranetZoneAllowSmartScreenIE text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_Policy_Phishing_3 IntranetZoneAllowUserDataPersistence text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_PolicyUserdataPersistence_3 IntranetZoneInitializeAndScriptActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_PolicyScriptActiveXNotMarkedSafe_3 IntranetZoneNavigateWindowsAndFrames text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone IZ_PolicyNavigateSubframesAcrossDomains_3 LocalMachineZoneAllowAccessToDataSources text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_PolicyAccessDataSourcesAcrossDomains_9 LocalMachineZoneAllowAutomaticPromptingForActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_PolicyNotificationBarActiveXURLaction_9 LocalMachineZoneAllowAutomaticPromptingForFileDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_PolicyNotificationBarDownloadURLaction_9 LocalMachineZoneAllowFontDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_PolicyFontDownload_9 LocalMachineZoneAllowLessPrivilegedSites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_PolicyZoneElevationURLaction_9 LocalMachineZoneAllowNETFrameworkReliantComponents text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_PolicyUnsignedFrameworkComponentsURLaction_9 LocalMachineZoneAllowScriptlets text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_Policy_AllowScriptlets_9 LocalMachineZoneAllowSmartScreenIE text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_Policy_Phishing_9 LocalMachineZoneAllowUserDataPersistence text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_PolicyUserdataPersistence_9 LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone~IZ_LocalMachineZone IZ_PolicyAntiMalwareCheckingOfActiveXControls_9 LocalMachineZoneInitializeAndScriptActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_PolicyScriptActiveXNotMarkedSafe_9 LocalMachineZoneJavaPermissions text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_PolicyJavaPermissions_9 LocalMachineZoneNavigateWindowsAndFrames text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone IZ_PolicyNavigateSubframesAcrossDomains_9 LockedDownInternetZoneAllowAccessToDataSources text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown IZ_PolicyAccessDataSourcesAcrossDomains_2 LockedDownInternetZoneAllowAutomaticPromptingForActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown IZ_PolicyNotificationBarActiveXURLaction_2 LockedDownInternetZoneAllowAutomaticPromptingForFileDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown IZ_PolicyNotificationBarDownloadURLaction_2 LockedDownInternetZoneAllowFontDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown IZ_PolicyFontDownload_2 LockedDownInternetZoneAllowLessPrivilegedSites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown IZ_PolicyZoneElevationURLaction_2 LockedDownInternetZoneAllowNETFrameworkReliantComponents text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown IZ_PolicyUnsignedFrameworkComponentsURLaction_2 LockedDownInternetZoneAllowScriptlets text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown IZ_Policy_AllowScriptlets_2 LockedDownInternetZoneAllowSmartScreenIE text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown IZ_Policy_Phishing_2 LockedDownInternetZoneAllowUserDataPersistence text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown IZ_PolicyUserdataPersistence_2 LockedDownInternetZoneInitializeAndScriptActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown IZ_PolicyScriptActiveXNotMarkedSafe_2 LockedDownInternetZoneJavaPermissions text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown IZ_PolicyJavaPermissions_2 LockedDownInternetZoneNavigateWindowsAndFrames text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown IZ_PolicyNavigateSubframesAcrossDomains_2 LockedDownIntranetZoneAllowAccessToDataSources text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown IZ_PolicyAccessDataSourcesAcrossDomains_4 LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown IZ_PolicyNotificationBarActiveXURLaction_4 LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown IZ_PolicyNotificationBarDownloadURLaction_4 LockedDownIntranetZoneAllowFontDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown IZ_PolicyFontDownload_4 LockedDownIntranetZoneAllowLessPrivilegedSites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown IZ_PolicyZoneElevationURLaction_4 LockedDownIntranetZoneAllowNETFrameworkReliantComponents text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown IZ_PolicyUnsignedFrameworkComponentsURLaction_4 LockedDownIntranetZoneAllowScriptlets text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown IZ_Policy_AllowScriptlets_4 LockedDownIntranetZoneAllowSmartScreenIE text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown IZ_Policy_Phishing_4 LockedDownIntranetZoneAllowUserDataPersistence text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown IZ_PolicyUserdataPersistence_4 LockedDownIntranetZoneInitializeAndScriptActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown IZ_PolicyScriptActiveXNotMarkedSafe_4 LockedDownIntranetZoneNavigateWindowsAndFrames text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown IZ_PolicyNavigateSubframesAcrossDomains_4 LockedDownLocalMachineZoneAllowAccessToDataSources text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown IZ_PolicyAccessDataSourcesAcrossDomains_10 LockedDownLocalMachineZoneAllowAutomaticPromptingForActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown IZ_PolicyNotificationBarActiveXURLaction_10 LockedDownLocalMachineZoneAllowAutomaticPromptingForFileDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown IZ_PolicyNotificationBarDownloadURLaction_10 LockedDownLocalMachineZoneAllowFontDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown IZ_PolicyFontDownload_10 LockedDownLocalMachineZoneAllowLessPrivilegedSites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown IZ_PolicyZoneElevationURLaction_10 LockedDownLocalMachineZoneAllowNETFrameworkReliantComponents text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown IZ_PolicyUnsignedFrameworkComponentsURLaction_10 LockedDownLocalMachineZoneAllowScriptlets text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown IZ_Policy_AllowScriptlets_10 LockedDownLocalMachineZoneAllowSmartScreenIE text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown IZ_Policy_Phishing_10 LockedDownLocalMachineZoneAllowUserDataPersistence text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown IZ_PolicyUserdataPersistence_10 LockedDownLocalMachineZoneInitializeAndScriptActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown IZ_PolicyScriptActiveXNotMarkedSafe_10 LockedDownLocalMachineZoneJavaPermissions text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown IZ_PolicyJavaPermissions_10 LockedDownLocalMachineZoneNavigateWindowsAndFrames text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown IZ_PolicyNavigateSubframesAcrossDomains_10 LockedDownRestrictedSitesZoneAllowAccessToDataSources text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown IZ_PolicyAccessDataSourcesAcrossDomains_8 LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown IZ_PolicyNotificationBarActiveXURLaction_8 LockedDownRestrictedSitesZoneAllowAutomaticPromptingForFileDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown IZ_PolicyNotificationBarDownloadURLaction_8 LockedDownRestrictedSitesZoneAllowFontDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown IZ_PolicyFontDownload_8 LockedDownRestrictedSitesZoneAllowLessPrivilegedSites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown IZ_PolicyZoneElevationURLaction_8 LockedDownRestrictedSitesZoneAllowNETFrameworkReliantComponents text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown IZ_PolicyUnsignedFrameworkComponentsURLaction_8 LockedDownRestrictedSitesZoneAllowScriptlets text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown IZ_Policy_AllowScriptlets_8 LockedDownRestrictedSitesZoneAllowSmartScreenIE text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown IZ_Policy_Phishing_8 LockedDownRestrictedSitesZoneAllowUserDataPersistence text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown IZ_PolicyUserdataPersistence_8 LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown IZ_PolicyScriptActiveXNotMarkedSafe_8 LockedDownRestrictedSitesZoneJavaPermissions text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown IZ_PolicyJavaPermissions_8 LockedDownRestrictedSitesZoneNavigateWindowsAndFrames text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown IZ_PolicyNavigateSubframesAcrossDomains_8 LockedDownTrustedSitesZoneAllowAccessToDataSources text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_PolicyAccessDataSourcesAcrossDomains_6 LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_PolicyNotificationBarActiveXURLaction_6 LockedDownTrustedSitesZoneAllowAutomaticPromptingForFileDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_PolicyNotificationBarDownloadURLaction_6 LockedDownTrustedSitesZoneAllowFontDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_PolicyFontDownload_6 LockedDownTrustedSitesZoneAllowLessPrivilegedSites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_PolicyZoneElevationURLaction_6 LockedDownTrustedSitesZoneAllowNETFrameworkReliantComponents text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_PolicyUnsignedFrameworkComponentsURLaction_6 LockedDownTrustedSitesZoneAllowScriptlets text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_Policy_AllowScriptlets_6 LockedDownTrustedSitesZoneAllowSmartScreenIE text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_Policy_Phishing_6 LockedDownTrustedSitesZoneAllowUserDataPersistence text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_PolicyUserdataPersistence_6 LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_PolicyScriptActiveXNotMarkedSafe_6 LockedDownTrustedSitesZoneJavaPermissions text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_PolicyJavaPermissions_6 LockedDownTrustedSitesZoneNavigateWindowsAndFrames text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_PolicyNavigateSubframesAcrossDomains_6 MimeSniffingSafetyFeatureInternetExplorerProcesses text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryMimeSniffingSafetyFeature IESF_PolicyExplorerProcesses_6 MKProtocolSecurityRestrictionInternetExplorerProcesses text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryMKProtocolSecurityRestriction IESF_PolicyExplorerProcesses_3 NotificationBarInternetExplorerProcesses text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryInformationBar IESF_PolicyExplorerProcesses_10 PreventManagingSmartScreenFilter text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyDownloadSignedActiveX_1 PreventPerUserInstallationOfActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer DisablePerUserActiveXInstall ProtectionFromZoneElevationInternetExplorerProcesses text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryProtectionFromZoneElevation IESF_PolicyAllProcesses_9 RemoveRunThisTimeButtonForOutdatedActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagement VerMgmtDisableRunThisTime RestrictActiveXInstallInternetExplorerProcesses text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryRestrictActiveXInstall IESF_PolicyAllProcesses_11 RestrictedSitesZoneAllowAccessToDataSources text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyAccessDataSourcesAcrossDomains_7 RestrictedSitesZoneAllowActiveScripting text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyActiveScripting_1 RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyNotificationBarActiveXURLaction_7 RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyNotificationBarDownloadURLaction_7 RestrictedSitesZoneAllowBinaryAndScriptBehaviors text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyBinaryBehaviors_1 RestrictedSitesZoneAllowCopyPasteViaScript text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyAllowPasteViaScript_7 RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyDropOrPasteFiles_7 RestrictedSitesZoneAllowFileDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyFileDownload_1 RestrictedSitesZoneAllowFontDownloadsWRONG1 text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyFontDownload_7 RestrictedSitesZoneAllowFontDownloadsWRONG2 text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyFontDownload_1 RestrictedSitesZoneAllowLessPrivilegedSites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyZoneElevationURLaction_7 RestrictedSitesZoneAllowLoadingOfXAMLFiles text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_Policy_XAML_7 RestrictedSitesZoneAllowMETAREFRESH text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyAllowMETAREFRESH_1 RestrictedSitesZoneAllowNETFrameworkReliantComponents text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyUnsignedFrameworkComponentsURLaction_7 RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Restricted RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyAllowTDCControl_Both_Restricted RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_Policy_WebBrowserControl_7 RestrictedSitesZoneAllowScriptInitiatedWindows text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyWindowsRestrictionsURLaction_7 RestrictedSitesZoneAllowScriptlets text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_Policy_AllowScriptlets_7 RestrictedSitesZoneAllowSmartScreenIE text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_Policy_Phishing_7 RestrictedSitesZoneAllowUpdatesToStatusBarViaScript text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_Policy_ScriptStatusBar_7 RestrictedSitesZoneAllowUserDataPersistence text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyUserdataPersistence_7 RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyAntiMalwareCheckingOfActiveXControls_7 RestrictedSitesZoneDownloadSignedActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyDownloadSignedActiveX_7 RestrictedSitesZoneDownloadUnsignedActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyDownloadUnsignedActiveX_7 RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Restricted RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Restricted RestrictedSitesZoneEnableMIMESniffing text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyMimeSniffingURLaction_7 RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_Policy_LocalPathForUpload_7 RestrictedSitesZoneInitializeAndScriptActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyScriptActiveXNotMarkedSafe_7 RestrictedSitesZoneJavaPermissions text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyJavaPermissions_7 RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyLaunchAppsAndFilesInIFRAME_7 RestrictedSitesZoneLogonOptions text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyLogon_7 RestrictedSitesZoneNavigateWindowsAndFrames text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyNavigateSubframesAcrossDomains_7 RestrictedSitesZoneNavigateWindowsAndFramesAcrossDomains text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyNavigateSubframesAcrossDomains_1 RestrictedSitesZoneRunActiveXControlsAndPlugins text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyRunActiveXControls_1 RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicySignedFrameworkComponentsURLaction_7 RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone IZ_PolicyScriptActiveXMarkedSafe_1 RestrictedSitesZoneWRONG text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown IZ_PolicyScriptingOfJavaApplets_6 RestrictedSitesZoneWRONG2 text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_Policy_UnsafeFiles_7 RestrictedSitesZoneWRONG3 text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyTurnOnXSSFilter_Both_Restricted RestrictedSitesZoneWRONG4 text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_Policy_TurnOnProtectedMode_7 RestrictedSitesZoneWRONG5 text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone IZ_PolicyBlockPopupWindows_7 RestrictFileDownloadInternetExplorerProcesses text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryRestrictFileDownload IESF_PolicyAllProcesses_12 ScriptedWindowSecurityRestrictionsInternetExplorerProcesses text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryScriptedWindowSecurityRestrictions IESF_PolicyAllProcesses_8 SearchProviderList text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer SpecificSearchProvider SecurityZonesUseOnlyMachineSettings text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer Security_HKLM_only SpecifyUseOfActiveXInstallerService text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer OnlyUseAXISForActiveXInstall TrustedSitesZoneAllowAccessToDataSources text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_PolicyAccessDataSourcesAcrossDomains_5 TrustedSitesZoneAllowAutomaticPromptingForActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_PolicyNotificationBarActiveXURLaction_5 TrustedSitesZoneAllowAutomaticPromptingForFileDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_PolicyNotificationBarDownloadURLaction_5 TrustedSitesZoneAllowFontDownloads text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_PolicyFontDownload_5 TrustedSitesZoneAllowLessPrivilegedSites text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_PolicyZoneElevationURLaction_5 TrustedSitesZoneAllowNETFrameworkReliantComponents text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_PolicyUnsignedFrameworkComponentsURLaction_5 TrustedSitesZoneAllowScriptlets text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_Policy_AllowScriptlets_5 TrustedSitesZoneAllowSmartScreenIE text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_Policy_Phishing_5 TrustedSitesZoneAllowUserDataPersistence text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_PolicyUserdataPersistence_5 TrustedSitesZoneInitializeAndScriptActiveXControls text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_PolicyScriptActiveXNotMarkedSafe_5 TrustedSitesZoneJavaPermissions text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_PolicyJavaPermissions_5 TrustedSitesZoneNavigateWindowsAndFrames text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_PolicyNavigateSubframesAcrossDomains_5 TrustedSitesZoneWRONG1 text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_PolicyAntiMalwareCheckingOfActiveXControls_5 TrustedSitesZoneWRONG2 text/plain phone inetres.admx inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone IZ_PolicyScriptActiveXNotMarkedSafe_5 Kerberos AllowForestSearchOrder text/plain phone Kerberos.admx Kerberos~AT~System~kerberos ForestSearch KerberosClientSupportsClaimsCompoundArmor text/plain phone Kerberos.admx Kerberos~AT~System~kerberos EnableCbacAndArmor RequireKerberosArmoring text/plain phone Kerberos.admx Kerberos~AT~System~kerberos ClientRequireFast RequireStrictKDCValidation text/plain phone Kerberos.admx Kerberos~AT~System~kerberos ValidateKDC SetMaximumContextTokenSize text/plain phone Kerberos.admx Kerberos~AT~System~kerberos MaxTokenSize Licensing AllowWindowsEntitlementReactivation 1 text/plain phone DisallowKMSClientOnlineAVSValidation 0 text/plain phone LocalPoliciesSecurityOptions Accounts_BlockMicrosoftAccounts This policy setting prevents users from adding new Microsoft accounts on this computer. If you select the "Users canâ€™t add Microsoft accounts" option, users will not be able to create new Microsoft accounts on this computer, switch a local account to a Microsoft account, or connect a domain account to a Microsoft account. This is the preferred option if you need to limit the use of Microsoft accounts in your enterprise. If you select the "Users canâ€™t add or log on with Microsoft accounts" option, existing Microsoft account users will not be able to log on to Windows. Selecting this option might make it impossible for an existing administrator on this computer to log on and manage the system. If you disable or do not configure this policy (recommended), users will be able to use Microsoft accounts with Windows. 0 text/plain phone Accounts_EnableAdministratorAccountStatus This security setting determines whether the local Administrator account is enabled or disabled. Notes If you try to reenable the Administrator account after it has been disabled, and if the current Administrator password does not meet the password requirements, you cannot reenable the account. In this case, an alternative member of the Administrators group must reset the password on the Administrator account. For information about how to reset a password, see To reset a password. Disabling the Administrator account can become a maintenance issue under certain circumstances. Under Safe Mode boot, the disabled Administrator account will only be enabled if the machine is non-domain joined and there are no other local active administrator accounts. If the computer is domain joined the disabled administrator will not be enabled. Default: Disabled. 0 text/plain desktop Accounts_EnableGuestAccountStatus This security setting determines if the Guest account is enabled or disabled. Default: Disabled. Note: If the Guest account is disabled and the security option Network Access: Sharing and Security Model for local accounts is set to Guest Only, network logons, such as those performed by the Microsoft Network Server (SMB Service), will fail. 0 text/plain desktop Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly Accounts: Limit local account use of blank passwords to console logon only This security setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If enabled, local accounts that are not password protected will only be able to log on at the computer's keyboard. Default: Enabled. Warning: Computers that are not in physically secure locations should always enforce strong password policies for all local user accounts. Otherwise, anyone with physical access to the computer can log on by using a user account that does not have a password. This is especially important for portable computers. If you apply this security policy to the Everyone group, no one will be able to log on through Remote Desktop Services. Notes This setting does not affect logons that use domain accounts. It is possible for applications that use remote interactive logons to bypass this setting. 1 text/plain phone Accounts_RenameAdministratorAccount Accounts: Rename administrator account This security setting determines whether a different account name is associated with the security identifier (SID) for the account Administrator. Renaming the well-known Administrator account makes it slightly more difficult for unauthorized persons to guess this privileged user name and password combination. Default: Administrator. text/plain phone Accounts_RenameGuestAccount Accounts: Rename guest account This security setting determines whether a different account name is associated with the security identifier (SID) for the account "Guest." Renaming the well-known Guest account makes it slightly more difficult for unauthorized persons to guess this user name and password combination. Default: Guest. text/plain phone InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked Interactive Logon:Display user information when the session is locked User display name, domain and user names (1) User display name only (2) Do not display user information (3) 1 text/plain phone Interactivelogon_DoNotDisplayLastSignedIn Interactive logon: Don't display last signed-in This security setting determines whether the Windows sign-in screen will show the username of the last person who signed in on this PC. If this policy is enabled, the username will not be shown. If this policy is disabled, the username will be shown. Default: Disabled. 0 text/plain phone Interactivelogon_DoNotDisplayUsernameAtSignIn Interactive logon: Don't display username at sign-in This security setting determines whether the username of the person signing in to this PC appears at Windows sign-in, after credentials are entered, and before the PC desktop is shown. If this policy is enabled, the username will not be shown. If this policy is disabled, the username will be shown. Default: Disabled. 0 text/plain phone Interactivelogon_DoNotRequireCTRLALTDEL Interactive logon: Do not require CTRL+ALT+DEL This security setting determines whether pressing CTRL+ALT+DEL is required before a user can log on. If this policy is enabled on a computer, a user is not required to press CTRL+ALT+DEL to log on. Not having to press CTRL+ALT+DEL leaves users susceptible to attacks that attempt to intercept the users' passwords. Requiring CTRL+ALT+DEL before users log on ensures that users are communicating by means of a trusted path when entering their passwords. If this policy is disabled, any user is required to press CTRL+ALT+DEL before logging on to Windows. Default on domain-computers: Enabled: At least Windows 8/Disabled: Windows 7 or earlier. Default on stand-alone computers: Enabled. 1 text/plain phone InteractiveLogon_MachineInactivityLimit Interactive logon: Machine inactivity limit. Windows notices inactivity of a logon session, and if the amount of inactive time exceeds the inactivity limit, then the screen saver will run, locking the session. Default: not enforced. 0 text/plain InteractiveLogon_MessageTextForUsersAttemptingToLogOn Interactive logon: Message text for users attempting to log on This security setting specifies a text message that is displayed to users when they log on. This text is often used for legal reasons, for example, to warn users about the ramifications of misusing company information or to warn them that their actions may be audited. Default: No message. text/plain phone InteractiveLogon_MessageTitleForUsersAttemptingToLogOn Interactive logon: Message title for users attempting to log on This security setting allows the specification of a title to appear in the title bar of the window that contains the Interactive logon: Message text for users attempting to log on. Default: No message. text/plain phone NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccountsAndShares Network access: Do not allow anonymous enumeration of SAM accounts and shares This security setting determines whether anonymous enumeration of SAM accounts and shares is allowed. Windows allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares. This is convenient, for example, when an administrator wants to grant access to users in a trusted domain that does not maintain a reciprocal trust. If you do not want to allow anonymous enumeration of SAM accounts and shares, then enable this policy. Default: Disabled. 0 text/plain phone NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares Network access: Restrict anonymous access to Named Pipes and Shares When enabled, this security setting restricts anonymous access to shares and pipes to the settings for: Network access: Named pipes that can be accessed anonymously Network access: Shares that can be accessed anonymously Default: Enabled. 1 text/plain phone NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM Network access: Restrict clients allowed to make remote calls to SAM This policy setting allows you to restrict remote rpc connections to SAM. If not selected, the default security descriptor will be used. This policy is supported on at least Windows Server 2016. text/plain phone NetworkSecurity_AllowPKU2UAuthenticationRequests Network security: Allow PKU2U authentication requests to this computer to use online identities. This policy will be turned off by default on domain joined machines. This would prevent online identities from authenticating to the domain joined machine. 1 text/plain phone RecoveryConsole_AllowAutomaticAdministrativeLogon Recovery console: Allow automatic administrative logon This security setting determines if the password for the Administrator account must be given before access to the system is granted. If this option is enabled, the Recovery Console does not require you to provide a password, and it automatically logs on to the system. Default: This policy is not defined and automatic administrative logon is not allowed. 0 text/plain phone Shutdown_ClearVirtualMemoryPageFile Shutdown: Clear virtual memory pagefile This security setting determines whether the virtual memory pagefile is cleared when the system is shut down. Virtual memory support uses a system pagefile to swap pages of memory to disk when they are not used. On a running system, this pagefile is opened exclusively by the operating system, and it is well protected. However, systems that are configured to allow booting to other operating systems might have to make sure that the system pagefile is wiped clean when this system shuts down. This ensures that sensitive information from process memory that might go into the pagefile is not available to an unauthorized user who manages to directly access the pagefile. When this policy is enabled, it causes the system pagefile to be cleared upon clean shutdown. If you enable this security option, the hibernation file (hiberfil.sys) is also zeroed out when hibernation is disabled. Default: Disabled. 0 text/plain phone UserAccountControl_AllowUIAccessApplicationsToPromptForElevation User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop. This policy setting controls whether User Interface Accessibility (UIAccess or UIA) programs can automatically disable the secure desktop for elevation prompts used by a standard user. â€¢ Enabled: UIA programs, including Windows Remote Assistance, automatically disable the secure desktop for elevation prompts. If you do not disable the "User Account Control: Switch to the secure desktop when prompting for elevation" policy setting, the prompts appear on the interactive user's desktop instead of the secure desktop. â€¢ Disabled: (Default) The secure desktop can be disabled only by the user of the interactive desktop or by disabling the "User Account Control: Switch to the secure desktop when prompting for elevation" policy setting. 1 text/plain phone UserAccountControl_BehaviorOfTheElevationPromptForAdministrators User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode This policy setting controls the behavior of the elevation prompt for administrators. The options are: â€¢ Elevate without prompting: Allows privileged accounts to perform an operation that requires elevation without requiring consent or credentials. Note: Use this option only in the most constrained environments. â€¢ Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a privileged user name and password. If the user enters valid credentials, the operation continues with the user's highest available privilege. â€¢ Prompt for consent on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege. â€¢ Prompt for credentials: When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege. â€¢ Prompt for consent: When an operation requires elevation of privilege, the user is prompted to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege. â€¢ Prompt for consent for non-Windows binaries: (Default) When an operation for a non-Microsoft application requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege. 0 text/plain phone UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers User Account Control: Behavior of the elevation prompt for standard users This policy setting controls the behavior of the elevation prompt for standard users. The options are: â€¢ Prompt for credentials: (Default) When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege. â€¢ Automatically deny elevation requests: When an operation requires elevation of privilege, a configurable access denied error message is displayed. An enterprise that is running desktops as standard user may choose this setting to reduce help desk calls. â€¢ Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a different user name and password. If the user enters valid credentials, the operation continues with the applicable privilege. 0 text/plain phone UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated User Account Control: Only elevate executable files that are signed and validated This policy setting enforces public key infrastructure (PKI) signature checks for any interactive applications that request elevation of privilege. Enterprise administrators can control which applications are allowed to run by adding certificates to the Trusted Publishers certificate store on local computers. The options are: â€¢ Enabled: Enforces the PKI certification path validation for a given executable file before it is permitted to run. â€¢ Disabled: (Default) Does not enforce PKI certification path validation before a given executable file is permitted to run. 1 text/plain phone UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations User Account Control: Only elevate UIAccess applications that are installed in secure locations This policy setting controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system. Secure locations are limited to the following: - â€¦\Program Files\, including subfolders - â€¦\Windows\system32\ - â€¦\Program Files (x86)\, including subfolders for 64-bit versions of Windows Note: Windows enforces a public key infrastructure (PKI) signature check on any interactive application that requests to run with a UIAccess integrity level regardless of the state of this security setting. The options are: â€¢ Enabled: (Default) If an application resides in a secure location in the file system, it runs only with UIAccess integrity. â€¢ Disabled: An application runs with UIAccess integrity even if it does not reside in a secure location in the file system. 1 text/plain phone UserAccountControl_RunAllAdministratorsInAdminApprovalMode User Account Control: Turn on Admin Approval Mode This policy setting controls the behavior of all User Account Control (UAC) policy settings for the computer. If you change this policy setting, you must restart your computer. The options are: â€¢ Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode. â€¢ Disabled: Admin Approval Mode and all related UAC policy settings are disabled. Note: If this policy setting is disabled, the Security Center notifies you that the overall security of the operating system has been reduced. 0 text/plain phone UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation User Account Control: Switch to the secure desktop when prompting for elevation This policy setting controls whether the elevation request prompt is displayed on the interactive user's desktop or the secure desktop. The options are: â€¢ Enabled: (Default) All elevation requests go to the secure desktop regardless of prompt behavior policy settings for administrators and standard users. â€¢ Disabled: All elevation requests go to the interactive user's desktop. Prompt behavior policy settings for administrators and standard users are used. 1 text/plain phone UserAccountControl_UseAdminApprovalMode User Account Control: Use Admin Approval Mode for the built-in Administrator account This policy setting controls the behavior of Admin Approval Mode for the built-in Administrator account. The options are: â€¢ Enabled: The built-in Administrator account uses Admin Approval Mode. By default, any operation that requires elevation of privilege will prompt the user to approve the operation. â€¢ Disabled: (Default) The built-in Administrator account runs all applications with full administrative privilege. 1 text/plain phone UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations User Account Control: Virtualize file and registry write failures to per-user locations This policy setting controls whether application write failures are redirected to defined registry and file system locations. This policy setting mitigates applications that run as administrator and write run-time application data to %ProgramFiles%, %Windir%, %Windir%\system32, or HKLM\Software. The options are: â€¢ Enabled: (Default) Application write failures are redirected at run time to defined user locations for both the file system and registry. â€¢ Disabled: Applications that write data to protected locations fail. 1 text/plain phone Location EnableLocation 0 text/plain LockDown AllowEdgeSwipe 1 text/plain phone Maps AllowOfflineMapsDownloadOverMeteredConnection 65535 text/plain EnableOfflineMapsAutoUpdate 65535 text/plain Messaging AllowMessageSync 1 text/plain desktop AllowMMS 1 text/plain desktop AllowRCS 1 text/plain desktop NetworkIsolation EnterpriseCloudResources text/plain EnterpriseInternalProxyServers text/plain EnterpriseIPRange text/plain EnterpriseIPRangesAreAuthoritative 0 text/plain EnterpriseNetworkDomainNames text/plain EnterpriseProxyServers text/plain EnterpriseProxyServersAreAuthoritative 0 text/plain NeutralResources text/plain Power AllowStandbyWhenSleepingPluggedIn text/plain phone power.admx Power~AT~System~PowerManagementCat~PowerSleepSettingsCat AllowStandbyStatesAC_2 DisplayOffTimeoutOnBattery text/plain phone power.admx Power~AT~System~PowerManagementCat~PowerVideoSettingsCat VideoPowerDownTimeOutDC_2 DisplayOffTimeoutPluggedIn text/plain phone power.admx Power~AT~System~PowerManagementCat~PowerVideoSettingsCat VideoPowerDownTimeOutAC_2 HibernateTimeoutOnBattery text/plain phone power.admx Power~AT~System~PowerManagementCat~PowerSleepSettingsCat DCHibernateTimeOut_2 HibernateTimeoutPluggedIn text/plain phone power.admx Power~AT~System~PowerManagementCat~PowerSleepSettingsCat ACHibernateTimeOut_2 RequirePasswordWhenComputerWakesOnBattery text/plain phone power.admx Power~AT~System~PowerManagementCat~PowerSleepSettingsCat DCPromptForPasswordOnResume_2 RequirePasswordWhenComputerWakesPluggedIn text/plain phone power.admx Power~AT~System~PowerManagementCat~PowerSleepSettingsCat ACPromptForPasswordOnResume_2 StandbyTimeoutOnBattery text/plain phone power.admx Power~AT~System~PowerManagementCat~PowerSleepSettingsCat DCStandbyTimeOut_2 StandbyTimeoutPluggedIn text/plain phone power.admx Power~AT~System~PowerManagementCat~PowerSleepSettingsCat ACStandbyTimeOut_2 Printers PointAndPrintRestrictions text/plain phone Printing.admx Printing~AT~ControlPanel~CplPrinters PointAndPrint_Restrictions_Win7 PublishPrinters text/plain phone Printing2.admx Printing2~AT~Printers PublishPrinters Privacy AllowAutoAcceptPairingAndPrivacyConsentPrompts 0 text/plain desktop AllowInputPersonalization 1 text/plain 10.0.10240 DisableAdvertisingId 65535 text/plain EnableActivityFeed Enables ActivityFeed, which is responsible for mirroring different activity types (as applicable) across device graph of the user. 1 text/plain LetAppsAccessAccountInfo This policy setting specifies whether Windows apps can access account information. 0 text/plain LetAppsAccessAccountInfo_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps. text/plain LetAppsAccessAccountInfo_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps. text/plain LetAppsAccessAccountInfo_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the account information privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps. text/plain LetAppsAccessCalendar This policy setting specifies whether Windows apps can access the calendar. 0 text/plain LetAppsAccessCalendar_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps. text/plain LetAppsAccessCalendar_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps. text/plain LetAppsAccessCalendar_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the calendar privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps. text/plain LetAppsAccessCallHistory This policy setting specifies whether Windows apps can access call history. 0 text/plain LetAppsAccessCallHistory_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps. text/plain LetAppsAccessCallHistory_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps. text/plain LetAppsAccessCallHistory_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the call history privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps. text/plain LetAppsAccessCamera This policy setting specifies whether Windows apps can access the camera. 0 text/plain LetAppsAccessCamera_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps. text/plain LetAppsAccessCamera_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps. text/plain LetAppsAccessCamera_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the camera privacy setting for the listed apps. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps. text/plain LetAppsAccessCellularData This policy setting specifies whether Windows apps can access cellular data. 0 text/plain LetAppsAccessCellularData_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. text/plain LetAppsAccessCellularData_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. text/plain LetAppsAccessCellularData_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the cellular data privacy setting for the listed apps. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. text/plain LetAppsAccessContacts This policy setting specifies whether Windows apps can access contacts. 0 text/plain LetAppsAccessContacts_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps. text/plain LetAppsAccessContacts_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps. text/plain LetAppsAccessContacts_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the contacts privacy setting for the listed apps. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps. text/plain LetAppsAccessEmail This policy setting specifies whether Windows apps can access email. 0 text/plain LetAppsAccessEmail_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps. text/plain LetAppsAccessEmail_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps. text/plain LetAppsAccessEmail_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the email privacy setting for the listed apps. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps. text/plain LetAppsAccessLocation This policy setting specifies whether Windows apps can access location. 0 text/plain LetAppsAccessLocation_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps. text/plain LetAppsAccessLocation_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps. text/plain LetAppsAccessLocation_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the location privacy setting for the listed apps. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps. text/plain LetAppsAccessMessaging This policy setting specifies whether Windows apps can read or send messages (text or MMS). 0 text/plain LetAppsAccessMessaging_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps. text/plain LetAppsAccessMessaging_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are not allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps. text/plain LetAppsAccessMessaging_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the messaging privacy setting for the listed apps. This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps. text/plain LetAppsAccessMicrophone This policy setting specifies whether Windows apps can access the microphone. 0 text/plain LetAppsAccessMicrophone_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps. text/plain LetAppsAccessMicrophone_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps. text/plain LetAppsAccessMicrophone_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the microphone privacy setting for the listed apps. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps. text/plain LetAppsAccessMotion This policy setting specifies whether Windows apps can access motion data. 0 text/plain LetAppsAccessMotion_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps. text/plain LetAppsAccessMotion_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps. text/plain LetAppsAccessMotion_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the motion privacy setting for the listed apps. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps. text/plain LetAppsAccessNotifications This policy setting specifies whether Windows apps can access notifications. 0 text/plain LetAppsAccessNotifications_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps. text/plain LetAppsAccessNotifications_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps. text/plain LetAppsAccessNotifications_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the notifications privacy setting for the listed apps. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps. text/plain LetAppsAccessPhone This policy setting specifies whether Windows apps can make phone calls 0 text/plain LetAppsAccessPhone_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps. text/plain LetAppsAccessPhone_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are not allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps. text/plain LetAppsAccessPhone_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the phone call privacy setting for the listed apps. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps. text/plain LetAppsAccessRadios This policy setting specifies whether Windows apps have access to control radios. 0 text/plain LetAppsAccessRadios_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps. text/plain LetAppsAccessRadios_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will not have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps. text/plain LetAppsAccessRadios_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the radios privacy setting for the listed apps. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps. text/plain LetAppsAccessTasks This policy setting specifies whether Windows apps can access tasks. 0 text/plain LetAppsAccessTasks_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps. text/plain LetAppsAccessTasks_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps. text/plain LetAppsAccessTasks_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the tasks privacy setting for the listed apps. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps. text/plain LetAppsAccessTrustedDevices This policy setting specifies whether Windows apps can access trusted devices. 0 text/plain LetAppsAccessTrustedDevices_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps. text/plain LetAppsAccessTrustedDevices_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will not have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps. text/plain LetAppsAccessTrustedDevices_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the 'trusted devices' privacy setting for the listed apps. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps. text/plain LetAppsGetDiagnosticInfo This policy setting specifies whether Windows apps can get diagnostic information about other apps, including user names. 0 text/plain LetAppsGetDiagnosticInfo_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed to get diagnostic information about other apps, including user names. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified Windows apps. text/plain LetAppsGetDiagnosticInfo_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are not allowed to get diagnostic information about other apps, including user names. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified Windows apps. text/plain LetAppsGetDiagnosticInfo_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the app diagnostics privacy setting for the listed Windows apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified Windows apps. text/plain LetAppsRunInBackground This policy setting specifies whether Windows apps can run in the background. 0 text/plain LetAppsRunInBackground_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified Windows apps. text/plain LetAppsRunInBackground_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are not allowed to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified Windows apps. text/plain LetAppsRunInBackground_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the background apps privacy setting for the listed Windows apps. This setting overrides the default LetAppsRunInBackground policy setting for the specified Windows apps. text/plain LetAppsSyncWithDevices This policy setting specifies whether Windows apps can sync with devices. 0 text/plain LetAppsSyncWithDevices_ForceAllowTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will have access to sync with devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps. text/plain LetAppsSyncWithDevices_ForceDenyTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will not have access to sync with devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps. text/plain LetAppsSyncWithDevices_UserInControlOfTheseApps List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the 'sync with devices' privacy setting for the listed apps. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps. text/plain PublishUserActivities Allows apps/system to publish 'User Activities' into ActivityFeed. 1 text/plain RemoteAssistance CustomizeWarningMessages text/plain phone remoteassistance.admx RemoteAssistance~AT~System~RemoteAssist RA_Options SessionLogging text/plain phone remoteassistance.admx RemoteAssistance~AT~System~RemoteAssist RA_Logging SolicitedRemoteAssistance text/plain phone remoteassistance.admx RemoteAssistance~AT~System~RemoteAssist RA_Solicit UnsolicitedRemoteAssistance text/plain phone remoteassistance.admx RemoteAssistance~AT~System~RemoteAssist RA_Unsolicit RemoteDesktopServices AllowUsersToConnectRemotely text/plain phone terminalserver.admx TerminalServer~AT~WindowsComponents~TS_GP_NODE~TS_TERMINAL_SERVER~TS_CONNECTIONS TS_DISABLE_CONNECTIONS ClientConnectionEncryptionLevel text/plain phone terminalserver.admx TerminalServer~AT~WindowsComponents~TS_GP_NODE~TS_TERMINAL_SERVER~TS_SECURITY TS_ENCRYPTION_POLICY DoNotAllowDriveRedirection text/plain phone terminalserver.admx TerminalServer~AT~WindowsComponents~TS_GP_NODE~TS_TERMINAL_SERVER~TS_REDIRECTION TS_CLIENT_DRIVE_M DoNotAllowPasswordSaving text/plain phone terminalserver.admx TerminalServer~AT~WindowsComponents~TS_GP_NODE~TS_CLIENT TS_CLIENT_DISABLE_PASSWORD_SAVING_2 PromptForPasswordUponConnection text/plain phone terminalserver.admx TerminalServer~AT~WindowsComponents~TS_GP_NODE~TS_TERMINAL_SERVER~TS_SECURITY TS_PASSWORD RequireSecureRPCCommunication text/plain phone terminalserver.admx TerminalServer~AT~WindowsComponents~TS_GP_NODE~TS_TERMINAL_SERVER~TS_SECURITY TS_RPC_ENCRYPTION RemoteManagement AllowBasicAuthentication_Client text/plain phone WindowsRemoteManagement.admx WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMClient AllowBasic_2 AllowBasicAuthentication_Service text/plain phone WindowsRemoteManagement.admx WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMService AllowBasic_1 AllowCredSSPAuthenticationClient text/plain phone WindowsRemoteManagement.admx WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMService AllowCredSSP_1 AllowCredSSPAuthenticationService text/plain phone WindowsRemoteManagement.admx WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMService AllowCredSSP_2 AllowRemoteServerManagement text/plain phone WindowsRemoteManagement.admx WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMService AllowAutoConfig AllowUnencryptedTraffic_Client text/plain phone WindowsRemoteManagement.admx WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMClient AllowUnencrypted_2 AllowUnencryptedTraffic_Service text/plain phone WindowsRemoteManagement.admx WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMService AllowUnencrypted_1 DisallowDigestAuthentication text/plain phone WindowsRemoteManagement.admx WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMClient DisallowDigest DisallowNegotiateAuthenticationClient text/plain phone WindowsRemoteManagement.admx WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMService DisallowNegotiate_1 DisallowNegotiateAuthenticationService text/plain phone WindowsRemoteManagement.admx WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMClient DisallowNegotiate_2 DisallowStoringOfRunAsCredentials text/plain phone WindowsRemoteManagement.admx WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMService DisableRunAs SpecifyChannelBindingTokenHardeningLevel text/plain phone WindowsRemoteManagement.admx WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMService CBTHardeningLevel_1 TrustedHosts text/plain phone WindowsRemoteManagement.admx WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMClient TrustedHosts TurnOnCompatibilityHTTPListener text/plain phone WindowsRemoteManagement.admx WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMService HttpCompatibilityListener TurnOnCompatibilityHTTPSListener text/plain phone WindowsRemoteManagement.admx WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMService HttpsCompatibilityListener RemoteProcedureCall RestrictUnauthenticatedRPCClients text/plain phone rpc.admx RPC~AT~System~Rpc RpcRestrictRemoteClients RPCEndpointMapperClientAuthentication text/plain phone rpc.admx RPC~AT~System~Rpc RpcEnableAuthEpResolution RemoteShell AllowRemoteShellAccess text/plain phone WindowsRemoteShell.admx WindowsRemoteShell~AT~WindowsComponents~WinRS AllowRemoteShellAccess MaxConcurrentUsers text/plain phone WindowsRemoteShell.admx WindowsRemoteShell~AT~WindowsComponents~WinRS MaxConcurrentUsers SpecifyIdleTimeout text/plain phone WindowsRemoteShell.admx WindowsRemoteShell~AT~WindowsComponents~WinRS IdleTimeout SpecifyMaxMemory text/plain phone WindowsRemoteShell.admx WindowsRemoteShell~AT~WindowsComponents~WinRS MaxMemoryPerShellMB SpecifyMaxProcesses text/plain phone WindowsRemoteShell.admx WindowsRemoteShell~AT~WindowsComponents~WinRS MaxProcessesPerShell SpecifyMaxRemoteShells text/plain phone WindowsRemoteShell.admx WindowsRemoteShell~AT~WindowsComponents~WinRS MaxShellsPerUser SpecifyShellTimeout text/plain phone WindowsRemoteShell.admx WindowsRemoteShell~AT~WindowsComponents~WinRS ShellTimeOut Search AllowIndexingEncryptedStoresOrItems 0 text/plain AllowSearchToUseLocation 1 text/plain AllowStoringImagesFromVisionSearch 1 text/plain AllowUsingDiacritics 0 text/plain AllowWindowsIndexer 3 text/plain AlwaysUseAutoLangDetection 0 text/plain DisableBackoff 0 text/plain DisableRemovableDriveIndexing 0 text/plain PreventIndexingLowDiskSpaceMB 1 text/plain PreventRemoteQueries 1 text/plain SafeSearchPermissions 1 text/plain desktop Security AllowAddProvisioningPackage 1 text/plain AllowManualRootCertificateInstallation 1 text/plain desktop AllowRemoveProvisioningPackage 1 text/plain AntiTheftMode 1 text/plain desktop ClearTPMIfNotReady 0 text/plain phone PreventAutomaticDeviceEncryptionForAzureADJoinedDevices 0 text/plain RequireDeviceEncryption 0 text/plain RequireProvisioningPackageSignature 0 text/plain RequireRetrieveHealthCertificateOnBoot 0 text/plain Settings AllowAutoPlay 1 text/plain phone AllowDataSense 1 text/plain AllowDateTime 1 text/plain AllowEditDeviceName 1 text/plain AllowLanguage 1 text/plain phone AllowPowerSleep 1 text/plain phone AllowRegion 1 text/plain phone AllowSignInOptions 1 text/plain phone AllowVPN 1 text/plain AllowWorkplace 1 text/plain phone AllowYourAccount 1 text/plain PageVisibilityList text/plain SmartScreen EnableAppInstallControl 0 text/plain phone EnableSmartScreenInShell 1 text/plain phone PreventOverrideForFilesInShell 0 text/plain phone Speech AllowSpeechModelUpdate 1 text/plain Start AllowPinnedFolderDocuments This policy controls the visibility of the Documents shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user. 65535 text/plain phone AllowPinnedFolderDownloads This policy controls the visibility of the Downloads shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user. 65535 text/plain phone AllowPinnedFolderFileExplorer This policy controls the visibility of the File Explorer shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user. 65535 text/plain phone AllowPinnedFolderHomeGroup This policy controls the visibility of the HomeGroup shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user. 65535 text/plain phone AllowPinnedFolderMusic This policy controls the visibility of the Music shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user. 65535 text/plain phone AllowPinnedFolderNetwork This policy controls the visibility of the Network shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user. 65535 text/plain phone AllowPinnedFolderPersonalFolder This policy controls the visibility of the PersonalFolder shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user. 65535 text/plain phone AllowPinnedFolderPictures This policy controls the visibility of the Pictures shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user. 65535 text/plain phone AllowPinnedFolderSettings This policy controls the visibility of the Settings shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user. 65535 text/plain phone AllowPinnedFolderVideos This policy controls the visibility of the Videos shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user. 65535 text/plain phone ForceStartSize 0 text/plain phone HideAppList Setting the value of this policy to 1 or 2 collapses the app list. Setting the value of this policy to 3 removes the app list entirely. Setting the value of this policy to 2 or 3 disables the corresponding toggle in the Settings app. 0 text/plain phone HideChangeAccountSettings Enabling this policy hides "Change account settings" from appearing in the user tile in the start menu. 0 text/plain HideFrequentlyUsedApps Enabling this policy hides the most used apps from appearing on the start menu and disables the corresponding toggle in the Settings app. 0 text/plain phone HideHibernate Enabling this policy hides "Hibernate" from appearing in the power button in the start menu. 0 text/plain HideLock Enabling this policy hides "Lock" from appearing in the user tile in the start menu. 0 text/plain HidePeopleBar Enabling this policy removes the people icon from the taskbar as well as the corresponding settings toggle. It also prevents users from pinning people to the taskbar. 0 text/plain phone HidePowerButton Enabling this policy hides the power button from appearing in the start menu. 0 text/plain HideRecentJumplists Enabling this policy hides recent jumplists from appearing on the start menu/taskbar and disables the corresponding toggle in the Settings app. 0 text/plain phone HideRecentlyAddedApps Enabling this policy hides recently added apps from appearing on the start menu and disables the corresponding toggle in the Settings app. 0 text/plain phone HideRestart Enabling this policy hides "Restart/Update and restart" from appearing in the power button in the start menu. 0 text/plain HideShutDown Enabling this policy hides "Shut down/Update and shut down" from appearing in the power button in the start menu. 0 text/plain HideSignOut Enabling this policy hides "Sign out" from appearing in the user tile in the start menu. 0 text/plain HideSleep Enabling this policy hides "Sleep" from appearing in the power button in the start menu. 0 text/plain HideSwitchAccount Enabling this policy hides "Switch account" from appearing in the user tile in the start menu. 0 text/plain HideUserTile Enabling this policy hides the user tile from appearing in the start menu. 0 text/plain ImportEdgeAssets This policy setting allows you to import Edge assets to be used with StartLayout policy. Start layout can contain secondary tile from Edge app which looks for Edge local asset file. Edge local asset would not exist and cause Edge secondary tile to appear empty in this case. This policy only gets applied when StartLayout policy is modified. text/plain phone NoPinningToTaskbar This policy setting allows you to control pinning programs to the Taskbar. If you enable this policy setting, users cannot change the programs currently pinned to the Taskbar. If any programs are already pinned to the Taskbar, these programs continue to show in the Taskbar. However, users cannot unpin these programs already pinned to the Taskbar, and they cannot pin new programs to the Taskbar. If you disable or do not configure this policy setting, users can change the programs currently pinned to the Taskbar. 0 text/plain phone StartLayout text/plain phone Storage EnhancedStorageDevices text/plain phone enhancedstorage.admx EnhancedStorage~AT~System~EnStorDeviceAccess TCGSecurityActivationDisabled System AllowBuildPreview 2 text/plain AllowEmbeddedMode 0 text/plain AllowExperimentation 1 text/plain AllowFontProviders 1 text/plain AllowLocation 1 text/plain AllowStorageCard 1 text/plain AllowTelemetry 3 text/plain AllowUserToResetPhone 1 text/plain BootStartDriverInitialization text/plain phone earlylauncham.admx EarlyLaunchAM~AT~System~ELAMCategory POL_DriverLoadPolicy_Name DisableOneDriveFileSync This policy setting lets you prevent apps and features from working with files on OneDrive. If you enable this policy setting: users canâ€™t access OneDrive from the OneDrive app and file picker; Windows Store apps canâ€™t access OneDrive using the WinRT API; OneDrive doesnâ€™t appear in the navigation pane in File Explorer; OneDrive files arenâ€™t kept in sync with the cloud; Users canâ€™t automatically upload photos and videos from the camera roll folder. If you disable or do not configure this policy setting, apps and features can work with OneDrive file storage. 0 text/plain DisableSystemRestore text/plain phone systemrestore.admx SystemRestore~AT~System~SR SR_DisableSR TelemetryProxy text/plain TextInput AllowIMELogging 1 text/plain phone AllowIMENetworkAccess 1 text/plain phone AllowInputPanel 1 text/plain phone AllowJapaneseIMESurrogatePairCharacters 1 text/plain phone AllowJapaneseIVSCharacters 1 text/plain phone AllowJapaneseNonPublishingStandardGlyph 1 text/plain phone AllowJapaneseUserDictionary 1 text/plain phone AllowKeyboardTextSuggestions 1 text/plain AllowLanguageFeaturesUninstall 1 text/plain phone ExcludeJapaneseIMEExceptJIS0208 0 text/plain ExcludeJapaneseIMEExceptJIS0208andEUDC 0 text/plain phone ExcludeJapaneseIMEExceptShiftJIS 0 text/plain phone TimeLanguageSettings AllowSet24HourClock 0 text/plain desktop Update ActiveHoursEnd 17 text/plain ActiveHoursMaxRange 18 text/plain ActiveHoursStart 8 text/plain AllowAutoUpdate 2 text/plain AllowAutoWindowsUpdateDownloadOverMeteredNetwork 0 text/plain AllowMUUpdateService 0 text/plain phone AllowNonMicrosoftSignedUpdate 1 text/plain AllowUpdateService 1 text/plain AutoRestartDeadlinePeriodInDays 7 text/plain AutoRestartNotificationSchedule 15 text/plain AutoRestartRequiredNotificationDismissal 1 text/plain BranchReadinessLevel 16 text/plain DeferFeatureUpdatesPeriodInDays 0 text/plain DeferQualityUpdatesPeriodInDays 0 text/plain DeferUpdatePeriod 0 text/plain DeferUpgradePeriod 0 text/plain DetectionFrequency 22 text/plain EngagedRestartDeadline 14 text/plain EngagedRestartSnoozeSchedule 3 text/plain EngagedRestartTransitionSchedule 7 text/plain ExcludeWUDriversInQualityUpdate 0 text/plain FillEmptyContentUrls 0 text/plain IgnoreMOAppDownloadLimit 0 text/plain IgnoreMOUpdateDownloadLimit 0 text/plain ManageBuildPreview 3 text/plain PauseDeferrals 0 text/plain PauseFeatureUpdates 0 text/plain PauseFeatureUpdatesStartTime text/plain PauseQualityUpdates 0 text/plain PauseQualityUpdatesStartTime text/plain PhoneUpdateRestrictions 4 text/plain RequireDeferUpgrade 0 text/plain RequireUpdateApproval 0 text/plain ScheduledInstallDay 0 text/plain ScheduledInstallEveryWeek 1 text/plain ScheduledInstallFirstWeek 0 text/plain ScheduledInstallFourthWeek 0 text/plain ScheduledInstallSecondWeek 0 text/plain ScheduledInstallThirdWeek 0 text/plain ScheduledInstallTime 3 text/plain ScheduleImminentRestartWarning 15 text/plain ScheduleRestartWarning 4 text/plain SetAutoRestartNotificationDisable 0 text/plain SetEDURestart 0 text/plain UpdateServiceUrl CorpWSUS text/plain UpdateServiceUrlAlternate text/plain phone Wifi AllowAutoConnectToWiFiSenseHotspots 1 text/plain AllowInternetSharing 1 text/plain AllowManualWiFiConfiguration 1 text/plain AllowWiFi 1 text/plain AllowWiFiDirect 1 text/plain WLANScanMode 0 text/plain WindowsDefenderSecurityCenter CompanyName text/plain phone DisableAppBrowserUI 0 text/plain phone DisableEnhancedNotifications 0 text/plain phone DisableFamilyUI 0 text/plain phone DisableHealthUI 0 text/plain phone DisableNetworkUI 0 text/plain phone DisableNotifications 0 text/plain phone DisableVirusUI 0 text/plain phone DisallowExploitProtectionOverride 0 text/plain phone Email text/plain phone EnableCustomizedToasts 0 text/plain phone EnableInAppCustomization 0 text/plain phone Phone text/plain phone URL text/plain phone WindowsInkWorkspace AllowSuggestedAppsInWindowsInkWorkspace 1 text/plain phone AllowWindowsInkWorkspace 2 text/plain phone WindowsLogon DisableLockScreenAppNotifications text/plain phone logon.admx Logon~AT~System~Logon DisableLockScreenAppNotifications DontDisplayNetworkSelectionUI text/plain phone logon.admx Logon~AT~System~Logon DontDisplayNetworkSelectionUI HideFastUserSwitching This policy setting allows you to hide the Switch User interface in the Logon UI, the Start menu and the Task Manager. If you enable this policy setting, the Switch User interface is hidden from the user who is attempting to log on or is logged on to the computer that has this policy applied. The locations that Switch User interface appear are in the Logon UI, the Start menu and the Task Manager. If you disable or do not configure this policy setting, the Switch User interface is accessible to the user in the three locations. 0 text/plain WirelessDisplay AllowMdnsAdvertisement This policy setting allows you to turn off the Wireless Display multicast DNS service advertisement from a Wireless Display receiver. 1 text/plain AllowMdnsDiscovery This policy setting allows you to turn off discovering the display service advertised over multicast DNS by a Wireless Display receiver. 1 text/plain AllowProjectionFromPC This policy allows you to turn off projection from a PC. If you set it to 0, your PC cannot discover or project to other devices. If you set it to 1, your PC can discover and project to other devices. 1 text/plain AllowProjectionFromPCOverInfrastructure This policy allows you to turn off projection from a PC over infrastructure. If you set it to 0, your PC cannot discover or project to other infrastructure devices, though it may still be possible to discover and project over WiFi Direct. If you set it to 1, your PC can discover and project to other devices over infrastructure. 1 text/plain AllowProjectionToPC This policy setting allows you to turn off projection to a PC If you set it to 0, your PC isn't discoverable and can't be projected to If you set it to 1, your PC is discoverable and can be projected to above the lock screen only. The user has an option to turn it always on or off except for manual launch, too. 1 text/plain phone AllowProjectionToPCOverInfrastructure This policy setting allows you to turn off projection to a PC over infrastructure. If you set it to 0, your PC cannot be discoverable and can't be projected to over infrastructure, though it may still be possible to project over WiFi Direct. If you set it to 1, your PC can be discoverable and can be projected to over infrastructure. 1 text/plain AllowUserInputFromWirelessDisplayReceiver 1 text/plain RequirePinForPairing This policy setting allows you to require a pin for pairing. If you turn this on, the pairing ceremony for new devices will always require a PIN If you turn it off or don't configure it, a pin isn't required for pairing. 0 text/plain ```